diff --git a/deps/npm/docs/content/commands/npm-audit.md b/deps/npm/docs/content/commands/npm-audit.md index 9b98734a96fcfd..7d83fd582f3fd3 100644 --- a/deps/npm/docs/content/commands/npm-audit.md +++ b/deps/npm/docs/content/commands/npm-audit.md @@ -374,7 +374,8 @@ the order in which omit/include are specified on the command-line. #### `foreground-scripts` -* Default: false +* Default: `false` unless when using `npm pack` or `npm publish` where it + defaults to `true` * Type: Boolean Run all build scripts (ie, `preinstall`, `install`, and `postinstall`) diff --git a/deps/npm/docs/content/commands/npm-ci.md b/deps/npm/docs/content/commands/npm-ci.md index 57f6555975b260..d74922ff7e18bd 100644 --- a/deps/npm/docs/content/commands/npm-ci.md +++ b/deps/npm/docs/content/commands/npm-ci.md @@ -169,7 +169,8 @@ this warning is treated as a failure. #### `foreground-scripts` -* Default: false +* Default: `false` unless when using `npm pack` or `npm publish` where it + defaults to `true` * Type: Boolean Run all build scripts (ie, `preinstall`, `install`, and `postinstall`) diff --git a/deps/npm/docs/content/commands/npm-config.md b/deps/npm/docs/content/commands/npm-config.md index 80f44b27d12f90..603161b0687d67 100644 --- a/deps/npm/docs/content/commands/npm-config.md +++ b/deps/npm/docs/content/commands/npm-config.md @@ -44,7 +44,8 @@ npm config set key=value [key=value...] npm set key=value [key=value...] ``` -Sets each of the config keys to the value provided. +Sets each of the config keys to the value provided. Modifies the user configuration +file unless [`location`](/commands/npm-config#location) is passed. If value is omitted, the key will be removed from your config file entirely. diff --git a/deps/npm/docs/content/commands/npm-install-ci-test.md b/deps/npm/docs/content/commands/npm-install-ci-test.md index f01b9979635deb..1519ffa8e9a8a1 100644 --- a/deps/npm/docs/content/commands/npm-install-ci-test.md +++ b/deps/npm/docs/content/commands/npm-install-ci-test.md @@ -115,7 +115,8 @@ this warning is treated as a failure. #### `foreground-scripts` -* Default: false +* Default: `false` unless when using `npm pack` or `npm publish` where it + defaults to `true` * Type: Boolean Run all build scripts (ie, `preinstall`, `install`, and `postinstall`) diff --git a/deps/npm/docs/content/commands/npm-install-test.md b/deps/npm/docs/content/commands/npm-install-test.md index b73614de2d4f42..3d97af00b262a7 100644 --- a/deps/npm/docs/content/commands/npm-install-test.md +++ b/deps/npm/docs/content/commands/npm-install-test.md @@ -192,7 +192,8 @@ For `list` this means the output will be based on the tree described by the #### `foreground-scripts` -* Default: false +* Default: `false` unless when using `npm pack` or `npm publish` where it + defaults to `true` * Type: Boolean Run all build scripts (ie, `preinstall`, `install`, and `postinstall`) diff --git a/deps/npm/docs/content/commands/npm-install.md b/deps/npm/docs/content/commands/npm-install.md index 36496954270b30..56a4c86fbdb3d3 100644 --- a/deps/npm/docs/content/commands/npm-install.md +++ b/deps/npm/docs/content/commands/npm-install.md @@ -582,7 +582,8 @@ For `list` this means the output will be based on the tree described by the #### `foreground-scripts` -* Default: false +* Default: `false` unless when using `npm pack` or `npm publish` where it + defaults to `true` * Type: Boolean Run all build scripts (ie, `preinstall`, `install`, and `postinstall`) diff --git a/deps/npm/docs/content/commands/npm-ls.md b/deps/npm/docs/content/commands/npm-ls.md index a21d14e577df61..d21af25d6c783b 100644 --- a/deps/npm/docs/content/commands/npm-ls.md +++ b/deps/npm/docs/content/commands/npm-ls.md @@ -27,7 +27,7 @@ packages will *also* show the paths to the specified packages. For example, running `npm ls promzard` in npm's source tree will show: ```bash -npm@10.3.0 /path/to/npm +npm@10.5.0 /path/to/npm └─┬ init-package-json@0.0.4 └── promzard@0.1.5 ``` diff --git a/deps/npm/docs/content/commands/npm-prune.md b/deps/npm/docs/content/commands/npm-prune.md index d195eb6d3b601f..3a5894cb734a53 100644 --- a/deps/npm/docs/content/commands/npm-prune.md +++ b/deps/npm/docs/content/commands/npm-prune.md @@ -99,7 +99,8 @@ Not supported by all npm commands. #### `foreground-scripts` -* Default: false +* Default: `false` unless when using `npm pack` or `npm publish` where it + defaults to `true` * Type: Boolean Run all build scripts (ie, `preinstall`, `install`, and `postinstall`) diff --git a/deps/npm/docs/content/commands/npm-query.md b/deps/npm/docs/content/commands/npm-query.md index 196d7d6559acf2..f435ce67e9d912 100644 --- a/deps/npm/docs/content/commands/npm-query.md +++ b/deps/npm/docs/content/commands/npm-query.md @@ -135,19 +135,32 @@ npm query ":type(git)" | jq 'map(.name)' | xargs -I {} npm why {} }, ... ``` -### Package lock only mode -If package-lock-only is enabled, only the information in the package -lock (or shrinkwrap) is loaded. This means that information from the -package.json files of your dependencies will not be included in the -result set (e.g. description, homepage, engines). +### Expecting a certain number of results + +One common use of `npm query` is to make sure there is only one version of +a certain dependency in your tree. This is especially common for +ecosystems like that rely on `typescript` where having state split +across two different but identically-named packages causes bugs. You +can use the `--expect-results` or `--expect-result-count` in your setup +to ensure that npm will exit with an exit code if your tree doesn't look +like you want it to. + + +```sh +$ npm query '#react' --expect-result-count=1 +``` + +Perhaps you want to quickly check if there are any production +dependencies that could be updated: + +```sh +$ npm query ':root>:outdated(in-range).prod' --no-expect-results +``` ### Package lock only mode -If package-lock-only is enabled, only the information in the package -lock (or shrinkwrap) is loaded. This means that information from the -package.json files of your dependencies will not be included in the -result set (e.g. description, homepage, engines). +If package-lock-only is enabled, only the information in the package lock (or shrinkwrap) is loaded. This means that information from the package.json files of your dependencies will not be included in the result set (e.g. description, homepage, engines). ### Configuration @@ -235,6 +248,25 @@ For `list` this means the output will be based on the tree described by the `package-lock.json`, rather than the contents of `node_modules`. + +#### `expect-results` + +* Default: null +* Type: null or Boolean + +Tells npm whether or not to expect results from the command. Can be either +true (expect some results) or false (expect no results). + +This config can not be used with: `expect-result-count` + +#### `expect-result-count` + +* Default: null +* Type: null or Number + +Tells to expect a specific number of results from the command. + +This config can not be used with: `expect-results` ## See Also * [dependency selectors](/using-npm/dependency-selectors) diff --git a/deps/npm/docs/content/commands/npm-rebuild.md b/deps/npm/docs/content/commands/npm-rebuild.md index 596ae97df24448..d22a7a5f9d3e90 100644 --- a/deps/npm/docs/content/commands/npm-rebuild.md +++ b/deps/npm/docs/content/commands/npm-rebuild.md @@ -72,7 +72,8 @@ systems. #### `foreground-scripts` -* Default: false +* Default: `false` unless when using `npm pack` or `npm publish` where it + defaults to `true` * Type: Boolean Run all build scripts (ie, `preinstall`, `install`, and `postinstall`) diff --git a/deps/npm/docs/content/commands/npm-run-script.md b/deps/npm/docs/content/commands/npm-run-script.md index 9e3ae1e9b2571a..56fcdb70411da6 100644 --- a/deps/npm/docs/content/commands/npm-run-script.md +++ b/deps/npm/docs/content/commands/npm-run-script.md @@ -220,7 +220,8 @@ will *not* run any pre- or post-scripts. #### `foreground-scripts` -* Default: false +* Default: `false` unless when using `npm pack` or `npm publish` where it + defaults to `true` * Type: Boolean Run all build scripts (ie, `preinstall`, `install`, and `postinstall`) diff --git a/deps/npm/docs/content/commands/npm-update.md b/deps/npm/docs/content/commands/npm-update.md index ea0bcdd00d9fbd..25272f8f13ba02 100644 --- a/deps/npm/docs/content/commands/npm-update.md +++ b/deps/npm/docs/content/commands/npm-update.md @@ -28,7 +28,7 @@ If no package name is specified, all packages in the specified location (global or local) will be updated. Note that by default `npm update` will not update the semver values of direct -dependencies in your project `package.json`, if you want to also update +dependencies in your project `package.json`. If you want to also update values in `package.json` you can run: `npm update --save` (or add the `save=true` option to a [configuration file](/configuring-npm/npmrc) to make that the default behavior). @@ -80,7 +80,7 @@ However, if `app`'s `package.json` contains: ``` In this case, running `npm update` will install `dep1@1.1.2`. Even though the -`latest` tag points to `1.2.2`, this version do not satisfy `~1.1.1`, which is +`latest` tag points to `1.2.2`, this version does not satisfy `~1.1.1`, which is equivalent to `>=1.1.1 <1.2.0`. So the highest-sorting version that satisfies `~1.1.1` is used, which is `1.1.2`. @@ -94,8 +94,7 @@ Suppose `app` has a caret dependency on a version below `1.0.0`, for example: } ``` -`npm update` will install `dep1@0.2.0`, because there are no other -versions which satisfy `^0.2.0`. +`npm update` will install `dep1@0.2.0`. If the dependence were on `^0.4.0`: @@ -294,7 +293,8 @@ will also prevent _writing_ `package-lock.json` if `save` is true. #### `foreground-scripts` -* Default: false +* Default: `false` unless when using `npm pack` or `npm publish` where it + defaults to `true` * Type: Boolean Run all build scripts (ie, `preinstall`, `install`, and `postinstall`) diff --git a/deps/npm/docs/content/commands/npm.md b/deps/npm/docs/content/commands/npm.md index d92e83e5ccdd19..3b14832d96da56 100644 --- a/deps/npm/docs/content/commands/npm.md +++ b/deps/npm/docs/content/commands/npm.md @@ -14,7 +14,7 @@ Note: This command is unaware of workspaces. ### Version -10.3.0 +10.5.0 ### Description diff --git a/deps/npm/docs/content/configuring-npm/package-json.md b/deps/npm/docs/content/configuring-npm/package-json.md index 2ef888fe1a4d64..c857fc8cb8ce5c 100644 --- a/deps/npm/docs/content/configuring-npm/package-json.md +++ b/deps/npm/docs/content/configuring-npm/package-json.md @@ -726,7 +726,7 @@ in which case they will be normalized to a relative path and added to your This feature is helpful for local offline development and creating tests that require npm installing where you don't want to hit an external server, -but should not be used when publishing packages to the public registry. +but should not be used when publishing your package to the public registry. *note*: Packages linked by local path will not have their own dependencies installed when `npm install` is ran in this case. You must diff --git a/deps/npm/docs/content/using-npm/config.md b/deps/npm/docs/content/using-npm/config.md index 93c820ab3b45ad..7158ee304ba46c 100644 --- a/deps/npm/docs/content/using-npm/config.md +++ b/deps/npm/docs/content/using-npm/config.md @@ -6,6 +6,9 @@ description: More than you probably want to know about npm configuration ### Description +This article details npm configuration in general. To learn about the `config` command, +see [`npm config`](/commands/npm-config). + npm gets its configuration values from the following sources, sorted by priority: #### Command Line Flags @@ -489,6 +492,25 @@ This can be overridden by setting the `--force` flag. +#### `expect-result-count` + +* Default: null +* Type: null or Number + +Tells to expect a specific number of results from the command. + +This config can not be used with: `expect-results` + +#### `expect-results` + +* Default: null +* Type: null or Boolean + +Tells npm whether or not to expect results from the command. Can be either +true (expect some results) or false (expect no results). + +This config can not be used with: `expect-result-count` + #### `fetch-retries` * Default: 2 @@ -570,7 +592,8 @@ recommended that you do not use this option! #### `foreground-scripts` -* Default: false +* Default: `false` unless when using `npm pack` or `npm publish` where it + defaults to `true` * Type: Boolean Run all build scripts (ie, `preinstall`, `install`, and `postinstall`) diff --git a/deps/npm/docs/content/using-npm/dependency-selectors.md b/deps/npm/docs/content/using-npm/dependency-selectors.md index 5cedf8fe84030b..5f7e27ad21848f 100644 --- a/deps/npm/docs/content/using-npm/dependency-selectors.md +++ b/deps/npm/docs/content/using-npm/dependency-selectors.md @@ -13,7 +13,7 @@ The [`npm query`](/commands/npm-query) command exposes a new dependency selector - Unlocks the ability to answer complex, multi-faceted questions about dependencies, their relationships & associative metadata - Consolidates redundant logic of similar query commands in `npm` (ex. `npm fund`, `npm ls`, `npm outdated`, `npm audit` ...) -### Dependency Selector Syntax `v1.0.0` +### Dependency Selector Syntax #### Overview: @@ -62,6 +62,7 @@ The [`npm query`](/commands/npm-query) command exposes a new dependency selector - `:path()` [glob](https://www.npmjs.com/package/glob) matching based on dependencies path relative to the project - `:type()` [based on currently recognized types](https://github.com/npm/npm-package-arg#result-object) - `:outdated()` when a dependency is outdated +- `:vuln()` when a dependency has a known vulnerability ##### `:semver(, [selector], [function])` @@ -84,8 +85,8 @@ Some examples: The `:outdated` pseudo selector retrieves data from the registry and returns information about which of your dependencies are outdated. The type parameter may be one of the following: - `any` (default) a version exists that is greater than the current one -- `in-range` a version exists that is greater than the current one, and satisfies at least one if its dependents -- `out-of-range` a version exists that is greater than the current one, does not satisfy at least one of its dependents +- `in-range` a version exists that is greater than the current one, and satisfies at least one if its parent's dependencies +- `out-of-range` a version exists that is greater than the current one, does not satisfy at least one of its parent's dependencies - `major` a version exists that is a semver major greater than the current one - `minor` a version exists that is a semver minor greater than the current one - `patch` a version exists that is a semver patch greater than the current one @@ -99,14 +100,29 @@ In addition to the filtering performed by the pseudo selector, some extra data i Some examples: - `:root > :outdated(major)` returns every direct dependency that has a new semver major release -- `.prod:outdated(in-range)` returns production dependencies that have a new release that satisfies at least one of its edges in +- `.prod:outdated(in-range)` returns production dependencies that have a new release that satisfies at least one of its parent's dependencies + +##### `:vuln` + +The `:vuln` pseudo selector retrieves data from the registry and returns information about which if your dependencies has a known vulnerability. Only dependencies whose current version matches a vulnerability will be returned. For example if you have `semver@7.6.0` in your tree, a vulnerability for `semver` which affects versions `<=6.3.1` will not match. + +You can also filter results by certain attributes in advisories. Currently that includes `severity` and `cwe`. Note that severity filtering is done per severity, it does not include severities "higher" or "lower" than the one specified. + +In addition to the filtering performed by the pseudo selector, info about each relevant advisory will be added to the `queryContext` attribute of each node under the `advisories` attribute. + +Some examples: + +- `:root > .prod:vuln` returns direct production dependencies with any known vulnerability +- `:vuln([severity=high])` returns only dependencies with a vulnerability with a `high` severity. +- `:vuln([severity=high],[severity=moderate])` returns only dependencies with a vulnerability with a `high` or `moderate` severity. +- `:vuln([cwe=1333])` returns only dependencies with a vulnerability that includes CWE-1333 (ReDoS) #### [Attribute Selectors](https://developer.mozilla.org/en-US/docs/Web/CSS/Attribute_selectors) The attribute selector evaluates the key/value pairs in `package.json` if they are `String`s. - `[]` attribute selector (ie. existence of attribute) -- `[attribute=value]` attribute value is equivalant... +- `[attribute=value]` attribute value is equivalent... - `[attribute~=value]` attribute value contains word... - `[attribute*=value]` attribute value contains string... - `[attribute|=value]` attribute value is equal to or starts with... diff --git a/deps/npm/docs/content/using-npm/scope.md b/deps/npm/docs/content/using-npm/scope.md index 65d30c158b8f97..d5dcef2d097a7e 100644 --- a/deps/npm/docs/content/using-npm/scope.md +++ b/deps/npm/docs/content/using-npm/scope.md @@ -127,7 +127,7 @@ host multiple scopes, but a scope only ever points to one registry. You can also associate a scope with a registry using `npm config`: ```bash -npm config set @myco:registry http://reg.example.com +npm config set @myco:registry=http://reg.example.com ``` Once a scope is associated with a registry, any `npm install` for a package diff --git a/deps/npm/docs/content/using-npm/scripts.md b/deps/npm/docs/content/using-npm/scripts.md index b25815a428cd4c..3945c0e75abdc8 100644 --- a/deps/npm/docs/content/using-npm/scripts.md +++ b/deps/npm/docs/content/using-npm/scripts.md @@ -294,18 +294,15 @@ For example, if your package.json contains this: { "scripts" : { "install" : "scripts/install.js", - "postinstall" : "scripts/install.js", - "uninstall" : "scripts/uninstall.js" + "postinstall" : "scripts/install.js" } } ``` -then `scripts/install.js` will be called for the install -and post-install stages of the lifecycle, and `scripts/uninstall.js` -will be called when the package is uninstalled. Since -`scripts/install.js` is running for two different phases, it would -be wise in this case to look at the `npm_lifecycle_event` environment -variable. +then `scripts/install.js` will be called for the install and post-install +stages of the lifecycle. Since `scripts/install.js` is running for two +different phases, it would be wise in this case to look at the +`npm_lifecycle_event` environment variable. If you want to run a make command, you can do so. This works just fine: @@ -334,10 +331,8 @@ file. ### Best Practices * Don't exit with a non-zero error code unless you *really* mean it. - Except for uninstall scripts, this will cause the npm action to - fail, and potentially be rolled back. If the failure is minor or - only will prevent some optional features, then it's better to just - print a warning and exit successfully. + If the failure is minor or only will prevent some optional features, then + it's better to just print a warning and exit successfully. * Try not to use scripts to do what npm can do for you. Read through [`package.json`](/configuring-npm/package-json) to see all the things that you can specify and enable by simply describing your package appropriately. In general, this diff --git a/deps/npm/docs/content/using-npm/workspaces.md b/deps/npm/docs/content/using-npm/workspaces.md index bbfa2d8817eb26..cb545c0b46bf12 100644 --- a/deps/npm/docs/content/using-npm/workspaces.md +++ b/deps/npm/docs/content/using-npm/workspaces.md @@ -7,12 +7,12 @@ description: Working with workspaces ### Description **Workspaces** is a generic term that refers to the set of features in the -npm cli that provides support to managing multiple packages from your local +npm cli that provides support for managing multiple packages from your local file system from within a singular top-level, root package. This set of features makes up for a much more streamlined workflow handling -linked packages from the local file system. Automating the linking process -as part of `npm install` and avoiding manually having to use `npm link` in +linked packages from the local file system. It automates the linking process +as part of `npm install` and removes the need to manually use `npm link` in order to add references to packages that should be symlinked into the current `node_modules` folder. @@ -110,7 +110,7 @@ respect the provided `workspace` configuration. ### Using workspaces -Given the [specifities of how Node.js handles module resolution](https://nodejs.org/dist/latest-v14.x/docs/api/modules.html#modules_all_together) it's possible to consume any defined workspace +Given the [specifics of how Node.js handles module resolution](https://nodejs.org/dist/latest-v14.x/docs/api/modules.html#modules_all_together) it's possible to consume any defined workspace by its declared `package.json` `name`. Continuing from the example defined above, let's also create a Node.js script that will require the workspace `a` example module, e.g: diff --git a/deps/npm/docs/output/commands/npm-audit.html b/deps/npm/docs/output/commands/npm-audit.html index 4aaff936efe846..7ba3101ded64a8 100644 --- a/deps/npm/docs/output/commands/npm-audit.html +++ b/deps/npm/docs/output/commands/npm-audit.html @@ -410,7 +410,8 @@

include

the order in which omit/include are specified on the command-line.

foreground-scripts

    -
  • Default: false
    • +
  • Default: false unless when using npm pack or npm publish where it +defaults to true
  • Type: Boolean

Run all build scripts (ie, preinstall, install, and postinstall) diff --git a/deps/npm/docs/output/commands/npm-ci.html b/deps/npm/docs/output/commands/npm-ci.html index 2349e46dd1c608..4dffceba0d4d5c 100644 --- a/deps/npm/docs/output/commands/npm-ci.html +++ b/deps/npm/docs/output/commands/npm-ci.html @@ -268,7 +268,8 @@

strict-peer-deps

this warning is treated as a failure.

foreground-scripts

    -
  • Default: false
    • +
  • Default: false unless when using npm pack or npm publish where it +defaults to true
  • Type: Boolean

Run all build scripts (ie, preinstall, install, and postinstall) diff --git a/deps/npm/docs/output/commands/npm-config.html b/deps/npm/docs/output/commands/npm-config.html index d4c8bb541a7751..70a60390e0f90d 100644 --- a/deps/npm/docs/output/commands/npm-config.html +++ b/deps/npm/docs/output/commands/npm-config.html @@ -171,7 +171,8 @@

set

npm config set key=value [key=value...]
 npm set key=value [key=value...]
-

Sets each of the config keys to the value provided.

+

Sets each of the config keys to the value provided. Modifies the user configuration +file unless location is passed.

If value is omitted, the key will be removed from your config file entirely.

Note: for backwards compatibility, npm config set key value is supported as an alias for npm config set key=value.

diff --git a/deps/npm/docs/output/commands/npm-install-ci-test.html b/deps/npm/docs/output/commands/npm-install-ci-test.html index 635b59bbb32040..407dbf9a2dd6bd 100644 --- a/deps/npm/docs/output/commands/npm-install-ci-test.html +++ b/deps/npm/docs/output/commands/npm-install-ci-test.html @@ -225,7 +225,8 @@

strict-peer-deps

this warning is treated as a failure.

foreground-scripts

    -
  • Default: false
    • +
  • Default: false unless when using npm pack or npm publish where it +defaults to true
  • Type: Boolean

Run all build scripts (ie, preinstall, install, and postinstall) diff --git a/deps/npm/docs/output/commands/npm-install-test.html b/deps/npm/docs/output/commands/npm-install-test.html index b6b16aba6a5ca0..bdbe82f5d3442a 100644 --- a/deps/npm/docs/output/commands/npm-install-test.html +++ b/deps/npm/docs/output/commands/npm-install-test.html @@ -281,7 +281,8 @@

package-lock-only

package-lock.json, rather than the contents of node_modules.

foreground-scripts

    -
  • Default: false
    • +
  • Default: false unless when using npm pack or npm publish where it +defaults to true
  • Type: Boolean

Run all build scripts (ie, preinstall, install, and postinstall) diff --git a/deps/npm/docs/output/commands/npm-install.html b/deps/npm/docs/output/commands/npm-install.html index fdf94fa61ec484..774da9fc37b106 100644 --- a/deps/npm/docs/output/commands/npm-install.html +++ b/deps/npm/docs/output/commands/npm-install.html @@ -607,7 +607,8 @@

package-lock-only

package-lock.json, rather than the contents of node_modules.

foreground-scripts

    -
  • Default: false
    • +
  • Default: false unless when using npm pack or npm publish where it +defaults to true
  • Type: Boolean

Run all build scripts (ie, preinstall, install, and postinstall) diff --git a/deps/npm/docs/output/commands/npm-ls.html b/deps/npm/docs/output/commands/npm-ls.html index ae62824a2d7e59..d6e376a0bf2f8a 100644 --- a/deps/npm/docs/output/commands/npm-ls.html +++ b/deps/npm/docs/output/commands/npm-ls.html @@ -160,7 +160,7 @@

Description

the results to only the paths to the packages named. Note that nested packages will also show the paths to the specified packages. For example, running npm ls promzard in npm's source tree will show:

-
npm@10.3.0 /path/to/npm
+
npm@10.5.0 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 

diff --git a/deps/npm/docs/output/commands/npm-prune.html b/deps/npm/docs/output/commands/npm-prune.html
index 034257f2271bea..94d016027e8363 100644
--- a/deps/npm/docs/output/commands/npm-prune.html
+++ b/deps/npm/docs/output/commands/npm-prune.html
@@ -211,7 +211,8 @@ 
json

 
Not supported by all npm commands.

 
foreground-scripts

 
    
-
  • Default: false
    • 
+
  • Default: false unless when using npm pack or npm publish where it
+defaults to true
    • 
 
  • Type: Boolean
    • 
 

 
Run all build scripts (ie, preinstall, install, and postinstall)
diff --git a/deps/npm/docs/output/commands/npm-query.html b/deps/npm/docs/output/commands/npm-query.html
index cbfccc03e15fce..228de6787fd408 100644
--- a/deps/npm/docs/output/commands/npm-query.html
+++ b/deps/npm/docs/output/commands/npm-query.html
@@ -264,16 +264,22 @@ 
Example Response Output

   },
   ...
+

Expecting a certain number of results

+

One common use of npm query is to make sure there is only one version of +a certain dependency in your tree. This is especially common for +ecosystems like that rely on typescript where having state split +across two different but identically-named packages causes bugs. You +can use the --expect-results or --expect-result-count in your setup +to ensure that npm will exit with an exit code if your tree doesn't look +like you want it to.

+
$ npm query '#react' --expect-result-count=1
+
+

Perhaps you want to quickly check if there are any production +dependencies that could be updated:

+
$ npm query ':root>:outdated(in-range).prod' --no-expect-results
+

Package lock only mode

-

If package-lock-only is enabled, only the information in the package -lock (or shrinkwrap) is loaded. This means that information from the -package.json files of your dependencies will not be included in the -result set (e.g. description, homepage, engines).

-

Package lock only mode

-

If package-lock-only is enabled, only the information in the package -lock (or shrinkwrap) is loaded. This means that information from the -package.json files of your dependencies will not be included in the -result set (e.g. description, homepage, engines).

+

If package-lock-only is enabled, only the information in the package lock (or shrinkwrap) is loaded. This means that information from the package.json files of your dependencies will not be included in the result set (e.g. description, homepage, engines).

Configuration

global

    @@ -345,6 +351,21 @@

    package-lock-only

    instead of checking node_modules and downloading dependencies.

    For list this means the output will be based on the tree described by the package-lock.json, rather than the contents of node_modules.

    +

    expect-results

    +
      +
    • Default: null
      • +
    • Type: null or Boolean
      • +
    +

    Tells npm whether or not to expect results from the command. Can be either +true (expect some results) or false (expect no results).

    +

    This config can not be used with: expect-result-count

    +

    expect-result-count

    +
      +
    • Default: null
      • +
    • Type: null or Number
      • +
    +

    Tells to expect a specific number of results from the command.

    +

    This config can not be used with: expect-results

    See Also

    • dependency selectors
      • diff --git a/deps/npm/docs/output/commands/npm-rebuild.html b/deps/npm/docs/output/commands/npm-rebuild.html index 3a1a5a401a6a06..ee3ba1e8163502 100644 --- a/deps/npm/docs/output/commands/npm-rebuild.html +++ b/deps/npm/docs/output/commands/npm-rebuild.html @@ -196,7 +196,8 @@ systems.

      foreground-scripts

        -
      • Default: false
        • +
      • Default: false unless when using npm pack or npm publish where it +defaults to true
      • Type: Boolean

      Run all build scripts (ie, preinstall, install, and postinstall) diff --git a/deps/npm/docs/output/commands/npm-run-script.html b/deps/npm/docs/output/commands/npm-run-script.html index bc89b334628a9d..9f0c03940e83d3 100644 --- a/deps/npm/docs/output/commands/npm-run-script.html +++ b/deps/npm/docs/output/commands/npm-run-script.html @@ -305,7 +305,8 @@

      ignore-scripts

      will not run any pre- or post-scripts.

      foreground-scripts

        -
      • Default: false
        • +
      • Default: false unless when using npm pack or npm publish where it +defaults to true
      • Type: Boolean

      Run all build scripts (ie, preinstall, install, and postinstall) diff --git a/deps/npm/docs/output/commands/npm-update.html b/deps/npm/docs/output/commands/npm-update.html index f471762ff30b87..462bca7b771628 100644 --- a/deps/npm/docs/output/commands/npm-update.html +++ b/deps/npm/docs/output/commands/npm-update.html @@ -161,7 +161,7 @@

      Description

      If no package name is specified, all packages in the specified location (global or local) will be updated.

      Note that by default npm update will not update the semver values of direct -dependencies in your project package.json, if you want to also update +dependencies in your project package.json. If you want to also update values in package.json you can run: npm update --save (or add the save=true option to a configuration file to make that the default behavior).

      @@ -199,7 +199,7 @@

      Tilde Dependencies

      }

      In this case, running npm update will install dep1@1.1.2. Even though the -latest tag points to 1.2.2, this version do not satisfy ~1.1.1, which is +latest tag points to 1.2.2, this version does not satisfy ~1.1.1, which is equivalent to >=1.1.1 <1.2.0. So the highest-sorting version that satisfies ~1.1.1 is used, which is 1.1.2.

      Caret Dependencies below 1.0.0

      @@ -208,8 +208,7 @@

      Caret Dependencies below 1.0.0

      "dep1": "^0.2.0" } -

      npm update will install dep1@0.2.0, because there are no other -versions which satisfy ^0.2.0.

      +

      npm update will install dep1@0.2.0.

      If the dependence were on ^0.4.0:

      "dependencies": {
   "dep1": "^0.4.0"
@@ -353,7 +352,8 @@ 
      package-lock
      
 will also prevent writing package-lock.json if save is true.
      
 
      foreground-scripts
      
 
        
-
      • Default: false
        • 
+
      • Default: false unless when using npm pack or npm publish where it
+defaults to true
        • 
 
      • Type: Boolean
        • 
 
      
 
      Run all build scripts (ie, preinstall, install, and postinstall)
diff --git a/deps/npm/docs/output/commands/npm.html b/deps/npm/docs/output/commands/npm.html
index 094e2ef256b937..976024c99e441a 100644
--- a/deps/npm/docs/output/commands/npm.html
+++ b/deps/npm/docs/output/commands/npm.html
@@ -150,7 +150,7 @@ 
      Table of contents

      Note: This command is unaware of workspaces.

      Version

      -

      10.3.0

      +

      10.5.0

      Description

      npm is the package manager for the Node JavaScript platform. It puts modules in place so that node can find them, and manages dependency diff --git a/deps/npm/docs/output/configuring-npm/package-json.html b/deps/npm/docs/output/configuring-npm/package-json.html index dd602671238b99..6c85ea97e813a4 100644 --- a/deps/npm/docs/output/configuring-npm/package-json.html +++ b/deps/npm/docs/output/configuring-npm/package-json.html @@ -698,7 +698,7 @@

      Local Paths

      This feature is helpful for local offline development and creating tests that require npm installing where you don't want to hit an external server, -but should not be used when publishing packages to the public registry.

      +but should not be used when publishing your package to the public registry.

      note: Packages linked by local path will not have their own dependencies installed when npm install is ran in this case. You must run npm install from inside the local path itself.

      diff --git a/deps/npm/docs/output/using-npm/config.html b/deps/npm/docs/output/using-npm/config.html index 3015e5d066b473..2a3ead1b706956 100644 --- a/deps/npm/docs/output/using-npm/config.html +++ b/deps/npm/docs/output/using-npm/config.html @@ -142,10 +142,12 @@

      config

      Table of contents

      -
      +

      Description

      +

      This article details npm configuration in general. To learn about the config command, +see npm config.

      npm gets its configuration values from the following sources, sorted by priority:

      Command Line Flags

      Putting --foo bar on the command line sets the foo configuration @@ -496,6 +498,21 @@

      engine-strict

      installing) any package that claims to not be compatible with the current Node.js version.

      This can be overridden by setting the --force flag.

      +

      expect-result-count

      +
        +
      • Default: null
        • +
      • Type: null or Number
        • +
      +

      Tells to expect a specific number of results from the command.

      +

      This config can not be used with: expect-results

      +

      expect-results

      +
        +
      • Default: null
        • +
      • Type: null or Boolean
        • +
      +

      Tells npm whether or not to expect results from the command. Can be either +true (expect some results) or false (expect no results).

      +

      This config can not be used with: expect-result-count

      fetch-retries

      • Default: 2
        • @@ -558,7 +575,8 @@

        force

        recommended that you do not use this option!

        foreground-scripts

          -
        • Default: false
          • +
        • Default: false unless when using npm pack or npm publish where it +defaults to true
        • Type: Boolean

        Run all build scripts (ie, preinstall, install, and postinstall) diff --git a/deps/npm/docs/output/using-npm/dependency-selectors.html b/deps/npm/docs/output/using-npm/dependency-selectors.html index 1ea35878049764..27bba15c1a2135 100644 --- a/deps/npm/docs/output/using-npm/dependency-selectors.html +++ b/deps/npm/docs/output/using-npm/dependency-selectors.html @@ -153,7 +153,7 @@

        Table of contents

      • Unlocks the ability to answer complex, multi-faceted questions about dependencies, their relationships & associative metadata
      • Consolidates redundant logic of similar query commands in npm (ex. npm fund, npm ls, npm outdated, npm audit ...)
      -

      Dependency Selector Syntax v1.0.0

      +

      Dependency Selector Syntax

      Overview:

      • there is no "type" or "tag" selectors (ex. div, h1, a) as a dependency/target is the only type of Node that can be queried
        • @@ -202,6 +202,7 @@

        Pseudo Selectors

      • :path(<path>) glob matching based on dependencies path relative to the project
      • :type(<type>) based on currently recognized types
      • :outdated(<type>) when a dependency is outdated
        • +
      • :vuln(<selector>) when a dependency has a known vulnerability
      :semver(<spec>, [selector], [function])

      The :semver() pseudo selector allows comparing fields from each node's package.json using semver methods. It accepts up to 3 parameters, all but the first of which are optional.

      @@ -221,8 +222,8 @@
      :outdated(<type>)

      The :outdated pseudo selector retrieves data from the registry and returns information about which of your dependencies are outdated. The type parameter may be one of the following:

      • any (default) a version exists that is greater than the current one
        • -
      • in-range a version exists that is greater than the current one, and satisfies at least one if its dependents
        • -
      • out-of-range a version exists that is greater than the current one, does not satisfy at least one of its dependents
        • +
      • in-range a version exists that is greater than the current one, and satisfies at least one if its parent's dependencies
        • +
      • out-of-range a version exists that is greater than the current one, does not satisfy at least one of its parent's dependencies
      • major a version exists that is a semver major greater than the current one
      • minor a version exists that is a semver minor greater than the current one
      • patch a version exists that is a semver patch greater than the current one
        • @@ -236,13 +237,24 @@
        :outdated(<type>)

        Some examples:

        • :root > :outdated(major) returns every direct dependency that has a new semver major release
          • -
        • .prod:outdated(in-range) returns production dependencies that have a new release that satisfies at least one of its edges in
          • +
        • .prod:outdated(in-range) returns production dependencies that have a new release that satisfies at least one of its parent's dependencies
          • +
        +
        :vuln
        +

        The :vuln pseudo selector retrieves data from the registry and returns information about which if your dependencies has a known vulnerability. Only dependencies whose current version matches a vulnerability will be returned. For example if you have semver@7.6.0 in your tree, a vulnerability for semver which affects versions <=6.3.1 will not match.

        +

        You can also filter results by certain attributes in advisories. Currently that includes severity and cwe. Note that severity filtering is done per severity, it does not include severities "higher" or "lower" than the one specified.

        +

        In addition to the filtering performed by the pseudo selector, info about each relevant advisory will be added to the queryContext attribute of each node under the advisories attribute.

        +

        Some examples:

        +
          +
        • :root > .prod:vuln returns direct production dependencies with any known vulnerability
          • +
        • :vuln([severity=high]) returns only dependencies with a vulnerability with a high severity.
          • +
        • :vuln([severity=high],[severity=moderate]) returns only dependencies with a vulnerability with a high or moderate severity.
          • +
        • :vuln([cwe=1333]) returns only dependencies with a vulnerability that includes CWE-1333 (ReDoS)

        Attribute Selectors

        The attribute selector evaluates the key/value pairs in package.json if they are Strings.

        • [] attribute selector (ie. existence of attribute)
          • -
        • [attribute=value] attribute value is equivalant...
          • +
        • [attribute=value] attribute value is equivalent...
        • [attribute~=value] attribute value contains word...
        • [attribute*=value] attribute value contains string...
        • [attribute|=value] attribute value is equal to or starts with...
          • diff --git a/deps/npm/docs/output/using-npm/scope.html b/deps/npm/docs/output/using-npm/scope.html index fcecb0d9a99802..d91612e40a1e45 100644 --- a/deps/npm/docs/output/using-npm/scope.html +++ b/deps/npm/docs/output/using-npm/scope.html @@ -228,7 +228,7 @@

          Associating a scope with a registry

          Scopes have a many-to-one relationship with registries: one registry can host multiple scopes, but a scope only ever points to one registry.

          You can also associate a scope with a registry using npm config:

          -
          npm config set @myco:registry http://reg.example.com
+
          npm config set @myco:registry=http://reg.example.com
 
          
 
          Once a scope is associated with a registry, any npm install for a package
 with that scope will request packages from that registry instead. Any
diff --git a/deps/npm/docs/output/using-npm/scripts.html b/deps/npm/docs/output/using-npm/scripts.html
index 5628c7724f8ca7..91d558e1163b5c 100644
--- a/deps/npm/docs/output/using-npm/scripts.html
+++ b/deps/npm/docs/output/using-npm/scripts.html
@@ -402,17 +402,14 @@ 
          Examples
          
 
          {
   "scripts" : {
     "install" : "scripts/install.js",
-    "postinstall" : "scripts/install.js",
-    "uninstall" : "scripts/uninstall.js"
+    "postinstall" : "scripts/install.js"
   }
 }
 
          
-
          then scripts/install.js will be called for the install
-and post-install stages of the lifecycle, and scripts/uninstall.js
-will be called when the package is uninstalled.  Since
-scripts/install.js is running for two different phases, it would
-be wise in this case to look at the npm_lifecycle_event environment
-variable.
          
+
          then scripts/install.js will be called for the install and post-install
+stages of the lifecycle.  Since scripts/install.js is running for two
+different phases, it would be wise in this case to look at the
+npm_lifecycle_event environment variable.
          
 
          If you want to run a make command, you can do so.  This works just
 fine:
          
 
          {
@@ -433,10 +430,8 @@ 
          Exiting
          
 
          Best Practices
          
 
            
 
          • Don't exit with a non-zero error code unless you really mean it.
-Except for uninstall scripts, this will cause the npm action to
-fail, and potentially be rolled back.  If the failure is minor or
-only will prevent some optional features, then it's better to just
-print a warning and exit successfully.
            • 
+If the failure is minor or only will prevent some optional features, then
+it's better to just print a warning and exit successfully.
 
          • Try not to use scripts to do what npm can do for you.  Read through
 package.json to see all the things that you can specify and enable
 by simply describing your package appropriately.  In general, this
diff --git a/deps/npm/docs/output/using-npm/workspaces.html b/deps/npm/docs/output/using-npm/workspaces.html
index 6d6401b72770e9..39a77dfeb583fe 100644
--- a/deps/npm/docs/output/using-npm/workspaces.html
+++ b/deps/npm/docs/output/using-npm/workspaces.html
@@ -147,11 +147,11 @@ 
            Table of contents
            
 
 
            Description
            
 
            Workspaces is a generic term that refers to the set of features in the
-npm cli that provides support to managing multiple packages from your local
+npm cli that provides support for managing multiple packages from your local
 file system from within a singular top-level, root package.
            
 
            This set of features makes up for a much more streamlined workflow handling
-linked packages from the local file system. Automating the linking process
-as part of npm install and avoiding manually having to use npm link in
+linked packages from the local file system. It automates the linking process
+as part of npm install and removes the need to manually use npm link in
 order to add references to packages that should be symlinked into the current
 node_modules folder.
            
 
            We also refer to these packages being auto-symlinked during npm install as a
@@ -221,7 +221,7 @@ 
            Adding dependencies to a workspaceNote: other installing commands such as uninstall, ci, etc will also
 respect the provided workspace configuration.
            
 
            Using workspaces
            
-
            Given the specifities of how Node.js handles module resolution it's possible to consume any defined workspace
+
            Given the specifics of how Node.js handles module resolution it's possible to consume any defined workspace
 by its declared package.json name. Continuing from the example defined
 above, let's also create a Node.js script that will require the workspace a
 example module, e.g:
            
diff --git a/deps/npm/lib/base-command.js b/deps/npm/lib/base-command.js
index e763820cb052b7..e4a7bbbec724a6 100644
--- a/deps/npm/lib/base-command.js
+++ b/deps/npm/lib/base-command.js
@@ -5,6 +5,7 @@ const { relative } = require('path')
 const { definitions } = require('@npmcli/config/lib/definitions')
 const getWorkspaces = require('./workspaces/get-workspaces.js')
 const { aliases: cmdAliases } = require('./utils/cmd-list')
+const log = require('./utils/log-shim.js')
 
 class BaseCommand {
   static workspaces = false
@@ -142,6 +143,24 @@ class BaseCommand {
     return this.exec(args)
   }
 
+  // Compare the number of entries with what was expected
+  checkExpected (entries) {
+    if (!this.npm.config.isDefault('expect-results')) {
+      const expected = this.npm.config.get('expect-results')
+      if (!!entries !== !!expected) {
+        log.warn(this.name, `Expected ${expected ? '' : 'no '}results, got ${entries}`)
+        process.exitCode = 1
+      }
+    } else if (!this.npm.config.isDefault('expect-result-count')) {
+      const expected = this.npm.config.get('expect-result-count')
+      if (expected !== entries) {
+        /* eslint-disable-next-line max-len */
+        log.warn(this.name, `Expected ${expected} result${expected === 1 ? '' : 's'}, got ${entries}`)
+        process.exitCode = 1
+      }
+    }
+  }
+
   async setWorkspaces () {
     const includeWorkspaceRoot = this.isArboristCmd
       ? false
diff --git a/deps/npm/lib/commands/dist-tag.js b/deps/npm/lib/commands/dist-tag.js
index 15f9622d14906c..ff49bc8e307cb6 100644
--- a/deps/npm/lib/commands/dist-tag.js
+++ b/deps/npm/lib/commands/dist-tag.js
@@ -89,6 +89,9 @@ class DistTag extends BaseCommand {
 
     log.verbose('dist-tag add', defaultTag, 'to', spec.name + '@' + version)
 
+    // make sure new spec with tag is valid, this will throw if invalid
+    npa(`${spec.name}@${defaultTag}`)
+
     if (!spec.name || !version || !defaultTag) {
       throw this.usageError('must provide a spec with a name and version, and a tag to add')
     }
diff --git a/deps/npm/lib/commands/outdated.js b/deps/npm/lib/commands/outdated.js
index 9b9283e497727e..4216f1cdb1437f 100644
--- a/deps/npm/lib/commands/outdated.js
+++ b/deps/npm/lib/commands/outdated.js
@@ -1,5 +1,6 @@
-const os = require('os')
-const { resolve } = require('path')
+const os = require('node:os')
+const { resolve } = require('node:path')
+const { stripVTControlCharacters } = require('node:util')
 const pacote = require('pacote')
 const table = require('text-table')
 const npa = require('npm-package-arg')
@@ -22,7 +23,6 @@ class Outdated extends ArboristWorkspaceCmd {
   ]
 
   async exec (args) {
-    const { default: stripAnsi } = await import('strip-ansi')
     const global = resolve(this.npm.globalDir, '..')
     const where = this.npm.global
       ? global
@@ -106,7 +106,7 @@ class Outdated extends ArboristWorkspaceCmd {
 
       const tableOpts = {
         align: ['l', 'r', 'r', 'r', 'l'],
-        stringLength: s => stripAnsi(s).length,
+        stringLength: s => stripVTControlCharacters(s).length,
       }
       this.npm.output(table(outTable, tableOpts))
     }
diff --git a/deps/npm/lib/commands/pack.js b/deps/npm/lib/commands/pack.js
index 74e80e573c2e92..6d5f00df55e3fc 100644
--- a/deps/npm/lib/commands/pack.js
+++ b/deps/npm/lib/commands/pack.js
@@ -47,6 +47,9 @@ class Pack extends BaseCommand {
     for (const { arg, manifest } of manifests) {
       const tarballData = await libpack(arg, {
         ...this.npm.flatOptions,
+        foregroundScripts: this.npm.config.isDefault('foreground-scripts')
+          ? true
+          : this.npm.config.get('foreground-scripts'),
         prefix: this.npm.localPrefix,
         workspaces: this.workspacePaths,
       })
diff --git a/deps/npm/lib/commands/publish.js b/deps/npm/lib/commands/publish.js
index 7b3e930922ecab..63abc50b4745f4 100644
--- a/deps/npm/lib/commands/publish.js
+++ b/deps/npm/lib/commands/publish.js
@@ -80,6 +80,9 @@ class Publish extends BaseCommand {
     // we pass dryRun: true to libnpmpack so it doesn't write the file to disk
     const tarballData = await pack(spec, {
       ...opts,
+      foregroundScripts: this.npm.config.isDefault('foreground-scripts')
+        ? true
+        : this.npm.config.get('foreground-scripts'),
       dryRun: true,
       prefix: this.npm.localPrefix,
       workspaces: this.workspacePaths,
diff --git a/deps/npm/lib/commands/query.js b/deps/npm/lib/commands/query.js
index 68aa1fa2c06a5b..17a55a446b0869 100644
--- a/deps/npm/lib/commands/query.js
+++ b/deps/npm/lib/commands/query.js
@@ -50,6 +50,7 @@ class Query extends BaseCommand {
     'workspaces',
     'include-workspace-root',
     'package-lock-only',
+    'expect-results',
   ]
 
   get parsedResponse () {
@@ -81,6 +82,7 @@ class Query extends BaseCommand {
     const items = await tree.querySelectorAll(args[0], this.npm.flatOptions)
     this.buildResponse(items)
 
+    this.checkExpected(this.#response.length)
     this.npm.output(this.parsedResponse)
   }
 
@@ -104,6 +106,7 @@ class Query extends BaseCommand {
       }
       this.buildResponse(items)
     }
+    this.checkExpected(this.#response.length)
     this.npm.output(this.parsedResponse)
   }
 
diff --git a/deps/npm/lib/commands/search.js b/deps/npm/lib/commands/search.js
index 2af4daa211dca1..f4a4ce32491424 100644
--- a/deps/npm/lib/commands/search.js
+++ b/deps/npm/lib/commands/search.js
@@ -81,12 +81,11 @@ class Search extends BaseCommand {
 
     const filterStream = new FilterStream()
 
-    const { default: stripAnsi } = await import('strip-ansi')
     // Grab a configured output stream that will spit out packages in the desired format.
     const outputStream = await formatSearchStream({
       args, // --searchinclude options are not highlighted
       ...opts,
-    }, stripAnsi)
+    })
 
     log.silly('search', 'searching packages')
     const p = new Pipeline(
diff --git a/deps/npm/lib/commands/view.js b/deps/npm/lib/commands/view.js
index 214a45e92611c9..b19604f8c2ed35 100644
--- a/deps/npm/lib/commands/view.js
+++ b/deps/npm/lib/commands/view.js
@@ -211,7 +211,13 @@ class View extends BaseCommand {
 
     const data = []
     const versions = pckmnt.versions || {}
-    pckmnt.versions = Object.keys(versions).sort(semver.compareLoose)
+    pckmnt.versions = Object.keys(versions).filter(v => {
+      if (semver.valid(v)) {
+        return true
+      }
+      log.info('view', `Ignoring invalid version: ${v}`)
+      return false
+    }).sort(semver.compareLoose)
 
     // remove readme unless we asked for it
     if (args.indexOf('readme') === -1) {
diff --git a/deps/npm/lib/utils/format-search-stream.js b/deps/npm/lib/utils/format-search-stream.js
index cb29151e7c2e70..046a4b1e20587b 100644
--- a/deps/npm/lib/utils/format-search-stream.js
+++ b/deps/npm/lib/utils/format-search-stream.js
@@ -1,3 +1,4 @@
+const { stripVTControlCharacters } = require('node:util')
 const { Minipass } = require('minipass')
 const columnify = require('columnify')
 
@@ -15,8 +16,8 @@ const columnify = require('columnify')
 // The returned stream will format this package data
 // into a byte stream of formatted, displayable output.
 
-module.exports = async (opts, clean) => {
-  return opts.json ? new JSONOutputStream() : new TextOutputStream(opts, clean)
+module.exports = async (opts) => {
+  return opts.json ? new JSONOutputStream() : new TextOutputStream(opts)
 }
 
 class JSONOutputStream extends Minipass {
@@ -40,13 +41,11 @@ class JSONOutputStream extends Minipass {
 }
 
 class TextOutputStream extends Minipass {
-  #clean
   #opts
   #line = 0
 
-  constructor (opts, clean) {
+  constructor (opts) {
     super()
-    this.#clean = clean
     this.#opts = opts
   }
 
@@ -56,17 +55,17 @@ class TextOutputStream extends Minipass {
 
   #prettify (data) {
     const pkg = {
-      author: data.maintainers.map((m) => `=${this.#clean(m.username)}`).join(' '),
+      author: data.maintainers.map((m) => `=${stripVTControlCharacters(m.username)}`).join(' '),
       date: 'prehistoric',
-      description: this.#clean(data.description ?? ''),
+      description: stripVTControlCharacters(data.description ?? ''),
       keywords: '',
-      name: this.#clean(data.name),
+      name: stripVTControlCharacters(data.name),
       version: data.version,
     }
     if (Array.isArray(data.keywords)) {
-      pkg.keywords = data.keywords.map((k) => this.#clean(k)).join(' ')
+      pkg.keywords = data.keywords.map((k) => stripVTControlCharacters(k)).join(' ')
     } else if (typeof data.keywords === 'string') {
-      pkg.keywords = this.#clean(data.keywords.replace(/[,\s]+/, ' '))
+      pkg.keywords = stripVTControlCharacters(data.keywords.replace(/[,\s]+/, ' '))
     }
     if (data.date) {
       pkg.date = data.date.toISOString().split('T')[0] // remove time
diff --git a/deps/npm/lib/utils/reify-output.js b/deps/npm/lib/utils/reify-output.js
index 3b79fc2be1898e..44c913812a8efe 100644
--- a/deps/npm/lib/utils/reify-output.js
+++ b/deps/npm/lib/utils/reify-output.js
@@ -15,6 +15,7 @@ const ms = require('ms')
 const npmAuditReport = require('npm-audit-report')
 const { readTree: getFundingInfo } = require('libnpmfund')
 const auditError = require('./audit-error.js')
+const Table = require('cli-table3')
 
 // TODO: output JSON if flatOptions.json is true
 const reifyOutput = (npm, arb) => {
@@ -41,17 +42,51 @@ const reifyOutput = (npm, arb) => {
   }
 
   if (diff) {
+    let diffTable
+    if (npm.config.get('dry-run') || npm.config.get('long')) {
+      diffTable = new Table({
+        chars: {
+          top: '',
+          'top-mid': '',
+          'top-left': '',
+          'top-right': '',
+          bottom: '',
+          'bottom-mid': '',
+          'bottom-left': '',
+          'bottom-right': '',
+          left: '',
+          'left-mid': '',
+          mid: '',
+          'mid-mid': '',
+          right: '',
+          'right-mid': '',
+          middle: '  ',
+        },
+        style: {
+          'padding-left': 0,
+          'padding-right': 0,
+          border: 0,
+        },
+      })
+    }
+
     depth({
       tree: diff,
       visit: d => {
         switch (d.action) {
           case 'REMOVE':
+            diffTable?.push(['remove', d.actual.name, d.actual.package.version])
             summary.removed++
             break
           case 'ADD':
+            diffTable?.push(['add', d.ideal.name, d.ideal.package.version])
             actualTree.inventory.has(d.ideal) && summary.added++
             break
           case 'CHANGE':
+            diffTable?.push(['change',
+              d.actual.name,
+              d.actual.package.version + ' -> ' + d.ideal.package.version,
+            ])
             summary.changed++
             break
           default:
@@ -62,6 +97,10 @@ const reifyOutput = (npm, arb) => {
       },
       getChildren: d => d.children,
     })
+
+    if (diffTable) {
+      npm.output('\n' + diffTable.toString())
+    }
   }
 
   if (npm.flatOptions.fund) {
diff --git a/deps/npm/lib/utils/update-notifier.js b/deps/npm/lib/utils/update-notifier.js
index 1b3e21d878b94d..7c9611e4773f97 100644
--- a/deps/npm/lib/utils/update-notifier.js
+++ b/deps/npm/lib/utils/update-notifier.js
@@ -98,11 +98,16 @@ const updateNotifier = async (npm, spec = 'latest') => {
     return null
   }
 
+  // intentional.  do not await this.  it's a best-effort update.  if this
+  // fails, it's ok.  might be using /dev/null as the cache or something weird
+  // like that.
+  writeFile(lastCheckedFile(npm), '').catch(() => {})
+
   return updateCheck(npm, spec, version, current)
 }
 
 // only update the notification timeout if we actually finished checking
-module.exports = async npm => {
+module.exports = npm => {
   if (
     // opted out
     !npm.config.get('update-notifier')
@@ -113,14 +118,8 @@ module.exports = async npm => {
     // CI
     || ciInfo.isCI
   ) {
-    return null
+    return Promise.resolve(null)
   }
 
-  const notification = await updateNotifier(npm)
-
-  // intentional.  do not await this.  it's a best-effort update.  if this
-  // fails, it's ok.  might be using /dev/null as the cache or something weird
-  // like that.
-  writeFile(lastCheckedFile(npm), '').catch(() => {})
-  return notification
+  return updateNotifier(npm)
 }
diff --git a/deps/npm/man/man1/npm-access.1 b/deps/npm/man/man1/npm-access.1
index 01e92a1f4ede44..5231dbac1d504b 100644
--- a/deps/npm/man/man1/npm-access.1
+++ b/deps/npm/man/man1/npm-access.1
@@ -1,4 +1,4 @@
-.TH "NPM-ACCESS" "1" "January 2024" "" ""
+.TH "NPM-ACCESS" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-access\fR - Set access level on published packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-adduser.1 b/deps/npm/man/man1/npm-adduser.1
index 48ac7056d06ad9..c7cbb2cfcec253 100644
--- a/deps/npm/man/man1/npm-adduser.1
+++ b/deps/npm/man/man1/npm-adduser.1
@@ -1,4 +1,4 @@
-.TH "NPM-ADDUSER" "1" "January 2024" "" ""
+.TH "NPM-ADDUSER" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-adduser\fR - Add a registry user account
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-audit.1 b/deps/npm/man/man1/npm-audit.1
index 10f382f9645c4f..e6b1982cb4c171 100644
--- a/deps/npm/man/man1/npm-audit.1
+++ b/deps/npm/man/man1/npm-audit.1
@@ -1,4 +1,4 @@
-.TH "NPM-AUDIT" "1" "January 2024" "" ""
+.TH "NPM-AUDIT" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-audit\fR - Run a security audit
 .SS "Synopsis"
@@ -348,7 +348,7 @@ Dependency types specified in \fB--include\fR will not be omitted, regardless of
 .SS "\fBforeground-scripts\fR"
 .RS 0
 .IP \(bu 4
-Default: false
+Default: \fBfalse\fR unless when using \fBnpm pack\fR or \fBnpm publish\fR where it defaults to \fBtrue\fR
 .IP \(bu 4
 Type: Boolean
 .RE 0
diff --git a/deps/npm/man/man1/npm-bugs.1 b/deps/npm/man/man1/npm-bugs.1
index a885517d062034..7db5b6cdb87f71 100644
--- a/deps/npm/man/man1/npm-bugs.1
+++ b/deps/npm/man/man1/npm-bugs.1
@@ -1,4 +1,4 @@
-.TH "NPM-BUGS" "1" "January 2024" "" ""
+.TH "NPM-BUGS" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-bugs\fR - Report bugs for a package in a web browser
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-cache.1 b/deps/npm/man/man1/npm-cache.1
index 2de4d40db0efb3..2ec9e67be0634d 100644
--- a/deps/npm/man/man1/npm-cache.1
+++ b/deps/npm/man/man1/npm-cache.1
@@ -1,4 +1,4 @@
-.TH "NPM-CACHE" "1" "January 2024" "" ""
+.TH "NPM-CACHE" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-cache\fR - Manipulates packages cache
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-ci.1 b/deps/npm/man/man1/npm-ci.1
index 4f28c62b79f9e5..16ed2f6d9b5bb8 100644
--- a/deps/npm/man/man1/npm-ci.1
+++ b/deps/npm/man/man1/npm-ci.1
@@ -1,4 +1,4 @@
-.TH "NPM-CI" "1" "January 2024" "" ""
+.TH "NPM-CI" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-ci\fR - Clean install a project
 .SS "Synopsis"
@@ -147,7 +147,7 @@ When such an override is performed, a warning is printed, explaining the conflic
 .SS "\fBforeground-scripts\fR"
 .RS 0
 .IP \(bu 4
-Default: false
+Default: \fBfalse\fR unless when using \fBnpm pack\fR or \fBnpm publish\fR where it defaults to \fBtrue\fR
 .IP \(bu 4
 Type: Boolean
 .RE 0
diff --git a/deps/npm/man/man1/npm-completion.1 b/deps/npm/man/man1/npm-completion.1
index 33afabe5da5380..647d5e11ac202d 100644
--- a/deps/npm/man/man1/npm-completion.1
+++ b/deps/npm/man/man1/npm-completion.1
@@ -1,4 +1,4 @@
-.TH "NPM-COMPLETION" "1" "January 2024" "" ""
+.TH "NPM-COMPLETION" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-completion\fR - Tab Completion for npm
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-config.1 b/deps/npm/man/man1/npm-config.1
index 469bb97e36f668..f3be24e542465d 100644
--- a/deps/npm/man/man1/npm-config.1
+++ b/deps/npm/man/man1/npm-config.1
@@ -1,4 +1,4 @@
-.TH "NPM-CONFIG" "1" "January 2024" "" ""
+.TH "NPM-CONFIG" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-config\fR - Manage the npm configuration files
 .SS "Synopsis"
@@ -38,7 +38,7 @@ npm set key=value \[lB]key=value...\[rB]
 .fi
 .RE
 .P
-Sets each of the config keys to the value provided.
+Sets each of the config keys to the value provided. Modifies the user configuration file unless \fB\fBlocation\fR\fR \fI\(la/commands/npm-config#location\(ra\fR is passed.
 .P
 If value is omitted, the key will be removed from your config file entirely.
 .P
diff --git a/deps/npm/man/man1/npm-dedupe.1 b/deps/npm/man/man1/npm-dedupe.1
index 0ffc5c2fe43c36..5480af746dcae5 100644
--- a/deps/npm/man/man1/npm-dedupe.1
+++ b/deps/npm/man/man1/npm-dedupe.1
@@ -1,4 +1,4 @@
-.TH "NPM-DEDUPE" "1" "January 2024" "" ""
+.TH "NPM-DEDUPE" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-dedupe\fR - Reduce duplication in the package tree
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-deprecate.1 b/deps/npm/man/man1/npm-deprecate.1
index fe2e7d0958b8dd..5e8d47a8bc77fc 100644
--- a/deps/npm/man/man1/npm-deprecate.1
+++ b/deps/npm/man/man1/npm-deprecate.1
@@ -1,4 +1,4 @@
-.TH "NPM-DEPRECATE" "1" "January 2024" "" ""
+.TH "NPM-DEPRECATE" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-deprecate\fR - Deprecate a version of a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-diff.1 b/deps/npm/man/man1/npm-diff.1
index 7e07d60da652d4..bea8bb3ef1d674 100644
--- a/deps/npm/man/man1/npm-diff.1
+++ b/deps/npm/man/man1/npm-diff.1
@@ -1,4 +1,4 @@
-.TH "NPM-DIFF" "1" "January 2024" "" ""
+.TH "NPM-DIFF" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-diff\fR - The registry diff command
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-dist-tag.1 b/deps/npm/man/man1/npm-dist-tag.1
index c89c03b4e0307b..6c4acc26b43b18 100644
--- a/deps/npm/man/man1/npm-dist-tag.1
+++ b/deps/npm/man/man1/npm-dist-tag.1
@@ -1,4 +1,4 @@
-.TH "NPM-DIST-TAG" "1" "January 2024" "" ""
+.TH "NPM-DIST-TAG" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-dist-tag\fR - Modify package distribution tags
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-docs.1 b/deps/npm/man/man1/npm-docs.1
index 2c15c6f78838e2..b9cc1da9abe783 100644
--- a/deps/npm/man/man1/npm-docs.1
+++ b/deps/npm/man/man1/npm-docs.1
@@ -1,4 +1,4 @@
-.TH "NPM-DOCS" "1" "January 2024" "" ""
+.TH "NPM-DOCS" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-docs\fR - Open documentation for a package in a web browser
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-doctor.1 b/deps/npm/man/man1/npm-doctor.1
index 16c1d1d841ad7d..42187f46922d5e 100644
--- a/deps/npm/man/man1/npm-doctor.1
+++ b/deps/npm/man/man1/npm-doctor.1
@@ -1,4 +1,4 @@
-.TH "NPM-DOCTOR" "1" "January 2024" "" ""
+.TH "NPM-DOCTOR" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-doctor\fR - Check the health of your npm environment
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-edit.1 b/deps/npm/man/man1/npm-edit.1
index 23a92b8a4d3ae0..82cd85851f0480 100644
--- a/deps/npm/man/man1/npm-edit.1
+++ b/deps/npm/man/man1/npm-edit.1
@@ -1,4 +1,4 @@
-.TH "NPM-EDIT" "1" "January 2024" "" ""
+.TH "NPM-EDIT" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-edit\fR - Edit an installed package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-exec.1 b/deps/npm/man/man1/npm-exec.1
index 53512a4daecc74..246498125c14ca 100644
--- a/deps/npm/man/man1/npm-exec.1
+++ b/deps/npm/man/man1/npm-exec.1
@@ -1,4 +1,4 @@
-.TH "NPM-EXEC" "1" "January 2024" "" ""
+.TH "NPM-EXEC" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-exec\fR - Run a command from a local or remote npm package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-explain.1 b/deps/npm/man/man1/npm-explain.1
index ec20107b04e06c..e1bb6de84f3348 100644
--- a/deps/npm/man/man1/npm-explain.1
+++ b/deps/npm/man/man1/npm-explain.1
@@ -1,4 +1,4 @@
-.TH "NPM-EXPLAIN" "1" "January 2024" "" ""
+.TH "NPM-EXPLAIN" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-explain\fR - Explain installed packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-explore.1 b/deps/npm/man/man1/npm-explore.1
index f6bb2c51f747d6..b4800ccfa6b299 100644
--- a/deps/npm/man/man1/npm-explore.1
+++ b/deps/npm/man/man1/npm-explore.1
@@ -1,4 +1,4 @@
-.TH "NPM-EXPLORE" "1" "January 2024" "" ""
+.TH "NPM-EXPLORE" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-explore\fR - Browse an installed package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-find-dupes.1 b/deps/npm/man/man1/npm-find-dupes.1
index b56814b8d2ac68..1f80df08c59e20 100644
--- a/deps/npm/man/man1/npm-find-dupes.1
+++ b/deps/npm/man/man1/npm-find-dupes.1
@@ -1,4 +1,4 @@
-.TH "NPM-FIND-DUPES" "1" "January 2024" "" ""
+.TH "NPM-FIND-DUPES" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-find-dupes\fR - Find duplication in the package tree
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-fund.1 b/deps/npm/man/man1/npm-fund.1
index a9c1ae61f5ef4c..22d61e036d929a 100644
--- a/deps/npm/man/man1/npm-fund.1
+++ b/deps/npm/man/man1/npm-fund.1
@@ -1,4 +1,4 @@
-.TH "NPM-FUND" "1" "January 2024" "" ""
+.TH "NPM-FUND" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-fund\fR - Retrieve funding information
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-help-search.1 b/deps/npm/man/man1/npm-help-search.1
index 9396188aa721d3..4a9dd82c921cde 100644
--- a/deps/npm/man/man1/npm-help-search.1
+++ b/deps/npm/man/man1/npm-help-search.1
@@ -1,4 +1,4 @@
-.TH "NPM-HELP-SEARCH" "1" "January 2024" "" ""
+.TH "NPM-HELP-SEARCH" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-help-search\fR - Search npm help documentation
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-help.1 b/deps/npm/man/man1/npm-help.1
index e3b322850a728a..c2880c831f6490 100644
--- a/deps/npm/man/man1/npm-help.1
+++ b/deps/npm/man/man1/npm-help.1
@@ -1,4 +1,4 @@
-.TH "NPM-HELP" "1" "January 2024" "" ""
+.TH "NPM-HELP" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-help\fR - Get help on npm
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-hook.1 b/deps/npm/man/man1/npm-hook.1
index c544b23a94a89f..2fc1b0dd667b88 100644
--- a/deps/npm/man/man1/npm-hook.1
+++ b/deps/npm/man/man1/npm-hook.1
@@ -1,4 +1,4 @@
-.TH "NPM-HOOK" "1" "January 2024" "" ""
+.TH "NPM-HOOK" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-hook\fR - Manage registry hooks
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-init.1 b/deps/npm/man/man1/npm-init.1
index ce674e7d610308..bfc7e48dc532a3 100644
--- a/deps/npm/man/man1/npm-init.1
+++ b/deps/npm/man/man1/npm-init.1
@@ -1,4 +1,4 @@
-.TH "NPM-INIT" "1" "January 2024" "" ""
+.TH "NPM-INIT" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-init\fR - Create a package.json file
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-install-ci-test.1 b/deps/npm/man/man1/npm-install-ci-test.1
index cfb93cc754a5a1..adc70da13cdf63 100644
--- a/deps/npm/man/man1/npm-install-ci-test.1
+++ b/deps/npm/man/man1/npm-install-ci-test.1
@@ -1,4 +1,4 @@
-.TH "NPM-INSTALL-CI-TEST" "1" "January 2024" "" ""
+.TH "NPM-INSTALL-CI-TEST" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-install-ci-test\fR - Install a project with a clean slate and run tests
 .SS "Synopsis"
@@ -95,7 +95,7 @@ When such an override is performed, a warning is printed, explaining the conflic
 .SS "\fBforeground-scripts\fR"
 .RS 0
 .IP \(bu 4
-Default: false
+Default: \fBfalse\fR unless when using \fBnpm pack\fR or \fBnpm publish\fR where it defaults to \fBtrue\fR
 .IP \(bu 4
 Type: Boolean
 .RE 0
diff --git a/deps/npm/man/man1/npm-install-test.1 b/deps/npm/man/man1/npm-install-test.1
index 9a7b69ff8a4571..8a0fcc72025b28 100644
--- a/deps/npm/man/man1/npm-install-test.1
+++ b/deps/npm/man/man1/npm-install-test.1
@@ -1,4 +1,4 @@
-.TH "NPM-INSTALL-TEST" "1" "January 2024" "" ""
+.TH "NPM-INSTALL-TEST" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-install-test\fR - Install package(s) and run tests
 .SS "Synopsis"
@@ -172,7 +172,7 @@ For \fBlist\fR this means the output will be based on the tree described by the
 .SS "\fBforeground-scripts\fR"
 .RS 0
 .IP \(bu 4
-Default: false
+Default: \fBfalse\fR unless when using \fBnpm pack\fR or \fBnpm publish\fR where it defaults to \fBtrue\fR
 .IP \(bu 4
 Type: Boolean
 .RE 0
diff --git a/deps/npm/man/man1/npm-install.1 b/deps/npm/man/man1/npm-install.1
index bd1c0ded701450..d6b5990abffd56 100644
--- a/deps/npm/man/man1/npm-install.1
+++ b/deps/npm/man/man1/npm-install.1
@@ -1,4 +1,4 @@
-.TH "NPM-INSTALL" "1" "January 2024" "" ""
+.TH "NPM-INSTALL" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-install\fR - Install a package
 .SS "Synopsis"
@@ -534,7 +534,7 @@ For \fBlist\fR this means the output will be based on the tree described by the
 .SS "\fBforeground-scripts\fR"
 .RS 0
 .IP \(bu 4
-Default: false
+Default: \fBfalse\fR unless when using \fBnpm pack\fR or \fBnpm publish\fR where it defaults to \fBtrue\fR
 .IP \(bu 4
 Type: Boolean
 .RE 0
diff --git a/deps/npm/man/man1/npm-link.1 b/deps/npm/man/man1/npm-link.1
index 3403d178525184..a2ee4fe19a0995 100644
--- a/deps/npm/man/man1/npm-link.1
+++ b/deps/npm/man/man1/npm-link.1
@@ -1,4 +1,4 @@
-.TH "NPM-LINK" "1" "January 2024" "" ""
+.TH "NPM-LINK" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-link\fR - Symlink a package folder
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-login.1 b/deps/npm/man/man1/npm-login.1
index f3d4934c85b20e..858a80ba3e19c1 100644
--- a/deps/npm/man/man1/npm-login.1
+++ b/deps/npm/man/man1/npm-login.1
@@ -1,4 +1,4 @@
-.TH "NPM-LOGIN" "1" "January 2024" "" ""
+.TH "NPM-LOGIN" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-login\fR - Login to a registry user account
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-logout.1 b/deps/npm/man/man1/npm-logout.1
index b8f521280db4cb..9151725cd4f5e2 100644
--- a/deps/npm/man/man1/npm-logout.1
+++ b/deps/npm/man/man1/npm-logout.1
@@ -1,4 +1,4 @@
-.TH "NPM-LOGOUT" "1" "January 2024" "" ""
+.TH "NPM-LOGOUT" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-logout\fR - Log out of the registry
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-ls.1 b/deps/npm/man/man1/npm-ls.1
index 5e314fe40308b0..0acb36abe2ae8a 100644
--- a/deps/npm/man/man1/npm-ls.1
+++ b/deps/npm/man/man1/npm-ls.1
@@ -1,4 +1,4 @@
-.TH "NPM-LS" "1" "January 2024" "" ""
+.TH "NPM-LS" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-ls\fR - List installed packages
 .SS "Synopsis"
@@ -20,7 +20,7 @@ Positional arguments are \fBname@version-range\fR identifiers, which will limit
 .P
 .RS 2
 .nf
-npm@10.3.0 /path/to/npm
+npm@10.5.0 /path/to/npm
 └─┬ init-package-json@0.0.4
   └── promzard@0.1.5
 .fi
diff --git a/deps/npm/man/man1/npm-org.1 b/deps/npm/man/man1/npm-org.1
index c4666d623d5f69..56c41d3cf2991c 100644
--- a/deps/npm/man/man1/npm-org.1
+++ b/deps/npm/man/man1/npm-org.1
@@ -1,4 +1,4 @@
-.TH "NPM-ORG" "1" "January 2024" "" ""
+.TH "NPM-ORG" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-org\fR - Manage orgs
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-outdated.1 b/deps/npm/man/man1/npm-outdated.1
index 186dfaeade934f..8357aa2472a59c 100644
--- a/deps/npm/man/man1/npm-outdated.1
+++ b/deps/npm/man/man1/npm-outdated.1
@@ -1,4 +1,4 @@
-.TH "NPM-OUTDATED" "1" "January 2024" "" ""
+.TH "NPM-OUTDATED" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-outdated\fR - Check for outdated packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-owner.1 b/deps/npm/man/man1/npm-owner.1
index 02afd6627f2c04..d11d2bf54290e5 100644
--- a/deps/npm/man/man1/npm-owner.1
+++ b/deps/npm/man/man1/npm-owner.1
@@ -1,4 +1,4 @@
-.TH "NPM-OWNER" "1" "January 2024" "" ""
+.TH "NPM-OWNER" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-owner\fR - Manage package owners
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-pack.1 b/deps/npm/man/man1/npm-pack.1
index 075f61681ec84d..a25b769cc74edb 100644
--- a/deps/npm/man/man1/npm-pack.1
+++ b/deps/npm/man/man1/npm-pack.1
@@ -1,4 +1,4 @@
-.TH "NPM-PACK" "1" "January 2024" "" ""
+.TH "NPM-PACK" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-pack\fR - Create a tarball from a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-ping.1 b/deps/npm/man/man1/npm-ping.1
index 4abefd19837e32..20bc98116b5e75 100644
--- a/deps/npm/man/man1/npm-ping.1
+++ b/deps/npm/man/man1/npm-ping.1
@@ -1,4 +1,4 @@
-.TH "NPM-PING" "1" "January 2024" "" ""
+.TH "NPM-PING" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-ping\fR - Ping npm registry
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-pkg.1 b/deps/npm/man/man1/npm-pkg.1
index c70c95fc27d1ab..1c83741aff95e6 100644
--- a/deps/npm/man/man1/npm-pkg.1
+++ b/deps/npm/man/man1/npm-pkg.1
@@ -1,4 +1,4 @@
-.TH "NPM-PKG" "1" "January 2024" "" ""
+.TH "NPM-PKG" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-pkg\fR - Manages your package.json
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-prefix.1 b/deps/npm/man/man1/npm-prefix.1
index dabc60e7e6ef25..a9fc70239b5de3 100644
--- a/deps/npm/man/man1/npm-prefix.1
+++ b/deps/npm/man/man1/npm-prefix.1
@@ -1,4 +1,4 @@
-.TH "NPM-PREFIX" "1" "January 2024" "" ""
+.TH "NPM-PREFIX" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-prefix\fR - Display prefix
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-profile.1 b/deps/npm/man/man1/npm-profile.1
index 2966cf66d1c3c0..82f6af354da89e 100644
--- a/deps/npm/man/man1/npm-profile.1
+++ b/deps/npm/man/man1/npm-profile.1
@@ -1,4 +1,4 @@
-.TH "NPM-PROFILE" "1" "January 2024" "" ""
+.TH "NPM-PROFILE" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-profile\fR - Change settings on your registry profile
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-prune.1 b/deps/npm/man/man1/npm-prune.1
index af09d9962f7c93..c54bb96caee5c8 100644
--- a/deps/npm/man/man1/npm-prune.1
+++ b/deps/npm/man/man1/npm-prune.1
@@ -1,4 +1,4 @@
-.TH "NPM-PRUNE" "1" "January 2024" "" ""
+.TH "NPM-PRUNE" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-prune\fR - Remove extraneous packages
 .SS "Synopsis"
@@ -84,7 +84,7 @@ Not supported by all npm commands.
 .SS "\fBforeground-scripts\fR"
 .RS 0
 .IP \(bu 4
-Default: false
+Default: \fBfalse\fR unless when using \fBnpm pack\fR or \fBnpm publish\fR where it defaults to \fBtrue\fR
 .IP \(bu 4
 Type: Boolean
 .RE 0
diff --git a/deps/npm/man/man1/npm-publish.1 b/deps/npm/man/man1/npm-publish.1
index deaead3259a2e1..55a90c1380b487 100644
--- a/deps/npm/man/man1/npm-publish.1
+++ b/deps/npm/man/man1/npm-publish.1
@@ -1,4 +1,4 @@
-.TH "NPM-PUBLISH" "1" "January 2024" "" ""
+.TH "NPM-PUBLISH" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-publish\fR - Publish a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-query.1 b/deps/npm/man/man1/npm-query.1
index 7730ecea472b6c..3940d6e80e15e6 100644
--- a/deps/npm/man/man1/npm-query.1
+++ b/deps/npm/man/man1/npm-query.1
@@ -1,4 +1,4 @@
-.TH "NPM-QUERY" "1" "January 2024" "" ""
+.TH "NPM-QUERY" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-query\fR - Dependency selector query
 .SS "Synopsis"
@@ -138,9 +138,23 @@ an array of dependency objects is returned which can contain multiple copies of
   ...
 .fi
 .RE
-.SS "Package lock only mode"
+.SS "Expecting a certain number of results"
 .P
-If package-lock-only is enabled, only the information in the package lock (or shrinkwrap) is loaded. This means that information from the package.json files of your dependencies will not be included in the result set (e.g. description, homepage, engines).
+One common use of \fBnpm query\fR is to make sure there is only one version of a certain dependency in your tree. This is especially common for ecosystems like that rely on \fBtypescript\fR where having state split across two different but identically-named packages causes bugs. You can use the \fB--expect-results\fR or \fB--expect-result-count\fR in your setup to ensure that npm will exit with an exit code if your tree doesn't look like you want it to.
+.P
+.RS 2
+.nf
+$ npm query '#react' --expect-result-count=1
+.fi
+.RE
+.P
+Perhaps you want to quickly check if there are any production dependencies that could be updated:
+.P
+.RS 2
+.nf
+$ npm query ':root>:outdated(in-range).prod' --no-expect-results
+.fi
+.RE
 .SS "Package lock only mode"
 .P
 If package-lock-only is enabled, only the information in the package lock (or shrinkwrap) is loaded. This means that information from the package.json files of your dependencies will not be included in the result set (e.g. description, homepage, engines).
@@ -236,6 +250,30 @@ If set to true, the current operation will only use the \fBpackage-lock.json\fR,
 For \fBupdate\fR this means only the \fBpackage-lock.json\fR will be updated, instead of checking \fBnode_modules\fR and downloading dependencies.
 .P
 For \fBlist\fR this means the output will be based on the tree described by the \fBpackage-lock.json\fR, rather than the contents of \fBnode_modules\fR.
+.SS "\fBexpect-results\fR"
+.RS 0
+.IP \(bu 4
+Default: null
+.IP \(bu 4
+Type: null or Boolean
+.RE 0
+
+.P
+Tells npm whether or not to expect results from the command. Can be either true (expect some results) or false (expect no results).
+.P
+This config can not be used with: \fBexpect-result-count\fR
+.SS "\fBexpect-result-count\fR"
+.RS 0
+.IP \(bu 4
+Default: null
+.IP \(bu 4
+Type: null or Number
+.RE 0
+
+.P
+Tells to expect a specific number of results from the command.
+.P
+This config can not be used with: \fBexpect-results\fR
 .SH "SEE ALSO"
 .RS 0
 .IP \(bu 4
diff --git a/deps/npm/man/man1/npm-rebuild.1 b/deps/npm/man/man1/npm-rebuild.1
index f3e0c3ff4c6f0e..ec29b9e036471d 100644
--- a/deps/npm/man/man1/npm-rebuild.1
+++ b/deps/npm/man/man1/npm-rebuild.1
@@ -1,4 +1,4 @@
-.TH "NPM-REBUILD" "1" "January 2024" "" ""
+.TH "NPM-REBUILD" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-rebuild\fR - Rebuild a package
 .SS "Synopsis"
@@ -80,7 +80,7 @@ Set to false to have it not do this. This can be used to work around the fact th
 .SS "\fBforeground-scripts\fR"
 .RS 0
 .IP \(bu 4
-Default: false
+Default: \fBfalse\fR unless when using \fBnpm pack\fR or \fBnpm publish\fR where it defaults to \fBtrue\fR
 .IP \(bu 4
 Type: Boolean
 .RE 0
diff --git a/deps/npm/man/man1/npm-repo.1 b/deps/npm/man/man1/npm-repo.1
index 1da82d9b3b52f1..a909f41a882fd2 100644
--- a/deps/npm/man/man1/npm-repo.1
+++ b/deps/npm/man/man1/npm-repo.1
@@ -1,4 +1,4 @@
-.TH "NPM-REPO" "1" "January 2024" "" ""
+.TH "NPM-REPO" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-repo\fR - Open package repository page in the browser
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-restart.1 b/deps/npm/man/man1/npm-restart.1
index 459d99a14026c4..f83b41709ff3e1 100644
--- a/deps/npm/man/man1/npm-restart.1
+++ b/deps/npm/man/man1/npm-restart.1
@@ -1,4 +1,4 @@
-.TH "NPM-RESTART" "1" "January 2024" "" ""
+.TH "NPM-RESTART" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-restart\fR - Restart a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-root.1 b/deps/npm/man/man1/npm-root.1
index 6761a6608a4f5b..9819a9d9e5e9e1 100644
--- a/deps/npm/man/man1/npm-root.1
+++ b/deps/npm/man/man1/npm-root.1
@@ -1,4 +1,4 @@
-.TH "NPM-ROOT" "1" "January 2024" "" ""
+.TH "NPM-ROOT" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-root\fR - Display npm root
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-run-script.1 b/deps/npm/man/man1/npm-run-script.1
index 66fcf9fab78ba2..513eb7de904399 100644
--- a/deps/npm/man/man1/npm-run-script.1
+++ b/deps/npm/man/man1/npm-run-script.1
@@ -1,4 +1,4 @@
-.TH "NPM-RUN-SCRIPT" "1" "January 2024" "" ""
+.TH "NPM-RUN-SCRIPT" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-run-script\fR - Run arbitrary package scripts
 .SS "Synopsis"
@@ -195,7 +195,7 @@ Note that commands explicitly intended to run a particular script, such as \fBnp
 .SS "\fBforeground-scripts\fR"
 .RS 0
 .IP \(bu 4
-Default: false
+Default: \fBfalse\fR unless when using \fBnpm pack\fR or \fBnpm publish\fR where it defaults to \fBtrue\fR
 .IP \(bu 4
 Type: Boolean
 .RE 0
diff --git a/deps/npm/man/man1/npm-sbom.1 b/deps/npm/man/man1/npm-sbom.1
index b89c3ff35dc049..5c3016bff248e0 100644
--- a/deps/npm/man/man1/npm-sbom.1
+++ b/deps/npm/man/man1/npm-sbom.1
@@ -1,4 +1,4 @@
-.TH "NPM-SBOM" "1" "January 2024" "" ""
+.TH "NPM-SBOM" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-sbom\fR - Generate a Software Bill of Materials (SBOM)
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-search.1 b/deps/npm/man/man1/npm-search.1
index d8ffc4bbe4e8e2..3467f3256b8cb0 100644
--- a/deps/npm/man/man1/npm-search.1
+++ b/deps/npm/man/man1/npm-search.1
@@ -1,4 +1,4 @@
-.TH "NPM-SEARCH" "1" "January 2024" "" ""
+.TH "NPM-SEARCH" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-search\fR - Search for packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-shrinkwrap.1 b/deps/npm/man/man1/npm-shrinkwrap.1
index d7df87411550f5..37320600e7d922 100644
--- a/deps/npm/man/man1/npm-shrinkwrap.1
+++ b/deps/npm/man/man1/npm-shrinkwrap.1
@@ -1,4 +1,4 @@
-.TH "NPM-SHRINKWRAP" "1" "January 2024" "" ""
+.TH "NPM-SHRINKWRAP" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-shrinkwrap\fR - Lock down dependency versions for publication
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-star.1 b/deps/npm/man/man1/npm-star.1
index 610ec54213fe62..22cbdb0d3be628 100644
--- a/deps/npm/man/man1/npm-star.1
+++ b/deps/npm/man/man1/npm-star.1
@@ -1,4 +1,4 @@
-.TH "NPM-STAR" "1" "January 2024" "" ""
+.TH "NPM-STAR" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-star\fR - Mark your favorite packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-stars.1 b/deps/npm/man/man1/npm-stars.1
index eb2391b790d625..1f61a034e89c89 100644
--- a/deps/npm/man/man1/npm-stars.1
+++ b/deps/npm/man/man1/npm-stars.1
@@ -1,4 +1,4 @@
-.TH "NPM-STARS" "1" "January 2024" "" ""
+.TH "NPM-STARS" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-stars\fR - View packages marked as favorites
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-start.1 b/deps/npm/man/man1/npm-start.1
index a4cf36fdcacb75..3aebd2cb6cb71c 100644
--- a/deps/npm/man/man1/npm-start.1
+++ b/deps/npm/man/man1/npm-start.1
@@ -1,4 +1,4 @@
-.TH "NPM-START" "1" "January 2024" "" ""
+.TH "NPM-START" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-start\fR - Start a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-stop.1 b/deps/npm/man/man1/npm-stop.1
index 8fe1df7fe1f190..0129b04701b769 100644
--- a/deps/npm/man/man1/npm-stop.1
+++ b/deps/npm/man/man1/npm-stop.1
@@ -1,4 +1,4 @@
-.TH "NPM-STOP" "1" "January 2024" "" ""
+.TH "NPM-STOP" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-stop\fR - Stop a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-team.1 b/deps/npm/man/man1/npm-team.1
index c61904afc1cc82..61994725fea1ec 100644
--- a/deps/npm/man/man1/npm-team.1
+++ b/deps/npm/man/man1/npm-team.1
@@ -1,4 +1,4 @@
-.TH "NPM-TEAM" "1" "January 2024" "" ""
+.TH "NPM-TEAM" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-team\fR - Manage organization teams and team memberships
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-test.1 b/deps/npm/man/man1/npm-test.1
index 865dfc5ea794ef..d30343b3032130 100644
--- a/deps/npm/man/man1/npm-test.1
+++ b/deps/npm/man/man1/npm-test.1
@@ -1,4 +1,4 @@
-.TH "NPM-TEST" "1" "January 2024" "" ""
+.TH "NPM-TEST" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-test\fR - Test a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-token.1 b/deps/npm/man/man1/npm-token.1
index 0a42bd48c5fcbb..3eeb0763970b65 100644
--- a/deps/npm/man/man1/npm-token.1
+++ b/deps/npm/man/man1/npm-token.1
@@ -1,4 +1,4 @@
-.TH "NPM-TOKEN" "1" "January 2024" "" ""
+.TH "NPM-TOKEN" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-token\fR - Manage your authentication tokens
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-uninstall.1 b/deps/npm/man/man1/npm-uninstall.1
index 13be7457cf72f5..321b58fc391d6e 100644
--- a/deps/npm/man/man1/npm-uninstall.1
+++ b/deps/npm/man/man1/npm-uninstall.1
@@ -1,4 +1,4 @@
-.TH "NPM-UNINSTALL" "1" "January 2024" "" ""
+.TH "NPM-UNINSTALL" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-uninstall\fR - Remove a package
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-unpublish.1 b/deps/npm/man/man1/npm-unpublish.1
index 12a2fd78133444..2cf081e01f7007 100644
--- a/deps/npm/man/man1/npm-unpublish.1
+++ b/deps/npm/man/man1/npm-unpublish.1
@@ -1,4 +1,4 @@
-.TH "NPM-UNPUBLISH" "1" "January 2024" "" ""
+.TH "NPM-UNPUBLISH" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-unpublish\fR - Remove a package from the registry
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-unstar.1 b/deps/npm/man/man1/npm-unstar.1
index 8fdc2941fb60f1..700a7b3aa186b7 100644
--- a/deps/npm/man/man1/npm-unstar.1
+++ b/deps/npm/man/man1/npm-unstar.1
@@ -1,4 +1,4 @@
-.TH "NPM-UNSTAR" "1" "January 2024" "" ""
+.TH "NPM-UNSTAR" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-unstar\fR - Remove an item from your favorite packages
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-update.1 b/deps/npm/man/man1/npm-update.1
index 742fbe7f7547af..833d3446c47899 100644
--- a/deps/npm/man/man1/npm-update.1
+++ b/deps/npm/man/man1/npm-update.1
@@ -1,4 +1,4 @@
-.TH "NPM-UPDATE" "1" "January 2024" "" ""
+.TH "NPM-UPDATE" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-update\fR - Update packages
 .SS "Synopsis"
@@ -20,7 +20,7 @@ If the \fB-g\fR flag is specified, this command will update globally installed p
 .P
 If no package name is specified, all packages in the specified location (global or local) will be updated.
 .P
-Note that by default \fBnpm update\fR will not update the semver values of direct dependencies in your project \fBpackage.json\fR, if you want to also update values in \fBpackage.json\fR you can run: \fBnpm update --save\fR (or add the \fBsave=true\fR option to a npm help "configuration file" to make that the default behavior).
+Note that by default \fBnpm update\fR will not update the semver values of direct dependencies in your project \fBpackage.json\fR. If you want to also update values in \fBpackage.json\fR you can run: \fBnpm update --save\fR (or add the \fBsave=true\fR option to a npm help "configuration file" to make that the default behavior).
 .SS "Example"
 .P
 For the examples below, assume that the current package is \fBapp\fR and it depends on dependencies, \fBdep1\fR (\fBdep2\fR, .. etc.). The published versions of \fBdep1\fR are:
@@ -68,7 +68,7 @@ However, if \fBapp\fR's \fBpackage.json\fR contains:
 .fi
 .RE
 .P
-In this case, running \fBnpm update\fR will install \fBdep1@1.1.2\fR. Even though the \fBlatest\fR tag points to \fB1.2.2\fR, this version do not satisfy \fB~1.1.1\fR, which is equivalent to \fB>=1.1.1 <1.2.0\fR. So the highest-sorting version that satisfies \fB~1.1.1\fR is used, which is \fB1.1.2\fR.
+In this case, running \fBnpm update\fR will install \fBdep1@1.1.2\fR. Even though the \fBlatest\fR tag points to \fB1.2.2\fR, this version does not satisfy \fB~1.1.1\fR, which is equivalent to \fB>=1.1.1 <1.2.0\fR. So the highest-sorting version that satisfies \fB~1.1.1\fR is used, which is \fB1.1.2\fR.
 .SS "Caret Dependencies below 1.0.0"
 .P
 Suppose \fBapp\fR has a caret dependency on a version below \fB1.0.0\fR, for example:
@@ -81,7 +81,7 @@ Suppose \fBapp\fR has a caret dependency on a version below \fB1.0.0\fR, for exa
 .fi
 .RE
 .P
-\fBnpm update\fR will install \fBdep1@0.2.0\fR, because there are no other versions which satisfy \fB^0.2.0\fR.
+\fBnpm update\fR will install \fBdep1@0.2.0\fR.
 .P
 If the dependence were on \fB^0.4.0\fR:
 .P
@@ -256,7 +256,7 @@ If set to false, then ignore \fBpackage-lock.json\fR files when installing. This
 .SS "\fBforeground-scripts\fR"
 .RS 0
 .IP \(bu 4
-Default: false
+Default: \fBfalse\fR unless when using \fBnpm pack\fR or \fBnpm publish\fR where it defaults to \fBtrue\fR
 .IP \(bu 4
 Type: Boolean
 .RE 0
diff --git a/deps/npm/man/man1/npm-version.1 b/deps/npm/man/man1/npm-version.1
index f4a976fafa39d9..be406e39b084fe 100644
--- a/deps/npm/man/man1/npm-version.1
+++ b/deps/npm/man/man1/npm-version.1
@@ -1,4 +1,4 @@
-.TH "NPM-VERSION" "1" "January 2024" "" ""
+.TH "NPM-VERSION" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-version\fR - Bump a package version
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-view.1 b/deps/npm/man/man1/npm-view.1
index 7ce90e336e3154..8258a85f30be75 100644
--- a/deps/npm/man/man1/npm-view.1
+++ b/deps/npm/man/man1/npm-view.1
@@ -1,4 +1,4 @@
-.TH "NPM-VIEW" "1" "January 2024" "" ""
+.TH "NPM-VIEW" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-view\fR - View registry info
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm-whoami.1 b/deps/npm/man/man1/npm-whoami.1
index bead7976024f53..6ac250c269fd34 100644
--- a/deps/npm/man/man1/npm-whoami.1
+++ b/deps/npm/man/man1/npm-whoami.1
@@ -1,4 +1,4 @@
-.TH "NPM-WHOAMI" "1" "January 2024" "" ""
+.TH "NPM-WHOAMI" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-whoami\fR - Display npm username
 .SS "Synopsis"
diff --git a/deps/npm/man/man1/npm.1 b/deps/npm/man/man1/npm.1
index a1844237f29f23..aee40ff5bac8ff 100644
--- a/deps/npm/man/man1/npm.1
+++ b/deps/npm/man/man1/npm.1
@@ -1,4 +1,4 @@
-.TH "NPM" "1" "January 2024" "" ""
+.TH "NPM" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpm\fR - javascript package manager
 .SS "Synopsis"
@@ -12,7 +12,7 @@ npm
 Note: This command is unaware of workspaces.
 .SS "Version"
 .P
-10.3.0
+10.5.0
 .SS "Description"
 .P
 npm is the package manager for the Node JavaScript platform. It puts modules in place so that node can find them, and manages dependency conflicts intelligently.
diff --git a/deps/npm/man/man1/npx.1 b/deps/npm/man/man1/npx.1
index 44833d0c7a575c..155451463a0729 100644
--- a/deps/npm/man/man1/npx.1
+++ b/deps/npm/man/man1/npx.1
@@ -1,4 +1,4 @@
-.TH "NPX" "1" "January 2024" "" ""
+.TH "NPX" "1" "February 2024" "" ""
 .SH "NAME"
 \fBnpx\fR - Run a command from a local or remote npm package
 .SS "Synopsis"
diff --git a/deps/npm/man/man5/folders.5 b/deps/npm/man/man5/folders.5
index 73d1862bab4fb1..de010820184ef4 100644
--- a/deps/npm/man/man5/folders.5
+++ b/deps/npm/man/man5/folders.5
@@ -1,4 +1,4 @@
-.TH "FOLDERS" "5" "January 2024" "" ""
+.TH "FOLDERS" "5" "February 2024" "" ""
 .SH "NAME"
 \fBfolders\fR - Folder Structures Used by npm
 .SS "Description"
diff --git a/deps/npm/man/man5/install.5 b/deps/npm/man/man5/install.5
index 0e3d7170254218..85a83de6062b8f 100644
--- a/deps/npm/man/man5/install.5
+++ b/deps/npm/man/man5/install.5
@@ -1,4 +1,4 @@
-.TH "INSTALL" "5" "January 2024" "" ""
+.TH "INSTALL" "5" "February 2024" "" ""
 .SH "NAME"
 \fBinstall\fR - Download and install node and npm
 .SS "Description"
diff --git a/deps/npm/man/man5/npm-global.5 b/deps/npm/man/man5/npm-global.5
index 73d1862bab4fb1..de010820184ef4 100644
--- a/deps/npm/man/man5/npm-global.5
+++ b/deps/npm/man/man5/npm-global.5
@@ -1,4 +1,4 @@
-.TH "FOLDERS" "5" "January 2024" "" ""
+.TH "FOLDERS" "5" "February 2024" "" ""
 .SH "NAME"
 \fBfolders\fR - Folder Structures Used by npm
 .SS "Description"
diff --git a/deps/npm/man/man5/npm-json.5 b/deps/npm/man/man5/npm-json.5
index eb82f2539897a8..61405e54c35d70 100644
--- a/deps/npm/man/man5/npm-json.5
+++ b/deps/npm/man/man5/npm-json.5
@@ -1,4 +1,4 @@
-.TH "PACKAGE.JSON" "5" "January 2024" "" ""
+.TH "PACKAGE.JSON" "5" "February 2024" "" ""
 .SH "NAME"
 \fBpackage.json\fR - Specifics of npm's package.json handling
 .SS "Description"
@@ -686,7 +686,7 @@ in which case they will be normalized to a relative path and added to your \fBpa
 .fi
 .RE
 .P
-This feature is helpful for local offline development and creating tests that require npm installing where you don't want to hit an external server, but should not be used when publishing packages to the public registry.
+This feature is helpful for local offline development and creating tests that require npm installing where you don't want to hit an external server, but should not be used when publishing your package to the public registry.
 .P
 \fInote\fR: Packages linked by local path will not have their own dependencies installed when \fBnpm install\fR is ran in this case. You must run \fBnpm install\fR from inside the local path itself.
 .SS "devDependencies"
diff --git a/deps/npm/man/man5/npm-shrinkwrap-json.5 b/deps/npm/man/man5/npm-shrinkwrap-json.5
index 5a18abb999e0ff..b3abb0cc092c2a 100644
--- a/deps/npm/man/man5/npm-shrinkwrap-json.5
+++ b/deps/npm/man/man5/npm-shrinkwrap-json.5
@@ -1,4 +1,4 @@
-.TH "NPM-SHRINKWRAP.JSON" "5" "January 2024" "" ""
+.TH "NPM-SHRINKWRAP.JSON" "5" "February 2024" "" ""
 .SH "NAME"
 \fBnpm-shrinkwrap.json\fR - A publishable lockfile
 .SS "Description"
diff --git a/deps/npm/man/man5/npmrc.5 b/deps/npm/man/man5/npmrc.5
index 4af73a99fea2cd..c86c21b155dbd7 100644
--- a/deps/npm/man/man5/npmrc.5
+++ b/deps/npm/man/man5/npmrc.5
@@ -1,4 +1,4 @@
-.TH "NPMRC" "5" "January 2024" "" ""
+.TH "NPMRC" "5" "February 2024" "" ""
 .SH "NAME"
 \fBnpmrc\fR - The npm config files
 .SS "Description"
diff --git a/deps/npm/man/man5/package-json.5 b/deps/npm/man/man5/package-json.5
index eb82f2539897a8..61405e54c35d70 100644
--- a/deps/npm/man/man5/package-json.5
+++ b/deps/npm/man/man5/package-json.5
@@ -1,4 +1,4 @@
-.TH "PACKAGE.JSON" "5" "January 2024" "" ""
+.TH "PACKAGE.JSON" "5" "February 2024" "" ""
 .SH "NAME"
 \fBpackage.json\fR - Specifics of npm's package.json handling
 .SS "Description"
@@ -686,7 +686,7 @@ in which case they will be normalized to a relative path and added to your \fBpa
 .fi
 .RE
 .P
-This feature is helpful for local offline development and creating tests that require npm installing where you don't want to hit an external server, but should not be used when publishing packages to the public registry.
+This feature is helpful for local offline development and creating tests that require npm installing where you don't want to hit an external server, but should not be used when publishing your package to the public registry.
 .P
 \fInote\fR: Packages linked by local path will not have their own dependencies installed when \fBnpm install\fR is ran in this case. You must run \fBnpm install\fR from inside the local path itself.
 .SS "devDependencies"
diff --git a/deps/npm/man/man5/package-lock-json.5 b/deps/npm/man/man5/package-lock-json.5
index 6172a8ba0e8340..ceea2b43da89e2 100644
--- a/deps/npm/man/man5/package-lock-json.5
+++ b/deps/npm/man/man5/package-lock-json.5
@@ -1,4 +1,4 @@
-.TH "PACKAGE-LOCK.JSON" "5" "January 2024" "" ""
+.TH "PACKAGE-LOCK.JSON" "5" "February 2024" "" ""
 .SH "NAME"
 \fBpackage-lock.json\fR - A manifestation of the manifest
 .SS "Description"
diff --git a/deps/npm/man/man7/config.7 b/deps/npm/man/man7/config.7
index 308e1632b43215..181a7d6a469a9e 100644
--- a/deps/npm/man/man7/config.7
+++ b/deps/npm/man/man7/config.7
@@ -1,8 +1,10 @@
-.TH "CONFIG" "7" "January 2024" "" ""
+.TH "CONFIG" "7" "February 2024" "" ""
 .SH "NAME"
 \fBconfig\fR - More than you probably want to know about npm configuration
 .SS "Description"
 .P
+This article details npm configuration in general. To learn about the \fBconfig\fR command, see npm help config.
+.P
 npm gets its configuration values from the following sources, sorted by priority:
 .SS "Command Line Flags"
 .P
@@ -498,6 +500,30 @@ Type: Boolean
 If set to true, then npm will stubbornly refuse to install (or even consider installing) any package that claims to not be compatible with the current Node.js version.
 .P
 This can be overridden by setting the \fB--force\fR flag.
+.SS "\fBexpect-result-count\fR"
+.RS 0
+.IP \(bu 4
+Default: null
+.IP \(bu 4
+Type: null or Number
+.RE 0
+
+.P
+Tells to expect a specific number of results from the command.
+.P
+This config can not be used with: \fBexpect-results\fR
+.SS "\fBexpect-results\fR"
+.RS 0
+.IP \(bu 4
+Default: null
+.IP \(bu 4
+Type: null or Boolean
+.RE 0
+
+.P
+Tells npm whether or not to expect results from the command. Can be either true (expect some results) or false (expect no results).
+.P
+This config can not be used with: \fBexpect-result-count\fR
 .SS "\fBfetch-retries\fR"
 .RS 0
 .IP \(bu 4
@@ -590,7 +616,7 @@ If you don't have a clear idea of what you want to do, it is strongly recommende
 .SS "\fBforeground-scripts\fR"
 .RS 0
 .IP \(bu 4
-Default: false
+Default: \fBfalse\fR unless when using \fBnpm pack\fR or \fBnpm publish\fR where it defaults to \fBtrue\fR
 .IP \(bu 4
 Type: Boolean
 .RE 0
diff --git a/deps/npm/man/man7/dependency-selectors.7 b/deps/npm/man/man7/dependency-selectors.7
index 489f33f3f38a3b..78f451177e3172 100644
--- a/deps/npm/man/man7/dependency-selectors.7
+++ b/deps/npm/man/man7/dependency-selectors.7
@@ -1,4 +1,4 @@
-.TH "QUERYING" "7" "January 2024" "" ""
+.TH "QUERYING" "7" "February 2024" "" ""
 .SH "NAME"
 \fBQuerying\fR - Dependency Selector Syntax & Querying
 .SS "Description"
@@ -15,7 +15,7 @@ Unlocks the ability to answer complex, multi-faceted questions about dependencie
 Consolidates redundant logic of similar query commands in \fBnpm\fR (ex. \fBnpm fund\fR, \fBnpm ls\fR, \fBnpm outdated\fR, \fBnpm audit\fR ...)
 .RE 0
 
-.SS "Dependency Selector Syntax \fBv1.0.0\fR"
+.SS "Dependency Selector Syntax"
 .SS "Overview:"
 .RS 0
 .IP \(bu 4
@@ -102,6 +102,8 @@ the term "dependencies" is in reference to any \fBNode\fR found in a \fBtree\fR
 \fB:type()\fR \fBbased on currently recognized types\fR \fI\(lahttps://github.com/npm/npm-package-arg#result-object\(ra\fR
 .IP \(bu 4
 \fB:outdated()\fR when a dependency is outdated
+.IP \(bu 4
+\fB:vuln()\fR when a dependency has a known vulnerability
 .RE 0
 
 .SS "\fB:semver(, \[lB]selector\[rB], \[lB]function\[rB])\fR"
@@ -136,9 +138,9 @@ The \fB:outdated\fR pseudo selector retrieves data from the registry and returns
 .IP \(bu 4
 \fBany\fR (default) a version exists that is greater than the current one
 .IP \(bu 4
-\fBin-range\fR a version exists that is greater than the current one, and satisfies at least one if its dependents
+\fBin-range\fR a version exists that is greater than the current one, and satisfies at least one if its parent's dependencies
 .IP \(bu 4
-\fBout-of-range\fR a version exists that is greater than the current one, does not satisfy at least one of its dependents
+\fBout-of-range\fR a version exists that is greater than the current one, does not satisfy at least one of its parent's dependencies
 .IP \(bu 4
 \fBmajor\fR a version exists that is a semver major greater than the current one
 .IP \(bu 4
@@ -164,7 +166,27 @@ Some examples:
 .IP \(bu 4
 \fB:root > :outdated(major)\fR returns every direct dependency that has a new semver major release
 .IP \(bu 4
-\fB.prod:outdated(in-range)\fR returns production dependencies that have a new release that satisfies at least one of its edges in
+\fB.prod:outdated(in-range)\fR returns production dependencies that have a new release that satisfies at least one of its parent's dependencies
+.RE 0
+
+.SS "\fB:vuln\fR"
+.P
+The \fB:vuln\fR pseudo selector retrieves data from the registry and returns information about which if your dependencies has a known vulnerability. Only dependencies whose current version matches a vulnerability will be returned. For example if you have \fBsemver@7.6.0\fR in your tree, a vulnerability for \fBsemver\fR which affects versions \fB<=6.3.1\fR will not match.
+.P
+You can also filter results by certain attributes in advisories. Currently that includes \fBseverity\fR and \fBcwe\fR. Note that severity filtering is done per severity, it does not include severities "higher" or "lower" than the one specified.
+.P
+In addition to the filtering performed by the pseudo selector, info about each relevant advisory will be added to the \fBqueryContext\fR attribute of each node under the \fBadvisories\fR attribute.
+.P
+Some examples:
+.RS 0
+.IP \(bu 4
+\fB:root > .prod:vuln\fR returns direct production dependencies with any known vulnerability
+.IP \(bu 4
+\fB:vuln(\[lB]severity=high\[rB])\fR returns only dependencies with a vulnerability with a \fBhigh\fR severity.
+.IP \(bu 4
+\fB:vuln(\[lB]severity=high\[rB],\[lB]severity=moderate\[rB])\fR returns only dependencies with a vulnerability with a \fBhigh\fR or \fBmoderate\fR severity.
+.IP \(bu 4
+\fB:vuln(\[lB]cwe=1333\[rB])\fR returns only dependencies with a vulnerability that includes CWE-1333 (ReDoS)
 .RE 0
 
 .SS "\fBAttribute Selectors\fR \fI\(lahttps://developer.mozilla.org/en-US/docs/Web/CSS/Attribute_selectors\(ra\fR"
@@ -174,7 +196,7 @@ The attribute selector evaluates the key/value pairs in \fBpackage.json\fR if th
 .IP \(bu 4
 \fB\[lB]\[rB]\fR attribute selector (ie. existence of attribute)
 .IP \(bu 4
-\fB\[lB]attribute=value\[rB]\fR attribute value is equivalant...
+\fB\[lB]attribute=value\[rB]\fR attribute value is equivalent...
 .IP \(bu 4
 \fB\[lB]attribute~=value\[rB]\fR attribute value contains word...
 .IP \(bu 4
diff --git a/deps/npm/man/man7/developers.7 b/deps/npm/man/man7/developers.7
index b259049ab72e5c..8dd07548d9b873 100644
--- a/deps/npm/man/man7/developers.7
+++ b/deps/npm/man/man7/developers.7
@@ -1,4 +1,4 @@
-.TH "DEVELOPERS" "7" "January 2024" "" ""
+.TH "DEVELOPERS" "7" "February 2024" "" ""
 .SH "NAME"
 \fBdevelopers\fR - Developer Guide
 .SS "Description"
diff --git a/deps/npm/man/man7/logging.7 b/deps/npm/man/man7/logging.7
index c0340e820fa731..b85fb4c47cfcdc 100644
--- a/deps/npm/man/man7/logging.7
+++ b/deps/npm/man/man7/logging.7
@@ -1,4 +1,4 @@
-.TH "LOGGING" "7" "January 2024" "" ""
+.TH "LOGGING" "7" "February 2024" "" ""
 .SH "NAME"
 \fBLogging\fR - Why, What & How We Log
 .SS "Description"
diff --git a/deps/npm/man/man7/orgs.7 b/deps/npm/man/man7/orgs.7
index b37092693719f6..36850dd961897d 100644
--- a/deps/npm/man/man7/orgs.7
+++ b/deps/npm/man/man7/orgs.7
@@ -1,4 +1,4 @@
-.TH "ORGS" "7" "January 2024" "" ""
+.TH "ORGS" "7" "February 2024" "" ""
 .SH "NAME"
 \fBorgs\fR - Working with Teams & Orgs
 .SS "Description"
diff --git a/deps/npm/man/man7/package-spec.7 b/deps/npm/man/man7/package-spec.7
index d189b6273127d6..c9d309ccbbdbe0 100644
--- a/deps/npm/man/man7/package-spec.7
+++ b/deps/npm/man/man7/package-spec.7
@@ -1,4 +1,4 @@
-.TH "PACKAGE-SPEC" "7" "January 2024" "" ""
+.TH "PACKAGE-SPEC" "7" "February 2024" "" ""
 .SH "NAME"
 \fBpackage-spec\fR - Package name specifier
 .SS "Description"
diff --git a/deps/npm/man/man7/registry.7 b/deps/npm/man/man7/registry.7
index 08a7778a18d54d..c0e4474c09010e 100644
--- a/deps/npm/man/man7/registry.7
+++ b/deps/npm/man/man7/registry.7
@@ -1,4 +1,4 @@
-.TH "REGISTRY" "7" "January 2024" "" ""
+.TH "REGISTRY" "7" "February 2024" "" ""
 .SH "NAME"
 \fBregistry\fR - The JavaScript Package Registry
 .SS "Description"
diff --git a/deps/npm/man/man7/removal.7 b/deps/npm/man/man7/removal.7
index af0e2320303c8d..a846bcca25ffd3 100644
--- a/deps/npm/man/man7/removal.7
+++ b/deps/npm/man/man7/removal.7
@@ -1,4 +1,4 @@
-.TH "REMOVAL" "7" "January 2024" "" ""
+.TH "REMOVAL" "7" "February 2024" "" ""
 .SH "NAME"
 \fBremoval\fR - Cleaning the Slate
 .SS "Synopsis"
diff --git a/deps/npm/man/man7/scope.7 b/deps/npm/man/man7/scope.7
index 7a753f73aec1dc..eb6fe9b6d822e9 100644
--- a/deps/npm/man/man7/scope.7
+++ b/deps/npm/man/man7/scope.7
@@ -1,4 +1,4 @@
-.TH "SCOPE" "7" "January 2024" "" ""
+.TH "SCOPE" "7" "February 2024" "" ""
 .SH "NAME"
 \fBscope\fR - Scoped packages
 .SS "Description"
@@ -95,7 +95,7 @@ You can also associate a scope with a registry using \fBnpm config\fR:
 .P
 .RS 2
 .nf
-npm config set @myco:registry http://reg.example.com
+npm config set @myco:registry=http://reg.example.com
 .fi
 .RE
 .P
diff --git a/deps/npm/man/man7/scripts.7 b/deps/npm/man/man7/scripts.7
index 60f252bd137b62..e88a9c4e69519f 100644
--- a/deps/npm/man/man7/scripts.7
+++ b/deps/npm/man/man7/scripts.7
@@ -1,4 +1,4 @@
-.TH "SCRIPTS" "7" "January 2024" "" ""
+.TH "SCRIPTS" "7" "February 2024" "" ""
 .SH "NAME"
 \fBscripts\fR - How npm handles the "scripts" field
 .SS "Description"
@@ -349,14 +349,13 @@ For example, if your package.json contains this:
 {
   "scripts" : {
     "install" : "scripts/install.js",
-    "postinstall" : "scripts/install.js",
-    "uninstall" : "scripts/uninstall.js"
+    "postinstall" : "scripts/install.js"
   }
 }
 .fi
 .RE
 .P
-then \fBscripts/install.js\fR will be called for the install and post-install stages of the lifecycle, and \fBscripts/uninstall.js\fR will be called when the package is uninstalled. Since \fBscripts/install.js\fR is running for two different phases, it would be wise in this case to look at the \fBnpm_lifecycle_event\fR environment variable.
+then \fBscripts/install.js\fR will be called for the install and post-install stages of the lifecycle. Since \fBscripts/install.js\fR is running for two different phases, it would be wise in this case to look at the \fBnpm_lifecycle_event\fR environment variable.
 .P
 If you want to run a make command, you can do so. This works just fine:
 .P
@@ -381,7 +380,7 @@ Note that these script files don't have to be Node.js or even JavaScript program
 .SS "Best Practices"
 .RS 0
 .IP \(bu 4
-Don't exit with a non-zero error code unless you \fIreally\fR mean it. Except for uninstall scripts, this will cause the npm action to fail, and potentially be rolled back. If the failure is minor or only will prevent some optional features, then it's better to just print a warning and exit successfully.
+Don't exit with a non-zero error code unless you \fIreally\fR mean it. If the failure is minor or only will prevent some optional features, then it's better to just print a warning and exit successfully.
 .IP \(bu 4
 Try not to use scripts to do what npm can do for you. Read through \fB\fBpackage.json\fR\fR \fI\(la/configuring-npm/package-json\(ra\fR to see all the things that you can specify and enable by simply describing your package appropriately. In general, this will lead to a more robust and consistent state.
 .IP \(bu 4
diff --git a/deps/npm/man/man7/workspaces.7 b/deps/npm/man/man7/workspaces.7
index 4d261469a1835f..9db114e4ded21b 100644
--- a/deps/npm/man/man7/workspaces.7
+++ b/deps/npm/man/man7/workspaces.7
@@ -1,11 +1,11 @@
-.TH "WORKSPACES" "7" "January 2024" "" ""
+.TH "WORKSPACES" "7" "February 2024" "" ""
 .SH "NAME"
 \fBworkspaces\fR - Working with workspaces
 .SS "Description"
 .P
-\fBWorkspaces\fR is a generic term that refers to the set of features in the npm cli that provides support to managing multiple packages from your local file system from within a singular top-level, root package.
+\fBWorkspaces\fR is a generic term that refers to the set of features in the npm cli that provides support for managing multiple packages from your local file system from within a singular top-level, root package.
 .P
-This set of features makes up for a much more streamlined workflow handling linked packages from the local file system. Automating the linking process as part of \fBnpm install\fR and avoiding manually having to use \fBnpm link\fR in order to add references to packages that should be symlinked into the current \fBnode_modules\fR folder.
+This set of features makes up for a much more streamlined workflow handling linked packages from the local file system. It automates the linking process as part of \fBnpm install\fR and removes the need to manually use \fBnpm link\fR in order to add references to packages that should be symlinked into the current \fBnode_modules\fR folder.
 .P
 We also refer to these packages being auto-symlinked during \fBnpm install\fR as a single \fBworkspace\fR, meaning it's a nested package within the current local file system that is explicitly defined in the \fB\fBpackage.json\fR\fR \fI\(la/configuring-npm/package-json#workspaces\(ra\fR \fBworkspaces\fR configuration.
 .SS "Defining workspaces"
@@ -91,7 +91,7 @@ npm install abbrev -w a
 Note: other installing commands such as \fBuninstall\fR, \fBci\fR, etc will also respect the provided \fBworkspace\fR configuration.
 .SS "Using workspaces"
 .P
-Given the \fBspecifities of how Node.js handles module resolution\fR \fI\(lahttps://nodejs.org/dist/latest-v14.x/docs/api/modules.html#modules_all_together\(ra\fR it's possible to consume any defined workspace by its declared \fBpackage.json\fR \fBname\fR. Continuing from the example defined above, let's also create a Node.js script that will require the workspace \fBa\fR example module, e.g:
+Given the \fBspecifics of how Node.js handles module resolution\fR \fI\(lahttps://nodejs.org/dist/latest-v14.x/docs/api/modules.html#modules_all_together\(ra\fR it's possible to consume any defined workspace by its declared \fBpackage.json\fR \fBname\fR. Continuing from the example defined above, let's also create a Node.js script that will require the workspace \fBa\fR example module, e.g:
 .P
 .RS 2
 .nf
diff --git a/deps/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex/index.js b/deps/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex/index.js
new file mode 100644
index 00000000000000..130a0929b8ce8c
--- /dev/null
+++ b/deps/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex/index.js
@@ -0,0 +1,8 @@
+export default function ansiRegex({onlyFirst = false} = {}) {
+	const pattern = [
+	    '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
+		'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
+	].join('|');
+
+	return new RegExp(pattern, onlyFirst ? undefined : 'g');
+}
diff --git a/deps/npm/node_modules/cli-columns/node_modules/ansi-regex/license b/deps/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex/license
similarity index 92%
rename from deps/npm/node_modules/cli-columns/node_modules/ansi-regex/license
rename to deps/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex/license
index e7af2f77107d73..fa7ceba3eb4a96 100644
--- a/deps/npm/node_modules/cli-columns/node_modules/ansi-regex/license
+++ b/deps/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex/license
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) Sindre Sorhus  (sindresorhus.com)
+Copyright (c) Sindre Sorhus  (https://sindresorhus.com)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
diff --git a/deps/npm/node_modules/cli-columns/node_modules/ansi-regex/package.json b/deps/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex/package.json
similarity index 75%
rename from deps/npm/node_modules/cli-columns/node_modules/ansi-regex/package.json
rename to deps/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex/package.json
index 017f53116a9e28..7bbb563bf2a70a 100644
--- a/deps/npm/node_modules/cli-columns/node_modules/ansi-regex/package.json
+++ b/deps/npm/node_modules/@isaacs/cliui/node_modules/ansi-regex/package.json
@@ -1,16 +1,19 @@
 {
 	"name": "ansi-regex",
-	"version": "5.0.1",
+	"version": "6.0.1",
 	"description": "Regular expression for matching ANSI escape codes",
 	"license": "MIT",
 	"repository": "chalk/ansi-regex",
+	"funding": "https://github.com/chalk/ansi-regex?sponsor=1",
 	"author": {
 		"name": "Sindre Sorhus",
 		"email": "sindresorhus@gmail.com",
-		"url": "sindresorhus.com"
+		"url": "https://sindresorhus.com"
 	},
+	"type": "module",
+	"exports": "./index.js",
 	"engines": {
-		"node": ">=8"
+		"node": ">=12"
 	},
 	"scripts": {
 		"test": "xo && ava && tsd",
@@ -48,8 +51,8 @@
 		"pattern"
 	],
 	"devDependencies": {
-		"ava": "^2.4.0",
-		"tsd": "^0.9.0",
-		"xo": "^0.25.3"
+		"ava": "^3.15.0",
+		"tsd": "^0.14.0",
+		"xo": "^0.38.2"
 	}
 }
diff --git a/deps/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi/index.js b/deps/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi/index.js
new file mode 100644
index 00000000000000..ba19750e64e061
--- /dev/null
+++ b/deps/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi/index.js
@@ -0,0 +1,14 @@
+import ansiRegex from 'ansi-regex';
+
+const regex = ansiRegex();
+
+export default function stripAnsi(string) {
+	if (typeof string !== 'string') {
+		throw new TypeError(`Expected a \`string\`, got \`${typeof string}\``);
+	}
+
+	// Even though the regex is global, we don't need to reset the `.lastIndex`
+	// because unlike `.exec()` and `.test()`, `.replace()` does it automatically
+	// and doing it manually has a performance penalty.
+	return string.replace(regex, '');
+}
diff --git a/deps/npm/node_modules/cli-columns/node_modules/strip-ansi/license b/deps/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi/license
similarity index 92%
rename from deps/npm/node_modules/cli-columns/node_modules/strip-ansi/license
rename to deps/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi/license
index e7af2f77107d73..fa7ceba3eb4a96 100644
--- a/deps/npm/node_modules/cli-columns/node_modules/strip-ansi/license
+++ b/deps/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi/license
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) Sindre Sorhus  (sindresorhus.com)
+Copyright (c) Sindre Sorhus  (https://sindresorhus.com)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
diff --git a/deps/npm/node_modules/gauge/node_modules/strip-ansi/package.json b/deps/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi/package.json
similarity index 71%
rename from deps/npm/node_modules/gauge/node_modules/strip-ansi/package.json
rename to deps/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi/package.json
index 1a41108d42831c..e1f455c325b007 100644
--- a/deps/npm/node_modules/gauge/node_modules/strip-ansi/package.json
+++ b/deps/npm/node_modules/@isaacs/cliui/node_modules/strip-ansi/package.json
@@ -1,16 +1,19 @@
 {
 	"name": "strip-ansi",
-	"version": "6.0.1",
+	"version": "7.1.0",
 	"description": "Strip ANSI escape codes from a string",
 	"license": "MIT",
 	"repository": "chalk/strip-ansi",
+	"funding": "https://github.com/chalk/strip-ansi?sponsor=1",
 	"author": {
 		"name": "Sindre Sorhus",
 		"email": "sindresorhus@gmail.com",
-		"url": "sindresorhus.com"
+		"url": "https://sindresorhus.com"
 	},
+	"type": "module",
+	"exports": "./index.js",
 	"engines": {
-		"node": ">=8"
+		"node": ">=12"
 	},
 	"scripts": {
 		"test": "xo && ava && tsd"
@@ -44,11 +47,11 @@
 		"text"
 	],
 	"dependencies": {
-		"ansi-regex": "^5.0.1"
+		"ansi-regex": "^6.0.1"
 	},
 	"devDependencies": {
-		"ava": "^2.4.0",
-		"tsd": "^0.10.0",
-		"xo": "^0.25.3"
+		"ava": "^3.15.0",
+		"tsd": "^0.17.0",
+		"xo": "^0.44.0"
 	}
 }
diff --git a/deps/npm/node_modules/@npmcli/agent/lib/agents.js b/deps/npm/node_modules/@npmcli/agent/lib/agents.js
index 15aa8e8764b4d6..ffd299f3d2ba69 100644
--- a/deps/npm/node_modules/@npmcli/agent/lib/agents.js
+++ b/deps/npm/node_modules/@npmcli/agent/lib/agents.js
@@ -62,7 +62,7 @@ module.exports = class Agent extends AgentBase {
 
     let ProxyAgent = this.#ProxyAgent
     if (Array.isArray(ProxyAgent)) {
-      ProxyAgent = options.secureEndpoint ? ProxyAgent[1] : ProxyAgent[0]
+      ProxyAgent = this.isSecureEndpoint(options) ? ProxyAgent[1] : ProxyAgent[0]
     }
 
     const proxyAgent = new ProxyAgent(proxy, this.#options)
@@ -106,6 +106,7 @@ module.exports = class Agent extends AgentBase {
 
     let socket
     let timeout = this.#timeouts.connection
+    const isSecureEndpoint = this.isSecureEndpoint(options)
 
     const proxy = this.#getProxy(options)
     if (proxy) {
@@ -124,7 +125,7 @@ module.exports = class Agent extends AgentBase {
         timeout = timeout - (Date.now() - start)
       }
     } else {
-      socket = (options.secureEndpoint ? tls : net).connect(options)
+      socket = (isSecureEndpoint ? tls : net).connect(options)
     }
 
     socket.setKeepAlive(this.keepAlive, this.keepAliveMsecs)
@@ -133,8 +134,8 @@ module.exports = class Agent extends AgentBase {
     const abortController = new AbortController()
     const { signal } = abortController
 
-    const connectPromise = socket[options.secureEndpoint ? 'secureConnecting' : 'connecting']
-      ? once(socket, options.secureEndpoint ? 'secureConnect' : 'connect', { signal })
+    const connectPromise = socket[isSecureEndpoint ? 'secureConnecting' : 'connecting']
+      ? once(socket, isSecureEndpoint ? 'secureConnect' : 'connect', { signal })
       : Promise.resolve()
 
     await this.#timeoutConnection({
diff --git a/deps/npm/node_modules/@npmcli/agent/package.json b/deps/npm/node_modules/@npmcli/agent/package.json
index 7d3d6802947d99..ce240b283a42c9 100644
--- a/deps/npm/node_modules/@npmcli/agent/package.json
+++ b/deps/npm/node_modules/@npmcli/agent/package.json
@@ -1,12 +1,12 @@
 {
   "name": "@npmcli/agent",
-  "version": "2.2.0",
+  "version": "2.2.1",
   "description": "the http/https agent used by the npm cli",
   "main": "lib/index.js",
   "scripts": {
     "gencerts": "bash scripts/create-cert.sh",
     "test": "tap",
-    "lint": "eslint \"**/*.js\"",
+    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
     "postlint": "template-oss-check",
     "template-oss-apply": "template-oss-apply --force",
     "lintfix": "npm run lint -- --fix",
@@ -28,7 +28,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.19.0",
+    "version": "4.21.3",
     "publish": "true"
   },
   "dependencies": {
@@ -40,7 +40,7 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.19.0",
+    "@npmcli/template-oss": "4.21.3",
     "minipass-fetch": "^3.0.3",
     "nock": "^13.2.7",
     "semver": "^7.5.4",
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/audit.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/audit.js
deleted file mode 100644
index af260bdc996fc7..00000000000000
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/audit.js
+++ /dev/null
@@ -1,51 +0,0 @@
-// mixin implementing the audit method
-
-const AuditReport = require('../audit-report.js')
-
-// shared with reify
-const _global = Symbol.for('global')
-const _workspaces = Symbol.for('workspaces')
-const _includeWorkspaceRoot = Symbol.for('includeWorkspaceRoot')
-
-module.exports = cls => class Auditor extends cls {
-  async audit (options = {}) {
-    this.addTracker('audit')
-    if (this[_global]) {
-      throw Object.assign(
-        new Error('`npm audit` does not support testing globals'),
-        { code: 'EAUDITGLOBAL' }
-      )
-    }
-
-    // allow the user to set options on the ctor as well.
-    // XXX: deprecate separate method options objects.
-    options = { ...this.options, ...options }
-
-    process.emit('time', 'audit')
-    let tree
-    if (options.packageLock === false) {
-      // build ideal tree
-      await this.loadActual(options)
-      await this.buildIdealTree()
-      tree = this.idealTree
-    } else {
-      tree = await this.loadVirtual()
-    }
-    if (this[_workspaces] && this[_workspaces].length) {
-      options.filterSet = this.workspaceDependencySet(
-        tree,
-        this[_workspaces],
-        this[_includeWorkspaceRoot]
-      )
-    }
-    if (!options.workspacesEnabled) {
-      options.filterSet =
-        this.excludeWorkspacesDependencySet(tree)
-    }
-    this.auditReport = await AuditReport.load(tree, options)
-    const ret = options.fix ? this.reify(options) : this.auditReport
-    process.emit('timeEnd', 'audit')
-    this.finishTracker('audit')
-    return ret
-  }
-}
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
index d04ddf27b69650..8ceb6b72123f68 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js
@@ -4,7 +4,7 @@ const rpj = require('read-package-json-fast')
 const npa = require('npm-package-arg')
 const pacote = require('pacote')
 const cacache = require('cacache')
-const promiseCallLimit = require('promise-call-limit')
+const { callLimit: promiseCallLimit } = require('promise-call-limit')
 const realpath = require('../../lib/realpath.js')
 const { resolve, dirname } = require('path')
 const treeCheck = require('../tree-check.js')
@@ -38,48 +38,63 @@ const resetDepFlags = require('../reset-dep-flags.js')
 // them with unit tests and reuse them across mixins
 const _updateAll = Symbol.for('updateAll')
 const _flagsSuspect = Symbol.for('flagsSuspect')
-const _workspaces = Symbol.for('workspaces')
 const _setWorkspaces = Symbol.for('setWorkspaces')
 const _updateNames = Symbol.for('updateNames')
 const _resolvedAdd = Symbol.for('resolvedAdd')
 const _usePackageLock = Symbol.for('usePackageLock')
 const _rpcache = Symbol.for('realpathCache')
 const _stcache = Symbol.for('statCache')
-const _includeWorkspaceRoot = Symbol.for('includeWorkspaceRoot')
-
-// exposed symbol for unit testing the placeDep method directly
-const _peerSetSource = Symbol.for('peerSetSource')
 
 // used by Reify mixin
-const _force = Symbol.for('force')
-const _global = Symbol.for('global')
-const _idealTreePrune = Symbol.for('idealTreePrune')
+const _addNodeToTrashList = Symbol.for('addNodeToTrashList')
 
 // Push items in, pop them sorted by depth and then path
+// Sorts physically shallower deps up to the front of the queue, because
+// they'll affect things deeper in, then alphabetical for consistency between
+// installs
 class DepsQueue {
+  // [{ sorted, items }] indexed by depth
   #deps = []
   #sorted = true
+  #minDepth = 0
+  #length = 0
 
   get length () {
-    return this.#deps.length
+    return this.#length
   }
 
   push (item) {
-    if (!this.#deps.includes(item)) {
-      this.#sorted = false
-      this.#deps.push(item)
+    if (!this.#deps[item.depth]) {
+      this.#length++
+      this.#deps[item.depth] = { sorted: true, items: [item] }
+      // no minDepth check needed, this branch is only reached when we are in
+      // the middle of a shallower depth and creating a new one
+      return
+    }
+    if (!this.#deps[item.depth].items.includes(item)) {
+      this.#length++
+      this.#deps[item.depth].sorted = false
+      this.#deps[item.depth].items.push(item)
+      if (item.depth < this.#minDepth) {
+        this.#minDepth = item.depth
+      }
     }
   }
 
   pop () {
-    if (!this.#sorted) {
-      // sort physically shallower deps up to the front of the queue, because
-      // they'll affect things deeper in, then alphabetical
-      this.#deps.sort((a, b) =>
-        (a.depth - b.depth) || localeCompare(a.path, b.path))
-      this.#sorted = true
+    let depth
+    while (!depth?.items.length) {
+      depth = this.#deps[this.#minDepth]
+      if (!depth?.items.length) {
+        this.#minDepth++
+      }
     }
-    return this.#deps.shift()
+    if (!depth.sorted) {
+      depth.items.sort((a, b) => localeCompare(a.path, b.path))
+      depth.sorted = true
+    }
+    this.#length--
+    return depth.items.shift()
   }
 }
 
@@ -95,6 +110,10 @@ module.exports = cls => class IdealTreeBuilder extends cls {
   #loadFailures = new Set()
   #manifests = new Map()
   #mutateTree = false
+  // a map of each module in a peer set to the thing that depended on
+  // that set of peers in the first place.  Use a WeakMap so that we
+  // don't hold onto references for nodes that are garbage collected.
+  #peerSetSource = new WeakMap()
   #preferDedupe = false
   #prune
   #strictPeerDeps
@@ -109,20 +128,16 @@ module.exports = cls => class IdealTreeBuilder extends cls {
 
     const {
       follow = false,
-      force = false,
-      global = false,
       installStrategy = 'hoisted',
       idealTree = null,
-      includeWorkspaceRoot = false,
       installLinks = false,
       legacyPeerDeps = false,
       packageLock = true,
       strictPeerDeps = false,
-      workspaces = [],
+      workspaces,
+      global,
     } = options
 
-    this[_workspaces] = workspaces || []
-    this[_force] = !!force
     this.#strictPeerDeps = !!strictPeerDeps
 
     this.idealTree = idealTree
@@ -130,24 +145,16 @@ module.exports = cls => class IdealTreeBuilder extends cls {
     this.legacyPeerDeps = legacyPeerDeps
 
     this[_usePackageLock] = packageLock
-    this[_global] = !!global
     this.#installStrategy = global ? 'shallow' : installStrategy
     this.#follow = !!follow
 
-    if (this[_workspaces].length && this[_global]) {
+    if (workspaces?.length && global) {
       throw new Error('Cannot operate on workspaces in global mode')
     }
 
     this[_updateAll] = false
     this[_updateNames] = []
     this[_resolvedAdd] = []
-
-    // a map of each module in a peer set to the thing that depended on
-    // that set of peers in the first place.  Use a WeakMap so that we
-    // don't hold onto references for nodes that are garbage collected.
-    this[_peerSetSource] = new WeakMap()
-
-    this[_includeWorkspaceRoot] = includeWorkspaceRoot
   }
 
   get explicitRequests () {
@@ -174,7 +181,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
 
     process.emit('time', 'idealTree')
 
-    if (!options.add && !options.rm && !options.update && this[_global]) {
+    if (!options.add && !options.rm && !options.update && this.options.global) {
       throw new Error('global requires add, rm, or update option')
     }
 
@@ -210,7 +217,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
     for (const node of this.idealTree.inventory.values()) {
       if (!node.optional) {
         try {
-          checkEngine(node.package, npmVersion, nodeVersion, this[_force])
+          checkEngine(node.package, npmVersion, nodeVersion, this.options.force)
         } catch (err) {
           if (engineStrict) {
             throw err
@@ -221,7 +228,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
             current: err.current,
           })
         }
-        checkPlatform(node.package, this[_force])
+        checkPlatform(node.package, this.options.force)
       }
     }
   }
@@ -273,7 +280,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
   async #initTree () {
     process.emit('time', 'idealTree:init')
     let root
-    if (this[_global]) {
+    if (this.options.global) {
       root = await this.#globalRootNode()
     } else {
       try {
@@ -291,7 +298,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
       // When updating all, we load the shrinkwrap, but don't bother
       // to build out the full virtual tree from it, since we'll be
       // reconstructing it anyway.
-      .then(root => this[_global] ? root
+      .then(root => this.options.global ? root
       : !this[_usePackageLock] || this[_updateAll]
         ? Shrinkwrap.reset({
           path: this.path,
@@ -307,7 +314,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
       // Load on a new Arborist object, so the Nodes aren't the same,
       // or else it'll get super confusing when we change them!
       .then(async root => {
-        if ((!this[_updateAll] && !this[_global] && !root.meta.loadedFromDisk) || (this[_global] && this[_updateNames].length)) {
+        if ((!this[_updateAll] && !this.options.global && !root.meta.loadedFromDisk) || (this.options.global && this[_updateNames].length)) {
           await new this.constructor(this.options).loadActual({ root })
           const tree = root.target
           // even though we didn't load it from a package-lock.json FILE,
@@ -386,7 +393,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
       devOptional: false,
       peer: false,
       optional: false,
-      global: this[_global],
+      global: this.options.global,
       installLinks: this.installLinks,
       legacyPeerDeps: this.legacyPeerDeps,
       loadOverrides: true,
@@ -401,7 +408,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
         devOptional: false,
         peer: false,
         optional: false,
-        global: this[_global],
+        global: this.options.global,
         installLinks: this.installLinks,
         legacyPeerDeps: this.legacyPeerDeps,
         root,
@@ -416,11 +423,11 @@ module.exports = cls => class IdealTreeBuilder extends cls {
     process.emit('time', 'idealTree:userRequests')
     const tree = this.idealTree.target
 
-    if (!this[_workspaces].length) {
+    if (!this.options.workspaces.length) {
       await this.#applyUserRequestsToNode(tree, options)
     } else {
-      const nodes = this.workspaceNodes(tree, this[_workspaces])
-      if (this[_includeWorkspaceRoot]) {
+      const nodes = this.workspaceNodes(tree, this.options.workspaces)
+      if (this.options.includeWorkspaceRoot) {
         nodes.push(tree)
       }
       const appliedRequests = nodes.map(
@@ -436,14 +443,14 @@ module.exports = cls => class IdealTreeBuilder extends cls {
     // If we have a list of package names to update, and we know it's
     // going to update them wherever they are, add any paths into those
     // named nodes to the buildIdealTree queue.
-    if (!this[_global] && this[_updateNames].length) {
+    if (!this.options.global && this[_updateNames].length) {
       this.#queueNamedUpdates()
     }
 
     // global updates only update the globalTop nodes, but we need to know
     // that they're there, and not reinstall the world unnecessarily.
     const globalExplicitUpdateNames = []
-    if (this[_global] && (this[_updateAll] || this[_updateNames].length)) {
+    if (this.options.global && (this[_updateAll] || this[_updateNames].length)) {
       const nm = resolve(this.path, 'node_modules')
       const paths = await readdirScoped(nm).catch(() => [])
       for (const p of paths) {
@@ -488,7 +495,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
     // triggers a refresh of all edgesOut.  this has to be done BEFORE
     // adding the edges to explicitRequests, because the package setter
     // resets all edgesOut.
-    if (add && add.length || rm && rm.length || this[_global]) {
+    if (add && add.length || rm && rm.length || this.options.global) {
       tree.package = tree.package
     }
 
@@ -594,7 +601,7 @@ module.exports = cls => class IdealTreeBuilder extends cls {
     //
     // XXX: how to handle top nodes that aren't the root?  Maybe the report
     // just tells the user to cd into that directory and fix it?
-    if (this[_force] && this.auditReport && this.auditReport.topVulns.size) {
+    if (this.options.force && this.auditReport && this.auditReport.topVulns.size) {
       options.add = options.add || []
       options.rm = options.rm || []
       const nodesTouched = new Set()
@@ -878,7 +885,7 @@ This is a one-time fix-up, please be patient...
     // dep if allowed.
 
     const tasks = []
-    const peerSource = this[_peerSetSource].get(node) || node
+    const peerSource = this.#peerSetSource.get(node) || node
     for (const edge of this.#problemEdges(node)) {
       if (edge.peerConflicted) {
         continue
@@ -936,7 +943,7 @@ This is a one-time fix-up, please be patient...
 
         auditReport: this.auditReport,
         explicitRequest: this.#explicitRequests.has(edge),
-        force: this[_force],
+        force: this.options.force,
         installLinks: this.installLinks,
         installStrategy: this.#installStrategy,
         legacyPeerDeps: this.legacyPeerDeps,
@@ -1016,7 +1023,7 @@ This is a one-time fix-up, please be patient...
           // may well be an optional dep that has gone missing.  it'll
           // fail later anyway.
           for (const e of this.#problemEdges(placed)) {
-            promises.push(
+            promises.push(() =>
               this.#fetchManifest(npa.resolve(e.name, e.spec, fromPath(placed, e)))
                 .catch(er => null)
             )
@@ -1031,7 +1038,7 @@ This is a one-time fix-up, please be patient...
       }
     }
 
-    await Promise.all(promises)
+    await promiseCallLimit(promises)
     return this.#buildDepStep()
   }
 
@@ -1077,13 +1084,13 @@ This is a one-time fix-up, please be patient...
 
     // keep track of the thing that caused this node to be included.
     const src = parent.sourceReference
-    this[_peerSetSource].set(node, src)
+    this.#peerSetSource.set(node, src)
 
     // do not load the peers along with the set if this is a global top pkg
     // otherwise we'll be tempted to put peers as other top-level installed
     // things, potentially clobbering what's there already, which is not
     // what we want.  the missing edges will be picked up on the next pass.
-    if (this[_global] && edge.from.isProjectRoot) {
+    if (this.options.global && edge.from.isProjectRoot) {
       return node
     }
 
@@ -1208,8 +1215,12 @@ This is a one-time fix-up, please be patient...
     } else {
       const cleanRawSpec = cleanUrl(spec.rawSpec)
       log.silly('fetch manifest', spec.raw.replace(spec.rawSpec, cleanRawSpec))
-      const p = pacote.manifest(spec, options)
-        .then(mani => {
+      const o = {
+        ...options,
+        fullMetadata: true,
+      }
+      const p = pacote.manifest(spec, o)
+        .then(({ license, ...mani }) => {
           this.#manifests.set(spec.raw, mani)
           return mani
         })
@@ -1302,7 +1313,7 @@ This is a one-time fix-up, please be patient...
       const parentEdge = node.parent.edgesOut.get(edge.name)
       const { isProjectRoot, isWorkspace } = node.parent.sourceReference
       const isMine = isProjectRoot || isWorkspace
-      const conflictOK = this[_force] || !isMine && !this.#strictPeerDeps
+      const conflictOK = this.options.force || !isMine && !this.#strictPeerDeps
 
       if (!edge.to) {
         if (!parentEdge) {
@@ -1389,7 +1400,7 @@ This is a one-time fix-up, please be patient...
       currentEdge: currentEdge ? currentEdge.explain() : null,
       edge: edge.explain(),
       strictPeerDeps: this.#strictPeerDeps,
-      force: this[_force],
+      force: this.options.force,
     }
   }
 
@@ -1477,7 +1488,7 @@ This is a one-time fix-up, please be patient...
     // otherwise, don't bother.
     const needPrune = metaFromDisk && (mutateTree || flagsSuspect)
     if (this.#prune && needPrune) {
-      this[_idealTreePrune]()
+      this.#idealTreePrune()
       for (const node of this.idealTree.inventory.values()) {
         if (node.extraneous) {
           node.parent = null
@@ -1488,7 +1499,7 @@ This is a one-time fix-up, please be patient...
     process.emit('timeEnd', 'idealTree:fixDepFlags')
   }
 
-  [_idealTreePrune] () {
+  #idealTreePrune () {
     for (const node of this.idealTree.inventory.values()) {
       if (node.extraneous) {
         node.parent = null
@@ -1508,4 +1519,29 @@ This is a one-time fix-up, please be patient...
       }
     }
   }
+
+  async prune (options = {}) {
+    // allow the user to set options on the ctor as well.
+    // XXX: deprecate separate method options objects.
+    options = { ...this.options, ...options }
+
+    await this.buildIdealTree(options)
+
+    this.#idealTreePrune()
+
+    if (!this.options.workspacesEnabled) {
+      const excludeNodes = this.excludeWorkspacesDependencySet(this.idealTree)
+      for (const node of this.idealTree.inventory.values()) {
+        if (
+          node.parent !== null
+          && !node.isProjectRoot
+          && !excludeNodes.has(node)
+        ) {
+          this[_addNodeToTrashList](node)
+        }
+      }
+    }
+
+    return this.reify(options)
+  }
 }
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/deduper.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/deduper.js
deleted file mode 100644
index 1741c31a19a27b..00000000000000
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/deduper.js
+++ /dev/null
@@ -1,19 +0,0 @@
-module.exports = cls => class Deduper extends cls {
-  async dedupe (options = {}) {
-    // allow the user to set options on the ctor as well.
-    // XXX: deprecate separate method options objects.
-    options = { ...this.options, ...options }
-    const tree = await this.loadVirtual().catch(() => this.loadActual())
-    const names = []
-    for (const name of tree.inventory.query('name')) {
-      if (tree.inventory.query('name', name).size > 1) {
-        names.push(name)
-      }
-    }
-    return this.reify({
-      ...options,
-      preferDedupe: true,
-      update: { names },
-    })
-  }
-}
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/index.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/index.js
index ec25117c2a8744..358f3e1b1a7598 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/index.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/index.js
@@ -29,15 +29,16 @@
 const { resolve } = require('path')
 const { homedir } = require('os')
 const { depth } = require('treeverse')
+const mapWorkspaces = require('@npmcli/map-workspaces')
+const log = require('proc-log')
+
 const { saveTypeMap } = require('../add-rm-pkg-deps.js')
+const AuditReport = require('../audit-report.js')
+const relpath = require('../relpath.js')
 
 const mixins = [
   require('../tracker.js'),
-  require('./pruner.js'),
-  require('./deduper.js'),
-  require('./audit.js'),
   require('./build-ideal-tree.js'),
-  require('./set-workspaces.js'),
   require('./load-actual.js'),
   require('./load-virtual.js'),
   require('./rebuild.js'),
@@ -45,9 +46,8 @@ const mixins = [
   require('./isolated-reifier.js'),
 ]
 
-const _workspacesEnabled = Symbol.for('workspacesEnabled')
+const _setWorkspaces = Symbol.for('setWorkspaces')
 const Base = mixins.reduce((a, b) => b(a), require('events'))
-const getWorkspaceNodes = require('../get-workspace-nodes.js')
 
 // if it's 1, 2, or 3, set it explicitly that.
 // if undefined or null, set it null
@@ -72,20 +72,26 @@ class Arborist extends Base {
       nodeVersion: process.version,
       ...options,
       Arborist: this.constructor,
-      path: options.path || '.',
+      binLinks: 'binLinks' in options ? !!options.binLinks : true,
       cache: options.cache || `${homedir()}/.npm/_cacache`,
+      force: !!options.force,
+      global: !!options.global,
+      ignoreScripts: !!options.ignoreScripts,
+      installStrategy: options.global ? 'shallow' : (options.installStrategy ? options.installStrategy : 'hoisted'),
+      lockfileVersion: lockfileVersion(options.lockfileVersion),
       packumentCache: options.packumentCache || new Map(),
-      workspacesEnabled: options.workspacesEnabled !== false,
+      path: options.path || '.',
+      rebuildBundle: 'rebuildBundle' in options ? !!options.rebuildBundle : true,
       replaceRegistryHost: options.replaceRegistryHost,
-      lockfileVersion: lockfileVersion(options.lockfileVersion),
-      installStrategy: options.global ? 'shallow' : (options.installStrategy ? options.installStrategy : 'hoisted'),
+      scriptShell: options.scriptShell,
+      workspaces: options.workspaces || [],
+      workspacesEnabled: options.workspacesEnabled !== false,
     }
+    // TODO is this even used? If not is that a bug?
     this.replaceRegistryHost = this.options.replaceRegistryHost =
       (!this.options.replaceRegistryHost || this.options.replaceRegistryHost === 'npmjs') ?
         'registry.npmjs.org' : this.options.replaceRegistryHost
 
-    this[_workspacesEnabled] = this.options.workspacesEnabled
-
     if (options.saveType && !saveTypeMap.get(options.saveType)) {
       throw new Error(`Invalid saveType ${options.saveType}`)
     }
@@ -97,12 +103,40 @@ class Arborist extends Base {
   // TODO: We should change these to static functions instead
   //   of methods for the next major version
 
-  // returns an array of the actual nodes for all the workspaces
+  // Get the actual nodes corresponding to a root node's child workspaces,
+  // given a list of workspace names.
   workspaceNodes (tree, workspaces) {
-    return getWorkspaceNodes(tree, workspaces)
+    const wsMap = tree.workspaces
+    if (!wsMap) {
+      log.warn('workspaces', 'filter set, but no workspaces present')
+      return []
+    }
+
+    const nodes = []
+    for (const name of workspaces) {
+      const path = wsMap.get(name)
+      if (!path) {
+        log.warn('workspaces', `${name} in filter set, but not in workspaces`)
+        continue
+      }
+
+      const loc = relpath(tree.realpath, path)
+      const node = tree.inventory.get(loc)
+
+      if (!node) {
+        log.warn('workspaces', `${name} in filter set, but no workspace folder present`)
+        continue
+      }
+
+      nodes.push(node)
+    }
+
+    return nodes
   }
 
   // returns a set of workspace nodes and all their deps
+  // TODO why is includeWorkspaceRoot a param?
+  // TODO why is workspaces a param?
   workspaceDependencySet (tree, workspaces, includeWorkspaceRoot) {
     const wsNodes = this.workspaceNodes(tree, workspaces)
     if (includeWorkspaceRoot) {
@@ -162,6 +196,60 @@ class Arborist extends Base {
     })
     return rootDepSet
   }
+
+  async [_setWorkspaces] (node) {
+    const workspaces = await mapWorkspaces({
+      cwd: node.path,
+      pkg: node.package,
+    })
+
+    if (node && workspaces.size) {
+      node.workspaces = workspaces
+    }
+
+    return node
+  }
+
+  async audit (options = {}) {
+    this.addTracker('audit')
+    if (this.options.global) {
+      throw Object.assign(
+        new Error('`npm audit` does not support testing globals'),
+        { code: 'EAUDITGLOBAL' }
+      )
+    }
+
+    // allow the user to set options on the ctor as well.
+    // XXX: deprecate separate method options objects.
+    options = { ...this.options, ...options }
+
+    process.emit('time', 'audit')
+    let tree
+    if (options.packageLock === false) {
+      // build ideal tree
+      await this.loadActual(options)
+      await this.buildIdealTree()
+      tree = this.idealTree
+    } else {
+      tree = await this.loadVirtual()
+    }
+    if (this.options.workspaces.length) {
+      options.filterSet = this.workspaceDependencySet(
+        tree,
+        this.options.workspaces,
+        this.options.includeWorkspaceRoot
+      )
+    }
+    if (!options.workspacesEnabled) {
+      options.filterSet =
+        this.excludeWorkspacesDependencySet(tree)
+    }
+    this.auditReport = await AuditReport.load(tree, options)
+    const ret = options.fix ? this.reify(options) : this.auditReport
+    process.emit('timeEnd', 'audit')
+    this.finishTracker('audit')
+    return ret
+  }
 }
 
 module.exports = Arborist
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js
index def00dc74f039c..3ab5f5983768df 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/load-actual.js
@@ -16,7 +16,6 @@ const realpath = require('../realpath.js')
 
 // public symbols
 const _changePath = Symbol.for('_changePath')
-const _global = Symbol.for('global')
 const _setWorkspaces = Symbol.for('setWorkspaces')
 const _rpcache = Symbol.for('realpathCache')
 const _stcache = Symbol.for('statCache')
@@ -45,8 +44,6 @@ module.exports = cls => class ActualLoader extends cls {
   constructor (options) {
     super(options)
 
-    this[_global] = !!options.global
-
     // the tree of nodes on disk
     this.actualTree = options.actualTree
 
@@ -58,6 +55,7 @@ module.exports = cls => class ActualLoader extends cls {
   }
 
   // public method
+  // TODO remove options param in next semver major
   async loadActual (options = {}) {
     // In the past this.actualTree was set as a promise that eventually
     // resolved, and overwrite this.actualTree with the resolved value.  This
@@ -100,7 +98,7 @@ module.exports = cls => class ActualLoader extends cls {
   async #loadActual (options) {
     // mostly realpath to throw if the root doesn't exist
     const {
-      global = false,
+      global,
       filter = () => true,
       root = null,
       transplantFilter = () => true,
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/pruner.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/pruner.js
deleted file mode 100644
index 494114dfa56c56..00000000000000
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/pruner.js
+++ /dev/null
@@ -1,30 +0,0 @@
-const _idealTreePrune = Symbol.for('idealTreePrune')
-const _workspacesEnabled = Symbol.for('workspacesEnabled')
-const _addNodeToTrashList = Symbol.for('addNodeToTrashList')
-
-module.exports = cls => class Pruner extends cls {
-  async prune (options = {}) {
-    // allow the user to set options on the ctor as well.
-    // XXX: deprecate separate method options objects.
-    options = { ...this.options, ...options }
-
-    await this.buildIdealTree(options)
-
-    this[_idealTreePrune]()
-
-    if (!this[_workspacesEnabled]) {
-      const excludeNodes = this.excludeWorkspacesDependencySet(this.idealTree)
-      for (const node of this.idealTree.inventory.values()) {
-        if (
-          node.parent !== null
-          && !node.isProjectRoot
-          && !excludeNodes.has(node)
-        ) {
-          this[_addNodeToTrashList](node)
-        }
-      }
-    }
-
-    return this.reify(options)
-  }
-}
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/rebuild.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/rebuild.js
index d502d5244bdc7e..422819b2104b7e 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/rebuild.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/rebuild.js
@@ -7,7 +7,7 @@ const promiseAllRejectLate = require('promise-all-reject-late')
 const rpj = require('read-package-json-fast')
 const binLinks = require('bin-links')
 const runScript = require('@npmcli/run-script')
-const promiseCallLimit = require('promise-call-limit')
+const { callLimit: promiseCallLimit } = require('promise-call-limit')
 const { resolve } = require('path')
 const {
   isNodeGypPackage,
@@ -19,67 +19,37 @@ const boolEnv = b => b ? '1' : ''
 const sortNodes = (a, b) =>
   (a.depth - b.depth) || localeCompare(a.path, b.path)
 
-const _workspaces = Symbol.for('workspaces')
-const _build = Symbol('build')
-const _loadDefaultNodes = Symbol('loadDefaultNodes')
-const _retrieveNodesByType = Symbol('retrieveNodesByType')
-const _resetQueues = Symbol('resetQueues')
-const _rebuildBundle = Symbol('rebuildBundle')
-const _ignoreScripts = Symbol('ignoreScripts')
-const _binLinks = Symbol('binLinks')
-const _oldMeta = Symbol('oldMeta')
-const _createBinLinks = Symbol('createBinLinks')
-const _doHandleOptionalFailure = Symbol('doHandleOptionalFailure')
-const _linkAllBins = Symbol('linkAllBins')
-const _runScripts = Symbol('runScripts')
-const _buildQueues = Symbol('buildQueues')
-const _addToBuildSet = Symbol('addToBuildSet')
 const _checkBins = Symbol.for('checkBins')
-const _queues = Symbol('queues')
-const _scriptShell = Symbol('scriptShell')
-const _includeWorkspaceRoot = Symbol.for('includeWorkspaceRoot')
-const _workspacesEnabled = Symbol.for('workspacesEnabled')
-
-const _force = Symbol.for('force')
-const _global = Symbol.for('global')
 
 // defined by reify mixin
 const _handleOptionalFailure = Symbol.for('handleOptionalFailure')
 const _trashList = Symbol.for('trashList')
 
 module.exports = cls => class Builder extends cls {
+  #doHandleOptionalFailure
+  #oldMeta = null
+  #queues
+
   constructor (options) {
     super(options)
 
-    const {
-      ignoreScripts = false,
-      scriptShell,
-      binLinks = true,
-      rebuildBundle = true,
-    } = options
-
     this.scriptsRun = new Set()
-    this[_binLinks] = binLinks
-    this[_ignoreScripts] = !!ignoreScripts
-    this[_scriptShell] = scriptShell
-    this[_rebuildBundle] = !!rebuildBundle
-    this[_resetQueues]()
-    this[_oldMeta] = null
+    this.#resetQueues()
   }
 
   async rebuild ({ nodes, handleOptionalFailure = false } = {}) {
     // nothing to do if we're not building anything!
-    if (this[_ignoreScripts] && !this[_binLinks]) {
+    if (this.options.ignoreScripts && !this.options.binLinks) {
       return
     }
 
     // when building for the first time, as part of reify, we ignore
     // failures in optional nodes, and just delete them.  however, when
     // running JUST a rebuild, we treat optional failures as real fails
-    this[_doHandleOptionalFailure] = handleOptionalFailure
+    this.#doHandleOptionalFailure = handleOptionalFailure
 
     if (!nodes) {
-      nodes = await this[_loadDefaultNodes]()
+      nodes = await this.#loadDefaultNodes()
     }
 
     // separates links nodes so that it can run
@@ -89,15 +59,15 @@ module.exports = cls => class Builder extends cls {
     const {
       depNodes,
       linkNodes,
-    } = this[_retrieveNodesByType](nodes)
+    } = this.#retrieveNodesByType(nodes)
 
     // build regular deps
-    await this[_build](depNodes, {})
+    await this.#build(depNodes, {})
 
     // build link deps
     if (linkNodes.size) {
-      this[_resetQueues]()
-      await this[_build](linkNodes, { type: 'links' })
+      this.#resetQueues()
+      await this.#build(linkNodes, { type: 'links' })
     }
 
     process.emit('timeEnd', 'build')
@@ -105,20 +75,20 @@ module.exports = cls => class Builder extends cls {
 
   // if we don't have a set of nodes, then just rebuild
   // the actual tree on disk.
-  async [_loadDefaultNodes] () {
+  async #loadDefaultNodes () {
     let nodes
     const tree = await this.loadActual()
     let filterSet
-    if (!this[_workspacesEnabled]) {
+    if (!this.options.workspacesEnabled) {
       filterSet = this.excludeWorkspacesDependencySet(tree)
       nodes = tree.inventory.filter(node =>
         filterSet.has(node) || node.isProjectRoot
       )
-    } else if (this[_workspaces] && this[_workspaces].length) {
+    } else if (this.options.workspaces.length) {
       filterSet = this.workspaceDependencySet(
         tree,
-        this[_workspaces],
-        this[_includeWorkspaceRoot]
+        this.options.workspaces,
+        this.options.includeWorkspaceRoot
       )
       nodes = tree.inventory.filter(node => filterSet.has(node))
     } else {
@@ -127,7 +97,7 @@ module.exports = cls => class Builder extends cls {
     return nodes
   }
 
-  [_retrieveNodesByType] (nodes) {
+  #retrieveNodesByType (nodes) {
     const depNodes = new Set()
     const linkNodes = new Set()
     const storeNodes = new Set()
@@ -154,7 +124,7 @@ module.exports = cls => class Builder extends cls {
     //
     // we avoid doing so if global=true since `bin-links` relies
     // on having the target nodes available in global mode.
-    if (!this[_global]) {
+    if (!this.options.global) {
       for (const node of linkNodes) {
         depNodes.delete(node.target)
       }
@@ -166,8 +136,8 @@ module.exports = cls => class Builder extends cls {
     }
   }
 
-  [_resetQueues] () {
-    this[_queues] = {
+  #resetQueues () {
+    this.#queues = {
       preinstall: [],
       install: [],
       postinstall: [],
@@ -176,46 +146,46 @@ module.exports = cls => class Builder extends cls {
     }
   }
 
-  async [_build] (nodes, { type = 'deps' }) {
+  async #build (nodes, { type = 'deps' }) {
     process.emit('time', `build:${type}`)
 
-    await this[_buildQueues](nodes)
+    await this.#buildQueues(nodes)
 
-    if (!this[_ignoreScripts]) {
-      await this[_runScripts]('preinstall')
+    if (!this.options.ignoreScripts) {
+      await this.#runScripts('preinstall')
     }
 
     // links should run prepare scripts and only link bins after that
     if (type === 'links') {
-      await this[_runScripts]('prepare')
+      await this.#runScripts('prepare')
     }
-    if (this[_binLinks]) {
-      await this[_linkAllBins]()
+    if (this.options.binLinks) {
+      await this.#linkAllBins()
     }
 
-    if (!this[_ignoreScripts]) {
-      await this[_runScripts]('install')
-      await this[_runScripts]('postinstall')
+    if (!this.options.ignoreScripts) {
+      await this.#runScripts('install')
+      await this.#runScripts('postinstall')
     }
 
     process.emit('timeEnd', `build:${type}`)
   }
 
-  async [_buildQueues] (nodes) {
+  async #buildQueues (nodes) {
     process.emit('time', 'build:queue')
     const set = new Set()
 
     const promises = []
     for (const node of nodes) {
-      promises.push(this[_addToBuildSet](node, set))
+      promises.push(this.#addToBuildSet(node, set))
 
       // if it has bundle deps, add those too, if rebuildBundle
-      if (this[_rebuildBundle] !== false) {
+      if (this.options.rebuildBundle !== false) {
         const bd = node.package.bundleDependencies
         if (bd && bd.length) {
           dfwalk({
             tree: node,
-            leave: node => promises.push(this[_addToBuildSet](node, set)),
+            leave: node => promises.push(this.#addToBuildSet(node, set)),
             getChildren: node => [...node.children.values()],
             filter: node => node.inBundle,
           })
@@ -236,7 +206,7 @@ module.exports = cls => class Builder extends cls {
       const tests = { bin, preinstall, install, postinstall, prepare }
       for (const [key, has] of Object.entries(tests)) {
         if (has) {
-          this[_queues][key].push(node)
+          this.#queues[key].push(node)
         }
       }
     }
@@ -249,21 +219,21 @@ module.exports = cls => class Builder extends cls {
     // the node path.  Otherwise a package can have a preinstall script
     // that unlinks something, to allow them to silently overwrite system
     // binaries, which is unsafe and insecure.
-    if (!node.globalTop || this[_force]) {
+    if (!node.globalTop || this.options.force) {
       return
     }
     const { path, package: pkg } = node
     await binLinks.checkBins({ pkg, path, top: true, global: true })
   }
 
-  async [_addToBuildSet] (node, set, refreshed = false) {
+  async #addToBuildSet (node, set, refreshed = false) {
     if (set.has(node)) {
       return
     }
 
-    if (this[_oldMeta] === null) {
+    if (this.#oldMeta === null) {
       const { root: { meta } } = node
-      this[_oldMeta] = meta && meta.loadedFromDisk &&
+      this.#oldMeta = meta && meta.loadedFromDisk &&
         !(meta.originalLockfileVersion >= 2)
     }
 
@@ -272,7 +242,7 @@ module.exports = cls => class Builder extends cls {
 
     const { preinstall, install, postinstall, prepare } = scripts
     const anyScript = preinstall || install || postinstall || prepare
-    if (!refreshed && !anyScript && (hasInstallScript || this[_oldMeta])) {
+    if (!refreshed && !anyScript && (hasInstallScript || this.#oldMeta)) {
       // we either have an old metadata (and thus might have scripts)
       // or we have an indication that there's install scripts (but
       // don't yet know what they are) so we have to load the package.json
@@ -286,7 +256,7 @@ module.exports = cls => class Builder extends cls {
 
       const { scripts = {} } = pkg
       node.package.scripts = scripts
-      return this[_addToBuildSet](node, set, true)
+      return this.#addToBuildSet(node, set, true)
     }
 
     // Rebuild node-gyp dependencies lacking an install or preinstall script
@@ -309,8 +279,8 @@ module.exports = cls => class Builder extends cls {
     }
   }
 
-  async [_runScripts] (event) {
-    const queue = this[_queues][event]
+  async #runScripts (event) {
+    const queue = this.#queues[event]
 
     if (!queue.length) {
       return
@@ -358,7 +328,7 @@ module.exports = cls => class Builder extends cls {
         pkg,
         stdio,
         env,
-        scriptShell: this[_scriptShell],
+        scriptShell: this.options.scriptShell,
       }
       const p = runScript(runOpts).catch(er => {
         const { code, signal } = er
@@ -382,17 +352,17 @@ module.exports = cls => class Builder extends cls {
         log.info('run', pkg._id, event, { code, signal })
       })
 
-      await (this[_doHandleOptionalFailure]
+      await (this.#doHandleOptionalFailure
         ? this[_handleOptionalFailure](node, p)
         : p)
 
       process.emit('timeEnd', timer)
-    }), limit)
+    }), { limit })
     process.emit('timeEnd', `build:run:${event}`)
   }
 
-  async [_linkAllBins] () {
-    const queue = this[_queues].bin
+  async #linkAllBins () {
+    const queue = this.#queues.bin
     if (!queue.length) {
       return
     }
@@ -402,14 +372,15 @@ module.exports = cls => class Builder extends cls {
     // sort the queue by node path, so that the module-local collision
     // detector in bin-links will always resolve the same way.
     for (const node of queue.sort(sortNodes)) {
-      promises.push(this[_createBinLinks](node))
+      // TODO these run before they're awaited
+      promises.push(this.#createBinLinks(node))
     }
 
     await promiseAllRejectLate(promises)
     process.emit('timeEnd', 'build:link')
   }
 
-  async [_createBinLinks] (node) {
+  async #createBinLinks (node) {
     if (this[_trashList].has(node.path)) {
       return
     }
@@ -420,11 +391,11 @@ module.exports = cls => class Builder extends cls {
       pkg: node.package,
       path: node.path,
       top: !!(node.isTop || node.globalTop),
-      force: this[_force],
+      force: this.options.force,
       global: !!node.globalTop,
     })
 
-    await (this[_doHandleOptionalFailure]
+    await (this.#doHandleOptionalFailure
       ? this[_handleOptionalFailure](node, p)
       : p)
 
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
index 7ce3bc2a9db1dd..a70e21821ecb86 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js
@@ -24,13 +24,13 @@ const PackageJson = require('@npmcli/package-json')
 const packageContents = require('@npmcli/installed-package-contents')
 const runScript = require('@npmcli/run-script')
 const { checkEngine, checkPlatform } = require('npm-install-checks')
-const _force = Symbol.for('force')
 
 const treeCheck = require('../tree-check.js')
 const relpath = require('../relpath.js')
 const Diff = require('../diff.js')
 const retirePath = require('../retire-path.js')
 const promiseAllRejectLate = require('promise-all-reject-late')
+const { callLimit: promiseCallLimit } = require('promise-call-limit')
 const optionalSet = require('../optional-set.js')
 const calcDepFlags = require('../calc-dep-flags.js')
 const { saveTypeMap, hasSubKey } = require('../add-rm-pkg-deps.js')
@@ -47,8 +47,6 @@ const _retireShallowNodes = Symbol.for('retireShallowNodes')
 const _getBundlesByDepth = Symbol('getBundlesByDepth')
 const _registryResolved = Symbol('registryResolved')
 const _addNodeToTrashList = Symbol.for('addNodeToTrashList')
-const _workspaces = Symbol.for('workspaces')
-const _workspacesEnabled = Symbol.for('workspacesEnabled')
 
 // shared by rebuild mixin
 const _trashList = Symbol.for('trashList')
@@ -90,14 +88,11 @@ const _validateNodeModules = Symbol('validateNodeModules')
 const _nmValidated = Symbol('nmValidated')
 const _validatePath = Symbol('validatePath')
 const _reifyPackages = Symbol.for('reifyPackages')
-const _includeWorkspaceRoot = Symbol.for('includeWorkspaceRoot')
 
 const _omitDev = Symbol('omitDev')
 const _omitOptional = Symbol('omitOptional')
 const _omitPeer = Symbol('omitPeer')
 
-const _global = Symbol.for('global')
-
 const _pruneBundledMetadeps = Symbol('pruneBundledMetadeps')
 
 // defined by Ideal mixin
@@ -141,7 +136,7 @@ module.exports = cls => class Reifier extends cls {
   async reify (options = {}) {
     const linked = (options.installStrategy || this.options.installStrategy) === 'linked'
 
-    if (this[_packageLockOnly] && this[_global]) {
+    if (this[_packageLockOnly] && this.options.global) {
       const er = new Error('cannot generate lockfile for global packages')
       er.code = 'ESHRINKWRAPGLOBAL'
       throw er
@@ -286,7 +281,7 @@ module.exports = cls => class Reifier extends cls {
         .then(() => process.emit('timeEnd', 'reify:loadTrees'))
     }
 
-    const actualOpt = this[_global] ? {
+    const actualOpt = this.options.global ? {
       ignoreMissing: true,
       global: true,
       filter: (node, kid) => {
@@ -313,7 +308,7 @@ module.exports = cls => class Reifier extends cls {
       },
     } : { ignoreMissing: true }
 
-    if (!this[_global]) {
+    if (!this.options.global) {
       return Promise.all([
         this.loadActual(actualOpt),
         this.buildIdealTree(bitOpt),
@@ -340,12 +335,12 @@ module.exports = cls => class Reifier extends cls {
     // to just invalidate the parts that changed, but avoid walking the
     // whole tree again.
 
-    const includeWorkspaces = this[_workspacesEnabled]
-    const includeRootDeps = !this[_workspacesEnabled]
-      || this[_includeWorkspaceRoot] && this[_workspaces].length > 0
+    const includeWorkspaces = this.options.workspacesEnabled
+    const includeRootDeps = !includeWorkspaces
+      || this.options.includeWorkspaceRoot && this.options.workspaces.length > 0
 
     const filterNodes = []
-    if (this[_global] && this.explicitRequests.size) {
+    if (this.options.global && this.explicitRequests.size) {
       const idealTree = this.idealTree.target
       const actualTree = this.actualTree.target
       // we ONLY are allowed to make changes in the global top-level
@@ -363,7 +358,7 @@ module.exports = cls => class Reifier extends cls {
     } else {
       if (includeWorkspaces) {
         // add all ws nodes to filterNodes
-        for (const ws of this[_workspaces]) {
+        for (const ws of this.options.workspaces) {
           const ideal = this.idealTree.children.get(ws)
           if (ideal) {
             filterNodes.push(ideal)
@@ -655,7 +650,7 @@ module.exports = cls => class Reifier extends cls {
 
   // do not allow node_modules to be a symlink
   async [_validateNodeModules] (nm) {
-    if (this[_force] || this[_nmValidated].has(nm)) {
+    if (this.options.force || this[_nmValidated].has(nm)) {
       return
     }
     const st = await lstat(nm).catch(() => null)
@@ -817,10 +812,12 @@ module.exports = cls => class Reifier extends cls {
     }
 
     // extract all the nodes with bundles
-    return promiseAllRejectLate(set.map(node => {
-      this[_bundleUnpacked].add(node)
-      return this[_reifyNode](node)
-    }))
+    return promiseCallLimit(set.map(node => {
+      return () => {
+        this[_bundleUnpacked].add(node)
+        return this[_reifyNode](node)
+      }
+    }), { rejectLate: true })
     // then load their unpacked children and move into the ideal tree
       .then(nodes =>
         promiseAllRejectLate(nodes.map(async node => {
@@ -989,11 +986,11 @@ module.exports = cls => class Reifier extends cls {
     const tree = this.idealTree
 
     // if we're operating on a workspace, only audit the workspace deps
-    if (this[_workspaces] && this[_workspaces].length) {
+    if (this.options.workspaces.length) {
       options.filterSet = this.workspaceDependencySet(
         tree,
-        this[_workspaces],
-        this[_includeWorkspaceRoot]
+        this.options.workspaces,
+        this.options.includeWorkspaceRoot
       )
     }
 
@@ -1217,7 +1214,7 @@ module.exports = cls => class Reifier extends cls {
     // saveIdealTree to be able to write the lockfile by default.
     const saveIdealTree = !(
       (!save && !hasUpdates)
-      || this[_global]
+      || this.options.global
       || this[_dryRun]
     )
 
@@ -1563,7 +1560,7 @@ module.exports = cls => class Reifier extends cls {
     this.actualTree = this.idealTree
     this.idealTree = null
 
-    if (!this[_global]) {
+    if (!this.options.global) {
       await this.actualTree.meta.save()
       const ignoreScripts = !!this.options.ignoreScripts
       // if we aren't doing a dry run or ignoring scripts and we actually made changes to the dep
@@ -1590,4 +1587,22 @@ module.exports = cls => class Reifier extends cls {
       }
     }
   }
+
+  async dedupe (options = {}) {
+    // allow the user to set options on the ctor as well.
+    // XXX: deprecate separate method options objects.
+    options = { ...this.options, ...options }
+    const tree = await this.loadVirtual().catch(() => this.loadActual())
+    const names = []
+    for (const name of tree.inventory.query('name')) {
+      if (tree.inventory.query('name', name).size > 1) {
+        names.push(name)
+      }
+    }
+    return this.reify({
+      ...options,
+      preferDedupe: true,
+      update: { names },
+    })
+  }
 }
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/set-workspaces.js b/deps/npm/node_modules/@npmcli/arborist/lib/arborist/set-workspaces.js
deleted file mode 100644
index 27a12708a7e82d..00000000000000
--- a/deps/npm/node_modules/@npmcli/arborist/lib/arborist/set-workspaces.js
+++ /dev/null
@@ -1,19 +0,0 @@
-const mapWorkspaces = require('@npmcli/map-workspaces')
-
-// shared ref used by other mixins/Arborist
-const _setWorkspaces = Symbol.for('setWorkspaces')
-
-module.exports = cls => class MapWorkspaces extends cls {
-  async [_setWorkspaces] (node) {
-    const workspaces = await mapWorkspaces({
-      cwd: node.path,
-      pkg: node.package,
-    })
-
-    if (node && workspaces.size) {
-      node.workspaces = workspaces
-    }
-
-    return node
-  }
-}
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/case-insensitive-map.js b/deps/npm/node_modules/@npmcli/arborist/lib/case-insensitive-map.js
index 016ce6017b01e4..afc6afbe0f98ad 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/case-insensitive-map.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/case-insensitive-map.js
@@ -2,49 +2,49 @@
 // are case-insensitive and unicode-normalizing, so we need to treat
 // node.children.get('FOO') and node.children.get('foo') as the same thing.
 
-const _keys = Symbol('keys')
-const _normKey = Symbol('normKey')
-const normalize = s => s.normalize('NFKD').toLowerCase()
-const OGMap = Map
-module.exports = class Map extends OGMap {
+module.exports = class CIMap extends Map {
+  #keys = new Map()
+
   constructor (items = []) {
     super()
-    this[_keys] = new OGMap()
     for (const [key, val] of items) {
       this.set(key, val)
     }
   }
 
-  [_normKey] (key) {
-    return typeof key === 'string' ? normalize(key) : key
+  #normKey (key) {
+    if (typeof key !== 'string') {
+      return key
+    }
+    return key.normalize('NFKD').toLowerCase()
   }
 
   get (key) {
-    const normKey = this[_normKey](key)
-    return this[_keys].has(normKey) ? super.get(this[_keys].get(normKey))
+    const normKey = this.#normKey(key)
+    return this.#keys.has(normKey) ? super.get(this.#keys.get(normKey))
       : undefined
   }
 
   set (key, val) {
-    const normKey = this[_normKey](key)
-    if (this[_keys].has(normKey)) {
-      super.delete(this[_keys].get(normKey))
+    const normKey = this.#normKey(key)
+    if (this.#keys.has(normKey)) {
+      super.delete(this.#keys.get(normKey))
     }
-    this[_keys].set(normKey, key)
+    this.#keys.set(normKey, key)
     return super.set(key, val)
   }
 
   delete (key) {
-    const normKey = this[_normKey](key)
-    if (this[_keys].has(normKey)) {
-      const prevKey = this[_keys].get(normKey)
-      this[_keys].delete(normKey)
+    const normKey = this.#normKey(key)
+    if (this.#keys.has(normKey)) {
+      const prevKey = this.#keys.get(normKey)
+      this.#keys.delete(normKey)
       return super.delete(prevKey)
     }
   }
 
   has (key) {
-    const normKey = this[_normKey](key)
-    return this[_keys].has(normKey) && super.has(this[_keys].get(normKey))
+    const normKey = this.#normKey(key)
+    return this.#keys.has(normKey) && super.has(this.#keys.get(normKey))
   }
 }
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/get-workspace-nodes.js b/deps/npm/node_modules/@npmcli/arborist/lib/get-workspace-nodes.js
deleted file mode 100644
index 91002dab570853..00000000000000
--- a/deps/npm/node_modules/@npmcli/arborist/lib/get-workspace-nodes.js
+++ /dev/null
@@ -1,36 +0,0 @@
-// Get the actual nodes corresponding to a root node's child workspaces,
-// given a list of workspace names.
-
-const log = require('proc-log')
-const relpath = require('./relpath.js')
-
-const getWorkspaceNodes = (tree, workspaces) => {
-  const wsMap = tree.workspaces
-  if (!wsMap) {
-    log.warn('workspaces', 'filter set, but no workspaces present')
-    return []
-  }
-
-  const nodes = []
-  for (const name of workspaces) {
-    const path = wsMap.get(name)
-    if (!path) {
-      log.warn('workspaces', `${name} in filter set, but not in workspaces`)
-      continue
-    }
-
-    const loc = relpath(tree.realpath, path)
-    const node = tree.inventory.get(loc)
-
-    if (!node) {
-      log.warn('workspaces', `${name} in filter set, but no workspace folder present`)
-      continue
-    }
-
-    nodes.push(node)
-  }
-
-  return nodes
-}
-
-module.exports = getWorkspaceNodes
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/index.js b/deps/npm/node_modules/@npmcli/arborist/lib/index.js
index c7b07ce28e4df0..5baaee6ee7c932 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/index.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/index.js
@@ -4,5 +4,3 @@ module.exports.Node = require('./node.js')
 module.exports.Link = require('./link.js')
 module.exports.Edge = require('./edge.js')
 module.exports.Shrinkwrap = require('./shrinkwrap.js')
-// XXX export the other classes, too.  shrinkwrap, diff, etc.
-// they're handy!
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js b/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js
index 96c52144060b80..ce49201ce624c6 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/query-selector-all.js
@@ -8,6 +8,7 @@ const { minimatch } = require('minimatch')
 const npa = require('npm-package-arg')
 const pacote = require('pacote')
 const semver = require('semver')
+const fetch = require('npm-registry-fetch')
 
 // handle results for parsed query asts, results are stored in a map that has a
 // key that points to each ast selector node and stores the resulting array of
@@ -18,6 +19,7 @@ class Results {
   #initialItems
   #inventory
   #outdatedCache = new Map()
+  #vulnCache
   #pendingCombinator
   #results = new Map()
   #targetNode
@@ -26,6 +28,7 @@ class Results {
     this.#currentAstSelector = opts.rootAstNode.nodes[0]
     this.#inventory = opts.inventory
     this.#initialItems = opts.initialItems
+    this.#vulnCache = opts.vulnCache
     this.#targetNode = opts.targetNode
 
     this.currentResults = this.#initialItems
@@ -211,6 +214,7 @@ class Results {
         inventory: this.#inventory,
         rootAstNode: this.currentAstNode.nestedNode,
         targetNode: item,
+        vulnCache: this.#vulnCache,
       })
       if (res.size > 0) {
         found.push(item)
@@ -239,6 +243,7 @@ class Results {
       inventory: this.#inventory,
       rootAstNode: this.currentAstNode.nestedNode,
       targetNode: this.currentAstNode,
+      vulnCache: this.#vulnCache,
     })
     return [...res]
   }
@@ -266,6 +271,7 @@ class Results {
       inventory: this.#inventory,
       rootAstNode: this.currentAstNode.nestedNode,
       targetNode: this.currentAstNode,
+      vulnCache: this.#vulnCache,
     })
     const internalSelector = new Set(res)
     return this.initialItems.filter(node =>
@@ -432,6 +438,75 @@ class Results {
     return this.initialItems.filter(node => node.target.edgesIn.size > 1)
   }
 
+  async vulnPseudo () {
+    if (!this.initialItems.length) {
+      return this.initialItems
+    }
+    if (!this.#vulnCache) {
+      const packages = {}
+      // We have to map the items twice, once to get the request, and a second time to filter out the results of that request
+      this.initialItems.map((node) => {
+        if (node.isProjectRoot || node.package.private) {
+          return
+        }
+        if (!packages[node.name]) {
+          packages[node.name] = []
+        }
+        if (!packages[node.name].includes(node.version)) {
+          packages[node.name].push(node.version)
+        }
+      })
+      const res = await fetch('/-/npm/v1/security/advisories/bulk', {
+        ...this.flatOptions,
+        registry: this.flatOptions.auditRegistry || this.flatOptions.registry,
+        method: 'POST',
+        gzip: true,
+        body: packages,
+      })
+      this.#vulnCache = await res.json()
+    }
+    const advisories = this.#vulnCache
+    const { vulns } = this.currentAstNode
+    return this.initialItems.filter(item => {
+      const vulnerable = advisories[item.name]?.filter(advisory => {
+        // This could be for another version of this package elsewhere in the tree
+        if (!semver.intersects(advisory.vulnerable_versions, item.version)) {
+          return false
+        }
+        if (!vulns) {
+          return true
+        }
+        // vulns are OR with each other, if any one matches we're done
+        for (const vuln of vulns) {
+          if (vuln.severity && !vuln.severity.includes('*')) {
+            if (!vuln.severity.includes(advisory.severity)) {
+              continue
+            }
+          }
+
+          if (vuln?.cwe) {
+            // * is special, it means "has a cwe"
+            if (vuln.cwe.includes('*')) {
+              if (!advisory.cwe.length) {
+                continue
+              }
+            } else if (!vuln.cwe.every(cwe => advisory.cwe.includes(`CWE-${cwe}`))) {
+              continue
+            }
+          }
+          return true
+        }
+      })
+      if (vulnerable?.length) {
+        item.queryContext = {
+          advisories: vulnerable,
+        }
+        return true
+      }
+      return false
+    })
+  }
+
   async outdatedPseudo () {
     const { outdatedKind = 'any' } = this.currentAstNode
 
@@ -445,6 +520,11 @@ class Results {
         return false
       }
 
+      // private packages can't be published, skip them
+      if (node.package.private) {
+        return false
+      }
+
       // we cache the promise representing the full versions list, this helps reduce the
       // number of requests we send by keeping population of the cache in a single tick
       // making it less likely that multiple requests for the same package will be inflight
@@ -839,8 +919,6 @@ const retrieveNodesFromParsedAst = async (opts) => {
   return results.collect(rootAstNode)
 }
 
-// We are keeping this async in the event that we do add async operators, we
-// won't have to have a breaking change on this function signature.
 const querySelectorAll = async (targetNode, query, flatOptions) => {
   // This never changes ever we just pass it around. But we can't scope it to
   // this whole file if we ever want to support concurrent calls to this
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/tracker.js b/deps/npm/node_modules/@npmcli/arborist/lib/tracker.js
index 42c401e8799e85..5acb32a5a7cfd9 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/tracker.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/tracker.js
@@ -1,47 +1,46 @@
-const _progress = Symbol('_progress')
-const _onError = Symbol('_onError')
-const _setProgress = Symbol('_setProgess')
 const npmlog = require('npmlog')
 
 module.exports = cls => class Tracker extends cls {
+  #progress = new Map()
+  #setProgress
+
   constructor (options = {}) {
     super(options)
-    this[_setProgress] = !!options.progress
-    this[_progress] = new Map()
+    this.#setProgress = !!options.progress
   }
 
   addTracker (section, subsection = null, key = null) {
     if (section === null || section === undefined) {
-      this[_onError](`Tracker can't be null or undefined`)
+      this.#onError(`Tracker can't be null or undefined`)
     }
 
     if (key === null) {
       key = subsection
     }
 
-    const hasTracker = this[_progress].has(section)
-    const hasSubtracker = this[_progress].has(`${section}:${key}`)
+    const hasTracker = this.#progress.has(section)
+    const hasSubtracker = this.#progress.has(`${section}:${key}`)
 
     if (hasTracker && subsection === null) {
       // 0. existing tracker, no subsection
-      this[_onError](`Tracker "${section}" already exists`)
+      this.#onError(`Tracker "${section}" already exists`)
     } else if (!hasTracker && subsection === null) {
       // 1. no existing tracker, no subsection
       // Create a new tracker from npmlog
       // starts progress bar
-      if (this[_setProgress] && this[_progress].size === 0) {
+      if (this.#setProgress && this.#progress.size === 0) {
         npmlog.enableProgress()
       }
 
-      this[_progress].set(section, npmlog.newGroup(section))
+      this.#progress.set(section, npmlog.newGroup(section))
     } else if (!hasTracker && subsection !== null) {
       // 2. no parent tracker and subsection
-      this[_onError](`Parent tracker "${section}" does not exist`)
+      this.#onError(`Parent tracker "${section}" does not exist`)
     } else if (!hasTracker || !hasSubtracker) {
       // 3. existing parent tracker, no subsection tracker
-      // Create a new subtracker in this[_progress] from parent tracker
-      this[_progress].set(`${section}:${key}`,
-        this[_progress].get(section).newGroup(`${section}:${subsection}`)
+      // Create a new subtracker in this.#progress from parent tracker
+      this.#progress.set(`${section}:${key}`,
+        this.#progress.get(section).newGroup(`${section}:${subsection}`)
       )
     }
     // 4. existing parent tracker, existing subsection tracker
@@ -50,22 +49,22 @@ module.exports = cls => class Tracker extends cls {
 
   finishTracker (section, subsection = null, key = null) {
     if (section === null || section === undefined) {
-      this[_onError](`Tracker can't be null or undefined`)
+      this.#onError(`Tracker can't be null or undefined`)
     }
 
     if (key === null) {
       key = subsection
     }
 
-    const hasTracker = this[_progress].has(section)
-    const hasSubtracker = this[_progress].has(`${section}:${key}`)
+    const hasTracker = this.#progress.has(section)
+    const hasSubtracker = this.#progress.has(`${section}:${key}`)
 
     // 0. parent tracker exists, no subsection
-    // Finish parent tracker and remove from this[_progress]
+    // Finish parent tracker and remove from this.#progress
     if (hasTracker && subsection === null) {
       // check if parent tracker does
       // not have any remaining children
-      const keys = this[_progress].keys()
+      const keys = this.#progress.keys()
       for (const key of keys) {
         if (key.match(new RegExp(section + ':'))) {
           this.finishTracker(section, key)
@@ -73,28 +72,28 @@ module.exports = cls => class Tracker extends cls {
       }
 
       // remove parent tracker
-      this[_progress].get(section).finish()
-      this[_progress].delete(section)
+      this.#progress.get(section).finish()
+      this.#progress.delete(section)
 
       // remove progress bar if all
       // trackers are finished
-      if (this[_setProgress] && this[_progress].size === 0) {
+      if (this.#setProgress && this.#progress.size === 0) {
         npmlog.disableProgress()
       }
     } else if (!hasTracker && subsection === null) {
       // 1. no existing parent tracker, no subsection
-      this[_onError](`Tracker "${section}" does not exist`)
+      this.#onError(`Tracker "${section}" does not exist`)
     } else if (!hasTracker || hasSubtracker) {
       // 2. subtracker exists
-      // Finish subtracker and remove from this[_progress]
-      this[_progress].get(`${section}:${key}`).finish()
-      this[_progress].delete(`${section}:${key}`)
+      // Finish subtracker and remove from this.#progress
+      this.#progress.get(`${section}:${key}`).finish()
+      this.#progress.delete(`${section}:${key}`)
     }
     // 3. existing parent tracker, no subsection
   }
 
-  [_onError] (msg) {
-    if (this[_setProgress]) {
+  #onError (msg) {
+    if (this.#setProgress) {
       npmlog.disableProgress()
     }
     throw new Error(msg)
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/version-from-tgz.js b/deps/npm/node_modules/@npmcli/arborist/lib/version-from-tgz.js
index be4405cee998f2..092cdbcbaf1326 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/version-from-tgz.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/version-from-tgz.js
@@ -1,22 +1,21 @@
-/* eslint node/no-deprecated-api: "off" */
 const semver = require('semver')
 const { basename } = require('path')
-const { parse } = require('url')
+const { URL } = require('url')
 module.exports = (name, tgz) => {
   const base = basename(tgz)
   if (!base.endsWith('.tgz')) {
     return null
   }
 
-  const u = parse(tgz)
-  if (/^https?:/.test(u.protocol)) {
+  if (tgz.startsWith('http:/') || tgz.startsWith('https:/')) {
+    const u = new URL(tgz)
     // registry url?  check for most likely pattern.
     // either /@foo/bar/-/bar-1.2.3.tgz or
     // /foo/-/foo-1.2.3.tgz, and fall through to
     // basename checking.  Note that registries can
     // be mounted below the root url, so /a/b/-/x/y/foo/-/foo-1.2.3.tgz
     // is a potential option.
-    const tfsplit = u.path.slice(1).split('/-/')
+    const tfsplit = u.pathname.slice(1).split('/-/')
     if (tfsplit.length > 1) {
       const afterTF = tfsplit.pop()
       if (afterTF === base) {
diff --git a/deps/npm/node_modules/@npmcli/arborist/lib/vuln.js b/deps/npm/node_modules/@npmcli/arborist/lib/vuln.js
index 81b921db01ad59..2bffe54f2dacdc 100644
--- a/deps/npm/node_modules/@npmcli/arborist/lib/vuln.js
+++ b/deps/npm/node_modules/@npmcli/arborist/lib/vuln.js
@@ -16,24 +16,23 @@ const semverOpt = { loose: true, includePrerelease: true }
 
 const localeCompare = require('@isaacs/string-locale-compare')('en')
 const npa = require('npm-package-arg')
-const _range = Symbol('_range')
-const _simpleRange = Symbol('_simpleRange')
-const _fixAvailable = Symbol('_fixAvailable')
 
 const severities = new Map([
-  ['info', 0],
-  ['low', 1],
-  ['moderate', 2],
-  ['high', 3],
-  ['critical', 4],
-  [null, -1],
+  ['info', 0], [0, 'info'],
+  ['low', 1], [1, 'low'],
+  ['moderate', 2], [2, 'moderate'],
+  ['high', 3], [3, 'high'],
+  ['critical', 4], [4, 'critical'],
+  [null, -1], [-1, null],
 ])
 
-for (const [name, val] of severities.entries()) {
-  severities.set(val, name)
-}
-
 class Vuln {
+  #range = null
+  #simpleRange = null
+  // assume a fix is available unless it hits a top node
+  // that locks it in place, setting this false or {isSemVerMajor, version}.
+  #fixAvailable = true
+
   constructor ({ name, advisory }) {
     this.name = name
     this.via = new Set()
@@ -41,23 +40,18 @@ class Vuln {
     this.severity = null
     this.effects = new Set()
     this.topNodes = new Set()
-    this[_range] = null
-    this[_simpleRange] = null
     this.nodes = new Set()
-    // assume a fix is available unless it hits a top node
-    // that locks it in place, setting this false or {isSemVerMajor, version}.
-    this[_fixAvailable] = true
     this.addAdvisory(advisory)
     this.packument = advisory.packument
     this.versions = advisory.versions
   }
 
   get fixAvailable () {
-    return this[_fixAvailable]
+    return this.#fixAvailable
   }
 
   set fixAvailable (f) {
-    this[_fixAvailable] = f
+    this.#fixAvailable = f
     // if there's a fix available for this at the top level, it means that
     // it will also fix the vulns that led to it being there.  to get there,
     // we set the vias to the most "strict" of fix availables.
@@ -131,7 +125,7 @@ class Vuln {
       effects: [...this.effects].map(v => v.name).sort(localeCompare),
       range: this.simpleRange,
       nodes: [...this.nodes].map(n => n.location).sort(localeCompare),
-      fixAvailable: this[_fixAvailable],
+      fixAvailable: this.#fixAvailable,
     }
   }
 
@@ -151,8 +145,8 @@ class Vuln {
     this.advisories.delete(advisory)
     // make sure we have the max severity of all the vulns causing this one
     this.severity = null
-    this[_range] = null
-    this[_simpleRange] = null
+    this.#range = null
+    this.#simpleRange = null
     // refresh severity
     for (const advisory of this.advisories) {
       this.addAdvisory(advisory)
@@ -170,27 +164,30 @@ class Vuln {
   addAdvisory (advisory) {
     this.advisories.add(advisory)
     const sev = severities.get(advisory.severity)
-    this[_range] = null
-    this[_simpleRange] = null
+    this.#range = null
+    this.#simpleRange = null
     if (sev > severities.get(this.severity)) {
       this.severity = advisory.severity
     }
   }
 
   get range () {
-    return this[_range] ||
-      (this[_range] = [...this.advisories].map(v => v.range).join(' || '))
+    if (!this.#range) {
+      this.#range = [...this.advisories].map(v => v.range).join(' || ')
+    }
+    return this.#range
   }
 
   get simpleRange () {
-    if (this[_simpleRange] && this[_simpleRange] === this[_range]) {
-      return this[_simpleRange]
+    if (this.#simpleRange && this.#simpleRange === this.#range) {
+      return this.#simpleRange
     }
 
     const versions = [...this.advisories][0].versions
     const range = this.range
-    const simple = simplifyRange(versions, range, semverOpt)
-    return this[_simpleRange] = this[_range] = simple
+    this.#simpleRange = simplifyRange(versions, range, semverOpt)
+    this.#range = this.#simpleRange
+    return this.#simpleRange
   }
 
   isVulnerable (node) {
diff --git a/deps/npm/node_modules/@npmcli/arborist/package.json b/deps/npm/node_modules/@npmcli/arborist/package.json
index 1ba9c92e3fdc01..c761bc10d6cec2 100644
--- a/deps/npm/node_modules/@npmcli/arborist/package.json
+++ b/deps/npm/node_modules/@npmcli/arborist/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/arborist",
-  "version": "7.3.0",
+  "version": "7.4.0",
   "description": "Manage node_modules trees",
   "dependencies": {
     "@isaacs/string-locale-compare": "^1.1.0",
@@ -11,7 +11,7 @@
     "@npmcli/name-from-folder": "^2.0.0",
     "@npmcli/node-gyp": "^3.0.0",
     "@npmcli/package-json": "^5.0.0",
-    "@npmcli/query": "^3.0.1",
+    "@npmcli/query": "^3.1.0",
     "@npmcli/run-script": "^7.0.2",
     "bin-links": "^4.0.1",
     "cacache": "^18.0.0",
@@ -30,7 +30,7 @@
     "parse-conflict-json": "^3.0.0",
     "proc-log": "^3.0.0",
     "promise-all-reject-late": "^1.0.0",
-    "promise-call-limit": "^1.0.2",
+    "promise-call-limit": "^3.0.1",
     "read-package-json-fast": "^3.0.2",
     "semver": "^7.3.7",
     "ssri": "^10.0.5",
diff --git a/deps/npm/node_modules/@npmcli/config/lib/definitions/definitions.js b/deps/npm/node_modules/@npmcli/config/lib/definitions/definitions.js
index 6f8760fce1d3e7..09b0eceeea6b21 100644
--- a/deps/npm/node_modules/@npmcli/config/lib/definitions/definitions.js
+++ b/deps/npm/node_modules/@npmcli/config/lib/definitions/definitions.js
@@ -665,6 +665,26 @@ define('engine-strict', {
   flatten,
 })
 
+define('expect-results', {
+  default: null,
+  type: [null, Boolean],
+  exclusive: ['expect-result-count'],
+  description: `
+    Tells npm whether or not to expect results from the command.
+    Can be either true (expect some results) or false (expect no results).
+  `,
+})
+
+define('expect-result-count', {
+  default: null,
+  type: [null, Number],
+  hint: '',
+  exclusive: ['expect-results'],
+  description: `
+    Tells to expect a specific number of results from the command.
+  `,
+})
+
 define('fetch-retries', {
   default: 2,
   type: Number,
@@ -766,6 +786,8 @@ define('force', {
 
 define('foreground-scripts', {
   default: false,
+  defaultDescription: `\`false\` unless when using \`npm pack\` or \`npm publish\` where it
+  defaults to \`true\``,
   type: Boolean,
   description: `
     Run all build scripts (ie, \`preinstall\`, \`install\`, and
diff --git a/deps/npm/node_modules/@npmcli/config/package.json b/deps/npm/node_modules/@npmcli/config/package.json
index 80eb210b19e166..28102bea2781aa 100644
--- a/deps/npm/node_modules/@npmcli/config/package.json
+++ b/deps/npm/node_modules/@npmcli/config/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/config",
-  "version": "8.1.0",
+  "version": "8.2.0",
   "files": [
     "bin/",
     "lib/"
diff --git a/deps/npm/node_modules/@npmcli/query/lib/index.js b/deps/npm/node_modules/@npmcli/query/lib/index.js
index c7888d5bb5de6d..db7dc345a8c754 100644
--- a/deps/npm/node_modules/@npmcli/query/lib/index.js
+++ b/deps/npm/node_modules/@npmcli/query/lib/index.js
@@ -166,6 +166,46 @@ const fixupOutdated = astNode => {
   }
 }
 
+const fixupVuln = astNode => {
+  const vulns = []
+  if (astNode.nodes.length) {
+    for (const selector of astNode.nodes) {
+      const vuln = {}
+      for (const node of selector.nodes) {
+        if (node.type !== 'attribute') {
+          throw Object.assign(
+            new Error(':vuln pseudo-class only accepts attribute matchers or "cwe" tag'),
+            { code: 'EQUERYATTR' }
+          )
+        }
+        if (!['severity', 'cwe'].includes(node._attribute)) {
+          throw Object.assign(
+            new Error(':vuln pseudo-class only matches "severity" and "cwe" attributes'),
+            { code: 'EQUERYATTR' }
+          )
+        }
+        if (!node.operator) {
+          node.operator = '='
+          node.value = '*'
+        }
+        if (node.operator !== '=') {
+          throw Object.assign(
+            new Error(':vuln pseudo-class attribute selector only accepts "=" operator', node),
+            { code: 'EQUERYATTR' }
+          )
+        }
+        if (!vuln[node._attribute]) {
+          vuln[node._attribute] = []
+        }
+        vuln[node._attribute].push(node._value)
+      }
+      vulns.push(vuln)
+    }
+    astNode.vulns = vulns
+    astNode.nodes.length = 0
+  }
+}
+
 // a few of the supported ast nodes need to be tweaked in order to properly be
 // interpreted as proper arborist query selectors, namely semver ranges from
 // both ids and :semver pseudo-class selectors need to be translated from what
@@ -192,6 +232,8 @@ const transformAst = selector => {
         return fixupTypes(nextAstNode)
       case ':outdated':
         return fixupOutdated(nextAstNode)
+      case ':vuln':
+        return fixupVuln(nextAstNode)
     }
   })
 }
diff --git a/deps/npm/node_modules/@npmcli/query/package.json b/deps/npm/node_modules/@npmcli/query/package.json
index 5f9fb2744538a2..ad45c18c44cd64 100644
--- a/deps/npm/node_modules/@npmcli/query/package.json
+++ b/deps/npm/node_modules/@npmcli/query/package.json
@@ -1,11 +1,11 @@
 {
   "name": "@npmcli/query",
-  "version": "3.0.1",
+  "version": "3.1.0",
   "description": "npm query parser and tools",
   "main": "lib/index.js",
   "scripts": {
     "test": "tap",
-    "lint": "eslint \"**/*.js\"",
+    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
     "postlint": "template-oss-check",
     "template-oss-apply": "template-oss-apply --force",
     "lintfix": "npm run lint -- --fix",
@@ -39,12 +39,12 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.18.0",
+    "version": "4.21.3",
     "publish": true
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.18.0",
+    "@npmcli/template-oss": "4.21.3",
     "tap": "^16.2.0"
   },
   "dependencies": {
diff --git a/deps/npm/node_modules/@npmcli/run-script/lib/is-server-package.js b/deps/npm/node_modules/@npmcli/run-script/lib/is-server-package.js
index d168623247527b..c36c40d4898d5c 100644
--- a/deps/npm/node_modules/@npmcli/run-script/lib/is-server-package.js
+++ b/deps/npm/node_modules/@npmcli/run-script/lib/is-server-package.js
@@ -1,7 +1,6 @@
-const util = require('util')
-const fs = require('fs')
-const { stat } = fs.promises || { stat: util.promisify(fs.stat) }
-const { resolve } = require('path')
+const { stat } = require('node:fs/promises')
+const { resolve } = require('node:path')
+
 module.exports = async path => {
   try {
     const st = await stat(resolve(path, 'server.js'))
diff --git a/deps/npm/node_modules/@npmcli/run-script/lib/is-windows.js b/deps/npm/node_modules/@npmcli/run-script/lib/is-windows.js
deleted file mode 100644
index 651917e6ad27ab..00000000000000
--- a/deps/npm/node_modules/@npmcli/run-script/lib/is-windows.js
+++ /dev/null
@@ -1,2 +0,0 @@
-const platform = process.env.__FAKE_TESTING_PLATFORM__ || process.platform
-module.exports = platform === 'win32'
diff --git a/deps/npm/node_modules/@npmcli/run-script/lib/make-spawn-args.js b/deps/npm/node_modules/@npmcli/run-script/lib/make-spawn-args.js
index 2b2f96a91c8d5d..8a32d7198cb2e2 100644
--- a/deps/npm/node_modules/@npmcli/run-script/lib/make-spawn-args.js
+++ b/deps/npm/node_modules/@npmcli/run-script/lib/make-spawn-args.js
@@ -9,10 +9,10 @@ const makeSpawnArgs = options => {
     path,
     scriptShell = true,
     binPaths,
-    env = {},
+    env,
     stdio,
     cmd,
-    args = [],
+    args,
     stdioString,
   } = options
 
diff --git a/deps/npm/node_modules/@npmcli/run-script/lib/package-envs.js b/deps/npm/node_modules/@npmcli/run-script/lib/package-envs.js
index 6b538e50247fda..612f850fb076ca 100644
--- a/deps/npm/node_modules/@npmcli/run-script/lib/package-envs.js
+++ b/deps/npm/node_modules/@npmcli/run-script/lib/package-envs.js
@@ -1,26 +1,29 @@
-// https://github.com/npm/rfcs/pull/183
-
-const envVal = val => Array.isArray(val) ? val.map(v => envVal(v)).join('\n\n')
-  : val === null || val === false ? ''
-  : String(val)
-
-const packageEnvs = (env, vals, prefix) => {
+const packageEnvs = (vals, prefix, env = {}) => {
   for (const [key, val] of Object.entries(vals)) {
     if (val === undefined) {
       continue
-    } else if (val && !Array.isArray(val) && typeof val === 'object') {
-      packageEnvs(env, val, `${prefix}${key}_`)
+    } else if (val === null || val === false) {
+      env[`${prefix}${key}`] = ''
+    } else if (Array.isArray(val)) {
+      val.forEach((item, index) => {
+        packageEnvs({ [`${key}_${index}`]: item }, `${prefix}`, env)
+      })
+    } else if (typeof val === 'object') {
+      packageEnvs(val, `${prefix}${key}_`, env)
     } else {
-      env[`${prefix}${key}`] = envVal(val)
+      env[`${prefix}${key}`] = String(val)
     }
   }
   return env
 }
 
-module.exports = (env, pkg) => packageEnvs({ ...env }, {
-  name: pkg.name,
-  version: pkg.version,
-  config: pkg.config,
-  engines: pkg.engines,
-  bin: pkg.bin,
-}, 'npm_package_')
+// https://github.com/npm/rfcs/pull/183 defines which fields we put into the environment
+module.exports = pkg => {
+  return packageEnvs({
+    name: pkg.name,
+    version: pkg.version,
+    config: pkg.config,
+    engines: pkg.engines,
+    bin: pkg.bin,
+  }, 'npm_package_')
+}
diff --git a/deps/npm/node_modules/@npmcli/run-script/lib/run-script-pkg.js b/deps/npm/node_modules/@npmcli/run-script/lib/run-script-pkg.js
index a5518285d1af1b..ea33db56298586 100644
--- a/deps/npm/node_modules/@npmcli/run-script/lib/run-script-pkg.js
+++ b/deps/npm/node_modules/@npmcli/run-script/lib/run-script-pkg.js
@@ -69,7 +69,7 @@ const runScriptPkg = async options => {
     path,
     scriptShell,
     binPaths,
-    env: packageEnvs(env, pkg),
+    env: { ...env, ...packageEnvs(pkg) },
     stdio,
     cmd,
     args,
@@ -93,6 +93,8 @@ const runScriptPkg = async options => {
 
   return p.catch(er => {
     const { signal } = er
+    // coverage disabled because win32 never emits signals
+    /* istanbul ignore next */
     if (stdio === 'inherit' && signal) {
       // by the time we reach here, the child has already exited. we send the
       // signal back to ourselves again so that npm will exit with the same
diff --git a/deps/npm/node_modules/@npmcli/run-script/lib/run-script.js b/deps/npm/node_modules/@npmcli/run-script/lib/run-script.js
index e9d18261a2c1fd..b00304c8d6e7f5 100644
--- a/deps/npm/node_modules/@npmcli/run-script/lib/run-script.js
+++ b/deps/npm/node_modules/@npmcli/run-script/lib/run-script.js
@@ -1,14 +1,15 @@
-const rpj = require('read-package-json-fast')
+const PackageJson = require('@npmcli/package-json')
 const runScriptPkg = require('./run-script-pkg.js')
 const validateOptions = require('./validate-options.js')
 const isServerPackage = require('./is-server-package.js')
 
-const runScript = options => {
+const runScript = async options => {
   validateOptions(options)
-  const { pkg, path } = options
-  return pkg ? runScriptPkg(options)
-    : rpj(path + '/package.json')
-      .then(readPackage => runScriptPkg({ ...options, pkg: readPackage }))
+  if (options.pkg) {
+    return runScriptPkg(options)
+  }
+  const { content: pkg } = await PackageJson.normalize(options.path)
+  return runScriptPkg({ ...options, pkg })
 }
 
 module.exports = Object.assign(runScript, { isServerPackage })
diff --git a/deps/npm/node_modules/@npmcli/run-script/package.json b/deps/npm/node_modules/@npmcli/run-script/package.json
index c090e52cf11278..1c98b1b170e265 100644
--- a/deps/npm/node_modules/@npmcli/run-script/package.json
+++ b/deps/npm/node_modules/@npmcli/run-script/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/run-script",
-  "version": "7.0.3",
+  "version": "7.0.4",
   "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)",
   "author": "GitHub Inc.",
   "license": "ISC",
@@ -17,14 +17,14 @@
   "devDependencies": {
     "@npmcli/eslint-config": "^4.0.0",
     "@npmcli/template-oss": "4.21.3",
-    "require-inject": "^1.4.4",
+    "spawk": "^1.8.1",
     "tap": "^16.0.1"
   },
   "dependencies": {
     "@npmcli/node-gyp": "^3.0.0",
+    "@npmcli/package-json": "^5.0.0",
     "@npmcli/promise-spawn": "^7.0.0",
     "node-gyp": "^10.0.0",
-    "read-package-json-fast": "^3.0.0",
     "which": "^4.0.0"
   },
   "files": [
diff --git a/deps/npm/node_modules/@sigstore/bundle/dist/bundle.js b/deps/npm/node_modules/@sigstore/bundle/dist/bundle.js
index 8c01e2d19c5ecb..60574b309c09cb 100644
--- a/deps/npm/node_modules/@sigstore/bundle/dist/bundle.js
+++ b/deps/npm/node_modules/@sigstore/bundle/dist/bundle.js
@@ -1,8 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isBundleWithDsseEnvelope = exports.isBundleWithMessageSignature = exports.isBundleWithPublicKey = exports.isBundleWithCertificateChain = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = void 0;
+exports.isBundleWithDsseEnvelope = exports.isBundleWithMessageSignature = exports.isBundleWithPublicKey = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = void 0;
 exports.BUNDLE_V01_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.1';
 exports.BUNDLE_V02_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.2';
+exports.BUNDLE_V03_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.3';
 // Type guards for bundle variants.
 function isBundleWithCertificateChain(b) {
     return b.verificationMaterial.content.$case === 'x509CertificateChain';
diff --git a/deps/npm/node_modules/@sigstore/bundle/dist/index.js b/deps/npm/node_modules/@sigstore/bundle/dist/index.js
index b016a16d11cc00..f2b50994e9b1f5 100644
--- a/deps/npm/node_modules/@sigstore/bundle/dist/index.js
+++ b/deps/npm/node_modules/@sigstore/bundle/dist/index.js
@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isBundleV01 = exports.assertBundleV01 = exports.assertBundleLatest = exports.assertBundle = exports.envelopeToJSON = exports.envelopeFromJSON = exports.bundleToJSON = exports.bundleFromJSON = exports.ValidationError = exports.isBundleWithPublicKey = exports.isBundleWithMessageSignature = exports.isBundleWithDsseEnvelope = exports.isBundleWithCertificateChain = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = exports.toMessageSignatureBundle = exports.toDSSEBundle = void 0;
+exports.isBundleV01 = exports.assertBundleV02 = exports.assertBundleV01 = exports.assertBundleLatest = exports.assertBundle = exports.envelopeToJSON = exports.envelopeFromJSON = exports.bundleToJSON = exports.bundleFromJSON = exports.ValidationError = exports.isBundleWithPublicKey = exports.isBundleWithMessageSignature = exports.isBundleWithDsseEnvelope = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = exports.toMessageSignatureBundle = exports.toDSSEBundle = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -22,6 +22,7 @@ Object.defineProperty(exports, "toMessageSignatureBundle", { enumerable: true, g
 var bundle_1 = require("./bundle");
 Object.defineProperty(exports, "BUNDLE_V01_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V01_MEDIA_TYPE; } });
 Object.defineProperty(exports, "BUNDLE_V02_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V02_MEDIA_TYPE; } });
+Object.defineProperty(exports, "BUNDLE_V03_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V03_MEDIA_TYPE; } });
 Object.defineProperty(exports, "isBundleWithCertificateChain", { enumerable: true, get: function () { return bundle_1.isBundleWithCertificateChain; } });
 Object.defineProperty(exports, "isBundleWithDsseEnvelope", { enumerable: true, get: function () { return bundle_1.isBundleWithDsseEnvelope; } });
 Object.defineProperty(exports, "isBundleWithMessageSignature", { enumerable: true, get: function () { return bundle_1.isBundleWithMessageSignature; } });
@@ -37,4 +38,5 @@ var validate_1 = require("./validate");
 Object.defineProperty(exports, "assertBundle", { enumerable: true, get: function () { return validate_1.assertBundle; } });
 Object.defineProperty(exports, "assertBundleLatest", { enumerable: true, get: function () { return validate_1.assertBundleLatest; } });
 Object.defineProperty(exports, "assertBundleV01", { enumerable: true, get: function () { return validate_1.assertBundleV01; } });
+Object.defineProperty(exports, "assertBundleV02", { enumerable: true, get: function () { return validate_1.assertBundleV02; } });
 Object.defineProperty(exports, "isBundleV01", { enumerable: true, get: function () { return validate_1.isBundleV01; } });
diff --git a/deps/npm/node_modules/@sigstore/bundle/dist/serialized.js b/deps/npm/node_modules/@sigstore/bundle/dist/serialized.js
index f1073358cacfd7..be0d2a2d54d092 100644
--- a/deps/npm/node_modules/@sigstore/bundle/dist/serialized.js
+++ b/deps/npm/node_modules/@sigstore/bundle/dist/serialized.js
@@ -17,10 +17,21 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 const protobuf_specs_1 = require("@sigstore/protobuf-specs");
+const bundle_1 = require("./bundle");
 const validate_1 = require("./validate");
 const bundleFromJSON = (obj) => {
     const bundle = protobuf_specs_1.Bundle.fromJSON(obj);
-    (0, validate_1.assertBundle)(bundle);
+    switch (bundle.mediaType) {
+        case bundle_1.BUNDLE_V01_MEDIA_TYPE:
+            (0, validate_1.assertBundleV01)(bundle);
+            break;
+        case bundle_1.BUNDLE_V02_MEDIA_TYPE:
+            (0, validate_1.assertBundleV02)(bundle);
+            break;
+        default:
+            (0, validate_1.assertBundleLatest)(bundle);
+            break;
+    }
     return bundle;
 };
 exports.bundleFromJSON = bundleFromJSON;
diff --git a/deps/npm/node_modules/@sigstore/bundle/dist/validate.js b/deps/npm/node_modules/@sigstore/bundle/dist/validate.js
index 015b6dfc58dd73..6a59ecc230f4ac 100644
--- a/deps/npm/node_modules/@sigstore/bundle/dist/validate.js
+++ b/deps/npm/node_modules/@sigstore/bundle/dist/validate.js
@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.assertBundleLatest = exports.isBundleV01 = exports.assertBundleV01 = exports.assertBundle = void 0;
+exports.assertBundleLatest = exports.assertBundleV02 = exports.isBundleV01 = exports.assertBundleV01 = exports.assertBundle = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -16,13 +16,61 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-const bundle_1 = require("./bundle");
 const error_1 = require("./error");
 // Performs basic validation of a Sigstore bundle to ensure that all required
 // fields are populated. This is not a complete validation of the bundle, but
 // rather a check that the bundle is in a valid state to be processed by the
 // rest of the code.
 function assertBundle(b) {
+    const invalidValues = validateBundleBase(b);
+    if (invalidValues.length > 0) {
+        throw new error_1.ValidationError('invalid bundle', invalidValues);
+    }
+}
+exports.assertBundle = assertBundle;
+// Asserts that the given bundle conforms to the v0.1 bundle format.
+function assertBundleV01(b) {
+    const invalidValues = [];
+    invalidValues.push(...validateBundleBase(b));
+    invalidValues.push(...validateInclusionPromise(b));
+    if (invalidValues.length > 0) {
+        throw new error_1.ValidationError('invalid v0.1 bundle', invalidValues);
+    }
+}
+exports.assertBundleV01 = assertBundleV01;
+// Type guard to determine if Bundle is a v0.1 bundle.
+function isBundleV01(b) {
+    try {
+        assertBundleV01(b);
+        return true;
+    }
+    catch (e) {
+        return false;
+    }
+}
+exports.isBundleV01 = isBundleV01;
+// Asserts that the given bundle conforms to the v0.2 bundle format.
+function assertBundleV02(b) {
+    const invalidValues = [];
+    invalidValues.push(...validateBundleBase(b));
+    invalidValues.push(...validateInclusionProof(b));
+    if (invalidValues.length > 0) {
+        throw new error_1.ValidationError('invalid v0.2 bundle', invalidValues);
+    }
+}
+exports.assertBundleV02 = assertBundleV02;
+// Asserts that the given bundle conforms to the newest (0.3) bundle format.
+function assertBundleLatest(b) {
+    const invalidValues = [];
+    invalidValues.push(...validateBundleBase(b));
+    invalidValues.push(...validateInclusionProof(b));
+    invalidValues.push(...validateNoCertificateChain(b));
+    if (invalidValues.length > 0) {
+        throw new error_1.ValidationError('invalid bundle', invalidValues);
+    }
+}
+exports.assertBundleLatest = assertBundleLatest;
+function validateBundleBase(b) {
     const invalidValues = [];
     // Media type validation
     if (b.mediaType === undefined ||
@@ -84,6 +132,11 @@ function assertBundle(b) {
                         }
                     });
                     break;
+                case 'certificate':
+                    if (b.verificationMaterial.content.certificate.rawBytes.length === 0) {
+                        invalidValues.push('verificationMaterial.content.certificate.rawBytes');
+                    }
+                    break;
             }
         }
         if (b.verificationMaterial.tlogEntries === undefined) {
@@ -102,17 +155,11 @@ function assertBundle(b) {
             }
         }
     }
-    if (invalidValues.length > 0) {
-        throw new error_1.ValidationError('invalid bundle', invalidValues);
-    }
+    return invalidValues;
 }
-exports.assertBundle = assertBundle;
-// Asserts that the given bundle conforms to the v0.1 bundle format.
-function assertBundleV01(b) {
+// Necessary for V01 bundles
+function validateInclusionPromise(b) {
     const invalidValues = [];
-    if (b.mediaType && b.mediaType !== bundle_1.BUNDLE_V01_MEDIA_TYPE) {
-        invalidValues.push('mediaType');
-    }
     if (b.verificationMaterial &&
         b.verificationMaterial.tlogEntries?.length > 0) {
         b.verificationMaterial.tlogEntries.forEach((entry, i) => {
@@ -121,24 +168,10 @@ function assertBundleV01(b) {
             }
         });
     }
-    if (invalidValues.length > 0) {
-        throw new error_1.ValidationError('invalid v0.1 bundle', invalidValues);
-    }
+    return invalidValues;
 }
-exports.assertBundleV01 = assertBundleV01;
-// Type guard to determine if Bundle is a v0.1 bundle.
-function isBundleV01(b) {
-    try {
-        assertBundleV01(b);
-        return true;
-    }
-    catch (e) {
-        return false;
-    }
-}
-exports.isBundleV01 = isBundleV01;
-// Asserts that the given bundle conforms to the newest (0.2) bundle format.
-function assertBundleLatest(b) {
+// Necessary for V02 and later bundles
+function validateInclusionProof(b) {
     const invalidValues = [];
     if (b.verificationMaterial &&
         b.verificationMaterial.tlogEntries?.length > 0) {
@@ -153,8 +186,13 @@ function assertBundleLatest(b) {
             }
         });
     }
-    if (invalidValues.length > 0) {
-        throw new error_1.ValidationError('invalid v0.2 bundle', invalidValues);
+    return invalidValues;
+}
+// Necessary for V03 and later bundles
+function validateNoCertificateChain(b) {
+    const invalidValues = [];
+    if (b.verificationMaterial?.content?.$case === 'x509CertificateChain') {
+        invalidValues.push('verificationMaterial.content.$case');
     }
+    return invalidValues;
 }
-exports.assertBundleLatest = assertBundleLatest;
diff --git a/deps/npm/node_modules/@sigstore/bundle/package.json b/deps/npm/node_modules/@sigstore/bundle/package.json
index 7e26efa11a21de..2cac185f73895b 100644
--- a/deps/npm/node_modules/@sigstore/bundle/package.json
+++ b/deps/npm/node_modules/@sigstore/bundle/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@sigstore/bundle",
-  "version": "2.1.0",
+  "version": "2.2.0",
   "description": "Sigstore bundle type",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -27,7 +27,7 @@
     "provenance": true
   },
   "dependencies": {
-    "@sigstore/protobuf-specs": "^0.2.1"
+    "@sigstore/protobuf-specs": "^0.3.0"
   },
   "engines": {
     "node": "^16.14.0 || >=18.0.0"
diff --git a/deps/npm/node_modules/@sigstore/core/LICENSE b/deps/npm/node_modules/@sigstore/core/LICENSE
new file mode 100644
index 00000000000000..e9e7c1679a09df
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/core/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2023 The Sigstore Authors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/deps/npm/node_modules/sigstore/dist/util/asn1/error.js b/deps/npm/node_modules/@sigstore/core/dist/asn1/error.js
similarity index 100%
rename from deps/npm/node_modules/sigstore/dist/util/asn1/error.js
rename to deps/npm/node_modules/@sigstore/core/dist/asn1/error.js
diff --git a/deps/npm/node_modules/sigstore/dist/util/asn1/index.js b/deps/npm/node_modules/@sigstore/core/dist/asn1/index.js
similarity index 100%
rename from deps/npm/node_modules/sigstore/dist/util/asn1/index.js
rename to deps/npm/node_modules/@sigstore/core/dist/asn1/index.js
diff --git a/deps/npm/node_modules/sigstore/dist/util/asn1/length.js b/deps/npm/node_modules/@sigstore/core/dist/asn1/length.js
similarity index 100%
rename from deps/npm/node_modules/sigstore/dist/util/asn1/length.js
rename to deps/npm/node_modules/@sigstore/core/dist/asn1/length.js
diff --git a/deps/npm/node_modules/sigstore/dist/util/asn1/obj.js b/deps/npm/node_modules/@sigstore/core/dist/asn1/obj.js
similarity index 100%
rename from deps/npm/node_modules/sigstore/dist/util/asn1/obj.js
rename to deps/npm/node_modules/@sigstore/core/dist/asn1/obj.js
diff --git a/deps/npm/node_modules/sigstore/dist/util/asn1/parse.js b/deps/npm/node_modules/@sigstore/core/dist/asn1/parse.js
similarity index 99%
rename from deps/npm/node_modules/sigstore/dist/util/asn1/parse.js
rename to deps/npm/node_modules/@sigstore/core/dist/asn1/parse.js
index ad50a8f1abdc27..482c7239e83162 100644
--- a/deps/npm/node_modules/sigstore/dist/util/asn1/parse.js
+++ b/deps/npm/node_modules/@sigstore/core/dist/asn1/parse.js
@@ -16,8 +16,8 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-const RE_TIME_SHORT_YEAR = /^(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})Z$/;
-const RE_TIME_LONG_YEAR = /^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})Z$/;
+const RE_TIME_SHORT_YEAR = /^(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})(\.\d{3})?Z$/;
+const RE_TIME_LONG_YEAR = /^(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})(\.\d{3})?Z$/;
 // Parse a BigInt from the DER-encoded buffer
 // https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-integer
 function parseInteger(buf) {
diff --git a/deps/npm/node_modules/sigstore/dist/util/asn1/tag.js b/deps/npm/node_modules/@sigstore/core/dist/asn1/tag.js
similarity index 76%
rename from deps/npm/node_modules/sigstore/dist/util/asn1/tag.js
rename to deps/npm/node_modules/@sigstore/core/dist/asn1/tag.js
index ecd4fd05362bb3..84dd938d049aa5 100644
--- a/deps/npm/node_modules/sigstore/dist/util/asn1/tag.js
+++ b/deps/npm/node_modules/@sigstore/core/dist/asn1/tag.js
@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ASN1Tag = exports.UNIVERSAL_TAG = void 0;
+exports.ASN1Tag = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -17,7 +17,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 const error_1 = require("./error");
-exports.UNIVERSAL_TAG = {
+const UNIVERSAL_TAG = {
     BOOLEAN: 0x01,
     INTEGER: 0x02,
     BIT_STRING: 0x03,
@@ -59,25 +59,25 @@ class ASN1Tag {
         return num !== undefined ? res && this.number === num : res;
     }
     isBoolean() {
-        return this.isUniversal() && this.number === exports.UNIVERSAL_TAG.BOOLEAN;
+        return this.isUniversal() && this.number === UNIVERSAL_TAG.BOOLEAN;
     }
     isInteger() {
-        return this.isUniversal() && this.number === exports.UNIVERSAL_TAG.INTEGER;
+        return this.isUniversal() && this.number === UNIVERSAL_TAG.INTEGER;
     }
     isBitString() {
-        return this.isUniversal() && this.number === exports.UNIVERSAL_TAG.BIT_STRING;
+        return this.isUniversal() && this.number === UNIVERSAL_TAG.BIT_STRING;
     }
     isOctetString() {
-        return this.isUniversal() && this.number === exports.UNIVERSAL_TAG.OCTET_STRING;
+        return this.isUniversal() && this.number === UNIVERSAL_TAG.OCTET_STRING;
     }
     isOID() {
-        return (this.isUniversal() && this.number === exports.UNIVERSAL_TAG.OBJECT_IDENTIFIER);
+        return (this.isUniversal() && this.number === UNIVERSAL_TAG.OBJECT_IDENTIFIER);
     }
     isUTCTime() {
-        return this.isUniversal() && this.number === exports.UNIVERSAL_TAG.UTC_TIME;
+        return this.isUniversal() && this.number === UNIVERSAL_TAG.UTC_TIME;
     }
     isGeneralizedTime() {
-        return this.isUniversal() && this.number === exports.UNIVERSAL_TAG.GENERALIZED_TIME;
+        return this.isUniversal() && this.number === UNIVERSAL_TAG.GENERALIZED_TIME;
     }
     toDER() {
         return this.number | (this.constructed ? 0x20 : 0x00) | (this.class << 6);
diff --git a/deps/npm/node_modules/sigstore/dist/util/crypto.js b/deps/npm/node_modules/@sigstore/core/dist/crypto.js
similarity index 74%
rename from deps/npm/node_modules/sigstore/dist/util/crypto.js
rename to deps/npm/node_modules/@sigstore/core/dist/crypto.js
index c26de091ecdb62..c5d899d003e1d4 100644
--- a/deps/npm/node_modules/sigstore/dist/util/crypto.js
+++ b/deps/npm/node_modules/@sigstore/core/dist/crypto.js
@@ -3,9 +3,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.bufferEqual = exports.randomBytes = exports.hash = exports.verifyBlob = exports.createPublicKey = void 0;
+exports.bufferEqual = exports.verify = exports.hash = exports.digest = exports.createPublicKey = void 0;
 /*
-Copyright 2022 The Sigstore Authors.
+Copyright 2023 The Sigstore Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -30,7 +30,24 @@ function createPublicKey(key) {
     }
 }
 exports.createPublicKey = createPublicKey;
-function verifyBlob(data, key, signature, algorithm) {
+function digest(algorithm, ...data) {
+    const hash = crypto_1.default.createHash(algorithm);
+    for (const d of data) {
+        hash.update(d);
+    }
+    return hash.digest();
+}
+exports.digest = digest;
+// TODO: deprecate this in favor of digest()
+function hash(...data) {
+    const hash = crypto_1.default.createHash(SHA256_ALGORITHM);
+    for (const d of data) {
+        hash.update(d);
+    }
+    return hash.digest();
+}
+exports.hash = hash;
+function verify(data, key, signature, algorithm) {
     // The try/catch is to work around an issue in Node 14.x where verify throws
     // an error in some scenarios if the signature is invalid.
     try {
@@ -41,16 +58,7 @@ function verifyBlob(data, key, signature, algorithm) {
         return false;
     }
 }
-exports.verifyBlob = verifyBlob;
-function hash(data) {
-    const hash = crypto_1.default.createHash(SHA256_ALGORITHM);
-    return hash.update(data).digest();
-}
-exports.hash = hash;
-function randomBytes(count) {
-    return crypto_1.default.randomBytes(count);
-}
-exports.randomBytes = randomBytes;
+exports.verify = verify;
 function bufferEqual(a, b) {
     try {
         return crypto_1.default.timingSafeEqual(a, b);
diff --git a/deps/npm/node_modules/@sigstore/sign/dist/util/dsse.js b/deps/npm/node_modules/@sigstore/core/dist/dsse.js
similarity index 79%
rename from deps/npm/node_modules/@sigstore/sign/dist/util/dsse.js
rename to deps/npm/node_modules/@sigstore/core/dist/dsse.js
index befcdbdc14ec81..a78783c919a256 100644
--- a/deps/npm/node_modules/@sigstore/sign/dist/util/dsse.js
+++ b/deps/npm/node_modules/@sigstore/core/dist/dsse.js
@@ -19,7 +19,13 @@ limitations under the License.
 const PAE_PREFIX = 'DSSEv1';
 // DSSE Pre-Authentication Encoding
 function preAuthEncoding(payloadType, payload) {
-    const prefix = Buffer.from(`${PAE_PREFIX} ${payloadType.length} ${payloadType} ${payload.length} `, 'ascii');
-    return Buffer.concat([prefix, payload]);
+    const prefix = [
+        PAE_PREFIX,
+        payloadType.length,
+        payloadType,
+        payload.length,
+        '',
+    ].join(' ');
+    return Buffer.concat([Buffer.from(prefix, 'ascii'), payload]);
 }
 exports.preAuthEncoding = preAuthEncoding;
diff --git a/deps/npm/node_modules/@sigstore/sign/dist/util/encoding.js b/deps/npm/node_modules/@sigstore/core/dist/encoding.js
similarity index 100%
rename from deps/npm/node_modules/@sigstore/sign/dist/util/encoding.js
rename to deps/npm/node_modules/@sigstore/core/dist/encoding.js
diff --git a/deps/npm/node_modules/sigstore/dist/util/index.js b/deps/npm/node_modules/@sigstore/core/dist/index.js
similarity index 62%
rename from deps/npm/node_modules/sigstore/dist/util/index.js
rename to deps/npm/node_modules/@sigstore/core/dist/index.js
index ff4cec375af8f8..ac35e86a8df7d0 100644
--- a/deps/npm/node_modules/sigstore/dist/util/index.js
+++ b/deps/npm/node_modules/@sigstore/core/dist/index.js
@@ -23,9 +23,9 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.pem = exports.json = exports.encoding = exports.dsse = exports.crypto = exports.asn1 = void 0;
+exports.X509SCTExtension = exports.X509Certificate = exports.EXTENSION_OID_SCT = exports.ByteStream = exports.RFC3161Timestamp = exports.pem = exports.json = exports.encoding = exports.dsse = exports.crypto = exports.ASN1Obj = void 0;
 /*
-Copyright 2022 The Sigstore Authors.
+Copyright 2023 The Sigstore Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -39,9 +39,18 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-exports.asn1 = __importStar(require("./asn1"));
+var asn1_1 = require("./asn1");
+Object.defineProperty(exports, "ASN1Obj", { enumerable: true, get: function () { return asn1_1.ASN1Obj; } });
 exports.crypto = __importStar(require("./crypto"));
 exports.dsse = __importStar(require("./dsse"));
 exports.encoding = __importStar(require("./encoding"));
 exports.json = __importStar(require("./json"));
 exports.pem = __importStar(require("./pem"));
+var rfc3161_1 = require("./rfc3161");
+Object.defineProperty(exports, "RFC3161Timestamp", { enumerable: true, get: function () { return rfc3161_1.RFC3161Timestamp; } });
+var stream_1 = require("./stream");
+Object.defineProperty(exports, "ByteStream", { enumerable: true, get: function () { return stream_1.ByteStream; } });
+var x509_1 = require("./x509");
+Object.defineProperty(exports, "EXTENSION_OID_SCT", { enumerable: true, get: function () { return x509_1.EXTENSION_OID_SCT; } });
+Object.defineProperty(exports, "X509Certificate", { enumerable: true, get: function () { return x509_1.X509Certificate; } });
+Object.defineProperty(exports, "X509SCTExtension", { enumerable: true, get: function () { return x509_1.X509SCTExtension; } });
diff --git a/deps/npm/node_modules/sigstore/dist/util/json.js b/deps/npm/node_modules/@sigstore/core/dist/json.js
similarity index 100%
rename from deps/npm/node_modules/sigstore/dist/util/json.js
rename to deps/npm/node_modules/@sigstore/core/dist/json.js
index 69176ad731eb78..a50df7233c7c58 100644
--- a/deps/npm/node_modules/sigstore/dist/util/json.js
+++ b/deps/npm/node_modules/@sigstore/core/dist/json.js
@@ -1,6 +1,4 @@
 "use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.canonicalize = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -16,6 +14,8 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canonicalize = void 0;
 // JSON canonicalization per https://github.com/cyberphone/json-canonicalization
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 function canonicalize(object) {
diff --git a/deps/npm/node_modules/@sigstore/core/dist/oid.js b/deps/npm/node_modules/@sigstore/core/dist/oid.js
new file mode 100644
index 00000000000000..ac7a643067ad02
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/core/dist/oid.js
@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SHA2_HASH_ALGOS = exports.ECDSA_SIGNATURE_ALGOS = void 0;
+exports.ECDSA_SIGNATURE_ALGOS = {
+    '1.2.840.10045.4.3.1': 'sha224',
+    '1.2.840.10045.4.3.2': 'sha256',
+    '1.2.840.10045.4.3.3': 'sha384',
+    '1.2.840.10045.4.3.4': 'sha512',
+};
+exports.SHA2_HASH_ALGOS = {
+    '2.16.840.1.101.3.4.2.1': 'sha256',
+    '2.16.840.1.101.3.4.2.2': 'sha384',
+    '2.16.840.1.101.3.4.2.3': 'sha512',
+};
diff --git a/deps/npm/node_modules/sigstore/dist/util/pem.js b/deps/npm/node_modules/@sigstore/core/dist/pem.js
similarity index 97%
rename from deps/npm/node_modules/sigstore/dist/util/pem.js
rename to deps/npm/node_modules/@sigstore/core/dist/pem.js
index 8b03b364cd7efb..f35bc3835bbd10 100644
--- a/deps/npm/node_modules/sigstore/dist/util/pem.js
+++ b/deps/npm/node_modules/@sigstore/core/dist/pem.js
@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromDER = exports.toDER = void 0;
 /*
-Copyright 2022 The Sigstore Authors.
+Copyright 2023 The Sigstore Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
diff --git a/deps/npm/node_modules/sigstore/dist/types/utility.js b/deps/npm/node_modules/@sigstore/core/dist/rfc3161/error.js
similarity index 72%
rename from deps/npm/node_modules/sigstore/dist/types/utility.js
rename to deps/npm/node_modules/@sigstore/core/dist/rfc3161/error.js
index 77c91b1923ca08..b9b549b0bb3235 100644
--- a/deps/npm/node_modules/sigstore/dist/types/utility.js
+++ b/deps/npm/node_modules/@sigstore/core/dist/rfc3161/error.js
@@ -1,6 +1,8 @@
 "use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RFC3161TimestampVerificationError = void 0;
 /*
-Copyright 2022 The Sigstore Authors.
+Copyright 2023 The Sigstore Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -14,4 +16,6 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-Object.defineProperty(exports, "__esModule", { value: true });
+class RFC3161TimestampVerificationError extends Error {
+}
+exports.RFC3161TimestampVerificationError = RFC3161TimestampVerificationError;
diff --git a/deps/npm/node_modules/@sigstore/sign/dist/util/pem.js b/deps/npm/node_modules/@sigstore/core/dist/rfc3161/index.js
similarity index 64%
rename from deps/npm/node_modules/@sigstore/sign/dist/util/pem.js
rename to deps/npm/node_modules/@sigstore/core/dist/rfc3161/index.js
index 36eeebd2052f5e..b77ecf1c7d50c2 100644
--- a/deps/npm/node_modules/@sigstore/sign/dist/util/pem.js
+++ b/deps/npm/node_modules/@sigstore/core/dist/rfc3161/index.js
@@ -1,6 +1,4 @@
 "use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.toDER = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -16,12 +14,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-const PEM_HEADER = /-----BEGIN (.*)-----/;
-const PEM_FOOTER = /-----END (.*)-----/;
-function toDER(certificate) {
-    const lines = certificate
-        .split('\n')
-        .map((line) => line.match(PEM_HEADER) || line.match(PEM_FOOTER) ? '' : line);
-    return Buffer.from(lines.join(''), 'base64');
-}
-exports.toDER = toDER;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RFC3161Timestamp = void 0;
+var timestamp_1 = require("./timestamp");
+Object.defineProperty(exports, "RFC3161Timestamp", { enumerable: true, get: function () { return timestamp_1.RFC3161Timestamp; } });
diff --git a/deps/npm/node_modules/@sigstore/core/dist/rfc3161/timestamp.js b/deps/npm/node_modules/@sigstore/core/dist/rfc3161/timestamp.js
new file mode 100644
index 00000000000000..3e61fc1a4e1692
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/core/dist/rfc3161/timestamp.js
@@ -0,0 +1,201 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RFC3161Timestamp = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const asn1_1 = require("../asn1");
+const crypto = __importStar(require("../crypto"));
+const oid_1 = require("../oid");
+const error_1 = require("./error");
+const tstinfo_1 = require("./tstinfo");
+const OID_PKCS9_CONTENT_TYPE_SIGNED_DATA = '1.2.840.113549.1.7.2';
+const OID_PKCS9_CONTENT_TYPE_TSTINFO = '1.2.840.113549.1.9.16.1.4';
+const OID_PKCS9_MESSAGE_DIGEST_KEY = '1.2.840.113549.1.9.4';
+class RFC3161Timestamp {
+    constructor(asn1) {
+        this.root = asn1;
+    }
+    static parse(der) {
+        const asn1 = asn1_1.ASN1Obj.parseBuffer(der);
+        return new RFC3161Timestamp(asn1);
+    }
+    get status() {
+        return this.pkiStatusInfoObj.subs[0].toInteger();
+    }
+    get contentType() {
+        return this.contentTypeObj.toOID();
+    }
+    get eContentType() {
+        return this.eContentTypeObj.toOID();
+    }
+    get signingTime() {
+        return this.tstInfo.genTime;
+    }
+    get signerIssuer() {
+        return this.signerSidObj.subs[0].value;
+    }
+    get signerSerialNumber() {
+        return this.signerSidObj.subs[1].value;
+    }
+    get signerDigestAlgorithm() {
+        const oid = this.signerDigestAlgorithmObj.subs[0].toOID();
+        return oid_1.SHA2_HASH_ALGOS[oid];
+    }
+    get signatureAlgorithm() {
+        const oid = this.signatureAlgorithmObj.subs[0].toOID();
+        return oid_1.ECDSA_SIGNATURE_ALGOS[oid];
+    }
+    get signatureValue() {
+        return this.signatureValueObj.value;
+    }
+    get tstInfo() {
+        // Need to unpack tstInfo from an OCTET STRING
+        return new tstinfo_1.TSTInfo(this.eContentObj.subs[0].subs[0]);
+    }
+    verify(data, publicKey) {
+        if (!this.timeStampTokenObj) {
+            throw new error_1.RFC3161TimestampVerificationError('timeStampToken is missing');
+        }
+        // Check for expected ContentInfo content type
+        if (this.contentType !== OID_PKCS9_CONTENT_TYPE_SIGNED_DATA) {
+            throw new error_1.RFC3161TimestampVerificationError(`incorrect content type: ${this.contentType}`);
+        }
+        // Check for expected encapsulated content type
+        if (this.eContentType !== OID_PKCS9_CONTENT_TYPE_TSTINFO) {
+            throw new error_1.RFC3161TimestampVerificationError(`incorrect encapsulated content type: ${this.eContentType}`);
+        }
+        // Check that the tstInfo references the correct artifact
+        this.tstInfo.verify(data);
+        // Check that the signed message digest matches the tstInfo
+        this.verifyMessageDigest();
+        // Check that the signature is valid for the signed attributes
+        this.verifySignature(publicKey);
+    }
+    verifyMessageDigest() {
+        // Check that the tstInfo matches the signed data
+        const tstInfoDigest = crypto.digest(this.signerDigestAlgorithm, this.tstInfo.raw);
+        const expectedDigest = this.messageDigestAttributeObj.subs[1].subs[0].value;
+        if (!crypto.bufferEqual(tstInfoDigest, expectedDigest)) {
+            throw new error_1.RFC3161TimestampVerificationError('signed data does not match tstInfo');
+        }
+    }
+    verifySignature(key) {
+        // Encode the signed attributes for verification
+        const signedAttrs = this.signedAttrsObj.toDER();
+        signedAttrs[0] = 0x31; // Change context-specific tag to SET
+        // Check that the signature is valid for the signed attributes
+        const verified = crypto.verify(signedAttrs, key, this.signatureValue, this.signatureAlgorithm);
+        if (!verified) {
+            throw new error_1.RFC3161TimestampVerificationError('signature verification failed');
+        }
+    }
+    // https://www.rfc-editor.org/rfc/rfc3161#section-2.4.2
+    get pkiStatusInfoObj() {
+        // pkiStatusInfo is the first element of the timestamp response sequence
+        return this.root.subs[0];
+    }
+    // https://www.rfc-editor.org/rfc/rfc3161#section-2.4.2
+    get timeStampTokenObj() {
+        // timeStampToken is the first element of the timestamp response sequence
+        return this.root.subs[1];
+    }
+    // https://datatracker.ietf.org/doc/html/rfc5652#section-3
+    get contentTypeObj() {
+        return this.timeStampTokenObj.subs[0];
+    }
+    // https://www.rfc-editor.org/rfc/rfc5652#section-3
+    get signedDataObj() {
+        const obj = this.timeStampTokenObj.subs.find((sub) => sub.tag.isContextSpecific(0x00));
+        return obj.subs[0];
+    }
+    // https://datatracker.ietf.org/doc/html/rfc5652#section-5.1
+    get encapContentInfoObj() {
+        return this.signedDataObj.subs[2];
+    }
+    // https://datatracker.ietf.org/doc/html/rfc5652#section-5.1
+    get signerInfosObj() {
+        // SignerInfos is the last element of the signed data sequence
+        const sd = this.signedDataObj;
+        return sd.subs[sd.subs.length - 1];
+    }
+    // https://www.rfc-editor.org/rfc/rfc5652#section-5.1
+    get signerInfoObj() {
+        // Only supporting one signer
+        return this.signerInfosObj.subs[0];
+    }
+    // https://datatracker.ietf.org/doc/html/rfc5652#section-5.2
+    get eContentTypeObj() {
+        return this.encapContentInfoObj.subs[0];
+    }
+    // https://datatracker.ietf.org/doc/html/rfc5652#section-5.2
+    get eContentObj() {
+        return this.encapContentInfoObj.subs[1];
+    }
+    // https://datatracker.ietf.org/doc/html/rfc5652#section-5.3
+    get signedAttrsObj() {
+        const signedAttrs = this.signerInfoObj.subs.find((sub) => sub.tag.isContextSpecific(0x00));
+        return signedAttrs;
+    }
+    // https://datatracker.ietf.org/doc/html/rfc5652#section-5.3
+    get messageDigestAttributeObj() {
+        const messageDigest = this.signedAttrsObj.subs.find((sub) => sub.subs[0].tag.isOID() &&
+            sub.subs[0].toOID() === OID_PKCS9_MESSAGE_DIGEST_KEY);
+        return messageDigest;
+    }
+    // https://datatracker.ietf.org/doc/html/rfc5652#section-5.3
+    get signerSidObj() {
+        return this.signerInfoObj.subs[1];
+    }
+    // https://datatracker.ietf.org/doc/html/rfc5652#section-5.3
+    get signerDigestAlgorithmObj() {
+        // Signature is the 2nd element of the signerInfoObj object
+        return this.signerInfoObj.subs[2];
+    }
+    // https://datatracker.ietf.org/doc/html/rfc5652#section-5.3
+    get signatureAlgorithmObj() {
+        // Signature is the 4th element of the signerInfoObj object
+        return this.signerInfoObj.subs[4];
+    }
+    // https://datatracker.ietf.org/doc/html/rfc5652#section-5.3
+    get signatureValueObj() {
+        // Signature is the 6th element of the signerInfoObj object
+        return this.signerInfoObj.subs[5];
+    }
+}
+exports.RFC3161Timestamp = RFC3161Timestamp;
diff --git a/deps/npm/node_modules/@sigstore/core/dist/rfc3161/tstinfo.js b/deps/npm/node_modules/@sigstore/core/dist/rfc3161/tstinfo.js
new file mode 100644
index 00000000000000..dc8e4fb339383c
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/core/dist/rfc3161/tstinfo.js
@@ -0,0 +1,61 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TSTInfo = void 0;
+const crypto = __importStar(require("../crypto"));
+const oid_1 = require("../oid");
+const error_1 = require("./error");
+class TSTInfo {
+    constructor(asn1) {
+        this.root = asn1;
+    }
+    get version() {
+        return this.root.subs[0].toInteger();
+    }
+    get genTime() {
+        return this.root.subs[4].toDate();
+    }
+    get messageImprintHashAlgorithm() {
+        const oid = this.messageImprintObj.subs[0].subs[0].toOID();
+        return oid_1.SHA2_HASH_ALGOS[oid];
+    }
+    get messageImprintHashedMessage() {
+        return this.messageImprintObj.subs[1].value;
+    }
+    get raw() {
+        return this.root.toDER();
+    }
+    verify(data) {
+        const digest = crypto.digest(this.messageImprintHashAlgorithm, data);
+        if (!crypto.bufferEqual(digest, this.messageImprintHashedMessage)) {
+            throw new error_1.RFC3161TimestampVerificationError('message imprint does not match artifact');
+        }
+    }
+    // https://www.rfc-editor.org/rfc/rfc3161#section-2.4.2
+    get messageImprintObj() {
+        return this.root.subs[2];
+    }
+}
+exports.TSTInfo = TSTInfo;
diff --git a/deps/npm/node_modules/sigstore/dist/util/stream.js b/deps/npm/node_modules/@sigstore/core/dist/stream.js
similarity index 97%
rename from deps/npm/node_modules/sigstore/dist/util/stream.js
rename to deps/npm/node_modules/@sigstore/core/dist/stream.js
index b5c881bb388d43..0a24f8582eb23a 100644
--- a/deps/npm/node_modules/sigstore/dist/util/stream.js
+++ b/deps/npm/node_modules/@sigstore/core/dist/stream.js
@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ByteStream = exports.StreamError = void 0;
+exports.ByteStream = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -18,7 +18,6 @@ limitations under the License.
 */
 class StreamError extends Error {
 }
-exports.StreamError = StreamError;
 class ByteStream {
     constructor(buffer) {
         this.start = 0;
diff --git a/deps/npm/node_modules/sigstore/dist/x509/cert.js b/deps/npm/node_modules/@sigstore/core/dist/x509/cert.js
similarity index 56%
rename from deps/npm/node_modules/sigstore/dist/x509/cert.js
rename to deps/npm/node_modules/@sigstore/core/dist/x509/cert.js
index ec14b5f47369da..16c0c40d858d8a 100644
--- a/deps/npm/node_modules/sigstore/dist/x509/cert.js
+++ b/deps/npm/node_modules/@sigstore/core/dist/x509/cert.js
@@ -1,40 +1,63 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.x509Certificate = void 0;
-const util_1 = require("../util");
-const asn1_1 = require("../util/asn1");
-const stream_1 = require("../util/stream");
+exports.X509Certificate = exports.EXTENSION_OID_SCT = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const asn1_1 = require("../asn1");
+const crypto = __importStar(require("../crypto"));
+const oid_1 = require("../oid");
+const pem = __importStar(require("../pem"));
 const ext_1 = require("./ext");
 const EXTENSION_OID_SUBJECT_KEY_ID = '2.5.29.14';
 const EXTENSION_OID_KEY_USAGE = '2.5.29.15';
 const EXTENSION_OID_SUBJECT_ALT_NAME = '2.5.29.17';
 const EXTENSION_OID_BASIC_CONSTRAINTS = '2.5.29.19';
 const EXTENSION_OID_AUTHORITY_KEY_ID = '2.5.29.35';
-const EXTENSION_OID_SCT = '1.3.6.1.4.1.11129.2.4.2';
-// List of recognized critical extensions
-// https://www.rfc-editor.org/rfc/rfc5280#section-4.2
-const RECOGNIZED_EXTENSIONS = [
-    EXTENSION_OID_KEY_USAGE,
-    EXTENSION_OID_BASIC_CONSTRAINTS,
-    EXTENSION_OID_SUBJECT_ALT_NAME,
-];
-const ECDSA_SIGNATURE_ALGOS = {
-    '1.2.840.10045.4.3.1': 'sha224',
-    '1.2.840.10045.4.3.2': 'sha256',
-    '1.2.840.10045.4.3.3': 'sha384',
-    '1.2.840.10045.4.3.4': 'sha512',
-};
-class x509Certificate {
+exports.EXTENSION_OID_SCT = '1.3.6.1.4.1.11129.2.4.2';
+class X509Certificate {
     constructor(asn1) {
         this.root = asn1;
-        if (!this.checkRecognizedExtensions()) {
-            throw new Error('Certificate contains unrecognized critical extensions');
-        }
     }
     static parse(cert) {
-        const der = typeof cert === 'string' ? util_1.pem.toDER(cert) : cert;
+        const der = typeof cert === 'string' ? pem.toDER(cert) : cert;
         const asn1 = asn1_1.ASN1Obj.parseBuffer(der);
-        return new x509Certificate(asn1);
+        return new X509Certificate(asn1);
     }
     get tbsCertificate() {
         return this.tbsCertificateObj;
@@ -44,6 +67,9 @@ class x509Certificate {
         const ver = this.versionObj.subs[0].toInteger();
         return `v${(ver + BigInt(1)).toString()}`;
     }
+    get serialNumber() {
+        return this.serialNumberObj.value;
+    }
     get notBefore() {
         // notBefore is the first element of the validity sequence
         return this.validityObj.subs[0].toDate();
@@ -63,41 +89,47 @@ class x509Certificate {
     }
     get signatureAlgorithm() {
         const oid = this.signatureAlgorithmObj.subs[0].toOID();
-        return ECDSA_SIGNATURE_ALGOS[oid];
+        return oid_1.ECDSA_SIGNATURE_ALGOS[oid];
     }
     get signatureValue() {
         // Signature value is a bit string, so we need to skip the first byte
         return this.signatureValueObj.value.subarray(1);
     }
+    get subjectAltName() {
+        const ext = this.extSubjectAltName;
+        return ext?.uri || ext?.rfc822Name;
+    }
     get extensions() {
         // The extension list is the first (and only) element of the extensions
         // context specific tag
         const extSeq = this.extensionsObj?.subs[0];
-        return extSeq?.subs || [];
+        return extSeq?.subs || /* istanbul ignore next */ [];
     }
     get extKeyUsage() {
         const ext = this.findExtension(EXTENSION_OID_KEY_USAGE);
-        return ext ? new ext_1.x509KeyUsageExtension(ext) : undefined;
+        return ext ? new ext_1.X509KeyUsageExtension(ext) : undefined;
     }
     get extBasicConstraints() {
         const ext = this.findExtension(EXTENSION_OID_BASIC_CONSTRAINTS);
-        return ext ? new ext_1.x509BasicConstraintsExtension(ext) : undefined;
+        return ext ? new ext_1.X509BasicConstraintsExtension(ext) : undefined;
     }
     get extSubjectAltName() {
         const ext = this.findExtension(EXTENSION_OID_SUBJECT_ALT_NAME);
-        return ext ? new ext_1.x509SubjectAlternativeNameExtension(ext) : undefined;
+        return ext ? new ext_1.X509SubjectAlternativeNameExtension(ext) : undefined;
     }
     get extAuthorityKeyID() {
         const ext = this.findExtension(EXTENSION_OID_AUTHORITY_KEY_ID);
-        return ext ? new ext_1.x509AuthorityKeyIDExtension(ext) : undefined;
+        return ext ? new ext_1.X509AuthorityKeyIDExtension(ext) : undefined;
     }
     get extSubjectKeyID() {
         const ext = this.findExtension(EXTENSION_OID_SUBJECT_KEY_ID);
-        return ext ? new ext_1.x509SubjectKeyIDExtension(ext) : undefined;
+        return ext
+            ? new ext_1.X509SubjectKeyIDExtension(ext)
+            : /* istanbul ignore next */ undefined;
     }
     get extSCT() {
-        const ext = this.findExtension(EXTENSION_OID_SCT);
-        return ext ? new ext_1.x509SCTExtension(ext) : undefined;
+        const ext = this.findExtension(exports.EXTENSION_OID_SCT);
+        return ext ? new ext_1.X509SCTExtension(ext) : undefined;
     }
     get isCA() {
         const ca = this.extBasicConstraints?.isCA || false;
@@ -109,13 +141,13 @@ class x509Certificate {
     }
     extension(oid) {
         const ext = this.findExtension(oid);
-        return ext ? new ext_1.x509Extension(ext) : undefined;
+        return ext ? new ext_1.X509Extension(ext) : undefined;
     }
     verify(issuerCertificate) {
         // Use the issuer's public key if provided, otherwise use the subject's
         const publicKey = issuerCertificate?.publicKey || this.publicKey;
-        const key = util_1.crypto.createPublicKey(publicKey);
-        return util_1.crypto.verifyBlob(this.tbsCertificate.toDER(), key, this.signatureValue, this.signatureAlgorithm);
+        const key = crypto.createPublicKey(publicKey);
+        return crypto.verify(this.tbsCertificate.toDER(), key, this.signatureValue, this.signatureAlgorithm);
     }
     validForDate(date) {
         return this.notBefore <= date && date <= this.notAfter;
@@ -123,71 +155,18 @@ class x509Certificate {
     equals(other) {
         return this.root.toDER().equals(other.root.toDER());
     }
-    verifySCTs(issuer, logs) {
-        let extSCT;
-        // Verifying the SCT requires that we remove the SCT extension and
-        // re-encode the TBS structure to DER -- this value is part of the data
-        // over which the signature is calculated. Since this is a destructive action
-        // we create a copy of the certificate so we can remove the SCT extension
-        // without affecting the original certificate.
-        const clone = this.clone();
-        // Intentionally not using the findExtension method here because we want to
-        // remove the the SCT extension from the certificate before calculating the
-        // PreCert structure
-        for (let i = 0; i < clone.extensions.length; i++) {
-            const ext = clone.extensions[i];
-            if (ext.subs[0].toOID() === EXTENSION_OID_SCT) {
-                extSCT = new ext_1.x509SCTExtension(ext);
-                // Remove the extension from the certificate
-                clone.extensions.splice(i, 1);
-                break;
-            }
-        }
-        if (!extSCT) {
-            throw new Error('Certificate does not contain SCT extension');
-        }
-        if (extSCT?.signedCertificateTimestamps?.length === 0) {
-            throw new Error('Certificate does not contain any SCTs');
-        }
-        // Construct the PreCert structure
-        // https://www.rfc-editor.org/rfc/rfc6962#section-3.2
-        const preCert = new stream_1.ByteStream();
-        // Calculate hash of the issuer's public key
-        const issuerId = util_1.crypto.hash(issuer.publicKey);
-        preCert.appendView(issuerId);
-        // Re-encodes the certificate to DER after removing the SCT extension
-        const tbs = clone.tbsCertificate.toDER();
-        preCert.appendUint24(tbs.length);
-        preCert.appendView(tbs);
-        // Calculate and return the verification results for each SCT
-        return extSCT.signedCertificateTimestamps.map((sct) => ({
-            logID: sct.logID,
-            verified: sct.verify(preCert.buffer, logs),
-        }));
-    }
     // Creates a copy of the certificate with a new buffer
     clone() {
         const der = this.root.toDER();
         const clone = Buffer.alloc(der.length);
         der.copy(clone);
-        return x509Certificate.parse(clone);
+        return X509Certificate.parse(clone);
     }
     findExtension(oid) {
         // Find the extension with the given OID. The OID will always be the first
         // element of the extension sequence
         return this.extensions.find((ext) => ext.subs[0].toOID() === oid);
     }
-    // A certificate should be considered invalid if it contains critical
-    // extensions that are not recognized
-    checkRecognizedExtensions() {
-        // The extension list is the first (and only) element of the extensions
-        // context specific tag
-        const extSeq = this.extensionsObj?.subs[0];
-        const exts = extSeq?.subs.map((ext) => new ext_1.x509Extension(ext));
-        // Check for unrecognized critical extensions
-        return (!exts ||
-            exts.every((ext) => !ext.critical || RECOGNIZED_EXTENSIONS.includes(ext.oid)));
-    }
     /////////////////////////////////////////////////////////////////////////////
     // The following properties use the documented x509 structure to locate the
     // desired ASN.1 object
@@ -212,6 +191,11 @@ class x509Certificate {
         // version is the first element of the tbsCertificate sequence
         return this.tbsCertificateObj.subs[0];
     }
+    // https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.2
+    get serialNumberObj() {
+        // serialNumber is the second element of the tbsCertificate sequence
+        return this.tbsCertificateObj.subs[1];
+    }
     // https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.4
     get issuerObj() {
         // issuer is the fourth element of the tbsCertificate sequence
@@ -239,4 +223,4 @@ class x509Certificate {
         return this.tbsCertificateObj.subs.find((sub) => sub.tag.isContextSpecific(0x03));
     }
 }
-exports.x509Certificate = x509Certificate;
+exports.X509Certificate = X509Certificate;
diff --git a/deps/npm/node_modules/sigstore/dist/x509/ext.js b/deps/npm/node_modules/@sigstore/core/dist/x509/ext.js
similarity index 80%
rename from deps/npm/node_modules/sigstore/dist/x509/ext.js
rename to deps/npm/node_modules/@sigstore/core/dist/x509/ext.js
index 246aeb095802fb..1d481261b0aa69 100644
--- a/deps/npm/node_modules/sigstore/dist/x509/ext.js
+++ b/deps/npm/node_modules/@sigstore/core/dist/x509/ext.js
@@ -1,10 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.x509SCTExtension = exports.x509SubjectKeyIDExtension = exports.x509AuthorityKeyIDExtension = exports.x509SubjectAlternativeNameExtension = exports.x509KeyUsageExtension = exports.x509BasicConstraintsExtension = exports.x509Extension = void 0;
-const stream_1 = require("../util/stream");
+exports.X509SCTExtension = exports.X509SubjectKeyIDExtension = exports.X509AuthorityKeyIDExtension = exports.X509SubjectAlternativeNameExtension = exports.X509KeyUsageExtension = exports.X509BasicConstraintsExtension = exports.X509Extension = void 0;
+const stream_1 = require("../stream");
 const sct_1 = require("./sct");
 // https://www.rfc-editor.org/rfc/rfc5280#section-4.1
-class x509Extension {
+class X509Extension {
     constructor(asn1) {
         this.root = asn1;
     }
@@ -27,11 +27,11 @@ class x509Extension {
         return this.root.subs[this.root.subs.length - 1];
     }
 }
-exports.x509Extension = x509Extension;
+exports.X509Extension = X509Extension;
 // https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.9
-class x509BasicConstraintsExtension extends x509Extension {
+class X509BasicConstraintsExtension extends X509Extension {
     get isCA() {
-        return this.sequence.subs[0].toBoolean();
+        return this.sequence.subs[0]?.toBoolean() ?? false;
     }
     get pathLenConstraint() {
         return this.sequence.subs.length > 1
@@ -44,9 +44,9 @@ class x509BasicConstraintsExtension extends x509Extension {
         return this.extnValueObj.subs[0];
     }
 }
-exports.x509BasicConstraintsExtension = x509BasicConstraintsExtension;
+exports.X509BasicConstraintsExtension = X509BasicConstraintsExtension;
 // https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.3
-class x509KeyUsageExtension extends x509Extension {
+class X509KeyUsageExtension extends X509Extension {
     get digitalSignature() {
         return this.bitString[0] === 1;
     }
@@ -62,9 +62,9 @@ class x509KeyUsageExtension extends x509Extension {
         return this.extnValueObj.subs[0].toBitString();
     }
 }
-exports.x509KeyUsageExtension = x509KeyUsageExtension;
+exports.X509KeyUsageExtension = X509KeyUsageExtension;
 // https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.6
-class x509SubjectAlternativeNameExtension extends x509Extension {
+class X509SubjectAlternativeNameExtension extends X509Extension {
     get rfc822Name() {
         return this.findGeneralName(0x01)?.value.toString('ascii');
     }
@@ -95,9 +95,9 @@ class x509SubjectAlternativeNameExtension extends x509Extension {
         return this.extnValueObj.subs[0].subs;
     }
 }
-exports.x509SubjectAlternativeNameExtension = x509SubjectAlternativeNameExtension;
+exports.X509SubjectAlternativeNameExtension = X509SubjectAlternativeNameExtension;
 // https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.1
-class x509AuthorityKeyIDExtension extends x509Extension {
+class X509AuthorityKeyIDExtension extends X509Extension {
     get keyIdentifier() {
         return this.findSequenceMember(0x00)?.value;
     }
@@ -109,16 +109,16 @@ class x509AuthorityKeyIDExtension extends x509Extension {
         return this.extnValueObj.subs[0];
     }
 }
-exports.x509AuthorityKeyIDExtension = x509AuthorityKeyIDExtension;
+exports.X509AuthorityKeyIDExtension = X509AuthorityKeyIDExtension;
 // https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.2
-class x509SubjectKeyIDExtension extends x509Extension {
+class X509SubjectKeyIDExtension extends X509Extension {
     get keyIdentifier() {
         return this.extnValueObj.subs[0].value;
     }
 }
-exports.x509SubjectKeyIDExtension = x509SubjectKeyIDExtension;
+exports.X509SubjectKeyIDExtension = X509SubjectKeyIDExtension;
 // https://www.rfc-editor.org/rfc/rfc6962#section-3.3
-class x509SCTExtension extends x509Extension {
+class X509SCTExtension extends X509Extension {
     constructor(asn1) {
         super(asn1);
     }
@@ -142,4 +142,4 @@ class x509SCTExtension extends x509Extension {
         return sctList;
     }
 }
-exports.x509SCTExtension = x509SCTExtension;
+exports.X509SCTExtension = X509SCTExtension;
diff --git a/deps/npm/node_modules/@sigstore/sign/dist/util/crypto.js b/deps/npm/node_modules/@sigstore/core/dist/x509/index.js
similarity index 54%
rename from deps/npm/node_modules/@sigstore/sign/dist/util/crypto.js
rename to deps/npm/node_modules/@sigstore/core/dist/x509/index.js
index 11aad2fb6ff8b0..cdd77e58f37d5a 100644
--- a/deps/npm/node_modules/@sigstore/sign/dist/util/crypto.js
+++ b/deps/npm/node_modules/@sigstore/core/dist/x509/index.js
@@ -1,9 +1,4 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.hash = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -19,9 +14,10 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-const crypto_1 = __importDefault(require("crypto"));
-const SHA256_ALGORITHM = 'sha256';
-function hash(data, algorithm = SHA256_ALGORITHM) {
-    return crypto_1.default.createHash(algorithm).update(data).digest();
-}
-exports.hash = hash;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.X509SCTExtension = exports.X509Certificate = exports.EXTENSION_OID_SCT = void 0;
+var cert_1 = require("./cert");
+Object.defineProperty(exports, "EXTENSION_OID_SCT", { enumerable: true, get: function () { return cert_1.EXTENSION_OID_SCT; } });
+Object.defineProperty(exports, "X509Certificate", { enumerable: true, get: function () { return cert_1.X509Certificate; } });
+var ext_1 = require("./ext");
+Object.defineProperty(exports, "X509SCTExtension", { enumerable: true, get: function () { return ext_1.X509SCTExtension; } });
diff --git a/deps/npm/node_modules/sigstore/dist/x509/sct.js b/deps/npm/node_modules/@sigstore/core/dist/x509/sct.js
similarity index 62%
rename from deps/npm/node_modules/sigstore/dist/x509/sct.js
rename to deps/npm/node_modules/@sigstore/core/dist/x509/sct.js
index 72528dd3a2077c..1603059c0d1ace 100644
--- a/deps/npm/node_modules/sigstore/dist/x509/sct.js
+++ b/deps/npm/node_modules/@sigstore/core/dist/x509/sct.js
@@ -1,8 +1,46 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SignedCertificateTimestamp = void 0;
-const util_1 = require("../util");
-const stream_1 = require("../util/stream");
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const crypto = __importStar(require("../crypto"));
+const stream_1 = require("../stream");
 class SignedCertificateTimestamp {
     constructor(options) {
         this.version = options.version;
@@ -20,31 +58,32 @@ class SignedCertificateTimestamp {
     // https://www.rfc-editor.org/rfc/rfc5246#section-7.4.1.4.1
     get algorithm() {
         switch (this.hashAlgorithm) {
+            /* istanbul ignore next */
             case 0:
                 return 'none';
+            /* istanbul ignore next */
             case 1:
                 return 'md5';
+            /* istanbul ignore next */
             case 2:
                 return 'sha1';
+            /* istanbul ignore next */
             case 3:
                 return 'sha224';
             case 4:
                 return 'sha256';
+            /* istanbul ignore next */
             case 5:
                 return 'sha384';
+            /* istanbul ignore next */
             case 6:
                 return 'sha512';
+            /* istanbul ignore next */
             default:
                 return 'unknown';
         }
     }
-    verify(preCert, logs) {
-        // Find key for the log reponsible for this signature
-        const log = logs.find((log) => log.logId?.keyId.equals(this.logID));
-        if (!log?.publicKey?.rawBytes) {
-            throw new Error(`No key found for log: ${this.logID.toString('base64')}`);
-        }
-        const publicKey = util_1.crypto.createPublicKey(log.publicKey.rawBytes);
+    verify(preCert, key) {
         // Assemble the digitally-signed struct (the data over which the signature
         // was generated).
         // https://www.rfc-editor.org/rfc/rfc6962#section-3.2
@@ -55,10 +94,11 @@ class SignedCertificateTimestamp {
         stream.appendUint16(0x01); // LogEntryType = precert_entry(1)
         stream.appendView(preCert);
         stream.appendUint16(this.extensions.byteLength);
+        /* istanbul ignore next - extensions are very uncommon */
         if (this.extensions.byteLength > 0) {
             stream.appendView(this.extensions);
         }
-        return util_1.crypto.verifyBlob(stream.buffer, publicKey, this.signature, this.algorithm);
+        return crypto.verify(stream.buffer, key, this.signature, this.algorithm);
     }
     // Parses a SignedCertificateTimestamp from a buffer. SCTs are encoded using
     // TLS encoding which means the fields and lengths of most fields are
diff --git a/deps/npm/node_modules/@sigstore/core/package.json b/deps/npm/node_modules/@sigstore/core/package.json
new file mode 100644
index 00000000000000..b9f901652ef0fd
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/core/package.json
@@ -0,0 +1,31 @@
+{
+  "name": "@sigstore/core",
+  "version": "1.0.0",
+  "description": "Base library for Sigstore",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "clean": "shx rm -rf dist *.tsbuildinfo",
+    "build": "tsc --build",
+    "test": "jest"
+  },
+  "files": [
+    "dist"
+  ],
+  "author": "bdehamer@github.com",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/sigstore/sigstore-js.git"
+  },
+  "bugs": {
+    "url": "https://github.com/sigstore/sigstore-js/issues"
+  },
+  "homepage": "https://github.com/sigstore/sigstore-js/tree/main/packages/core#readme",
+  "publishConfig": {
+    "provenance": true
+  },
+  "engines": {
+    "node": "^16.14.0 || >=18.0.0"
+  }
+}
diff --git a/deps/npm/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_bundle.js b/deps/npm/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_bundle.js
index 1ef3e1b3356b7c..3773867f5426a3 100644
--- a/deps/npm/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_bundle.js
+++ b/deps/npm/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_bundle.js
@@ -40,7 +40,9 @@ exports.VerificationMaterial = {
                         $case: "x509CertificateChain",
                         x509CertificateChain: sigstore_common_1.X509CertificateChain.fromJSON(object.x509CertificateChain),
                     }
-                    : undefined,
+                    : isSet(object.certificate)
+                        ? { $case: "certificate", certificate: sigstore_common_1.X509Certificate.fromJSON(object.certificate) }
+                        : undefined,
             tlogEntries: Array.isArray(object?.tlogEntries)
                 ? object.tlogEntries.map((e) => sigstore_rekor_1.TransparencyLogEntry.fromJSON(e))
                 : [],
@@ -57,6 +59,10 @@ exports.VerificationMaterial = {
             (obj.x509CertificateChain = message.content?.x509CertificateChain
                 ? sigstore_common_1.X509CertificateChain.toJSON(message.content?.x509CertificateChain)
                 : undefined);
+        message.content?.$case === "certificate" &&
+            (obj.certificate = message.content?.certificate
+                ? sigstore_common_1.X509Certificate.toJSON(message.content?.certificate)
+                : undefined);
         if (message.tlogEntries) {
             obj.tlogEntries = message.tlogEntries.map((e) => e ? sigstore_rekor_1.TransparencyLogEntry.toJSON(e) : undefined);
         }
diff --git a/deps/npm/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_common.js b/deps/npm/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_common.js
index bcd654e9154b92..c6f9baa91fff21 100644
--- a/deps/npm/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_common.js
+++ b/deps/npm/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_common.js
@@ -16,6 +16,10 @@ var HashAlgorithm;
 (function (HashAlgorithm) {
     HashAlgorithm[HashAlgorithm["HASH_ALGORITHM_UNSPECIFIED"] = 0] = "HASH_ALGORITHM_UNSPECIFIED";
     HashAlgorithm[HashAlgorithm["SHA2_256"] = 1] = "SHA2_256";
+    HashAlgorithm[HashAlgorithm["SHA2_384"] = 2] = "SHA2_384";
+    HashAlgorithm[HashAlgorithm["SHA2_512"] = 3] = "SHA2_512";
+    HashAlgorithm[HashAlgorithm["SHA3_256"] = 4] = "SHA3_256";
+    HashAlgorithm[HashAlgorithm["SHA3_384"] = 5] = "SHA3_384";
 })(HashAlgorithm = exports.HashAlgorithm || (exports.HashAlgorithm = {}));
 function hashAlgorithmFromJSON(object) {
     switch (object) {
@@ -25,6 +29,18 @@ function hashAlgorithmFromJSON(object) {
         case 1:
         case "SHA2_256":
             return HashAlgorithm.SHA2_256;
+        case 2:
+        case "SHA2_384":
+            return HashAlgorithm.SHA2_384;
+        case 3:
+        case "SHA2_512":
+            return HashAlgorithm.SHA2_512;
+        case 4:
+        case "SHA3_256":
+            return HashAlgorithm.SHA3_256;
+        case 5:
+        case "SHA3_384":
+            return HashAlgorithm.SHA3_384;
         default:
             throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum HashAlgorithm");
     }
@@ -36,6 +52,14 @@ function hashAlgorithmToJSON(object) {
             return "HASH_ALGORITHM_UNSPECIFIED";
         case HashAlgorithm.SHA2_256:
             return "SHA2_256";
+        case HashAlgorithm.SHA2_384:
+            return "SHA2_384";
+        case HashAlgorithm.SHA2_512:
+            return "SHA2_512";
+        case HashAlgorithm.SHA3_256:
+            return "SHA3_256";
+        case HashAlgorithm.SHA3_384:
+            return "SHA3_384";
         default:
             throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum HashAlgorithm");
     }
@@ -44,6 +68,16 @@ exports.hashAlgorithmToJSON = hashAlgorithmToJSON;
 /**
  * Details of a specific public key, capturing the the key encoding method,
  * and signature algorithm.
+ *
+ * PublicKeyDetails captures the public key/hash algorithm combinations
+ * recommended in the Sigstore ecosystem.
+ *
+ * This is modelled as a linear set as we want to provide a small number of
+ * opinionated options instead of allowing every possible permutation.
+ *
+ * Any changes to this enum MUST be reflected in the algorithm registry.
+ * See: docs/algorithm-registry.md
+ *
  * To avoid the possibility of contradicting formats such as PKCS1 with
  * ED25519 the valid permutations are listed as a linear set instead of a
  * cartesian set (i.e one combined variable instead of two, one for encoding
@@ -52,18 +86,60 @@ exports.hashAlgorithmToJSON = hashAlgorithmToJSON;
 var PublicKeyDetails;
 (function (PublicKeyDetails) {
     PublicKeyDetails[PublicKeyDetails["PUBLIC_KEY_DETAILS_UNSPECIFIED"] = 0] = "PUBLIC_KEY_DETAILS_UNSPECIFIED";
-    /** PKCS1_RSA_PKCS1V5 - RSA */
+    /**
+     * PKCS1_RSA_PKCS1V5 - RSA
+     *
+     * @deprecated
+     */
     PublicKeyDetails[PublicKeyDetails["PKCS1_RSA_PKCS1V5"] = 1] = "PKCS1_RSA_PKCS1V5";
-    /** PKCS1_RSA_PSS - See RFC8017 */
+    /**
+     * PKCS1_RSA_PSS - See RFC8017
+     *
+     * @deprecated
+     */
     PublicKeyDetails[PublicKeyDetails["PKCS1_RSA_PSS"] = 2] = "PKCS1_RSA_PSS";
+    /** @deprecated */
     PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PKCS1V5"] = 3] = "PKIX_RSA_PKCS1V5";
+    /** @deprecated */
     PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PSS"] = 4] = "PKIX_RSA_PSS";
-    /** PKIX_ECDSA_P256_SHA_256 - ECDSA */
-    PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P256_SHA_256"] = 5] = "PKIX_ECDSA_P256_SHA_256";
-    /** PKIX_ECDSA_P256_HMAC_SHA_256 - See RFC6979 */
+    /** PKIX_RSA_PKCS1V15_2048_SHA256 - RSA public key in PKIX format, PKCS#1v1.5 signature */
+    PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PKCS1V15_2048_SHA256"] = 9] = "PKIX_RSA_PKCS1V15_2048_SHA256";
+    PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PKCS1V15_3072_SHA256"] = 10] = "PKIX_RSA_PKCS1V15_3072_SHA256";
+    PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PKCS1V15_4096_SHA256"] = 11] = "PKIX_RSA_PKCS1V15_4096_SHA256";
+    /** PKIX_RSA_PSS_2048_SHA256 - RSA public key in PKIX format, RSASSA-PSS signature */
+    PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PSS_2048_SHA256"] = 16] = "PKIX_RSA_PSS_2048_SHA256";
+    PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PSS_3072_SHA256"] = 17] = "PKIX_RSA_PSS_3072_SHA256";
+    PublicKeyDetails[PublicKeyDetails["PKIX_RSA_PSS_4096_SHA256"] = 18] = "PKIX_RSA_PSS_4096_SHA256";
+    /**
+     * PKIX_ECDSA_P256_HMAC_SHA_256 - ECDSA
+     *
+     * @deprecated
+     */
     PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P256_HMAC_SHA_256"] = 6] = "PKIX_ECDSA_P256_HMAC_SHA_256";
+    /** PKIX_ECDSA_P256_SHA_256 - See NIST FIPS 186-4 */
+    PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P256_SHA_256"] = 5] = "PKIX_ECDSA_P256_SHA_256";
+    PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P384_SHA_384"] = 12] = "PKIX_ECDSA_P384_SHA_384";
+    PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P521_SHA_512"] = 13] = "PKIX_ECDSA_P521_SHA_512";
     /** PKIX_ED25519 - Ed 25519 */
     PublicKeyDetails[PublicKeyDetails["PKIX_ED25519"] = 7] = "PKIX_ED25519";
+    PublicKeyDetails[PublicKeyDetails["PKIX_ED25519_PH"] = 8] = "PKIX_ED25519_PH";
+    /**
+     * LMS_SHA256 - LMS and LM-OTS
+     *
+     * These keys and signatures may be used by private Sigstore
+     * deployments, but are not currently supported by the public
+     * good instance.
+     *
+     * USER WARNING: LMS and LM-OTS are both stateful signature schemes.
+     * Using them correctly requires discretion and careful consideration
+     * to ensure that individual secret keys are not used more than once.
+     * In addition, LM-OTS is a single-use scheme, meaning that it
+     * MUST NOT be used for more than one signature per LM-OTS key.
+     * If you cannot maintain these invariants, you MUST NOT use these
+     * schemes.
+     */
+    PublicKeyDetails[PublicKeyDetails["LMS_SHA256"] = 14] = "LMS_SHA256";
+    PublicKeyDetails[PublicKeyDetails["LMOTS_SHA256"] = 15] = "LMOTS_SHA256";
 })(PublicKeyDetails = exports.PublicKeyDetails || (exports.PublicKeyDetails = {}));
 function publicKeyDetailsFromJSON(object) {
     switch (object) {
@@ -82,15 +158,48 @@ function publicKeyDetailsFromJSON(object) {
         case 4:
         case "PKIX_RSA_PSS":
             return PublicKeyDetails.PKIX_RSA_PSS;
-        case 5:
-        case "PKIX_ECDSA_P256_SHA_256":
-            return PublicKeyDetails.PKIX_ECDSA_P256_SHA_256;
+        case 9:
+        case "PKIX_RSA_PKCS1V15_2048_SHA256":
+            return PublicKeyDetails.PKIX_RSA_PKCS1V15_2048_SHA256;
+        case 10:
+        case "PKIX_RSA_PKCS1V15_3072_SHA256":
+            return PublicKeyDetails.PKIX_RSA_PKCS1V15_3072_SHA256;
+        case 11:
+        case "PKIX_RSA_PKCS1V15_4096_SHA256":
+            return PublicKeyDetails.PKIX_RSA_PKCS1V15_4096_SHA256;
+        case 16:
+        case "PKIX_RSA_PSS_2048_SHA256":
+            return PublicKeyDetails.PKIX_RSA_PSS_2048_SHA256;
+        case 17:
+        case "PKIX_RSA_PSS_3072_SHA256":
+            return PublicKeyDetails.PKIX_RSA_PSS_3072_SHA256;
+        case 18:
+        case "PKIX_RSA_PSS_4096_SHA256":
+            return PublicKeyDetails.PKIX_RSA_PSS_4096_SHA256;
         case 6:
         case "PKIX_ECDSA_P256_HMAC_SHA_256":
             return PublicKeyDetails.PKIX_ECDSA_P256_HMAC_SHA_256;
+        case 5:
+        case "PKIX_ECDSA_P256_SHA_256":
+            return PublicKeyDetails.PKIX_ECDSA_P256_SHA_256;
+        case 12:
+        case "PKIX_ECDSA_P384_SHA_384":
+            return PublicKeyDetails.PKIX_ECDSA_P384_SHA_384;
+        case 13:
+        case "PKIX_ECDSA_P521_SHA_512":
+            return PublicKeyDetails.PKIX_ECDSA_P521_SHA_512;
         case 7:
         case "PKIX_ED25519":
             return PublicKeyDetails.PKIX_ED25519;
+        case 8:
+        case "PKIX_ED25519_PH":
+            return PublicKeyDetails.PKIX_ED25519_PH;
+        case 14:
+        case "LMS_SHA256":
+            return PublicKeyDetails.LMS_SHA256;
+        case 15:
+        case "LMOTS_SHA256":
+            return PublicKeyDetails.LMOTS_SHA256;
         default:
             throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum PublicKeyDetails");
     }
@@ -108,12 +217,34 @@ function publicKeyDetailsToJSON(object) {
             return "PKIX_RSA_PKCS1V5";
         case PublicKeyDetails.PKIX_RSA_PSS:
             return "PKIX_RSA_PSS";
-        case PublicKeyDetails.PKIX_ECDSA_P256_SHA_256:
-            return "PKIX_ECDSA_P256_SHA_256";
+        case PublicKeyDetails.PKIX_RSA_PKCS1V15_2048_SHA256:
+            return "PKIX_RSA_PKCS1V15_2048_SHA256";
+        case PublicKeyDetails.PKIX_RSA_PKCS1V15_3072_SHA256:
+            return "PKIX_RSA_PKCS1V15_3072_SHA256";
+        case PublicKeyDetails.PKIX_RSA_PKCS1V15_4096_SHA256:
+            return "PKIX_RSA_PKCS1V15_4096_SHA256";
+        case PublicKeyDetails.PKIX_RSA_PSS_2048_SHA256:
+            return "PKIX_RSA_PSS_2048_SHA256";
+        case PublicKeyDetails.PKIX_RSA_PSS_3072_SHA256:
+            return "PKIX_RSA_PSS_3072_SHA256";
+        case PublicKeyDetails.PKIX_RSA_PSS_4096_SHA256:
+            return "PKIX_RSA_PSS_4096_SHA256";
         case PublicKeyDetails.PKIX_ECDSA_P256_HMAC_SHA_256:
             return "PKIX_ECDSA_P256_HMAC_SHA_256";
+        case PublicKeyDetails.PKIX_ECDSA_P256_SHA_256:
+            return "PKIX_ECDSA_P256_SHA_256";
+        case PublicKeyDetails.PKIX_ECDSA_P384_SHA_384:
+            return "PKIX_ECDSA_P384_SHA_384";
+        case PublicKeyDetails.PKIX_ECDSA_P521_SHA_512:
+            return "PKIX_ECDSA_P521_SHA_512";
         case PublicKeyDetails.PKIX_ED25519:
             return "PKIX_ED25519";
+        case PublicKeyDetails.PKIX_ED25519_PH:
+            return "PKIX_ED25519_PH";
+        case PublicKeyDetails.LMS_SHA256:
+            return "LMS_SHA256";
+        case PublicKeyDetails.LMOTS_SHA256:
+            return "LMOTS_SHA256";
         default:
             throw new tsProtoGlobalThis.Error("Unrecognized enum value " + object + " for enum PublicKeyDetails");
     }
diff --git a/deps/npm/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_verification.js b/deps/npm/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_verification.js
index 8a72b897618697..4af83c5a546607 100644
--- a/deps/npm/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_verification.js
+++ b/deps/npm/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_verification.js
@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Input = exports.Artifact = exports.ArtifactVerificationOptions_TimestampAuthorityOptions = exports.ArtifactVerificationOptions_CtlogOptions = exports.ArtifactVerificationOptions_TlogOptions = exports.ArtifactVerificationOptions = exports.PublicKeyIdentities = exports.CertificateIdentities = exports.CertificateIdentity = void 0;
+exports.Input = exports.Artifact = exports.ArtifactVerificationOptions_ObserverTimestampOptions = exports.ArtifactVerificationOptions_TlogIntegratedTimestampOptions = exports.ArtifactVerificationOptions_TimestampAuthorityOptions = exports.ArtifactVerificationOptions_CtlogOptions = exports.ArtifactVerificationOptions_TlogOptions = exports.ArtifactVerificationOptions = exports.PublicKeyIdentities = exports.CertificateIdentities = exports.CertificateIdentity = void 0;
 /* eslint-disable */
 const sigstore_bundle_1 = require("./sigstore_bundle");
 const sigstore_common_1 = require("./sigstore_common");
@@ -72,7 +72,14 @@ exports.PublicKeyIdentities = {
     },
 };
 function createBaseArtifactVerificationOptions() {
-    return { signers: undefined, tlogOptions: undefined, ctlogOptions: undefined, tsaOptions: undefined };
+    return {
+        signers: undefined,
+        tlogOptions: undefined,
+        ctlogOptions: undefined,
+        tsaOptions: undefined,
+        integratedTsOptions: undefined,
+        observerOptions: undefined,
+    };
 }
 exports.ArtifactVerificationOptions = {
     fromJSON(object) {
@@ -94,6 +101,12 @@ exports.ArtifactVerificationOptions = {
             tsaOptions: isSet(object.tsaOptions)
                 ? exports.ArtifactVerificationOptions_TimestampAuthorityOptions.fromJSON(object.tsaOptions)
                 : undefined,
+            integratedTsOptions: isSet(object.integratedTsOptions)
+                ? exports.ArtifactVerificationOptions_TlogIntegratedTimestampOptions.fromJSON(object.integratedTsOptions)
+                : undefined,
+            observerOptions: isSet(object.observerOptions)
+                ? exports.ArtifactVerificationOptions_ObserverTimestampOptions.fromJSON(object.observerOptions)
+                : undefined,
         };
     },
     toJSON(message) {
@@ -114,6 +127,12 @@ exports.ArtifactVerificationOptions = {
         message.tsaOptions !== undefined && (obj.tsaOptions = message.tsaOptions
             ? exports.ArtifactVerificationOptions_TimestampAuthorityOptions.toJSON(message.tsaOptions)
             : undefined);
+        message.integratedTsOptions !== undefined && (obj.integratedTsOptions = message.integratedTsOptions
+            ? exports.ArtifactVerificationOptions_TlogIntegratedTimestampOptions.toJSON(message.integratedTsOptions)
+            : undefined);
+        message.observerOptions !== undefined && (obj.observerOptions = message.observerOptions
+            ? exports.ArtifactVerificationOptions_ObserverTimestampOptions.toJSON(message.observerOptions)
+            : undefined);
         return obj;
     },
 };
@@ -140,20 +159,18 @@ exports.ArtifactVerificationOptions_TlogOptions = {
     },
 };
 function createBaseArtifactVerificationOptions_CtlogOptions() {
-    return { threshold: 0, detachedSct: false, disable: false };
+    return { threshold: 0, disable: false };
 }
 exports.ArtifactVerificationOptions_CtlogOptions = {
     fromJSON(object) {
         return {
             threshold: isSet(object.threshold) ? Number(object.threshold) : 0,
-            detachedSct: isSet(object.detachedSct) ? Boolean(object.detachedSct) : false,
             disable: isSet(object.disable) ? Boolean(object.disable) : false,
         };
     },
     toJSON(message) {
         const obj = {};
         message.threshold !== undefined && (obj.threshold = Math.round(message.threshold));
-        message.detachedSct !== undefined && (obj.detachedSct = message.detachedSct);
         message.disable !== undefined && (obj.disable = message.disable);
         return obj;
     },
@@ -175,6 +192,40 @@ exports.ArtifactVerificationOptions_TimestampAuthorityOptions = {
         return obj;
     },
 };
+function createBaseArtifactVerificationOptions_TlogIntegratedTimestampOptions() {
+    return { threshold: 0, disable: false };
+}
+exports.ArtifactVerificationOptions_TlogIntegratedTimestampOptions = {
+    fromJSON(object) {
+        return {
+            threshold: isSet(object.threshold) ? Number(object.threshold) : 0,
+            disable: isSet(object.disable) ? Boolean(object.disable) : false,
+        };
+    },
+    toJSON(message) {
+        const obj = {};
+        message.threshold !== undefined && (obj.threshold = Math.round(message.threshold));
+        message.disable !== undefined && (obj.disable = message.disable);
+        return obj;
+    },
+};
+function createBaseArtifactVerificationOptions_ObserverTimestampOptions() {
+    return { threshold: 0, disable: false };
+}
+exports.ArtifactVerificationOptions_ObserverTimestampOptions = {
+    fromJSON(object) {
+        return {
+            threshold: isSet(object.threshold) ? Number(object.threshold) : 0,
+            disable: isSet(object.disable) ? Boolean(object.disable) : false,
+        };
+    },
+    toJSON(message) {
+        const obj = {};
+        message.threshold !== undefined && (obj.threshold = Math.round(message.threshold));
+        message.disable !== undefined && (obj.disable = message.disable);
+        return obj;
+    },
+};
 function createBaseArtifact() {
     return { data: undefined };
 }
diff --git a/deps/npm/node_modules/@sigstore/protobuf-specs/package.json b/deps/npm/node_modules/@sigstore/protobuf-specs/package.json
index 450abb157f31ab..047a67a7a2e208 100644
--- a/deps/npm/node_modules/@sigstore/protobuf-specs/package.json
+++ b/deps/npm/node_modules/@sigstore/protobuf-specs/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@sigstore/protobuf-specs",
-  "version": "0.2.1",
+  "version": "0.3.0",
   "description": "code-signing for npm packages",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
diff --git a/deps/npm/node_modules/@sigstore/sign/dist/signer/index.js b/deps/npm/node_modules/@sigstore/sign/dist/signer/index.js
index 06ec9dbe72fe14..e2087767b81c19 100644
--- a/deps/npm/node_modules/@sigstore/sign/dist/signer/index.js
+++ b/deps/npm/node_modules/@sigstore/sign/dist/signer/index.js
@@ -1,4 +1,5 @@
 "use strict";
+/* istanbul ignore file */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.FulcioSigner = exports.DEFAULT_FULCIO_URL = void 0;
 /*
diff --git a/deps/npm/node_modules/@sigstore/sign/dist/util/index.js b/deps/npm/node_modules/@sigstore/sign/dist/util/index.js
index 567e5dbf6e04c7..f467c9150c348f 100644
--- a/deps/npm/node_modules/@sigstore/sign/dist/util/index.js
+++ b/deps/npm/node_modules/@sigstore/sign/dist/util/index.js
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ua = exports.pem = exports.oidc = exports.json = exports.encoding = exports.dsse = exports.crypto = void 0;
+exports.ua = exports.oidc = exports.pem = exports.json = exports.encoding = exports.dsse = exports.crypto = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -39,10 +39,11 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-exports.crypto = __importStar(require("./crypto"));
-exports.dsse = __importStar(require("./dsse"));
-exports.encoding = __importStar(require("./encoding"));
-exports.json = __importStar(require("./json"));
+var core_1 = require("@sigstore/core");
+Object.defineProperty(exports, "crypto", { enumerable: true, get: function () { return core_1.crypto; } });
+Object.defineProperty(exports, "dsse", { enumerable: true, get: function () { return core_1.dsse; } });
+Object.defineProperty(exports, "encoding", { enumerable: true, get: function () { return core_1.encoding; } });
+Object.defineProperty(exports, "json", { enumerable: true, get: function () { return core_1.json; } });
+Object.defineProperty(exports, "pem", { enumerable: true, get: function () { return core_1.pem; } });
 exports.oidc = __importStar(require("./oidc"));
-exports.pem = __importStar(require("./pem"));
 exports.ua = __importStar(require("./ua"));
diff --git a/deps/npm/node_modules/@sigstore/sign/dist/util/json.js b/deps/npm/node_modules/@sigstore/sign/dist/util/json.js
deleted file mode 100644
index 69176ad731eb78..00000000000000
--- a/deps/npm/node_modules/@sigstore/sign/dist/util/json.js
+++ /dev/null
@@ -1,61 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.canonicalize = void 0;
-/*
-Copyright 2023 The Sigstore Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-// JSON canonicalization per https://github.com/cyberphone/json-canonicalization
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-function canonicalize(object) {
-    let buffer = '';
-    if (object === null || typeof object !== 'object' || object.toJSON != null) {
-        // Primitives or toJSONable objects
-        buffer += JSON.stringify(object);
-    }
-    else if (Array.isArray(object)) {
-        // Array - maintain element order
-        buffer += '[';
-        let first = true;
-        object.forEach((element) => {
-            if (!first) {
-                buffer += ',';
-            }
-            first = false;
-            // recursive call
-            buffer += canonicalize(element);
-        });
-        buffer += ']';
-    }
-    else {
-        // Object - Sort properties before serializing
-        buffer += '{';
-        let first = true;
-        Object.keys(object)
-            .sort()
-            .forEach((property) => {
-            if (!first) {
-                buffer += ',';
-            }
-            first = false;
-            buffer += JSON.stringify(property);
-            buffer += ':';
-            // recursive call
-            buffer += canonicalize(object[property]);
-        });
-        buffer += '}';
-    }
-    return buffer;
-}
-exports.canonicalize = canonicalize;
diff --git a/deps/npm/node_modules/@sigstore/sign/dist/util/oidc.js b/deps/npm/node_modules/@sigstore/sign/dist/util/oidc.js
index 8b49f3bbe84401..2f5947d7b6b878 100644
--- a/deps/npm/node_modules/@sigstore/sign/dist/util/oidc.js
+++ b/deps/npm/node_modules/@sigstore/sign/dist/util/oidc.js
@@ -1,27 +1,4 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.extractJWTSubject = void 0;
 /*
@@ -39,10 +16,10 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-const enc = __importStar(require("./encoding"));
+const core_1 = require("@sigstore/core");
 function extractJWTSubject(jwt) {
     const parts = jwt.split('.', 3);
-    const payload = JSON.parse(enc.base64Decode(parts[1]));
+    const payload = JSON.parse(core_1.encoding.base64Decode(parts[1]));
     switch (payload.iss) {
         case 'https://accounts.google.com':
         case 'https://oauth2.sigstore.dev/auth':
diff --git a/deps/npm/node_modules/@sigstore/sign/dist/witness/index.js b/deps/npm/node_modules/@sigstore/sign/dist/witness/index.js
index e200d0638350bb..72677c399caa7f 100644
--- a/deps/npm/node_modules/@sigstore/sign/dist/witness/index.js
+++ b/deps/npm/node_modules/@sigstore/sign/dist/witness/index.js
@@ -1,4 +1,5 @@
 "use strict";
+/* istanbul ignore file */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.TSAWitness = exports.RekorWitness = exports.DEFAULT_REKOR_URL = void 0;
 /*
diff --git a/deps/npm/node_modules/@sigstore/sign/package.json b/deps/npm/node_modules/@sigstore/sign/package.json
index 7075ee16aeb0dc..4302f6e07a2a82 100644
--- a/deps/npm/node_modules/@sigstore/sign/package.json
+++ b/deps/npm/node_modules/@sigstore/sign/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@sigstore/sign",
-  "version": "2.2.0",
+  "version": "2.2.3",
   "description": "Sigstore signing library",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -27,13 +27,14 @@
   },
   "devDependencies": {
     "@sigstore/jest": "^0.0.0",
-    "@sigstore/mock": "^0.6.0",
+    "@sigstore/mock": "^0.6.5",
     "@sigstore/rekor-types": "^2.0.0",
-    "@types/make-fetch-happen": "^10.0.3"
+    "@types/make-fetch-happen": "^10.0.4"
   },
   "dependencies": {
-    "@sigstore/bundle": "^2.1.0",
-    "@sigstore/protobuf-specs": "^0.2.1",
+    "@sigstore/bundle": "^2.2.0",
+    "@sigstore/core": "^1.0.0",
+    "@sigstore/protobuf-specs": "^0.3.0",
     "make-fetch-happen": "^13.0.0"
   },
   "engines": {
diff --git a/deps/npm/node_modules/@sigstore/tuf/dist/client.js b/deps/npm/node_modules/@sigstore/tuf/dist/client.js
index 865d52b73027ed..2019c1fd30f886 100644
--- a/deps/npm/node_modules/@sigstore/tuf/dist/client.js
+++ b/deps/npm/node_modules/@sigstore/tuf/dist/client.js
@@ -22,12 +22,28 @@ limitations under the License.
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
 const tuf_js_1 = require("tuf-js");
+const _1 = require(".");
 const target_1 = require("./target");
+const TARGETS_DIR_NAME = 'targets';
 class TUFClient {
     constructor(options) {
-        initTufCache(options);
-        const remote = initRemoteConfig(options);
-        this.updater = initClient(options.cachePath, remote, options);
+        const url = new URL(options.mirrorURL);
+        const repoName = encodeURIComponent(url.host + url.pathname.replace(/\/$/, ''));
+        const cachePath = path_1.default.join(options.cachePath, repoName);
+        initTufCache(cachePath);
+        seedCache({
+            cachePath,
+            mirrorURL: options.mirrorURL,
+            tufRootPath: options.rootPath,
+            forceInit: options.forceInit,
+        });
+        this.updater = initClient({
+            mirrorURL: options.mirrorURL,
+            cachePath,
+            forceCache: options.forceCache,
+            retry: options.retry,
+            timeout: options.timeout,
+        });
     }
     async refresh() {
         return this.updater.refresh();
@@ -42,53 +58,55 @@ exports.TUFClient = TUFClient;
 // created. If the targets directory does not exist, it will be created.
 // If the root.json file does not exist, it will be copied from the
 // rootPath argument.
-function initTufCache({ cachePath, rootPath: tufRootPath, force, }) {
-    const targetsPath = path_1.default.join(cachePath, 'targets');
-    const cachedRootPath = path_1.default.join(cachePath, 'root.json');
+function initTufCache(cachePath) {
+    const targetsPath = path_1.default.join(cachePath, TARGETS_DIR_NAME);
     if (!fs_1.default.existsSync(cachePath)) {
         fs_1.default.mkdirSync(cachePath, { recursive: true });
     }
     if (!fs_1.default.existsSync(targetsPath)) {
         fs_1.default.mkdirSync(targetsPath);
     }
-    // If the root.json file does not exist (or we're forcing re-initialization),
-    // copy it from the rootPath argument
-    if (!fs_1.default.existsSync(cachedRootPath) || force) {
-        fs_1.default.copyFileSync(tufRootPath, cachedRootPath);
-    }
-    return cachePath;
 }
-// Initializes the remote.json file, which contains the URL of the TUF
-// repository. If the file does not exist, it will be created. If the file
-// exists, it will be parsed and returned.
-function initRemoteConfig({ cachePath, mirrorURL, force, }) {
-    let remoteConfig;
-    const remoteConfigPath = path_1.default.join(cachePath, 'remote.json');
-    // If the remote config file exists, read it and parse it (skip if force is
-    // true)
-    if (!force && fs_1.default.existsSync(remoteConfigPath)) {
-        const data = fs_1.default.readFileSync(remoteConfigPath, 'utf-8');
-        remoteConfig = JSON.parse(data);
-    }
-    // If the remote config file does not exist (or we're forcing initialization),
-    // create it
-    if (!remoteConfig || force) {
-        remoteConfig = { mirror: mirrorURL };
-        fs_1.default.writeFileSync(remoteConfigPath, JSON.stringify(remoteConfig));
+// Populates the TUF cache with the initial root.json file. If the root.json
+// file does not exist (or we're forcing re-initialization), copy it from either
+// the rootPath argument or from one of the repo seeds.
+function seedCache({ cachePath, mirrorURL, tufRootPath, forceInit, }) {
+    const cachedRootPath = path_1.default.join(cachePath, 'root.json');
+    // If the root.json file does not exist (or we're forcing re-initialization),
+    // populate it either from the supplied rootPath or from one of the repo seeds.
+    if (!fs_1.default.existsSync(cachedRootPath) || forceInit) {
+        if (tufRootPath) {
+            fs_1.default.copyFileSync(tufRootPath, cachedRootPath);
+        }
+        else {
+            /* eslint-disable @typescript-eslint/no-var-requires */
+            const seeds = require('../seeds.json');
+            const repoSeed = seeds[mirrorURL];
+            if (!repoSeed) {
+                throw new _1.TUFError({
+                    code: 'TUF_INIT_CACHE_ERROR',
+                    message: `No root.json found for mirror: ${mirrorURL}`,
+                });
+            }
+            fs_1.default.writeFileSync(cachedRootPath, Buffer.from(repoSeed['root.json'], 'base64'));
+            // Copy any seed targets into the cache
+            Object.entries(repoSeed.targets).forEach(([targetName, target]) => {
+                fs_1.default.writeFileSync(path_1.default.join(cachePath, TARGETS_DIR_NAME, targetName), Buffer.from(target, 'base64'));
+            });
+        }
     }
-    return remoteConfig;
 }
-function initClient(cachePath, remote, options) {
-    const baseURL = remote.mirror;
+function initClient(options) {
     const config = {
         fetchTimeout: options.timeout,
         fetchRetry: options.retry,
     };
     return new tuf_js_1.Updater({
-        metadataBaseUrl: baseURL,
-        targetBaseUrl: `${baseURL}/targets`,
-        metadataDir: cachePath,
-        targetDir: path_1.default.join(cachePath, 'targets'),
+        metadataBaseUrl: options.mirrorURL,
+        targetBaseUrl: `${options.mirrorURL}/targets`,
+        metadataDir: options.cachePath,
+        targetDir: path_1.default.join(options.cachePath, TARGETS_DIR_NAME),
+        forceCache: options.forceCache,
         config,
     });
 }
diff --git a/deps/npm/node_modules/@sigstore/tuf/dist/index.js b/deps/npm/node_modules/@sigstore/tuf/dist/index.js
index 297c7231408c25..678c81d45d21ed 100644
--- a/deps/npm/node_modules/@sigstore/tuf/dist/index.js
+++ b/deps/npm/node_modules/@sigstore/tuf/dist/index.js
@@ -21,7 +21,6 @@ const appdata_1 = require("./appdata");
 const client_1 = require("./client");
 exports.DEFAULT_MIRROR_URL = 'https://tuf-repo-cdn.sigstore.dev';
 const DEFAULT_CACHE_DIR = 'sigstore-js';
-const DEFAULT_TUF_ROOT_PATH = '../store/public-good-instance-root.json';
 const DEFAULT_RETRY = { retries: 2 };
 const DEFAULT_TIMEOUT = 5000;
 const TRUSTED_ROOT_TARGET = 'trusted_root.json';
@@ -45,11 +44,12 @@ function createClient(options) {
     /* istanbul ignore next */
     return new client_1.TUFClient({
         cachePath: options.cachePath || (0, appdata_1.appDataPath)(DEFAULT_CACHE_DIR),
-        rootPath: options.rootPath || require.resolve(DEFAULT_TUF_ROOT_PATH),
+        rootPath: options.rootPath,
         mirrorURL: options.mirrorURL || exports.DEFAULT_MIRROR_URL,
         retry: options.retry ?? DEFAULT_RETRY,
         timeout: options.timeout ?? DEFAULT_TIMEOUT,
-        force: options.force ?? false,
+        forceCache: options.forceCache ?? false,
+        forceInit: options.forceInit ?? options.force ?? false,
     });
 }
 var error_1 = require("./error");
diff --git a/deps/npm/node_modules/@sigstore/tuf/package.json b/deps/npm/node_modules/@sigstore/tuf/package.json
index 38d5a03ad5be1c..0e5fab2a2762d8 100644
--- a/deps/npm/node_modules/@sigstore/tuf/package.json
+++ b/deps/npm/node_modules/@sigstore/tuf/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@sigstore/tuf",
-  "version": "2.2.0",
+  "version": "2.3.1",
   "description": "Client for the Sigstore TUF repository",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -11,7 +11,7 @@
   },
   "files": [
     "dist",
-    "store"
+    "seeds.json"
   ],
   "author": "bdehamer@github.com",
   "license": "Apache-2.0",
@@ -29,11 +29,11 @@
   "devDependencies": {
     "@sigstore/jest": "^0.0.0",
     "@tufjs/repo-mock": "^2.0.0",
-    "@types/make-fetch-happen": "^10.0.0"
+    "@types/make-fetch-happen": "^10.0.4"
   },
   "dependencies": {
-    "@sigstore/protobuf-specs": "^0.2.1",
-    "tuf-js": "^2.1.0"
+    "@sigstore/protobuf-specs": "^0.3.0",
+    "tuf-js": "^2.2.0"
   },
   "engines": {
     "node": "^16.14.0 || >=18.0.0"
diff --git a/deps/npm/node_modules/@sigstore/tuf/seeds.json b/deps/npm/node_modules/@sigstore/tuf/seeds.json
new file mode 100644
index 00000000000000..a0051cea67b7b5
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/tuf/seeds.json
@@ -0,0 +1 @@
+{"https://tuf-repo-cdn.sigstore.dev":{"root.json":"ewoJInNpZ25lZCI6IHsKCQkiX3R5cGUiOiAicm9vdCIsCgkJInNwZWNfdmVyc2lvbiI6ICIxLjAiLAoJCSJ2ZXJzaW9uIjogOCwKCQkiZXhwaXJlcyI6ICIyMDI0LTAzLTI2VDA0OjM4OjU1WiIsCgkJImtleXMiOiB7CgkJCSIyNWEwZWI0NTBmZDNlZTJiZDc5MjE4Yzk2M2RjZTNmMWNjNjExOGJhZGYyNTFiZjE0OWYwYmQwN2Q1Y2FiZTk5IjogewoJCQkJImtleXR5cGUiOiAiZWNkc2Etc2hhMi1uaXN0cDI1NiIsCgkJCQkic2NoZW1lIjogImVjZHNhLXNoYTItbmlzdHAyNTYiLAoJCQkJImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsKCQkJCQkic2hhMjU2IiwKCQkJCQkic2hhNTEyIgoJCQkJXSwKCQkJCSJrZXl2YWwiOiB7CgkJCQkJInB1YmxpYyI6ICItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFRVhzejNTWlhGYjhqTVY0Mmo2cEpseWpialI4S1xuTjNCd29jZXhxNkxNSWI1cXNXS09RdkxOMTZOVWVmTGM0SHN3T291bVJzVlZhYWpTcFFTNmZvYmtSdz09XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS1cbiIKCQkJCX0KCQkJfSwKCQkJIjJlNjFjZDBjYmY0YThmNDU4MDliZGE5ZjdmNzhjMGQzM2FkMTE4NDJmZjk0YWUzNDA4NzNlMjY2NGRjODQzZGUiOiB7CgkJCQkia2V5dHlwZSI6ICJlY2RzYS1zaGEyLW5pc3RwMjU2IiwKCQkJCSJzY2hlbWUiOiAiZWNkc2Etc2hhMi1uaXN0cDI1NiIsCgkJCQkia2V5aWRfaGFzaF9hbGdvcml0aG1zIjogWwoJCQkJCSJzaGEyNTYiLAoJCQkJCSJzaGE1MTIiCgkJCQldLAoJCQkJImtleXZhbCI6IHsKCQkJCQkicHVibGljIjogIi0tLS0tQkVHSU4gUFVCTElDIEtFWS0tLS0tXG5NRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUUwZ2hyaDkyTHcxWXIzaWRHVjVXcUN0TURCOEN4XG4rRDhoZEM0dzJaTE5JcGxWUm9WR0xza1lhM2doZU15T2ppSjhrUGkxNWFRMi8vN1Arb2o3VXZKUEd3PT1cbi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLVxuIgoJCQkJfQoJCQl9LAoJCQkiNDViMjgzODI1ZWIxODRjYWJkNTgyZWIxN2I3NGZjOGVkNDA0ZjY4Y2Y0NTJhY2FiZGFkMmVkNmY5MGNlMjE2YiI6IHsKCQkJCSJrZXl0eXBlIjogImVjZHNhLXNoYTItbmlzdHAyNTYiLAoJCQkJInNjaGVtZSI6ICJlY2RzYS1zaGEyLW5pc3RwMjU2IiwKCQkJCSJrZXlpZF9oYXNoX2FsZ29yaXRobXMiOiBbCgkJCQkJInNoYTI1NiIsCgkJCQkJInNoYTUxMiIKCQkJCV0sCgkJCQkia2V5dmFsIjogewoJCQkJCSJwdWJsaWMiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRUxyV3ZOdDk0djRSMDg1RUxlZUNNeEhwN1BsZEZcbjAvVDFHeHVrVWgyT0R1Z2dMR0pFMHBjMWU4Q1NCZjZDUzkxRndvOUZVT3VSc2pCVWxkK1ZxU3lDZFE9PVxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tXG4iCgkJCQl9CgkJCX0sCgkJCSI3Zjc1MTNiMjU0MjlhNjQ0NzNlMTBjZTNhZDJmM2RhMzcyYmJkZDE0YjY1ZDA3YmJhZjU0N2U3YzhiYmJlNjJiIjogewoJCQkJImtleXR5cGUiOiAiZWNkc2Etc2hhMi1uaXN0cDI1NiIsCgkJCQkic2NoZW1lIjogImVjZHNhLXNoYTItbmlzdHAyNTYiLAoJCQkJImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsKCQkJCQkic2hhMjU2IiwKCQkJCQkic2hhNTEyIgoJCQkJXSwKCQkJCSJrZXl2YWwiOiB7CgkJCQkJInB1YmxpYyI6ICItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFaW5pa1NzQVFtWWtOZUg1ZVlxL0NuSXpMYWFjT1xueGxTYWF3UURPd3FLeS90Q3F4cTV4eFBTSmMyMUs0V0loczlHeU9rS2Z6dWVZM0dJTHpjTUpaNGNXdz09XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS1cbiIKCQkJCX0KCQkJfSwKCQkJImUxODYzYmEwMjA3MDMyMmViYzYyNmRjZWNmOWQ4ODFhM2EzOGMzNWMzYjQxYTgzNzY1YjZhZDZjMzdlYWVjMmEiOiB7CgkJCQkia2V5dHlwZSI6ICJlY2RzYS1zaGEyLW5pc3RwMjU2IiwKCQkJCSJzY2hlbWUiOiAiZWNkc2Etc2hhMi1uaXN0cDI1NiIsCgkJCQkia2V5aWRfaGFzaF9hbGdvcml0aG1zIjogWwoJCQkJCSJzaGEyNTYiLAoJCQkJCSJzaGE1MTIiCgkJCQldLAoJCQkJImtleXZhbCI6IHsKCQkJCQkicHVibGljIjogIi0tLS0tQkVHSU4gUFVCTElDIEtFWS0tLS0tXG5NRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVXUmlHcjUraiszSjVTc0grWnRyNW5FMkgyd083XG5CVituTzNzOTNnTGNhMThxVE96SFkxb1d5QUdEeWtNU3NHVFVCU3Q5RCtBbjBLZktzRDJtZlNNNDJRPT1cbi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLVxuIgoJCQkJfQoJCQl9LAoJCQkiZjUzMTJmNTQyYzIxMjczZDk0ODVhNDkzOTQzODZjNDU3NTgwNDc3MDY2N2YyZGRiNTliM2JmMDY2OWZkZGQyZiI6IHsKCQkJCSJrZXl0eXBlIjogImVjZHNhLXNoYTItbmlzdHAyNTYiLAoJCQkJInNjaGVtZSI6ICJlY2RzYS1zaGEyLW5pc3RwMjU2IiwKCQkJCSJrZXlpZF9oYXNoX2FsZ29yaXRobXMiOiBbCgkJCQkJInNoYTI1NiIsCgkJCQkJInNoYTUxMiIKCQkJCV0sCgkJCQkia2V5dmFsIjogewoJCQkJCSJwdWJsaWMiOiAiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1cbk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRXpCelZPbUhDUG9qTVZMU0kzNjRXaWlWOE5QckRcbjZJZ1J4Vmxpc2t6L3YreTNKRVI1bWNWR2NPTmxpRGNXTUM1SjJsZkhtalBOUGhiNEg3eG04THpmU0E9PVxuLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tXG4iCgkJCQl9CgkJCX0sCgkJCSJmZjUxZTE3ZmNmMjUzMTE5YjcwMzNmNmY1NzUxMjYzMWRhNGEwOTY5NDQyYWZjZjlmYzhiMTQxYzdmMmJlOTljIjogewoJCQkJImtleXR5cGUiOiAiZWNkc2Etc2hhMi1uaXN0cDI1NiIsCgkJCQkic2NoZW1lIjogImVjZHNhLXNoYTItbmlzdHAyNTYiLAoJCQkJImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsKCQkJCQkic2hhMjU2IiwKCQkJCQkic2hhNTEyIgoJCQkJXSwKCQkJCSJrZXl2YWwiOiB7CgkJCQkJInB1YmxpYyI6ICItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFeThYS3NtaEJZREk4SmMwR3d6QnhlS2F4MGNtNVxuU1RLRVU2NUhQRnVuVW40MXNUOHBpMEZqTTRJa0h6L1lVbXdtTFVPMFd0N2x4aGo2QmtMSUs0cVlBdz09XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS1cbiIKCQkJCX0KCQkJfQoJCX0sCgkJInJvbGVzIjogewoJCQkicm9vdCI6IHsKCQkJCSJrZXlpZHMiOiBbCgkJCQkJImZmNTFlMTdmY2YyNTMxMTliNzAzM2Y2ZjU3NTEyNjMxZGE0YTA5Njk0NDJhZmNmOWZjOGIxNDFjN2YyYmU5OWMiLAoJCQkJCSIyNWEwZWI0NTBmZDNlZTJiZDc5MjE4Yzk2M2RjZTNmMWNjNjExOGJhZGYyNTFiZjE0OWYwYmQwN2Q1Y2FiZTk5IiwKCQkJCQkiZjUzMTJmNTQyYzIxMjczZDk0ODVhNDkzOTQzODZjNDU3NTgwNDc3MDY2N2YyZGRiNTliM2JmMDY2OWZkZGQyZiIsCgkJCQkJIjdmNzUxM2IyNTQyOWE2NDQ3M2UxMGNlM2FkMmYzZGEzNzJiYmRkMTRiNjVkMDdiYmFmNTQ3ZTdjOGJiYmU2MmIiLAoJCQkJCSIyZTYxY2QwY2JmNGE4ZjQ1ODA5YmRhOWY3Zjc4YzBkMzNhZDExODQyZmY5NGFlMzQwODczZTI2NjRkYzg0M2RlIgoJCQkJXSwKCQkJCSJ0aHJlc2hvbGQiOiAzCgkJCX0sCgkJCSJzbmFwc2hvdCI6IHsKCQkJCSJrZXlpZHMiOiBbCgkJCQkJIjQ1YjI4MzgyNWViMTg0Y2FiZDU4MmViMTdiNzRmYzhlZDQwNGY2OGNmNDUyYWNhYmRhZDJlZDZmOTBjZTIxNmIiCgkJCQldLAoJCQkJInRocmVzaG9sZCI6IDEKCQkJfSwKCQkJInRhcmdldHMiOiB7CgkJCQkia2V5aWRzIjogWwoJCQkJCSJmZjUxZTE3ZmNmMjUzMTE5YjcwMzNmNmY1NzUxMjYzMWRhNGEwOTY5NDQyYWZjZjlmYzhiMTQxYzdmMmJlOTljIiwKCQkJCQkiMjVhMGViNDUwZmQzZWUyYmQ3OTIxOGM5NjNkY2UzZjFjYzYxMThiYWRmMjUxYmYxNDlmMGJkMDdkNWNhYmU5OSIsCgkJCQkJImY1MzEyZjU0MmMyMTI3M2Q5NDg1YTQ5Mzk0Mzg2YzQ1NzU4MDQ3NzA2NjdmMmRkYjU5YjNiZjA2NjlmZGRkMmYiLAoJCQkJCSI3Zjc1MTNiMjU0MjlhNjQ0NzNlMTBjZTNhZDJmM2RhMzcyYmJkZDE0YjY1ZDA3YmJhZjU0N2U3YzhiYmJlNjJiIiwKCQkJCQkiMmU2MWNkMGNiZjRhOGY0NTgwOWJkYTlmN2Y3OGMwZDMzYWQxMTg0MmZmOTRhZTM0MDg3M2UyNjY0ZGM4NDNkZSIKCQkJCV0sCgkJCQkidGhyZXNob2xkIjogMwoJCQl9LAoJCQkidGltZXN0YW1wIjogewoJCQkJImtleWlkcyI6IFsKCQkJCQkiZTE4NjNiYTAyMDcwMzIyZWJjNjI2ZGNlY2Y5ZDg4MWEzYTM4YzM1YzNiNDFhODM3NjViNmFkNmMzN2VhZWMyYSIKCQkJCV0sCgkJCQkidGhyZXNob2xkIjogMQoJCQl9CgkJfSwKCQkiY29uc2lzdGVudF9zbmFwc2hvdCI6IHRydWUKCX0sCgkic2lnbmF0dXJlcyI6IFsKCQl7CgkJCSJrZXlpZCI6ICJmNTMxMmY1NDJjMjEyNzNkOTQ4NWE0OTM5NDM4NmM0NTc1ODA0NzcwNjY3ZjJkZGI1OWIzYmYwNjY5ZmRkZDJmIiwKCQkJInNpZyI6ICIzMDQ0MDIyMDI0YjgwMzZiMzc0ZjcwNzE3MjNmM2YyY2IxOTc5YzQyZTVkYTE5MTBmMGIxNzg4MzVhZDU0NmUzYzM2MDgzNjMwMjIwNzE0MGNjZDQwOGFmY2Y4NzIwZGQ5YmVhN2YwMDMyNTc2OGMzYWE0N2MyMmQ1MzFjODQ5Yzk3NGZkNTBlNDVkZCIKCQl9LAoJCXsKCQkJImtleWlkIjogIjdmNzUxM2IyNTQyOWE2NDQ3M2UxMGNlM2FkMmYzZGEzNzJiYmRkMTRiNjVkMDdiYmFmNTQ3ZTdjOGJiYmU2MmIiLAoJCQkic2lnIjogIjMwNDYwMjIxMDBkY2IxYTk2ZWNiZmMwNTc2OGEzYzczNzI2YTkyZDY4MWRhNzhlYWVjMDY4YTlhMGNmZTEzYTEyZGI2NzJlNDRiMDIyMTAwYTBkYWU3YmMyZTZiOTUzZTIxNWY1N2NjNjE0ZWI3MTY2MGI5NDYxZDZkYzg2MjY0YjBiNzRhNGYyZTEzMDdlMSIKCQl9LAoJCXsKCQkJImtleWlkIjogIjJlNjFjZDBjYmY0YThmNDU4MDliZGE5ZjdmNzhjMGQzM2FkMTE4NDJmZjk0YWUzNDA4NzNlMjY2NGRjODQzZGUiLAoJCQkic2lnIjogIjMwNDYwMjIxMDBjNDcwOGQ5NDA3N2NiM2Q2ZGQ2MGViZDJkZDY2NTQ1ZTdhZmIwNDY0Y2UyNTkzYTVmMjNmNmUzNjA0YjlmMjFlMDIyMTAwOTkyZTk2OWNkNTA2OWVhYjE3NDM5YjJiYTYwNzQzZmU0MjI4NzdiYzFhMWM0NmU5MzVhNmQ1Y2I0N2IzY2ZjNiIKCQl9LAoJCXsKCQkJImtleWlkIjogIjI1YTBlYjQ1MGZkM2VlMmJkNzkyMThjOTYzZGNlM2YxY2M2MTE4YmFkZjI1MWJmMTQ5ZjBiZDA3ZDVjYWJlOTkiLAoJCQkic2lnIjogIjMwNDUwMjIwNTFmYWE2YjZmYzM3MzczMGI5N2MxYTRjZDkyZDAzZWZkOThiODNkNGM5YzkzYmY0ZjQwNGQxZjg4ZWEyZWIxODAyMjEwMGY3MWFjMWNkNzNkY2JhOTUwZjQyMTBiMTJmOWEwNWI4MTQwYjA0OTAyNDdjNTMzOTE5MWU4NDJiODY4MTU1YjQiCgkJfQoJXQp9","targets":{"trusted_root.json":"ewogICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLmRldi5zaWdzdG9yZS50cnVzdGVkcm9vdCtqc29uO3ZlcnNpb249MC4xIiwKICAidGxvZ3MiOiBbCiAgICB7CiAgICAgICJiYXNlVXJsIjogImh0dHBzOi8vcmVrb3Iuc2lnc3RvcmUuZGV2IiwKICAgICAgImhhc2hBbGdvcml0aG0iOiAiU0hBMl8yNTYiLAogICAgICAicHVibGljS2V5IjogewogICAgICAgICJyYXdCeXRlcyI6ICJNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUUyRzJZKzJ0YWJkVFY1QmNHaUJJeDBhOWZBRndya0JibUxTR3RrczRMM3FYNnlZWTB6dWZCbmhDOFVyL2l5NTVHaFdQLzlBL2JZMkxoQzMwTTkrUll0dz09IiwKICAgICAgICAia2V5RGV0YWlscyI6ICJQS0lYX0VDRFNBX1AyNTZfU0hBXzI1NiIsCiAgICAgICAgInZhbGlkRm9yIjogewogICAgICAgICAgInN0YXJ0IjogIjIwMjEtMDEtMTJUMTE6NTM6MjcuMDAwWiIKICAgICAgICB9CiAgICAgIH0sCiAgICAgICJsb2dJZCI6IHsKICAgICAgICAia2V5SWQiOiAid05JOWF0UUdseitWV2ZPNkxSeWdINFFVZlkvOFc0UkZ3aVQ1aTVXUmdCMD0iCiAgICAgIH0KICAgIH0KICBdLAogICJjZXJ0aWZpY2F0ZUF1dGhvcml0aWVzIjogWwogICAgewogICAgICAic3ViamVjdCI6IHsKICAgICAgICAib3JnYW5pemF0aW9uIjogInNpZ3N0b3JlLmRldiIsCiAgICAgICAgImNvbW1vbk5hbWUiOiAic2lnc3RvcmUiCiAgICAgIH0sCiAgICAgICJ1cmkiOiAiaHR0cHM6Ly9mdWxjaW8uc2lnc3RvcmUuZGV2IiwKICAgICAgImNlcnRDaGFpbiI6IHsKICAgICAgICAiY2VydGlmaWNhdGVzIjogWwogICAgICAgICAgewogICAgICAgICAgICAicmF3Qnl0ZXMiOiAiTUlJQitEQ0NBWDZnQXdJQkFnSVROVmtEWm9DaW9mUERzeTdkZm02Z2VMYnVoekFLQmdncWhrak9QUVFEQXpBcU1SVXdFd1lEVlFRS0V3eHphV2R6ZEc5eVpTNWtaWFl4RVRBUEJnTlZCQU1UQ0hOcFozTjBiM0psTUI0WERUSXhNRE13TnpBek1qQXlPVm9YRFRNeE1ESXlNekF6TWpBeU9Wb3dLakVWTUJNR0ExVUVDaE1NYzJsbmMzUnZjbVV1WkdWMk1SRXdEd1lEVlFRREV3aHphV2R6ZEc5eVpUQjJNQkFHQnlxR1NNNDlBZ0VHQlN1QkJBQWlBMklBQkxTeUE3SWk1aytwTk84WkVXWTB5bGVtV0Rvd09rTmEza0wrR1pFNVo1R1dlaEw5L0E5YlJOQTNSYnJzWjVpMEpjYXN0YVJMN1NwNWZwL2pENWR4cWMvVWRUVm5sdlMxNmFuKzJZZnN3ZS9RdUxvbFJVQ3JjT0UyKzJpQTUrdHpkNk5tTUdRd0RnWURWUjBQQVFIL0JBUURBZ0VHTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDQVFFd0hRWURWUjBPQkJZRUZNakZIUUJCbWlRcE1sRWs2dzJ1U3UxS0J0UHNNQjhHQTFVZEl3UVlNQmFBRk1qRkhRQkJtaVFwTWxFazZ3MnVTdTFLQnRQc01Bb0dDQ3FHU000OUJBTURBMmdBTUdVQ01IOGxpV0pmTXVpNnZYWEJoakRnWTRNd3NsbU4vVEp4VmUvODNXckZvbXdtTmYwNTZ5MVg0OEY5YzRtM2Ezb3pYQUl4QUtqUmF5NS9hai9qc0tLR0lrbVFhdGpJOHV1cEhyLytDeEZ2YUpXbXBZcU5rTERHUlUrOW9yemg1aEkyUnJjdWFRPT0iCiAgICAgICAgICB9CiAgICAgICAgXQogICAgICB9LAogICAgICAidmFsaWRGb3IiOiB7CiAgICAgICAgInN0YXJ0IjogIjIwMjEtMDMtMDdUMDM6MjA6MjkuMDAwWiIsCiAgICAgICAgImVuZCI6ICIyMDIyLTEyLTMxVDIzOjU5OjU5Ljk5OVoiCiAgICAgIH0KICAgIH0sCiAgICB7CiAgICAgICJzdWJqZWN0IjogewogICAgICAgICJvcmdhbml6YXRpb24iOiAic2lnc3RvcmUuZGV2IiwKICAgICAgICAiY29tbW9uTmFtZSI6ICJzaWdzdG9yZSIKICAgICAgfSwKICAgICAgInVyaSI6ICJodHRwczovL2Z1bGNpby5zaWdzdG9yZS5kZXYiLAogICAgICAiY2VydENoYWluIjogewogICAgICAgICJjZXJ0aWZpY2F0ZXMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJyYXdCeXRlcyI6ICJNSUlDR2pDQ0FhR2dBd0lCQWdJVUFMblZpVmZuVTBickphc21Sa0hybi9VbmZhUXdDZ1lJS29aSXpqMEVBd013S2pFVk1CTUdBMVVFQ2hNTWMybG5jM1J2Y21VdVpHVjJNUkV3RHdZRFZRUURFd2h6YVdkemRHOXlaVEFlRncweU1qQTBNVE15TURBMk1UVmFGdzB6TVRFd01EVXhNelUyTlRoYU1EY3hGVEFUQmdOVkJBb1RESE5wWjNOMGIzSmxMbVJsZGpFZU1Cd0dBMVVFQXhNVmMybG5jM1J2Y21VdGFXNTBaWEp0WldScFlYUmxNSFl3RUFZSEtvWkl6ajBDQVFZRks0RUVBQ0lEWWdBRThSVlMveXNIK05PdnVEWnlQSVp0aWxnVUY5TmxhcllwQWQ5SFAxdkJCSDFVNUNWNzdMU1M3czBaaUg0bkU3SHY3cHRTNkx2dlIvU1RrNzk4TFZnTXpMbEo0SGVJZkYzdEhTYWV4TGNZcFNBU3Ixa1MwTi9SZ0JKei85aldDaVhubzNzd2VUQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0V3WURWUjBsQkF3d0NnWUlLd1lCQlFVSEF3TXdFZ1lEVlIwVEFRSC9CQWd3QmdFQi93SUJBREFkQmdOVkhRNEVGZ1FVMzlQcHoxWWtFWmI1cU5qcEtGV2l4aTRZWkQ4d0h3WURWUjBqQkJnd0ZvQVVXTUFlWDVGRnBXYXBlc3lRb1pNaTBDckZ4Zm93Q2dZSUtvWkl6ajBFQXdNRFp3QXdaQUl3UENzUUs0RFlpWllEUElhRGk1SEZLbmZ4WHg2QVNTVm1FUmZzeW5ZQmlYMlg2U0pSblpVODQvOURaZG5GdnZ4bUFqQk90NlFwQmxjNEovMER4dmtUQ3FwY2x2emlMNkJDQ1BuamRsSUIzUHUzQnhzUG15Z1VZN0lpMnpiZENkbGlpb3c9IgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInJhd0J5dGVzIjogIk1JSUI5ekNDQVh5Z0F3SUJBZ0lVQUxaTkFQRmR4SFB3amVEbG9Ed3lZQ2hBTy80d0NnWUlLb1pJemowRUF3TXdLakVWTUJNR0ExVUVDaE1NYzJsbmMzUnZjbVV1WkdWMk1SRXdEd1lEVlFRREV3aHphV2R6ZEc5eVpUQWVGdzB5TVRFd01EY3hNelUyTlRsYUZ3MHpNVEV3TURVeE16VTJOVGhhTUNveEZUQVRCZ05WQkFvVERITnBaM04wYjNKbExtUmxkakVSTUE4R0ExVUVBeE1JYzJsbmMzUnZjbVV3ZGpBUUJnY3Foa2pPUFFJQkJnVXJnUVFBSWdOaUFBVDdYZUZUNHJiM1BRR3dTNElhanRMazMvT2xucGdhbmdhQmNsWXBzWUJyNWkrNHluQjA3Y2ViM0xQME9JT1pkeGV4WDY5YzVpVnV5SlJRK0h6MDV5aStVRjN1QldBbEhwaVM1c2gwK0gyR0hFN1NYcmsxRUM1bTFUcjE5TDlnZzkyall6QmhNQTRHQTFVZER3RUIvd1FFQXdJQkJqQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCUll3QjVma1VXbFpxbDZ6SkNoa3lMUUtzWEYrakFmQmdOVkhTTUVHREFXZ0JSWXdCNWZrVVdsWnFsNnpKQ2hreUxRS3NYRitqQUtCZ2dxaGtqT1BRUURBd05wQURCbUFqRUFqMW5IZVhacCsxM05XQk5hK0VEc0RQOEcxV1dnMXRDTVdQL1dIUHFwYVZvMGpoc3dlTkZaZ1NzMGVFN3dZSTRxQWpFQTJXQjlvdDk4c0lrb0YzdlpZZGQzL1Z0V0I1YjlUTk1lYTdJeC9zdEo1VGZjTExlQUJMRTRCTkpPc1E0dm5CSEoiCiAgICAgICAgICB9CiAgICAgICAgXQogICAgICB9LAogICAgICAidmFsaWRGb3IiOiB7CiAgICAgICAgInN0YXJ0IjogIjIwMjItMDQtMTNUMjA6MDY6MTUuMDAwWiIKICAgICAgfQogICAgfQogIF0sCiAgImN0bG9ncyI6IFsKICAgIHsKICAgICAgImJhc2VVcmwiOiAiaHR0cHM6Ly9jdGZlLnNpZ3N0b3JlLmRldi90ZXN0IiwKICAgICAgImhhc2hBbGdvcml0aG0iOiAiU0hBMl8yNTYiLAogICAgICAicHVibGljS2V5IjogewogICAgICAgICJyYXdCeXRlcyI6ICJNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUViZndSK1JKdWRYc2NnUkJScEtYMVhGRHkzUHl1ZER4ei9TZm5SaTFmVDhla3BmQmQyTzF1b3o3anIzWjhuS3p4QTY5RVVRK2VGQ0ZJM3pldWJQV1U3dz09IiwKICAgICAgICAia2V5RGV0YWlscyI6ICJQS0lYX0VDRFNBX1AyNTZfU0hBXzI1NiIsCiAgICAgICAgInZhbGlkRm9yIjogewogICAgICAgICAgInN0YXJ0IjogIjIwMjEtMDMtMTRUMDA6MDA6MDAuMDAwWiIsCiAgICAgICAgICAiZW5kIjogIjIwMjItMTAtMzFUMjM6NTk6NTkuOTk5WiIKICAgICAgICB9CiAgICAgIH0sCiAgICAgICJsb2dJZCI6IHsKICAgICAgICAia2V5SWQiOiAiQ0dDUzhDaFMvMmhGMGRGcko0U2NSV2NZckJZOXd6alNiZWE4SWdZMmIzST0iCiAgICAgIH0KICAgIH0sCiAgICB7CiAgICAgICJiYXNlVXJsIjogImh0dHBzOi8vY3RmZS5zaWdzdG9yZS5kZXYvMjAyMiIsCiAgICAgICJoYXNoQWxnb3JpdGhtIjogIlNIQTJfMjU2IiwKICAgICAgInB1YmxpY0tleSI6IHsKICAgICAgICAicmF3Qnl0ZXMiOiAiTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFaVBTbEZpMENtRlRmRWpDVXFGOUh1Q0VjWVhOS0FhWWFsSUptQlo4eXllelBqVHFoeHJLQnBNbmFvY1Z0TEpCSTFlTTN1WG5RelFHQUpkSjRnczlGeXc9PSIsCiAgICAgICAgImtleURldGFpbHMiOiAiUEtJWF9FQ0RTQV9QMjU2X1NIQV8yNTYiLAogICAgICAgICJ2YWxpZEZvciI6IHsKICAgICAgICAgICJzdGFydCI6ICIyMDIyLTEwLTIwVDAwOjAwOjAwLjAwMFoiCiAgICAgICAgfQogICAgICB9LAogICAgICAibG9nSWQiOiB7CiAgICAgICAgImtleUlkIjogIjNUMHdhc2JIRVRKakdSNGNtV2MzQXFKS1hyamVQSzMvaDRweWdDOHA3bzQ9IgogICAgICB9CiAgICB9CiAgXSwKICAidGltZXN0YW1wQXV0aG9yaXRpZXMiOiBbCiAgICB7CiAgICAgICJzdWJqZWN0IjogewogICAgICAgICJvcmdhbml6YXRpb24iOiAiR2l0SHViLCBJbmMuIiwKICAgICAgICAiY29tbW9uTmFtZSI6ICJJbnRlcm5hbCBTZXJ2aWNlcyBSb290IgogICAgICB9LAogICAgICAiY2VydENoYWluIjogewogICAgICAgICJjZXJ0aWZpY2F0ZXMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJyYXdCeXRlcyI6ICJNSUlCM0RDQ0FXS2dBd0lCQWdJVWNoa05zSDM2WGEwNGIxTHFJYytxcjlEVmVjTXdDZ1lJS29aSXpqMEVBd013TWpFVk1CTUdBMVVFQ2hNTVIybDBTSFZpTENCSmJtTXVNUmt3RndZRFZRUURFeEJVVTBFZ2FXNTBaWEp0WldScFlYUmxNQjRYRFRJek1EUXhOREF3TURBd01Gb1hEVEkwTURReE16QXdNREF3TUZvd01qRVZNQk1HQTFVRUNoTU1SMmwwU0hWaUxDQkpibU11TVJrd0Z3WURWUVFERXhCVVUwRWdWR2x0WlhOMFlXMXdhVzVuTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFVUQ1Wk5iU3FZTWQ2cjhxcE9PRVg5aWJHblpUOUdzdVhPaHIvZjhVOUZKdWdCR0V4S1lwNDBPVUxTMGVyalpXN3hWOXhWNTJObkpmNU9lRHE0ZTVaS3FOV01GUXdEZ1lEVlIwUEFRSC9CQVFEQWdlQU1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUlNQXdHQTFVZEV3RUIvd1FDTUFBd0h3WURWUjBqQkJnd0ZvQVVhVzFSdWRPZ1Z0MGxlcVkwV0tZYnVQcjQ3d0F3Q2dZSUtvWkl6ajBFQXdNRGFBQXdaUUl3YlVIOUh2RDRlakNaSk9XUW5xQWxrcVVSbGx2dTlNOCtWcUxiaVJLK3pTZlpDWndzaWxqUm44TVFRUlNrWEVFNUFqRUFnK1Z4cXRvamZWZnU4RGh6emhDeDlHS0VUYkpIYjE5aVY3Mm1NS1ViREFGbXpaNmJROGI1NFpiOHRpZHk1YVdlIgogICAgICAgICAgfSwKICAgICAgICAgIHsKICAgICAgICAgICAgInJhd0J5dGVzIjogIk1JSUNFRENDQVpXZ0F3SUJBZ0lVWDhaTzVRWFA3dk40ZE1RNWU5c1UzbnViOE9nd0NnWUlLb1pJemowRUF3TXdPREVWTUJNR0ExVUVDaE1NUjJsMFNIVmlMQ0JKYm1NdU1SOHdIUVlEVlFRREV4WkpiblJsY201aGJDQlRaWEoyYVdObGN5QlNiMjkwTUI0WERUSXpNRFF4TkRBd01EQXdNRm9YRFRJNE1EUXhNakF3TURBd01Gb3dNakVWTUJNR0ExVUVDaE1NUjJsMFNIVmlMQ0JKYm1NdU1Sa3dGd1lEVlFRREV4QlVVMEVnYVc1MFpYSnRaV1JwWVhSbE1IWXdFQVlIS29aSXpqMENBUVlGSzRFRUFDSURZZ0FFdk1MWS9kVFZidklKWUFOQXVzekV3Sm5RRTFsbGZ0eW55TUtJTWhoNDhIbXFiVnI1eWd5YnpzTFJMVktiQldPZFoyMWFlSnorZ1ppeXRaZXRxY3lGOVdsRVI1TkVNZjZKVjdaTm9qUXB4SHE0UkhHb0dTY2VRdi9xdlRpWnhFREtvMll3WkRBT0JnTlZIUThCQWY4RUJBTUNBUVl3RWdZRFZSMFRBUUgvQkFnd0JnRUIvd0lCQURBZEJnTlZIUTRFRmdRVWFXMVJ1ZE9nVnQwbGVxWTBXS1lidVByNDd3QXdId1lEVlIwakJCZ3dGb0FVOU5ZWWxvYm5BRzRjMC9xanh5SC9scS93eitRd0NnWUlLb1pJemowRUF3TURhUUF3WmdJeEFLMUIxODV5Z0NySVlGbElzM0dqc3dqbndTTUc2TFk4d29MVmRha0tEWnhWYThmOGNxTXMxRGhjeEowKzA5dzk1UUl4QU8rdEJ6Wms3dmpVSjlpSmdENFI2WldUeFFXS3FObTc0ak85OW8rbzlzdjRGSS9TWlRaVEZ5TW4wSUpFSGRObXlBPT0iCiAgICAgICAgICB9LAogICAgICAgICAgewogICAgICAgICAgICAicmF3Qnl0ZXMiOiAiTUlJQjlEQ0NBWHFnQXdJQkFnSVVhL0pBa2RVaks0SlV3c3F0YWlSSkdXaHFMU293Q2dZSUtvWkl6ajBFQXdNd09ERVZNQk1HQTFVRUNoTU1SMmwwU0hWaUxDQkpibU11TVI4d0hRWURWUVFERXhaSmJuUmxjbTVoYkNCVFpYSjJhV05sY3lCU2IyOTBNQjRYRFRJek1EUXhOREF3TURBd01Gb1hEVE16TURReE1UQXdNREF3TUZvd09ERVZNQk1HQTFVRUNoTU1SMmwwU0hWaUxDQkpibU11TVI4d0hRWURWUVFERXhaSmJuUmxjbTVoYkNCVFpYSjJhV05sY3lCU2IyOTBNSFl3RUFZSEtvWkl6ajBDQVFZRks0RUVBQ0lEWWdBRWY5akZBWHh6NGt4NjhBSFJNT2tGQmhmbERjTVR2emFYejR4L0ZDY1hqSi8xcUVLb24vcVBJR25hVVJza0R0eU5iTkRPcGVKVERERnF0NDhpTVBybnpweDZJWndxZW1mVUpONHhCRVpmemErcFl0L2l5b2QrOXRacjIwUlJXU3YvbzBVd1F6QU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWRCZ05WSFE0RUZnUVU5TllZbG9ibkFHNGMwL3FqeHlIL2xxL3d6K1F3Q2dZSUtvWkl6ajBFQXdNRGFBQXdaUUl4QUxaTFo4QmdSWHpLeExNTU45VklsTytlNGhyQm5OQmdGN3R6N0hucm93djJOZXRaRXJJQUNLRnltQmx2V0R2dE1BSXdaTytraTZzc1ExYnNabzk4TzhtRUFmMk5aN2lpQ2dERFUwVndqZWNvNnp5ZWgwekJUczkvN2dWNkFITlE1M3hEIgogICAgICAgICAgfQogICAgICAgIF0KICAgICAgfSwKICAgICAgInZhbGlkRm9yIjogewogICAgICAgICJzdGFydCI6ICIyMDIzLTA0LTE0VDAwOjAwOjAwLjAwMFoiCiAgICAgIH0KICAgIH0KICBdCn0K","registry.npmjs.org%2Fkeys.json":"ewogICAgImtleXMiOiBbCiAgICAgICAgewogICAgICAgICAgICAia2V5SWQiOiAiU0hBMjU2OmpsM2J3c3d1ODBQampva0NnaDBvMnc1YzJVNExoUUFFNTdnajljejFrekEiLAogICAgICAgICAgICAia2V5VXNhZ2UiOiAibnBtOnNpZ25hdHVyZXMiLAogICAgICAgICAgICAicHVibGljS2V5IjogewogICAgICAgICAgICAgICAgInJhd0J5dGVzIjogIk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRTFPbGIzek1BRkZ4WEtIaUlrUU81Y0ozWWhsNWk2VVBwK0lodXRlQkpidUhjQTVVb2dLbzBFV3RsV3dXNktTYUtvVE5FWUw3SmxDUWlWbmtoQmt0VWdnPT0iLAogICAgICAgICAgICAgICAgImtleURldGFpbHMiOiAiUEtJWF9FQ0RTQV9QMjU2X1NIQV8yNTYiLAogICAgICAgICAgICAgICAgInZhbGlkRm9yIjogewogICAgICAgICAgICAgICAgICAgICJzdGFydCI6ICIxOTk5LTAxLTAxVDAwOjAwOjAwLjAwMFoiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9LAogICAgICAgIHsKICAgICAgICAgICAgImtleUlkIjogIlNIQTI1NjpqbDNid3N3dTgwUGpqb2tDZ2gwbzJ3NWMyVTRMaFFBRTU3Z2o5Y3oxa3pBIiwKICAgICAgICAgICAgImtleVVzYWdlIjogIm5wbTphdHRlc3RhdGlvbnMiLAogICAgICAgICAgICAicHVibGljS2V5IjogewogICAgICAgICAgICAgICAgInJhd0J5dGVzIjogIk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRTFPbGIzek1BRkZ4WEtIaUlrUU81Y0ozWWhsNWk2VVBwK0lodXRlQkpidUhjQTVVb2dLbzBFV3RsV3dXNktTYUtvVE5FWUw3SmxDUWlWbmtoQmt0VWdnPT0iLAogICAgICAgICAgICAgICAgImtleURldGFpbHMiOiAiUEtJWF9FQ0RTQV9QMjU2X1NIQV8yNTYiLAogICAgICAgICAgICAgICAgInZhbGlkRm9yIjogewogICAgICAgICAgICAgICAgICAgICJzdGFydCI6ICIyMDIyLTEyLTAxVDAwOjAwOjAwLjAwMFoiCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICBdCn0K"}}}
diff --git a/deps/npm/node_modules/@sigstore/tuf/store/public-good-instance-root.json b/deps/npm/node_modules/@sigstore/tuf/store/public-good-instance-root.json
deleted file mode 100644
index e95c7e88cdf092..00000000000000
--- a/deps/npm/node_modules/@sigstore/tuf/store/public-good-instance-root.json
+++ /dev/null
@@ -1 +0,0 @@
-{"signed":{"_type":"root","spec_version":"1.0","version":7,"expires":"2023-10-04T13:08:11Z","keys":{"25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEXsz3SZXFb8jMV42j6pJlyjbjR8K\nN3Bwocexq6LMIb5qsWKOQvLN16NUefLc4HswOoumRsVVaajSpQS6fobkRw==\n-----END PUBLIC KEY-----\n"}},"2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0ghrh92Lw1Yr3idGV5WqCtMDB8Cx\n+D8hdC4w2ZLNIplVRoVGLskYa3gheMyOjiJ8kPi15aQ2//7P+oj7UvJPGw==\n-----END PUBLIC KEY-----\n"}},"45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELrWvNt94v4R085ELeeCMxHp7PldF\n0/T1GxukUh2ODuggLGJE0pc1e8CSBf6CS91Fwo9FUOuRsjBUld+VqSyCdQ==\n-----END PUBLIC KEY-----\n"}},"7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEinikSsAQmYkNeH5eYq/CnIzLaacO\nxlSaawQDOwqKy/tCqxq5xxPSJc21K4WIhs9GyOkKfzueY3GILzcMJZ4cWw==\n-----END PUBLIC KEY-----\n"}},"e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWRiGr5+j+3J5SsH+Ztr5nE2H2wO7\nBV+nO3s93gLca18qTOzHY1oWyAGDykMSsGTUBSt9D+An0KfKsD2mfSM42Q==\n-----END PUBLIC KEY-----\n"}},"f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzBzVOmHCPojMVLSI364WiiV8NPrD\n6IgRxVliskz/v+y3JER5mcVGcONliDcWMC5J2lfHmjPNPhb4H7xm8LzfSA==\n-----END PUBLIC KEY-----\n"}},"ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c":{"keytype":"ecdsa-sha2-nistp256","scheme":"ecdsa-sha2-nistp256","keyid_hash_algorithms":["sha256","sha512"],"keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEy8XKsmhBYDI8Jc0GwzBxeKax0cm5\nSTKEU65HPFunUn41sT8pi0FjM4IkHz/YUmwmLUO0Wt7lxhj6BkLIK4qYAw==\n-----END PUBLIC KEY-----\n"}}},"roles":{"root":{"keyids":["ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c","25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99","f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f","7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b","2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de"],"threshold":3},"snapshot":{"keyids":["45b283825eb184cabd582eb17b74fc8ed404f68cf452acabdad2ed6f90ce216b"],"threshold":1},"targets":{"keyids":["ff51e17fcf253119b7033f6f57512631da4a0969442afcf9fc8b141c7f2be99c","25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99","f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f","7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b","2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de"],"threshold":3},"timestamp":{"keyids":["e1863ba02070322ebc626dcecf9d881a3a38c35c3b41a83765b6ad6c37eaec2a"],"threshold":1}},"consistent_snapshot":true},"signatures":[{"keyid":"25a0eb450fd3ee2bd79218c963dce3f1cc6118badf251bf149f0bd07d5cabe99","sig":"3046022100c0610c0055ce5c4a52d054d7322e7b514d55baf44423d63aa4daa077cc60fd1f022100a097f2803f090fb66c42ead915a2c46ebe7db53a32bf18f2188275cc936f8bdd"},{"keyid":"f5312f542c21273d9485a49394386c4575804770667f2ddb59b3bf0669fddd2f","sig":"304502203134f0468810299d5493a867c40630b341296b92e59c29821311d353343bb3a4022100e667ae3d304e7e3da0894c7425f6b9ecd917106841280e5cf6f3496ad5f8f68e"},{"keyid":"7f7513b25429a64473e10ce3ad2f3da372bbdd14b65d07bbaf547e7c8bbbe62b","sig":"3045022037fe5f45426f21eaaf4730d2136f2b1611d6379688f79b9d1e3f61719997135c022100b63b022d7b79d4694b96f416d88aa4d7b1a3bff8a01f4fb51e0f42137c7d2d06"},{"keyid":"2e61cd0cbf4a8f45809bda9f7f78c0d33ad11842ff94ae340873e2664dc843de","sig":"3044022007cc8fcc4940809f2751ad5b535f4c5f53f5b4952f5b5696b09668e743306ac1022006dfcdf94e94c92163eeb1b47796db62cedaa730aa13aa61b573fe23714730f2"}]}
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/bundle/dsse.js b/deps/npm/node_modules/@sigstore/verify/dist/bundle/dsse.js
new file mode 100644
index 00000000000000..193f875fd1014e
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/bundle/dsse.js
@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DSSESignatureContent = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const core_1 = require("@sigstore/core");
+class DSSESignatureContent {
+    constructor(env) {
+        this.env = env;
+    }
+    compareDigest(digest) {
+        return core_1.crypto.bufferEqual(digest, core_1.crypto.hash(this.env.payload));
+    }
+    compareSignature(signature) {
+        return core_1.crypto.bufferEqual(signature, this.signature);
+    }
+    verifySignature(key) {
+        return core_1.crypto.verify(this.preAuthEncoding, key, this.signature);
+    }
+    get signature() {
+        return this.env.signatures.length > 0
+            ? this.env.signatures[0].sig
+            : Buffer.from('');
+    }
+    // DSSE Pre-Authentication Encoding
+    get preAuthEncoding() {
+        return core_1.dsse.preAuthEncoding(this.env.payloadType, this.env.payload);
+    }
+}
+exports.DSSESignatureContent = DSSESignatureContent;
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/bundle/index.js b/deps/npm/node_modules/@sigstore/verify/dist/bundle/index.js
new file mode 100644
index 00000000000000..63f8d4c4998811
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/bundle/index.js
@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.signatureContent = exports.toSignedEntity = void 0;
+const core_1 = require("@sigstore/core");
+const dsse_1 = require("./dsse");
+const message_1 = require("./message");
+function toSignedEntity(bundle, artifact) {
+    const { tlogEntries, timestampVerificationData } = bundle.verificationMaterial;
+    const timestamps = [];
+    for (const entry of tlogEntries) {
+        timestamps.push({
+            $case: 'transparency-log',
+            tlogEntry: entry,
+        });
+    }
+    for (const ts of timestampVerificationData?.rfc3161Timestamps ?? []) {
+        timestamps.push({
+            $case: 'timestamp-authority',
+            timestamp: core_1.RFC3161Timestamp.parse(ts.signedTimestamp),
+        });
+    }
+    return {
+        signature: signatureContent(bundle, artifact),
+        key: key(bundle),
+        tlogEntries,
+        timestamps,
+    };
+}
+exports.toSignedEntity = toSignedEntity;
+function signatureContent(bundle, artifact) {
+    switch (bundle.content.$case) {
+        case 'dsseEnvelope':
+            return new dsse_1.DSSESignatureContent(bundle.content.dsseEnvelope);
+        case 'messageSignature':
+            return new message_1.MessageSignatureContent(bundle.content.messageSignature, artifact);
+    }
+}
+exports.signatureContent = signatureContent;
+function key(bundle) {
+    switch (bundle.verificationMaterial.content.$case) {
+        case 'publicKey':
+            return {
+                $case: 'public-key',
+                hint: bundle.verificationMaterial.content.publicKey.hint,
+            };
+        case 'x509CertificateChain':
+            return {
+                $case: 'certificate',
+                certificate: core_1.X509Certificate.parse(bundle.verificationMaterial.content.x509CertificateChain
+                    .certificates[0].rawBytes),
+            };
+        case 'certificate':
+            return {
+                $case: 'certificate',
+                certificate: core_1.X509Certificate.parse(bundle.verificationMaterial.content.certificate.rawBytes),
+            };
+    }
+}
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/bundle/message.js b/deps/npm/node_modules/@sigstore/verify/dist/bundle/message.js
new file mode 100644
index 00000000000000..836148c68a8b66
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/bundle/message.js
@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MessageSignatureContent = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const core_1 = require("@sigstore/core");
+class MessageSignatureContent {
+    constructor(messageSignature, artifact) {
+        this.signature = messageSignature.signature;
+        this.messageDigest = messageSignature.messageDigest.digest;
+        this.artifact = artifact;
+    }
+    compareSignature(signature) {
+        return core_1.crypto.bufferEqual(signature, this.signature);
+    }
+    compareDigest(digest) {
+        return core_1.crypto.bufferEqual(digest, this.messageDigest);
+    }
+    verifySignature(key) {
+        return core_1.crypto.verify(this.artifact, key, this.signature);
+    }
+}
+exports.MessageSignatureContent = MessageSignatureContent;
diff --git a/deps/npm/node_modules/sigstore/dist/error.js b/deps/npm/node_modules/@sigstore/verify/dist/error.js
similarity index 92%
rename from deps/npm/node_modules/sigstore/dist/error.js
rename to deps/npm/node_modules/@sigstore/verify/dist/error.js
index b0a7dbc83f7105..6cb1cd41213435 100644
--- a/deps/npm/node_modules/sigstore/dist/error.js
+++ b/deps/npm/node_modules/@sigstore/verify/dist/error.js
@@ -1,4 +1,6 @@
 "use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PolicyError = exports.VerificationError = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -14,20 +16,15 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PolicyError = exports.VerificationError = void 0;
 class BaseError extends Error {
     constructor({ code, message, cause, }) {
         super(message);
-        this.name = this.constructor.name;
         this.code = code;
         this.cause = cause;
+        this.name = this.constructor.name;
     }
 }
 class VerificationError extends BaseError {
-    constructor(message) {
-        super({ code: 'VERIFICATION_ERROR', message });
-    }
 }
 exports.VerificationError = VerificationError;
 class PolicyError extends BaseError {
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/index.js b/deps/npm/node_modules/@sigstore/verify/dist/index.js
new file mode 100644
index 00000000000000..3222876fcd68b7
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/index.js
@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Verifier = exports.toTrustMaterial = exports.VerificationError = exports.PolicyError = exports.toSignedEntity = void 0;
+/* istanbul ignore file */
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+var bundle_1 = require("./bundle");
+Object.defineProperty(exports, "toSignedEntity", { enumerable: true, get: function () { return bundle_1.toSignedEntity; } });
+var error_1 = require("./error");
+Object.defineProperty(exports, "PolicyError", { enumerable: true, get: function () { return error_1.PolicyError; } });
+Object.defineProperty(exports, "VerificationError", { enumerable: true, get: function () { return error_1.VerificationError; } });
+var trust_1 = require("./trust");
+Object.defineProperty(exports, "toTrustMaterial", { enumerable: true, get: function () { return trust_1.toTrustMaterial; } });
+var verifier_1 = require("./verifier");
+Object.defineProperty(exports, "Verifier", { enumerable: true, get: function () { return verifier_1.Verifier; } });
diff --git a/deps/npm/node_modules/sigstore/dist/x509/verify.js b/deps/npm/node_modules/@sigstore/verify/dist/key/certificate.js
similarity index 71%
rename from deps/npm/node_modules/sigstore/dist/x509/verify.js
rename to deps/npm/node_modules/@sigstore/verify/dist/key/certificate.js
index b4c7f39912a847..c9140dd98d58a6 100644
--- a/deps/npm/node_modules/sigstore/dist/x509/verify.js
+++ b/deps/npm/node_modules/@sigstore/verify/dist/key/certificate.js
@@ -1,25 +1,36 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyCertificateChain = void 0;
-/*
-Copyright 2023 The Sigstore Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
+exports.CertificateChainVerifier = exports.verifyCertificateChain = void 0;
 const error_1 = require("../error");
-function verifyCertificateChain(opts) {
-    const verifier = new CertificateChainVerifier(opts);
-    return verifier.verify();
+const trust_1 = require("../trust");
+function verifyCertificateChain(leaf, certificateAuthorities) {
+    // Filter list of trusted CAs to those which are valid for the given
+    // leaf certificate.
+    const cas = (0, trust_1.filterCertAuthorities)(certificateAuthorities, {
+        start: leaf.notBefore,
+        end: leaf.notAfter,
+    });
+    /* eslint-disable-next-line @typescript-eslint/no-explicit-any */
+    let error;
+    for (const ca of cas) {
+        try {
+            const verifier = new CertificateChainVerifier({
+                trustedCerts: ca.certChain,
+                untrustedCert: leaf,
+            });
+            return verifier.verify();
+        }
+        catch (err) {
+            error = err;
+        }
+    }
+    // If we failed to verify the certificate chain for all of the trusted
+    // CAs, throw the last error we encountered.
+    throw new error_1.VerificationError({
+        code: 'CERTIFICATE_ERROR',
+        message: 'Failed to verify certificate chain',
+        cause: error,
+    });
 }
 exports.verifyCertificateChain = verifyCertificateChain;
 class CertificateChainVerifier {
@@ -30,7 +41,6 @@ class CertificateChainVerifier {
             ...opts.trustedCerts,
             opts.untrustedCert,
         ]);
-        this.validAt = opts.validAt || new Date();
     }
     verify() {
         // Construct certificate path from leaf to root
@@ -47,9 +57,13 @@ class CertificateChainVerifier {
         // Filter for paths which contain a trusted certificate
         paths = paths.filter((path) => path.some((cert) => this.trustedCerts.includes(cert)));
         if (paths.length === 0) {
-            throw new error_1.VerificationError('No trusted certificate path found');
+            throw new error_1.VerificationError({
+                code: 'CERTIFICATE_ERROR',
+                message: 'no trusted certificate path found',
+            });
         }
         // Find the shortest of possible paths
+        /* istanbul ignore next */
         const path = paths.reduce((prev, curr) => prev.length < curr.length ? prev : curr);
         // Construct chain from shortest path
         // Removes the last certificate in the path, which will be a second copy
@@ -61,7 +75,10 @@ class CertificateChainVerifier {
         const paths = [];
         const issuers = this.findIssuer(certificate);
         if (issuers.length === 0) {
-            throw new error_1.VerificationError('No valid certificate path found');
+            throw new error_1.VerificationError({
+                code: 'CERTIFICATE_ERROR',
+                message: 'no valid certificate path found',
+            });
         }
         for (let i = 0; i < issuers.length; i++) {
             const issuer = issuers[i];
@@ -119,30 +136,37 @@ class CertificateChainVerifier {
                 return certificate.verify(issuer);
             }
             catch (ex) {
+                /* istanbul ignore next - should never error */
                 return false;
             }
         });
         return issuers;
     }
     checkPath(path) {
+        /* istanbul ignore if */
         if (path.length < 1) {
-            throw new error_1.VerificationError('Certificate chain must contain at least one certificate');
-        }
-        // Check that all certificates are valid at the check date
-        const validForDate = path.every((cert) => cert.validForDate(this.validAt));
-        if (!validForDate) {
-            throw new error_1.VerificationError('Certificate is not valid or expired at the specified date');
+            throw new error_1.VerificationError({
+                code: 'CERTIFICATE_ERROR',
+                message: 'certificate chain must contain at least one certificate',
+            });
         }
         // Ensure that all certificates beyond the leaf are CAs
         const validCAs = path.slice(1).every((cert) => cert.isCA);
         if (!validCAs) {
-            throw new error_1.VerificationError('Intermediate certificate is not a CA');
+            throw new error_1.VerificationError({
+                code: 'CERTIFICATE_ERROR',
+                message: 'intermediate certificate is not a CA',
+            });
         }
         // Certificate's issuer must match the subject of the next certificate
         // in the chain
         for (let i = path.length - 2; i >= 0; i--) {
+            /* istanbul ignore if */
             if (!path[i].issuer.equals(path[i + 1].subject)) {
-                throw new error_1.VerificationError('Incorrect certificate name chaining');
+                throw new error_1.VerificationError({
+                    code: 'CERTIFICATE_ERROR',
+                    message: 'incorrect certificate name chaining',
+                });
             }
         }
         // Check pathlength constraints
@@ -157,12 +181,16 @@ class CertificateChainVerifier {
                 // greater than or equal to it's own depth in the chain (with an
                 // adjustment for the leaf certificate)
                 if (pathLength !== undefined && pathLength < i - 1) {
-                    throw new error_1.VerificationError('Path length constraint exceeded');
+                    throw new error_1.VerificationError({
+                        code: 'CERTIFICATE_ERROR',
+                        message: 'path length constraint exceeded',
+                    });
                 }
             }
         }
     }
 }
+exports.CertificateChainVerifier = CertificateChainVerifier;
 // Remove duplicate certificates from the array
 function dedupeCertificates(certs) {
     for (let i = 0; i < certs.length; i++) {
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/key/index.js b/deps/npm/node_modules/@sigstore/verify/dist/key/index.js
new file mode 100644
index 00000000000000..682a306803a991
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/key/index.js
@@ -0,0 +1,72 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyCertificate = exports.verifyPublicKey = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const core_1 = require("@sigstore/core");
+const error_1 = require("../error");
+const certificate_1 = require("./certificate");
+const sct_1 = require("./sct");
+const OID_FULCIO_ISSUER_V1 = '1.3.6.1.4.1.57264.1.1';
+const OID_FULCIO_ISSUER_V2 = '1.3.6.1.4.1.57264.1.8';
+function verifyPublicKey(hint, timestamps, trustMaterial) {
+    const key = trustMaterial.publicKey(hint);
+    timestamps.forEach((timestamp) => {
+        if (!key.validFor(timestamp)) {
+            throw new error_1.VerificationError({
+                code: 'PUBLIC_KEY_ERROR',
+                message: `Public key is not valid for timestamp: ${timestamp.toISOString()}`,
+            });
+        }
+    });
+    return { key: key.publicKey };
+}
+exports.verifyPublicKey = verifyPublicKey;
+function verifyCertificate(leaf, timestamps, trustMaterial) {
+    // Check that leaf certificate chains to a trusted CA
+    const path = (0, certificate_1.verifyCertificateChain)(leaf, trustMaterial.certificateAuthorities);
+    // Check that ALL certificates are valid for ALL of the timestamps
+    const validForDate = timestamps.every((timestamp) => path.every((cert) => cert.validForDate(timestamp)));
+    if (!validForDate) {
+        throw new error_1.VerificationError({
+            code: 'CERTIFICATE_ERROR',
+            message: 'certificate is not valid or expired at the specified date',
+        });
+    }
+    return {
+        scts: (0, sct_1.verifySCTs)(path[0], path[1], trustMaterial.ctlogs),
+        signer: getSigner(path[0]),
+    };
+}
+exports.verifyCertificate = verifyCertificate;
+function getSigner(cert) {
+    let issuer;
+    const issuerExtension = cert.extension(OID_FULCIO_ISSUER_V2);
+    if (issuerExtension) {
+        issuer = issuerExtension.valueObj.subs?.[0]?.value.toString('ascii');
+    }
+    else {
+        issuer = cert.extension(OID_FULCIO_ISSUER_V1)?.value.toString('ascii');
+    }
+    const identity = {
+        extensions: { issuer },
+        subjectAlternativeName: cert.subjectAltName,
+    };
+    return {
+        key: core_1.crypto.createPublicKey(cert.publicKey),
+        identity,
+    };
+}
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/key/sct.js b/deps/npm/node_modules/@sigstore/verify/dist/key/sct.js
new file mode 100644
index 00000000000000..aea412840e1039
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/key/sct.js
@@ -0,0 +1,79 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifySCTs = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const core_1 = require("@sigstore/core");
+const error_1 = require("../error");
+const trust_1 = require("../trust");
+function verifySCTs(cert, issuer, ctlogs) {
+    let extSCT;
+    // Verifying the SCT requires that we remove the SCT extension and
+    // re-encode the TBS structure to DER -- this value is part of the data
+    // over which the signature is calculated. Since this is a destructive action
+    // we create a copy of the certificate so we can remove the SCT extension
+    // without affecting the original certificate.
+    const clone = cert.clone();
+    // Intentionally not using the findExtension method here because we want to
+    // remove the the SCT extension from the certificate before calculating the
+    // PreCert structure
+    for (let i = 0; i < clone.extensions.length; i++) {
+        const ext = clone.extensions[i];
+        if (ext.subs[0].toOID() === core_1.EXTENSION_OID_SCT) {
+            extSCT = new core_1.X509SCTExtension(ext);
+            // Remove the extension from the certificate
+            clone.extensions.splice(i, 1);
+            break;
+        }
+    }
+    // No SCT extension found to verify
+    if (!extSCT) {
+        return [];
+    }
+    // Found an SCT extension but it has no SCTs
+    /* istanbul ignore if -- too difficult to fabricate test case for this */
+    if (extSCT.signedCertificateTimestamps.length === 0) {
+        return [];
+    }
+    // Construct the PreCert structure
+    // https://www.rfc-editor.org/rfc/rfc6962#section-3.2
+    const preCert = new core_1.ByteStream();
+    // Calculate hash of the issuer's public key
+    const issuerId = core_1.crypto.hash(issuer.publicKey);
+    preCert.appendView(issuerId);
+    // Re-encodes the certificate to DER after removing the SCT extension
+    const tbs = clone.tbsCertificate.toDER();
+    preCert.appendUint24(tbs.length);
+    preCert.appendView(tbs);
+    // Calculate and return the verification results for each SCT
+    return extSCT.signedCertificateTimestamps.map((sct) => {
+        // Find the ctlog instance that corresponds to the SCT's logID
+        const validCTLogs = (0, trust_1.filterTLogAuthorities)(ctlogs, {
+            logID: sct.logID,
+            targetDate: sct.datetime,
+        });
+        // See if the SCT is valid for any of the CT logs
+        const verified = validCTLogs.some((log) => sct.verify(preCert.buffer, log.publicKey));
+        if (!verified) {
+            throw new error_1.VerificationError({
+                code: 'CERTIFICATE_ERROR',
+                message: 'SCT verification failed',
+            });
+        }
+        return sct.logID;
+    });
+}
+exports.verifySCTs = verifySCTs;
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/policy.js b/deps/npm/node_modules/@sigstore/verify/dist/policy.js
new file mode 100644
index 00000000000000..731e5c83328475
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/policy.js
@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyExtensions = exports.verifySubjectAlternativeName = void 0;
+const error_1 = require("./error");
+function verifySubjectAlternativeName(policyIdentity, signerIdentity) {
+    if (signerIdentity === undefined || !signerIdentity.match(policyIdentity)) {
+        throw new error_1.PolicyError({
+            code: 'UNTRUSTED_SIGNER_ERROR',
+            message: `certificate identity error - expected ${policyIdentity}, got ${signerIdentity}`,
+        });
+    }
+}
+exports.verifySubjectAlternativeName = verifySubjectAlternativeName;
+function verifyExtensions(policyExtensions, signerExtensions = {}) {
+    let key;
+    for (key in policyExtensions) {
+        if (signerExtensions[key] !== policyExtensions[key]) {
+            throw new error_1.PolicyError({
+                code: 'UNTRUSTED_SIGNER_ERROR',
+                message: `invalid certificate extension - expected ${key}=${policyExtensions[key]}, got ${key}=${signerExtensions[key]}`,
+            });
+        }
+    }
+}
+exports.verifyExtensions = verifyExtensions;
diff --git a/deps/npm/node_modules/sigstore/dist/types/fetch.js b/deps/npm/node_modules/@sigstore/verify/dist/shared.types.js
similarity index 100%
rename from deps/npm/node_modules/sigstore/dist/types/fetch.js
rename to deps/npm/node_modules/@sigstore/verify/dist/shared.types.js
diff --git a/deps/npm/node_modules/sigstore/dist/tlog/verify/checkpoint.js b/deps/npm/node_modules/@sigstore/verify/dist/timestamp/checkpoint.js
similarity index 58%
rename from deps/npm/node_modules/sigstore/dist/tlog/verify/checkpoint.js
rename to deps/npm/node_modules/@sigstore/verify/dist/timestamp/checkpoint.js
index f6f35a5cad64dd..04a87383f0fd17 100644
--- a/deps/npm/node_modules/sigstore/dist/tlog/verify/checkpoint.js
+++ b/deps/npm/node_modules/@sigstore/verify/dist/timestamp/checkpoint.js
@@ -1,8 +1,24 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.verifyCheckpoint = void 0;
-const error_1 = require("../../error");
-const util_1 = require("../../util");
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const core_1 = require("@sigstore/core");
+const error_1 = require("../error");
+const trust_1 = require("../trust");
 // Separator between the note and the signatures in a checkpoint
 const CHECKPOINT_SEPARATOR = '\n\n';
 // Checkpoint signatures are of the following form:
@@ -23,17 +39,44 @@ const SIGNATURE_REGEX = /\u2014 (\S+) (\S+)\n/g;
 function verifyCheckpoint(entry, tlogs) {
     // Filter tlog instances to just those which were valid at the time of the
     // entry
-    const validTLogs = filterTLogInstances(tlogs, entry.integratedTime);
+    const validTLogs = (0, trust_1.filterTLogAuthorities)(tlogs, {
+        targetDate: new Date(Number(entry.integratedTime) * 1000),
+    });
     const inclusionProof = entry.inclusionProof;
     const signedNote = SignedNote.fromString(inclusionProof.checkpoint.envelope);
     const checkpoint = LogCheckpoint.fromString(signedNote.note);
-    // Verify that the signatures in the checkpoint are all valid, also check
-    // that the root hash from the checkpoint matches the root hash in the
+    // Verify that the signatures in the checkpoint are all valid
+    if (!verifySignedNote(signedNote, validTLogs)) {
+        throw new error_1.VerificationError({
+            code: 'TLOG_INCLUSION_PROOF_ERROR',
+            message: 'invalid checkpoint signature',
+        });
+    }
+    // Verify that the root hash from the checkpoint matches the root hash in the
     // inclusion proof
-    return (signedNote.verify(validTLogs) &&
-        util_1.crypto.bufferEqual(checkpoint.logHash, inclusionProof.rootHash));
+    if (!core_1.crypto.bufferEqual(checkpoint.logHash, inclusionProof.rootHash)) {
+        throw new error_1.VerificationError({
+            code: 'TLOG_INCLUSION_PROOF_ERROR',
+            message: 'root hash mismatch',
+        });
+    }
 }
 exports.verifyCheckpoint = verifyCheckpoint;
+// Verifies the signatures in the SignedNote. For each signature, the
+// corresponding transparency log is looked up by the key hint and the
+// signature is verified against the public key in the transparency log.
+// Throws an error if any of the signatures are invalid.
+function verifySignedNote(signedNote, tlogs) {
+    const data = Buffer.from(signedNote.note, 'utf-8');
+    return signedNote.signatures.every((signature) => {
+        // Find the transparency log instance with the matching key hint
+        const tlog = tlogs.find((tlog) => core_1.crypto.bufferEqual(tlog.logID.subarray(0, 4), signature.keyHint));
+        if (!tlog) {
+            return false;
+        }
+        return core_1.crypto.verify(data, tlog.publicKey, signature.signature);
+    });
+}
 // SignedNote represents a signed note from a transparency log checkpoint. Consists
 // of a body (or note) and one more signatures calculated over the body. See
 // https://github.com/transparency-dev/formats/blob/main/log/README.md#signed-envelope
@@ -45,7 +88,10 @@ class SignedNote {
     // Deserialize a SignedNote from a string
     static fromString(envelope) {
         if (!envelope.includes(CHECKPOINT_SEPARATOR)) {
-            throw new error_1.VerificationError('malformed checkpoint: no separator');
+            throw new error_1.VerificationError({
+                code: 'TLOG_INCLUSION_PROOF_ERROR',
+                message: 'missing checkpoint separator',
+            });
         }
         // Split the note into the header and the data portions at the separator
         const split = envelope.indexOf(CHECKPOINT_SEPARATOR);
@@ -60,7 +106,10 @@ class SignedNote {
             const [, name, signature] = match;
             const sigBytes = Buffer.from(signature, 'base64');
             if (sigBytes.length < 5) {
-                throw new error_1.VerificationError('malformed checkpoint: invalid signature');
+                throw new error_1.VerificationError({
+                    code: 'TLOG_INCLUSION_PROOF_ERROR',
+                    message: 'malformed checkpoint signature',
+                });
             }
             return {
                 name,
@@ -69,26 +118,13 @@ class SignedNote {
             };
         });
         if (signatures.length === 0) {
-            throw new error_1.VerificationError('malformed checkpoint: no signatures');
+            throw new error_1.VerificationError({
+                code: 'TLOG_INCLUSION_PROOF_ERROR',
+                message: 'no signatures found in checkpoint',
+            });
         }
         return new SignedNote(header, signatures);
     }
-    // Verifies the signatures in the SignedNote. For each signature, the
-    // corresponding transparency log is looked up by the key hint and the
-    // signature is verified against the public key in the transparency log.
-    // Throws an error if any of the signatures are invalid.
-    verify(tlogs) {
-        const data = Buffer.from(this.note, 'utf-8');
-        return this.signatures.every((signature) => {
-            // Find the transparency log instance with the matching key hint
-            const tlog = tlogs.find((tlog) => util_1.crypto.bufferEqual(tlog.logId.keyId.subarray(0, 4), signature.keyHint));
-            if (!tlog) {
-                return false;
-            }
-            const publicKey = util_1.crypto.createPublicKey(tlog.publicKey.rawBytes);
-            return util_1.crypto.verifyBlob(data, publicKey, signature.signature);
-        });
-    }
 }
 // LogCheckpoint represents a transparency log checkpoint. Consists of the
 // following:
@@ -106,9 +142,12 @@ class LogCheckpoint {
         this.rest = rest;
     }
     static fromString(note) {
-        const lines = note.trim().split('\n');
-        if (lines.length < 4) {
-            throw new error_1.VerificationError('malformed checkpoint: too few lines in header');
+        const lines = note.trimEnd().split('\n');
+        if (lines.length < 3) {
+            throw new error_1.VerificationError({
+                code: 'TLOG_INCLUSION_PROOF_ERROR',
+                message: 'too few lines in checkpoint header',
+            });
         }
         const origin = lines[0];
         const logSize = BigInt(lines[1]);
@@ -117,32 +156,3 @@ class LogCheckpoint {
         return new LogCheckpoint(origin, logSize, rootHash, rest);
     }
 }
-// Filter the list of tlog instances to only those which have usable public
-// keys and were valid at the given time.
-function filterTLogInstances(tlogInstances, integratedTime) {
-    const targetDate = new Date(Number(integratedTime) * 1000);
-    return tlogInstances.filter((tlog) => {
-        // Must have a log ID
-        if (!tlog.logId) {
-            return false;
-        }
-        // If the tlog doesn't have a public key, we can't use it
-        const publicKey = tlog.publicKey;
-        if (publicKey === undefined) {
-            return false;
-        }
-        // If the tlog doesn't have a rawBytes field, we can't use it
-        if (publicKey.rawBytes === undefined) {
-            return false;
-        }
-        // If the tlog doesn't have a validFor field, we don't need to check it
-        const validFor = publicKey.validFor;
-        if (validFor === undefined) {
-            return true;
-        }
-        // Check that the integrated time is within the validFor range
-        return (validFor.start !== undefined &&
-            validFor.start <= targetDate &&
-            (validFor.end === undefined || targetDate <= validFor.end));
-    });
-}
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/timestamp/index.js b/deps/npm/node_modules/@sigstore/verify/dist/timestamp/index.js
new file mode 100644
index 00000000000000..0da554f648d25e
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/timestamp/index.js
@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyTLogTimestamp = exports.verifyTSATimestamp = void 0;
+const error_1 = require("../error");
+const checkpoint_1 = require("./checkpoint");
+const merkle_1 = require("./merkle");
+const set_1 = require("./set");
+const tsa_1 = require("./tsa");
+function verifyTSATimestamp(timestamp, data, timestampAuthorities) {
+    (0, tsa_1.verifyRFC3161Timestamp)(timestamp, data, timestampAuthorities);
+    return {
+        type: 'timestamp-authority',
+        logID: timestamp.signerSerialNumber,
+        timestamp: timestamp.signingTime,
+    };
+}
+exports.verifyTSATimestamp = verifyTSATimestamp;
+function verifyTLogTimestamp(entry, tlogAuthorities) {
+    let inclusionVerified = false;
+    if (isTLogEntryWithInclusionPromise(entry)) {
+        (0, set_1.verifyTLogSET)(entry, tlogAuthorities);
+        inclusionVerified = true;
+    }
+    if (isTLogEntryWithInclusionProof(entry)) {
+        (0, merkle_1.verifyMerkleInclusion)(entry);
+        (0, checkpoint_1.verifyCheckpoint)(entry, tlogAuthorities);
+        inclusionVerified = true;
+    }
+    if (!inclusionVerified) {
+        throw new error_1.VerificationError({
+            code: 'TLOG_MISSING_INCLUSION_ERROR',
+            message: 'inclusion could not be verified',
+        });
+    }
+    return {
+        type: 'transparency-log',
+        logID: entry.logId.keyId,
+        timestamp: new Date(Number(entry.integratedTime) * 1000),
+    };
+}
+exports.verifyTLogTimestamp = verifyTLogTimestamp;
+function isTLogEntryWithInclusionPromise(entry) {
+    return entry.inclusionPromise !== undefined;
+}
+function isTLogEntryWithInclusionProof(entry) {
+    return entry.inclusionProof !== undefined;
+}
diff --git a/deps/npm/node_modules/sigstore/dist/tlog/verify/merkle.js b/deps/npm/node_modules/@sigstore/verify/dist/timestamp/merkle.js
similarity index 76%
rename from deps/npm/node_modules/sigstore/dist/tlog/verify/merkle.js
rename to deps/npm/node_modules/@sigstore/verify/dist/timestamp/merkle.js
index 0f246af4a28a3b..9895d01b7abc03 100644
--- a/deps/npm/node_modules/sigstore/dist/tlog/verify/merkle.js
+++ b/deps/npm/node_modules/@sigstore/verify/dist/timestamp/merkle.js
@@ -1,7 +1,4 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.verifyMerkleInclusion = void 0;
 /*
@@ -19,8 +16,8 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-const crypto_1 = __importDefault(require("crypto"));
-const error_1 = require("../../error");
+const core_1 = require("@sigstore/core");
+const error_1 = require("../error");
 const RFC6962_LEAF_HASH_PREFIX = Buffer.from([0x00]);
 const RFC6962_NODE_HASH_PREFIX = Buffer.from([0x01]);
 function verifyMerkleInclusion(entry) {
@@ -28,13 +25,19 @@ function verifyMerkleInclusion(entry) {
     const logIndex = BigInt(inclusionProof.logIndex);
     const treeSize = BigInt(inclusionProof.treeSize);
     if (logIndex < 0n || logIndex >= treeSize) {
-        throw new error_1.VerificationError('invalid inclusion proof index');
+        throw new error_1.VerificationError({
+            code: 'TLOG_INCLUSION_PROOF_ERROR',
+            message: `invalid index: ${logIndex}`,
+        });
     }
     // Figure out which subset of hashes corresponds to the inner and border
     // nodes
     const { inner, border } = decompInclProof(logIndex, treeSize);
     if (inclusionProof.hashes.length !== inner + border) {
-        throw new error_1.VerificationError('invalid inclusion proof length');
+        throw new error_1.VerificationError({
+            code: 'TLOG_INCLUSION_PROOF_ERROR',
+            message: 'invalid hash count',
+        });
     }
     const innerHashes = inclusionProof.hashes.slice(0, inner);
     const borderHashes = inclusionProof.hashes.slice(inner);
@@ -43,7 +46,12 @@ function verifyMerkleInclusion(entry) {
     // Chain the hashes belonging to the inner and border portions
     const calculatedHash = chainBorderRight(chainInner(leafHash, innerHashes, logIndex), borderHashes);
     // Calculated hash should match the root hash in the inclusion proof
-    return bufferEqual(calculatedHash, inclusionProof.rootHash);
+    if (!core_1.crypto.bufferEqual(calculatedHash, inclusionProof.rootHash)) {
+        throw new error_1.VerificationError({
+            code: 'TLOG_INCLUSION_PROOF_ERROR',
+            message: 'calculated root hash does not match inclusion proof',
+        });
+    }
 }
 exports.verifyMerkleInclusion = verifyMerkleInclusion;
 // Breaks down inclusion proof for a leaf at the specified index in a tree of
@@ -77,8 +85,8 @@ function innerProofSize(index, size) {
 }
 // Counts the number of ones in the binary representation of the given number.
 // https://en.wikipedia.org/wiki/Hamming_weight
-function onesCount(x) {
-    return x.toString(2).split('1').length - 1;
+function onesCount(num) {
+    return num.toString(2).split('1').length - 1;
 }
 // Returns the number of bits necessary to represent an integer in binary.
 function bitLength(n) {
@@ -90,24 +98,8 @@ function bitLength(n) {
 // Hashing logic according to RFC6962.
 // https://datatracker.ietf.org/doc/html/rfc6962#section-2
 function hashChildren(left, right) {
-    const hasher = crypto_1.default.createHash('sha256');
-    hasher.update(RFC6962_NODE_HASH_PREFIX);
-    hasher.update(left);
-    hasher.update(right);
-    return hasher.digest();
+    return core_1.crypto.hash(RFC6962_NODE_HASH_PREFIX, left, right);
 }
 function hashLeaf(leaf) {
-    const hasher = crypto_1.default.createHash('sha256');
-    hasher.update(RFC6962_LEAF_HASH_PREFIX);
-    hasher.update(leaf);
-    return hasher.digest();
-}
-function bufferEqual(a, b) {
-    try {
-        return crypto_1.default.timingSafeEqual(a, b);
-    }
-    catch {
-        /* istanbul ignore next */
-        return false;
-    }
+    return core_1.crypto.hash(RFC6962_LEAF_HASH_PREFIX, leaf);
 }
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/timestamp/set.js b/deps/npm/node_modules/@sigstore/verify/dist/timestamp/set.js
new file mode 100644
index 00000000000000..a6357c06999cba
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/timestamp/set.js
@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyTLogSET = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const core_1 = require("@sigstore/core");
+const error_1 = require("../error");
+const trust_1 = require("../trust");
+// Verifies the SET for the given entry against the list of trusted
+// transparency logs. Returns true if the SET can be verified against at least
+// one of the trusted logs; otherwise, returns false.
+function verifyTLogSET(entry, tlogs) {
+    // Filter the list of tlog instances to only those which might be able to
+    // verify the SET
+    const validTLogs = (0, trust_1.filterTLogAuthorities)(tlogs, {
+        logID: entry.logId.keyId,
+        targetDate: new Date(Number(entry.integratedTime) * 1000),
+    });
+    // Check to see if we can verify the SET against any of the valid tlogs
+    const verified = validTLogs.some((tlog) => {
+        // Re-create the original Rekor verification payload
+        const payload = toVerificationPayload(entry);
+        // Canonicalize the payload and turn into a buffer for verification
+        const data = Buffer.from(core_1.json.canonicalize(payload), 'utf8');
+        // Extract the SET from the tlog entry
+        const signature = entry.inclusionPromise.signedEntryTimestamp;
+        return core_1.crypto.verify(data, tlog.publicKey, signature);
+    });
+    if (!verified) {
+        throw new error_1.VerificationError({
+            code: 'TLOG_INCLUSION_PROMISE_ERROR',
+            message: 'inclusion promise could not be verified',
+        });
+    }
+}
+exports.verifyTLogSET = verifyTLogSET;
+// Returns a properly formatted "VerificationPayload" for one of the
+// transaction log entires in the given bundle which can be used for SET
+// verification.
+function toVerificationPayload(entry) {
+    const { integratedTime, logIndex, logId, canonicalizedBody } = entry;
+    return {
+        body: canonicalizedBody.toString('base64'),
+        integratedTime: Number(integratedTime),
+        logIndex: Number(logIndex),
+        logID: logId.keyId.toString('hex'),
+    };
+}
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/timestamp/tsa.js b/deps/npm/node_modules/@sigstore/verify/dist/timestamp/tsa.js
new file mode 100644
index 00000000000000..7b095bc3a7f908
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/timestamp/tsa.js
@@ -0,0 +1,74 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyRFC3161Timestamp = void 0;
+const core_1 = require("@sigstore/core");
+const error_1 = require("../error");
+const certificate_1 = require("../key/certificate");
+const trust_1 = require("../trust");
+function verifyRFC3161Timestamp(timestamp, data, timestampAuthorities) {
+    const signingTime = timestamp.signingTime;
+    // Filter for CAs which were valid at the time of signing
+    timestampAuthorities = (0, trust_1.filterCertAuthorities)(timestampAuthorities, {
+        start: signingTime,
+        end: signingTime,
+    });
+    // Filter for CAs which match serial and issuer embedded in the timestamp
+    timestampAuthorities = filterCAsBySerialAndIssuer(timestampAuthorities, {
+        serialNumber: timestamp.signerSerialNumber,
+        issuer: timestamp.signerIssuer,
+    });
+    // Check that we can verify the timestamp with AT LEAST ONE of the remaining
+    // CAs
+    const verified = timestampAuthorities.some((ca) => {
+        try {
+            verifyTimestampForCA(timestamp, data, ca);
+            return true;
+        }
+        catch (e) {
+            return false;
+        }
+    });
+    if (!verified) {
+        throw new error_1.VerificationError({
+            code: 'TIMESTAMP_ERROR',
+            message: 'timestamp could not be verified',
+        });
+    }
+}
+exports.verifyRFC3161Timestamp = verifyRFC3161Timestamp;
+function verifyTimestampForCA(timestamp, data, ca) {
+    const [leaf, ...cas] = ca.certChain;
+    const signingKey = core_1.crypto.createPublicKey(leaf.publicKey);
+    const signingTime = timestamp.signingTime;
+    // Verify the certificate chain for the provided CA
+    try {
+        new certificate_1.CertificateChainVerifier({
+            untrustedCert: leaf,
+            trustedCerts: cas,
+        }).verify();
+    }
+    catch (e) {
+        throw new error_1.VerificationError({
+            code: 'TIMESTAMP_ERROR',
+            message: 'invalid certificate chain',
+        });
+    }
+    // Check that all of the CA certs were valid at the time of signing
+    const validAtSigningTime = ca.certChain.every((cert) => cert.validForDate(signingTime));
+    if (!validAtSigningTime) {
+        throw new error_1.VerificationError({
+            code: 'TIMESTAMP_ERROR',
+            message: 'timestamp was signed with an expired certificate',
+        });
+    }
+    // Check that the signing certificate's key can be used to verify the
+    // timestamp signature.
+    timestamp.verify(data, signingKey);
+}
+// Filters the list of CAs to those which have a leaf signing certificate which
+// matches the given serial number and issuer.
+function filterCAsBySerialAndIssuer(timestampAuthorities, criteria) {
+    return timestampAuthorities.filter((ca) => ca.certChain.length > 0 &&
+        core_1.crypto.bufferEqual(ca.certChain[0].serialNumber, criteria.serialNumber) &&
+        core_1.crypto.bufferEqual(ca.certChain[0].issuer, criteria.issuer));
+}
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/tlog/dsse.js b/deps/npm/node_modules/@sigstore/verify/dist/tlog/dsse.js
new file mode 100644
index 00000000000000..bf430e61dde563
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/tlog/dsse.js
@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyDSSETLogBody = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const error_1 = require("../error");
+// Compare the given intoto tlog entry to the given bundle
+function verifyDSSETLogBody(tlogEntry, content) {
+    switch (tlogEntry.apiVersion) {
+        case '0.0.1':
+            return verifyDSSE001TLogBody(tlogEntry, content);
+        default:
+            throw new error_1.VerificationError({
+                code: 'TLOG_BODY_ERROR',
+                message: `unsupported dsse version: ${tlogEntry.apiVersion}`,
+            });
+    }
+}
+exports.verifyDSSETLogBody = verifyDSSETLogBody;
+// Compare the given dsse v0.0.1 tlog entry to the given DSSE envelope.
+function verifyDSSE001TLogBody(tlogEntry, content) {
+    // Ensure the bundle's DSSE only contains a single signature
+    if (tlogEntry.spec.signatures?.length !== 1) {
+        throw new error_1.VerificationError({
+            code: 'TLOG_BODY_ERROR',
+            message: 'signature count mismatch',
+        });
+    }
+    const tlogSig = tlogEntry.spec.signatures[0].signature;
+    // Ensure that the signature in the bundle's DSSE matches tlog entry
+    if (!content.compareSignature(Buffer.from(tlogSig, 'base64')))
+        throw new error_1.VerificationError({
+            code: 'TLOG_BODY_ERROR',
+            message: 'tlog entry signature mismatch',
+        });
+    // Ensure the digest of the bundle's DSSE payload matches the digest in the
+    // tlog entry
+    const tlogHash = tlogEntry.spec.payloadHash?.value || '';
+    if (!content.compareDigest(Buffer.from(tlogHash, 'hex'))) {
+        throw new error_1.VerificationError({
+            code: 'TLOG_BODY_ERROR',
+            message: 'DSSE payload hash mismatch',
+        });
+    }
+}
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/tlog/hashedrekord.js b/deps/npm/node_modules/@sigstore/verify/dist/tlog/hashedrekord.js
new file mode 100644
index 00000000000000..d1758858f030d8
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/tlog/hashedrekord.js
@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyHashedRekordTLogBody = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const error_1 = require("../error");
+// Compare the given hashedrekord tlog entry to the given bundle
+function verifyHashedRekordTLogBody(tlogEntry, content) {
+    switch (tlogEntry.apiVersion) {
+        case '0.0.1':
+            return verifyHashedrekord001TLogBody(tlogEntry, content);
+        default:
+            throw new error_1.VerificationError({
+                code: 'TLOG_BODY_ERROR',
+                message: `unsupported hashedrekord version: ${tlogEntry.apiVersion}`,
+            });
+    }
+}
+exports.verifyHashedRekordTLogBody = verifyHashedRekordTLogBody;
+// Compare the given hashedrekord v0.0.1 tlog entry to the given message
+// signature
+function verifyHashedrekord001TLogBody(tlogEntry, content) {
+    // Ensure that the bundles message signature matches the tlog entry
+    const tlogSig = tlogEntry.spec.signature.content || '';
+    if (!content.compareSignature(Buffer.from(tlogSig, 'base64'))) {
+        throw new error_1.VerificationError({
+            code: 'TLOG_BODY_ERROR',
+            message: 'signature mismatch',
+        });
+    }
+    // Ensure that the bundle's message digest matches the tlog entry
+    const tlogDigest = tlogEntry.spec.data.hash?.value || '';
+    if (!content.compareDigest(Buffer.from(tlogDigest, 'hex'))) {
+        throw new error_1.VerificationError({
+            code: 'TLOG_BODY_ERROR',
+            message: 'digest mismatch',
+        });
+    }
+}
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/tlog/index.js b/deps/npm/node_modules/@sigstore/verify/dist/tlog/index.js
new file mode 100644
index 00000000000000..adfc70ed51ad05
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/tlog/index.js
@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyTLogBody = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const error_1 = require("../error");
+const dsse_1 = require("./dsse");
+const hashedrekord_1 = require("./hashedrekord");
+const intoto_1 = require("./intoto");
+// Verifies that the given tlog entry matches the supplied signature content.
+function verifyTLogBody(entry, sigContent) {
+    const { kind, version } = entry.kindVersion;
+    const body = JSON.parse(entry.canonicalizedBody.toString('utf8'));
+    if (kind !== body.kind || version !== body.apiVersion) {
+        throw new error_1.VerificationError({
+            code: 'TLOG_BODY_ERROR',
+            message: `kind/version mismatch - expected: ${kind}/${version}, received: ${body.kind}/${body.apiVersion}`,
+        });
+    }
+    switch (body.kind) {
+        case 'dsse':
+            return (0, dsse_1.verifyDSSETLogBody)(body, sigContent);
+        case 'intoto':
+            return (0, intoto_1.verifyIntotoTLogBody)(body, sigContent);
+        case 'hashedrekord':
+            return (0, hashedrekord_1.verifyHashedRekordTLogBody)(body, sigContent);
+        /* istanbul ignore next */
+        default:
+            throw new error_1.VerificationError({
+                code: 'TLOG_BODY_ERROR',
+                message: `unsupported kind: ${kind}`,
+            });
+    }
+}
+exports.verifyTLogBody = verifyTLogBody;
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/tlog/intoto.js b/deps/npm/node_modules/@sigstore/verify/dist/tlog/intoto.js
new file mode 100644
index 00000000000000..e706887a95043a
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/tlog/intoto.js
@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyIntotoTLogBody = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const error_1 = require("../error");
+// Compare the given intoto tlog entry to the given bundle
+function verifyIntotoTLogBody(tlogEntry, content) {
+    switch (tlogEntry.apiVersion) {
+        case '0.0.2':
+            return verifyIntoto002TLogBody(tlogEntry, content);
+        default:
+            throw new error_1.VerificationError({
+                code: 'TLOG_BODY_ERROR',
+                message: `unsupported intoto version: ${tlogEntry.apiVersion}`,
+            });
+    }
+}
+exports.verifyIntotoTLogBody = verifyIntotoTLogBody;
+// Compare the given intoto v0.0.2 tlog entry to the given DSSE envelope.
+function verifyIntoto002TLogBody(tlogEntry, content) {
+    // Ensure the bundle's DSSE contains a single signature
+    if (tlogEntry.spec.content.envelope.signatures?.length !== 1) {
+        throw new error_1.VerificationError({
+            code: 'TLOG_BODY_ERROR',
+            message: 'signature count mismatch',
+        });
+    }
+    // Signature is double-base64-encoded in the tlog entry
+    const tlogSig = base64Decode(tlogEntry.spec.content.envelope.signatures[0].sig);
+    // Ensure that the signature in the bundle's DSSE matches tlog entry
+    if (!content.compareSignature(Buffer.from(tlogSig, 'base64')))
+        throw new error_1.VerificationError({
+            code: 'TLOG_BODY_ERROR',
+            message: 'tlog entry signature mismatch',
+        });
+    // Ensure the digest of the bundle's DSSE payload matches the digest in the
+    // tlog entry
+    const tlogHash = tlogEntry.spec.content.payloadHash?.value || '';
+    if (!content.compareDigest(Buffer.from(tlogHash, 'hex'))) {
+        throw new error_1.VerificationError({
+            code: 'TLOG_BODY_ERROR',
+            message: 'DSSE payload hash mismatch',
+        });
+    }
+}
+function base64Decode(str) {
+    return Buffer.from(str, 'base64').toString('utf-8');
+}
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/trust/filter.js b/deps/npm/node_modules/@sigstore/verify/dist/trust/filter.js
new file mode 100644
index 00000000000000..c09d055913c4c7
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/trust/filter.js
@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.filterTLogAuthorities = exports.filterCertAuthorities = void 0;
+function filterCertAuthorities(certAuthorities, criteria) {
+    return certAuthorities.filter((ca) => {
+        return (ca.validFor.start <= criteria.start && ca.validFor.end >= criteria.end);
+    });
+}
+exports.filterCertAuthorities = filterCertAuthorities;
+// Filter the list of tlog instances to only those which match the given log
+// ID and have public keys which are valid for the given integrated time.
+function filterTLogAuthorities(tlogAuthorities, criteria) {
+    return tlogAuthorities.filter((tlog) => {
+        // If we're filtering by log ID and the log IDs don't match, we can't use
+        // this tlog
+        if (criteria.logID && !tlog.logID.equals(criteria.logID)) {
+            return false;
+        }
+        // Check that the integrated time is within the validFor range
+        return (tlog.validFor.start <= criteria.targetDate &&
+            criteria.targetDate <= tlog.validFor.end);
+    });
+}
+exports.filterTLogAuthorities = filterTLogAuthorities;
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/trust/index.js b/deps/npm/node_modules/@sigstore/verify/dist/trust/index.js
new file mode 100644
index 00000000000000..7991f351949a00
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/trust/index.js
@@ -0,0 +1,75 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.toTrustMaterial = exports.filterTLogAuthorities = exports.filterCertAuthorities = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const core_1 = require("@sigstore/core");
+const error_1 = require("../error");
+const BEGINNING_OF_TIME = new Date(0);
+const END_OF_TIME = new Date(8640000000000000);
+var filter_1 = require("./filter");
+Object.defineProperty(exports, "filterCertAuthorities", { enumerable: true, get: function () { return filter_1.filterCertAuthorities; } });
+Object.defineProperty(exports, "filterTLogAuthorities", { enumerable: true, get: function () { return filter_1.filterTLogAuthorities; } });
+function toTrustMaterial(root, keys) {
+    const keyFinder = typeof keys === 'function' ? keys : keyLocator(keys);
+    return {
+        certificateAuthorities: root.certificateAuthorities.map(createCertAuthority),
+        timestampAuthorities: root.timestampAuthorities.map(createCertAuthority),
+        tlogs: root.tlogs.map(createTLogAuthority),
+        ctlogs: root.ctlogs.map(createTLogAuthority),
+        publicKey: keyFinder,
+    };
+}
+exports.toTrustMaterial = toTrustMaterial;
+function createTLogAuthority(tlogInstance) {
+    return {
+        logID: tlogInstance.logId.keyId,
+        publicKey: core_1.crypto.createPublicKey(tlogInstance.publicKey.rawBytes),
+        validFor: {
+            start: tlogInstance.publicKey.validFor?.start || BEGINNING_OF_TIME,
+            end: tlogInstance.publicKey.validFor?.end || END_OF_TIME,
+        },
+    };
+}
+function createCertAuthority(ca) {
+    return {
+        certChain: ca.certChain.certificates.map((cert) => {
+            return core_1.X509Certificate.parse(cert.rawBytes);
+        }),
+        validFor: {
+            start: ca.validFor?.start || BEGINNING_OF_TIME,
+            end: ca.validFor?.end || END_OF_TIME,
+        },
+    };
+}
+function keyLocator(keys) {
+    return (hint) => {
+        const key = (keys || {})[hint];
+        if (!key) {
+            throw new error_1.VerificationError({
+                code: 'PUBLIC_KEY_ERROR',
+                message: `key not found: ${hint}`,
+            });
+        }
+        return {
+            publicKey: core_1.crypto.createPublicKey(key.rawBytes),
+            validFor: (date) => {
+                return ((key.validFor?.start || BEGINNING_OF_TIME) <= date &&
+                    (key.validFor?.end || END_OF_TIME) >= date);
+            },
+        };
+    };
+}
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/trust/trust.types.js b/deps/npm/node_modules/@sigstore/verify/dist/trust/trust.types.js
new file mode 100644
index 00000000000000..c8ad2e549bdc68
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/trust/trust.types.js
@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
diff --git a/deps/npm/node_modules/@sigstore/verify/dist/verifier.js b/deps/npm/node_modules/@sigstore/verify/dist/verifier.js
new file mode 100644
index 00000000000000..829727cd1d40a9
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/dist/verifier.js
@@ -0,0 +1,141 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Verifier = void 0;
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+const util_1 = require("util");
+const error_1 = require("./error");
+const key_1 = require("./key");
+const policy_1 = require("./policy");
+const timestamp_1 = require("./timestamp");
+const tlog_1 = require("./tlog");
+class Verifier {
+    constructor(trustMaterial, options = {}) {
+        this.trustMaterial = trustMaterial;
+        this.options = {
+            ctlogThreshold: options.ctlogThreshold ?? 1,
+            tlogThreshold: options.tlogThreshold ?? 1,
+            tsaThreshold: options.tsaThreshold ?? 0,
+        };
+    }
+    verify(entity, policy) {
+        const timestamps = this.verifyTimestamps(entity);
+        const signer = this.verifySigningKey(entity, timestamps);
+        this.verifyTLogs(entity);
+        this.verifySignature(entity, signer);
+        if (policy) {
+            this.verifyPolicy(policy, signer.identity || {});
+        }
+        return signer;
+    }
+    // Checks that all of the timestamps in the entity are valid and returns them
+    verifyTimestamps(entity) {
+        let tlogCount = 0;
+        let tsaCount = 0;
+        const timestamps = entity.timestamps.map((timestamp) => {
+            switch (timestamp.$case) {
+                case 'timestamp-authority':
+                    tsaCount++;
+                    return (0, timestamp_1.verifyTSATimestamp)(timestamp.timestamp, entity.signature.signature, this.trustMaterial.timestampAuthorities);
+                case 'transparency-log':
+                    tlogCount++;
+                    return (0, timestamp_1.verifyTLogTimestamp)(timestamp.tlogEntry, this.trustMaterial.tlogs);
+            }
+        });
+        // Check for duplicate timestamps
+        if (containsDupes(timestamps)) {
+            throw new error_1.VerificationError({
+                code: 'TIMESTAMP_ERROR',
+                message: 'duplicate timestamp',
+            });
+        }
+        if (tlogCount < this.options.tlogThreshold) {
+            throw new error_1.VerificationError({
+                code: 'TIMESTAMP_ERROR',
+                message: `expected ${this.options.tlogThreshold} tlog timestamps, got ${tlogCount}`,
+            });
+        }
+        if (tsaCount < this.options.tsaThreshold) {
+            throw new error_1.VerificationError({
+                code: 'TIMESTAMP_ERROR',
+                message: `expected ${this.options.tsaThreshold} tsa timestamps, got ${tsaCount}`,
+            });
+        }
+        return timestamps.map((t) => t.timestamp);
+    }
+    // Checks that the signing key is valid for all of the the supplied timestamps
+    // and returns the signer.
+    verifySigningKey({ key }, timestamps) {
+        switch (key.$case) {
+            case 'public-key': {
+                return (0, key_1.verifyPublicKey)(key.hint, timestamps, this.trustMaterial);
+            }
+            case 'certificate': {
+                const result = (0, key_1.verifyCertificate)(key.certificate, timestamps, this.trustMaterial);
+                /* istanbul ignore next - no fixture */
+                if (containsDupes(result.scts)) {
+                    throw new error_1.VerificationError({
+                        code: 'CERTIFICATE_ERROR',
+                        message: 'duplicate SCT',
+                    });
+                }
+                if (result.scts.length < this.options.ctlogThreshold) {
+                    throw new error_1.VerificationError({
+                        code: 'CERTIFICATE_ERROR',
+                        message: `expected ${this.options.ctlogThreshold} SCTs, got ${result.scts.length}`,
+                    });
+                }
+                return result.signer;
+            }
+        }
+    }
+    // Checks that the tlog entries are valid for the supplied content
+    verifyTLogs({ signature: content, tlogEntries }) {
+        tlogEntries.forEach((entry) => (0, tlog_1.verifyTLogBody)(entry, content));
+    }
+    // Checks that the signature is valid for the supplied content
+    verifySignature(entity, signer) {
+        if (!entity.signature.verifySignature(signer.key)) {
+            throw new error_1.VerificationError({
+                code: 'SIGNATURE_ERROR',
+                message: 'signature verification failed',
+            });
+        }
+    }
+    verifyPolicy(policy, identity) {
+        // Check the subject alternative name of the signer matches the policy
+        if (policy.subjectAlternativeName) {
+            (0, policy_1.verifySubjectAlternativeName)(policy.subjectAlternativeName, identity.subjectAlternativeName);
+        }
+        // Check that the extensions of the signer match the policy
+        if (policy.extensions) {
+            (0, policy_1.verifyExtensions)(policy.extensions, identity.extensions);
+        }
+    }
+}
+exports.Verifier = Verifier;
+// Checks for duplicate items in the array. Objects are compared using
+// deep equality.
+function containsDupes(arr) {
+    for (let i = 0; i < arr.length; i++) {
+        for (let j = i + 1; j < arr.length; j++) {
+            if ((0, util_1.isDeepStrictEqual)(arr[i], arr[j])) {
+                return true;
+            }
+        }
+    }
+    return false;
+}
diff --git a/deps/npm/node_modules/@sigstore/verify/package.json b/deps/npm/node_modules/@sigstore/verify/package.json
new file mode 100644
index 00000000000000..dcfb587e084a6c
--- /dev/null
+++ b/deps/npm/node_modules/@sigstore/verify/package.json
@@ -0,0 +1,36 @@
+{
+  "name": "@sigstore/verify",
+  "version": "1.1.0",
+  "description": "Verification of Sigstore signatures",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "clean": "shx rm -rf dist *.tsbuildinfo",
+    "build": "tsc --build",
+    "test": "jest"
+  },
+  "files": [
+    "dist"
+  ],
+  "author": "bdehamer@github.com",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/sigstore/sigstore-js.git"
+  },
+  "bugs": {
+    "url": "https://github.com/sigstore/sigstore-js/issues"
+  },
+  "homepage": "https://github.com/sigstore/sigstore-js/tree/main/packages/verify#readme",
+  "publishConfig": {
+    "provenance": true
+  },
+  "dependencies": {
+    "@sigstore/protobuf-specs": "^0.3.0",
+    "@sigstore/bundle": "^2.2.0",
+    "@sigstore/core": "^1.0.0"
+  },
+  "engines": {
+    "node": "^16.14.0 || >=18.0.0"
+  }
+}
diff --git a/deps/npm/node_modules/ansi-regex/index.js b/deps/npm/node_modules/ansi-regex/index.js
index 130a0929b8ce8c..616ff837d3ff01 100644
--- a/deps/npm/node_modules/ansi-regex/index.js
+++ b/deps/npm/node_modules/ansi-regex/index.js
@@ -1,8 +1,10 @@
-export default function ansiRegex({onlyFirst = false} = {}) {
+'use strict';
+
+module.exports = ({onlyFirst = false} = {}) => {
 	const pattern = [
-	    '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
+		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
 		'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
 	].join('|');
 
 	return new RegExp(pattern, onlyFirst ? undefined : 'g');
-}
+};
diff --git a/deps/npm/node_modules/ansi-regex/license b/deps/npm/node_modules/ansi-regex/license
index fa7ceba3eb4a96..e7af2f77107d73 100644
--- a/deps/npm/node_modules/ansi-regex/license
+++ b/deps/npm/node_modules/ansi-regex/license
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) Sindre Sorhus  (https://sindresorhus.com)
+Copyright (c) Sindre Sorhus  (sindresorhus.com)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
diff --git a/deps/npm/node_modules/ansi-regex/package.json b/deps/npm/node_modules/ansi-regex/package.json
index 7bbb563bf2a70a..017f53116a9e28 100644
--- a/deps/npm/node_modules/ansi-regex/package.json
+++ b/deps/npm/node_modules/ansi-regex/package.json
@@ -1,19 +1,16 @@
 {
 	"name": "ansi-regex",
-	"version": "6.0.1",
+	"version": "5.0.1",
 	"description": "Regular expression for matching ANSI escape codes",
 	"license": "MIT",
 	"repository": "chalk/ansi-regex",
-	"funding": "https://github.com/chalk/ansi-regex?sponsor=1",
 	"author": {
 		"name": "Sindre Sorhus",
 		"email": "sindresorhus@gmail.com",
-		"url": "https://sindresorhus.com"
+		"url": "sindresorhus.com"
 	},
-	"type": "module",
-	"exports": "./index.js",
 	"engines": {
-		"node": ">=12"
+		"node": ">=8"
 	},
 	"scripts": {
 		"test": "xo && ava && tsd",
@@ -51,8 +48,8 @@
 		"pattern"
 	],
 	"devDependencies": {
-		"ava": "^3.15.0",
-		"tsd": "^0.14.0",
-		"xo": "^0.38.2"
+		"ava": "^2.4.0",
+		"tsd": "^0.9.0",
+		"xo": "^0.25.3"
 	}
 }
diff --git a/deps/npm/node_modules/cli-columns/node_modules/ansi-regex/index.js b/deps/npm/node_modules/cli-columns/node_modules/ansi-regex/index.js
deleted file mode 100644
index 616ff837d3ff01..00000000000000
--- a/deps/npm/node_modules/cli-columns/node_modules/ansi-regex/index.js
+++ /dev/null
@@ -1,10 +0,0 @@
-'use strict';
-
-module.exports = ({onlyFirst = false} = {}) => {
-	const pattern = [
-		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
-		'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
-	].join('|');
-
-	return new RegExp(pattern, onlyFirst ? undefined : 'g');
-};
diff --git a/deps/npm/node_modules/cli-columns/node_modules/strip-ansi/index.js b/deps/npm/node_modules/cli-columns/node_modules/strip-ansi/index.js
deleted file mode 100644
index 9a593dfcd1fd5c..00000000000000
--- a/deps/npm/node_modules/cli-columns/node_modules/strip-ansi/index.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-const ansiRegex = require('ansi-regex');
-
-module.exports = string => typeof string === 'string' ? string.replace(ansiRegex(), '') : string;
diff --git a/deps/npm/node_modules/columnify/node_modules/ansi-regex/index.js b/deps/npm/node_modules/columnify/node_modules/ansi-regex/index.js
deleted file mode 100644
index 616ff837d3ff01..00000000000000
--- a/deps/npm/node_modules/columnify/node_modules/ansi-regex/index.js
+++ /dev/null
@@ -1,10 +0,0 @@
-'use strict';
-
-module.exports = ({onlyFirst = false} = {}) => {
-	const pattern = [
-		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
-		'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
-	].join('|');
-
-	return new RegExp(pattern, onlyFirst ? undefined : 'g');
-};
diff --git a/deps/npm/node_modules/columnify/node_modules/ansi-regex/package.json b/deps/npm/node_modules/columnify/node_modules/ansi-regex/package.json
deleted file mode 100644
index 017f53116a9e28..00000000000000
--- a/deps/npm/node_modules/columnify/node_modules/ansi-regex/package.json
+++ /dev/null
@@ -1,55 +0,0 @@
-{
-	"name": "ansi-regex",
-	"version": "5.0.1",
-	"description": "Regular expression for matching ANSI escape codes",
-	"license": "MIT",
-	"repository": "chalk/ansi-regex",
-	"author": {
-		"name": "Sindre Sorhus",
-		"email": "sindresorhus@gmail.com",
-		"url": "sindresorhus.com"
-	},
-	"engines": {
-		"node": ">=8"
-	},
-	"scripts": {
-		"test": "xo && ava && tsd",
-		"view-supported": "node fixtures/view-codes.js"
-	},
-	"files": [
-		"index.js",
-		"index.d.ts"
-	],
-	"keywords": [
-		"ansi",
-		"styles",
-		"color",
-		"colour",
-		"colors",
-		"terminal",
-		"console",
-		"cli",
-		"string",
-		"tty",
-		"escape",
-		"formatting",
-		"rgb",
-		"256",
-		"shell",
-		"xterm",
-		"command-line",
-		"text",
-		"regex",
-		"regexp",
-		"re",
-		"match",
-		"test",
-		"find",
-		"pattern"
-	],
-	"devDependencies": {
-		"ava": "^2.4.0",
-		"tsd": "^0.9.0",
-		"xo": "^0.25.3"
-	}
-}
diff --git a/deps/npm/node_modules/columnify/node_modules/strip-ansi/index.js b/deps/npm/node_modules/columnify/node_modules/strip-ansi/index.js
deleted file mode 100644
index 9a593dfcd1fd5c..00000000000000
--- a/deps/npm/node_modules/columnify/node_modules/strip-ansi/index.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-const ansiRegex = require('ansi-regex');
-
-module.exports = string => typeof string === 'string' ? string.replace(ansiRegex(), '') : string;
diff --git a/deps/npm/node_modules/columnify/node_modules/strip-ansi/package.json b/deps/npm/node_modules/columnify/node_modules/strip-ansi/package.json
deleted file mode 100644
index 1a41108d42831c..00000000000000
--- a/deps/npm/node_modules/columnify/node_modules/strip-ansi/package.json
+++ /dev/null
@@ -1,54 +0,0 @@
-{
-	"name": "strip-ansi",
-	"version": "6.0.1",
-	"description": "Strip ANSI escape codes from a string",
-	"license": "MIT",
-	"repository": "chalk/strip-ansi",
-	"author": {
-		"name": "Sindre Sorhus",
-		"email": "sindresorhus@gmail.com",
-		"url": "sindresorhus.com"
-	},
-	"engines": {
-		"node": ">=8"
-	},
-	"scripts": {
-		"test": "xo && ava && tsd"
-	},
-	"files": [
-		"index.js",
-		"index.d.ts"
-	],
-	"keywords": [
-		"strip",
-		"trim",
-		"remove",
-		"ansi",
-		"styles",
-		"color",
-		"colour",
-		"colors",
-		"terminal",
-		"console",
-		"string",
-		"tty",
-		"escape",
-		"formatting",
-		"rgb",
-		"256",
-		"shell",
-		"xterm",
-		"log",
-		"logging",
-		"command-line",
-		"text"
-	],
-	"dependencies": {
-		"ansi-regex": "^5.0.1"
-	},
-	"devDependencies": {
-		"ava": "^2.4.0",
-		"tsd": "^0.10.0",
-		"xo": "^0.25.3"
-	}
-}
diff --git a/deps/npm/node_modules/diff/CONTRIBUTING.md b/deps/npm/node_modules/diff/CONTRIBUTING.md
index c8c4fe6cc225cc..c974cf678e2c5e 100644
--- a/deps/npm/node_modules/diff/CONTRIBUTING.md
+++ b/deps/npm/node_modules/diff/CONTRIBUTING.md
@@ -15,25 +15,22 @@ Generally we like to see pull requests that
 ## Building
 
 ```
-npm install
-npm test
+yarn
+yarn test
 ```
 
-The `npm test -- dev` implements watching for tests within Node and `karma start` may be used for manual testing in browsers.
+Running `yarn test -- dev` will watch for tests within Node and `karma start` may be used for manual testing in browsers.
 
 If you notice any problems, please report them to the GitHub issue tracker at
 [http://github.com/kpdecker/jsdiff/issues](http://github.com/kpdecker/jsdiff/issues).
 
 ## Releasing
 
-JsDiff utilizes the [release yeoman generator][generator-release] to perform most release tasks.
-
 A full release may be completed with the following:
 
 ```
-yo release
-npm publish
+yarn clean
+yarn grunt
+yarn grunt uglify
+yarn publish
 ```
-
-[generator-release]: https://github.com/walmartlabs/generator-release
-[pull-request]: https://github.com/kpdecker/jsdiff/pull/new/master
diff --git a/deps/npm/node_modules/diff/LICENSE b/deps/npm/node_modules/diff/LICENSE
index 4e7146ed78a2f2..2d48b19fcc2e62 100644
--- a/deps/npm/node_modules/diff/LICENSE
+++ b/deps/npm/node_modules/diff/LICENSE
@@ -1,31 +1,29 @@
-Software License Agreement (BSD License)
+BSD 3-Clause License
 
 Copyright (c) 2009-2015, Kevin Decker 
-
 All rights reserved.
 
-Redistribution and use of this software in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
 
-* Redistributions of source code must retain the above
-  copyright notice, this list of conditions and the
-  following disclaimer.
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
 
-* Redistributions in binary form must reproduce the above
-  copyright notice, this list of conditions and the
-  following disclaimer in the documentation and/or other
-  materials provided with the distribution.
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
 
-* Neither the name of Kevin Decker nor the names of its
-  contributors may be used to endorse or promote products
-  derived from this software without specific prior
-  written permission.
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
-IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
-IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/deps/npm/node_modules/diff/dist/diff.js b/deps/npm/node_modules/diff/dist/diff.js
index 7fa3a556c42000..76232b293d549f 100644
--- a/deps/npm/node_modules/diff/dist/diff.js
+++ b/deps/npm/node_modules/diff/dist/diff.js
@@ -1,40 +1,3 @@
-/*!
-
- diff v5.1.0
-
-Software License Agreement (BSD License)
-
-Copyright (c) 2009-2015, Kevin Decker 
-
-All rights reserved.
-
-Redistribution and use of this software in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above
-  copyright notice, this list of conditions and the
-  following disclaimer.
-
-* Redistributions in binary form must reproduce the above
-  copyright notice, this list of conditions and the
-  following disclaimer in the documentation and/or other
-  materials provided with the distribution.
-
-* Neither the name of Kevin Decker nor the names of its
-  contributors may be used to endorse or promote products
-  derived from this software without specific prior
-  written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
-IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
-IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-@license
-*/
 (function (global, factory) {
   typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
   typeof define === 'function' && define.amd ? define(['exports'], factory) :
@@ -44,6 +7,8 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   function Diff() {}
   Diff.prototype = {
     diff: function diff(oldString, newString) {
+      var _options$timeout;
+
       var options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
       var callback = options.callback;
 
@@ -80,64 +45,96 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
         maxEditLength = Math.min(maxEditLength, options.maxEditLength);
       }
 
+      var maxExecutionTime = (_options$timeout = options.timeout) !== null && _options$timeout !== void 0 ? _options$timeout : Infinity;
+      var abortAfterTimestamp = Date.now() + maxExecutionTime;
       var bestPath = [{
-        newPos: -1,
-        components: []
+        oldPos: -1,
+        lastComponent: undefined
       }]; // Seed editLength = 0, i.e. the content starts with the same values
 
-      var oldPos = this.extractCommon(bestPath[0], newString, oldString, 0);
+      var newPos = this.extractCommon(bestPath[0], newString, oldString, 0);
 
-      if (bestPath[0].newPos + 1 >= newLen && oldPos + 1 >= oldLen) {
+      if (bestPath[0].oldPos + 1 >= oldLen && newPos + 1 >= newLen) {
         // Identity per the equality and tokenizer
         return done([{
           value: this.join(newString),
           count: newString.length
         }]);
-      } // Main worker method. checks all permutations of a given edit length for acceptance.
-
+      } // Once we hit the right edge of the edit graph on some diagonal k, we can
+      // definitely reach the end of the edit graph in no more than k edits, so
+      // there's no point in considering any moves to diagonal k+1 any more (from
+      // which we're guaranteed to need at least k+1 more edits).
+      // Similarly, once we've reached the bottom of the edit graph, there's no
+      // point considering moves to lower diagonals.
+      // We record this fact by setting minDiagonalToConsider and
+      // maxDiagonalToConsider to some finite value once we've hit the edge of
+      // the edit graph.
+      // This optimization is not faithful to the original algorithm presented in
+      // Myers's paper, which instead pointlessly extends D-paths off the end of
+      // the edit graph - see page 7 of Myers's paper which notes this point
+      // explicitly and illustrates it with a diagram. This has major performance
+      // implications for some common scenarios. For instance, to compute a diff
+      // where the new text simply appends d characters on the end of the
+      // original text of length n, the true Myers algorithm will take O(n+d^2)
+      // time while this optimization needs only O(n+d) time.
+
+
+      var minDiagonalToConsider = -Infinity,
+          maxDiagonalToConsider = Infinity; // Main worker method. checks all permutations of a given edit length for acceptance.
 
       function execEditLength() {
-        for (var diagonalPath = -1 * editLength; diagonalPath <= editLength; diagonalPath += 2) {
+        for (var diagonalPath = Math.max(minDiagonalToConsider, -editLength); diagonalPath <= Math.min(maxDiagonalToConsider, editLength); diagonalPath += 2) {
           var basePath = void 0;
+          var removePath = bestPath[diagonalPath - 1],
+              addPath = bestPath[diagonalPath + 1];
 
-          var addPath = bestPath[diagonalPath - 1],
-              removePath = bestPath[diagonalPath + 1],
-              _oldPos = (removePath ? removePath.newPos : 0) - diagonalPath;
-
-          if (addPath) {
+          if (removePath) {
             // No one else is going to attempt to use this value, clear it
             bestPath[diagonalPath - 1] = undefined;
           }
 
-          var canAdd = addPath && addPath.newPos + 1 < newLen,
-              canRemove = removePath && 0 <= _oldPos && _oldPos < oldLen;
+          var canAdd = false;
+
+          if (addPath) {
+            // what newPos will be after we do an insertion:
+            var addPathNewPos = addPath.oldPos - diagonalPath;
+            canAdd = addPath && 0 <= addPathNewPos && addPathNewPos < newLen;
+          }
+
+          var canRemove = removePath && removePath.oldPos + 1 < oldLen;
 
           if (!canAdd && !canRemove) {
             // If this path is a terminal then prune
             bestPath[diagonalPath] = undefined;
             continue;
           } // Select the diagonal that we want to branch from. We select the prior
-          // path whose position in the new string is the farthest from the origin
+          // path whose position in the old string is the farthest from the origin
           // and does not pass the bounds of the diff graph
+          // TODO: Remove the `+ 1` here to make behavior match Myers algorithm
+          //       and prefer to order removals before insertions.
 
 
-          if (!canAdd || canRemove && addPath.newPos < removePath.newPos) {
-            basePath = clonePath(removePath);
-            self.pushComponent(basePath.components, undefined, true);
+          if (!canRemove || canAdd && removePath.oldPos + 1 < addPath.oldPos) {
+            basePath = self.addToPath(addPath, true, undefined, 0);
           } else {
-            basePath = addPath; // No need to clone, we've pulled it from the list
-
-            basePath.newPos++;
-            self.pushComponent(basePath.components, true, undefined);
+            basePath = self.addToPath(removePath, undefined, true, 1);
           }
 
-          _oldPos = self.extractCommon(basePath, newString, oldString, diagonalPath); // If we have hit the end of both strings, then we are done
+          newPos = self.extractCommon(basePath, newString, oldString, diagonalPath);
 
-          if (basePath.newPos + 1 >= newLen && _oldPos + 1 >= oldLen) {
-            return done(buildValues(self, basePath.components, newString, oldString, self.useLongestToken));
+          if (basePath.oldPos + 1 >= oldLen && newPos + 1 >= newLen) {
+            // If we have hit the end of both strings, then we are done
+            return done(buildValues(self, basePath.lastComponent, newString, oldString, self.useLongestToken));
           } else {
-            // Otherwise track this path as a potential candidate and continue.
             bestPath[diagonalPath] = basePath;
+
+            if (basePath.oldPos + 1 >= oldLen) {
+              maxDiagonalToConsider = Math.min(maxDiagonalToConsider, diagonalPath - 1);
+            }
+
+            if (newPos + 1 >= newLen) {
+              minDiagonalToConsider = Math.max(minDiagonalToConsider, diagonalPath + 1);
+            }
           }
         }
 
@@ -151,7 +148,7 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
       if (callback) {
         (function exec() {
           setTimeout(function () {
-            if (editLength > maxEditLength) {
+            if (editLength > maxEditLength || Date.now() > abortAfterTimestamp) {
               return callback();
             }
 
@@ -161,7 +158,7 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
           }, 0);
         })();
       } else {
-        while (editLength <= maxEditLength) {
+        while (editLength <= maxEditLength && Date.now() <= abortAfterTimestamp) {
           var ret = execEditLength();
 
           if (ret) {
@@ -170,30 +167,36 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
         }
       }
     },
-    pushComponent: function pushComponent(components, added, removed) {
-      var last = components[components.length - 1];
+    addToPath: function addToPath(path, added, removed, oldPosInc) {
+      var last = path.lastComponent;
 
       if (last && last.added === added && last.removed === removed) {
-        // We need to clone here as the component clone operation is just
-        // as shallow array clone
-        components[components.length - 1] = {
-          count: last.count + 1,
-          added: added,
-          removed: removed
+        return {
+          oldPos: path.oldPos + oldPosInc,
+          lastComponent: {
+            count: last.count + 1,
+            added: added,
+            removed: removed,
+            previousComponent: last.previousComponent
+          }
         };
       } else {
-        components.push({
-          count: 1,
-          added: added,
-          removed: removed
-        });
+        return {
+          oldPos: path.oldPos + oldPosInc,
+          lastComponent: {
+            count: 1,
+            added: added,
+            removed: removed,
+            previousComponent: last
+          }
+        };
       }
     },
     extractCommon: function extractCommon(basePath, newString, oldString, diagonalPath) {
       var newLen = newString.length,
           oldLen = oldString.length,
-          newPos = basePath.newPos,
-          oldPos = newPos - diagonalPath,
+          oldPos = basePath.oldPos,
+          newPos = oldPos - diagonalPath,
           commonCount = 0;
 
       while (newPos + 1 < newLen && oldPos + 1 < oldLen && this.equals(newString[newPos + 1], oldString[oldPos + 1])) {
@@ -203,13 +206,14 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
       }
 
       if (commonCount) {
-        basePath.components.push({
-          count: commonCount
-        });
+        basePath.lastComponent = {
+          count: commonCount,
+          previousComponent: basePath.lastComponent
+        };
       }
 
-      basePath.newPos = newPos;
-      return oldPos;
+      basePath.oldPos = oldPos;
+      return newPos;
     },
     equals: function equals(left, right) {
       if (this.options.comparator) {
@@ -240,7 +244,20 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     }
   };
 
-  function buildValues(diff, components, newString, oldString, useLongestToken) {
+  function buildValues(diff, lastComponent, newString, oldString, useLongestToken) {
+    // First we convert our linked list of components in reverse order to an
+    // array in the right order:
+    var components = [];
+    var nextComponent;
+
+    while (lastComponent) {
+      components.push(lastComponent);
+      nextComponent = lastComponent.previousComponent;
+      delete lastComponent.previousComponent;
+      lastComponent = nextComponent;
+    }
+
+    components.reverse();
     var componentPos = 0,
         componentLen = components.length,
         newPos = 0,
@@ -283,23 +300,16 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     // This is only available for string mode.
 
 
-    var lastComponent = components[componentLen - 1];
+    var finalComponent = components[componentLen - 1];
 
-    if (componentLen > 1 && typeof lastComponent.value === 'string' && (lastComponent.added || lastComponent.removed) && diff.equals('', lastComponent.value)) {
-      components[componentLen - 2].value += lastComponent.value;
+    if (componentLen > 1 && typeof finalComponent.value === 'string' && (finalComponent.added || finalComponent.removed) && diff.equals('', finalComponent.value)) {
+      components[componentLen - 2].value += finalComponent.value;
       components.pop();
     }
 
     return components;
   }
 
-  function clonePath(path) {
-    return {
-      newPos: path.newPos,
-      components: path.components.slice(0)
-    };
-  }
-
   var characterDiff = new Diff();
   function diffChars(oldStr, newStr, options) {
     return characterDiff.diff(oldStr, newStr, options);
@@ -380,6 +390,11 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   var lineDiff = new Diff();
 
   lineDiff.tokenize = function (value) {
+    if (this.options.stripTrailingCr) {
+      // remove one \r before \n to match GNU diff's --strip-trailing-cr behavior
+      value = value.replace(/\r\n/g, '\n');
+    }
+
     var retLines = [],
         linesAndNewlines = value.split(/(\n|\r\n)/); // Ignore the final empty token that occurs if the string ends with a new line
 
@@ -451,6 +466,55 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     return _typeof(obj);
   }
 
+  function _defineProperty(obj, key, value) {
+    if (key in obj) {
+      Object.defineProperty(obj, key, {
+        value: value,
+        enumerable: true,
+        configurable: true,
+        writable: true
+      });
+    } else {
+      obj[key] = value;
+    }
+
+    return obj;
+  }
+
+  function ownKeys(object, enumerableOnly) {
+    var keys = Object.keys(object);
+
+    if (Object.getOwnPropertySymbols) {
+      var symbols = Object.getOwnPropertySymbols(object);
+      if (enumerableOnly) symbols = symbols.filter(function (sym) {
+        return Object.getOwnPropertyDescriptor(object, sym).enumerable;
+      });
+      keys.push.apply(keys, symbols);
+    }
+
+    return keys;
+  }
+
+  function _objectSpread2(target) {
+    for (var i = 1; i < arguments.length; i++) {
+      var source = arguments[i] != null ? arguments[i] : {};
+
+      if (i % 2) {
+        ownKeys(Object(source), true).forEach(function (key) {
+          _defineProperty(target, key, source[key]);
+        });
+      } else if (Object.getOwnPropertyDescriptors) {
+        Object.defineProperties(target, Object.getOwnPropertyDescriptors(source));
+      } else {
+        ownKeys(Object(source)).forEach(function (key) {
+          Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));
+        });
+      }
+    }
+
+    return target;
+  }
+
   function _toConsumableArray(arr) {
     return _arrayWithoutHoles(arr) || _iterableToArray(arr) || _unsupportedIterableToArray(arr) || _nonIterableSpread();
   }
@@ -883,7 +947,7 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
         var line = _hunk.lines[j],
             operation = line.length > 0 ? line[0] : ' ',
             content = line.length > 0 ? line.substr(1) : line,
-            delimiter = _hunk.linedelimiters[j];
+            delimiter = _hunk.linedelimiters && _hunk.linedelimiters[j] || '\n';
 
         if (operation === ' ') {
           _toPos++;
@@ -1090,6 +1154,10 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     };
   }
   function formatPatch(diff) {
+    if (Array.isArray(diff)) {
+      return diff.map(formatPatch).join('\n');
+    }
+
     var ret = [];
 
     if (diff.oldFileName == diff.newFileName) {
@@ -1545,6 +1613,39 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     };
   }
 
+  function reversePatch(structuredPatch) {
+    if (Array.isArray(structuredPatch)) {
+      return structuredPatch.map(reversePatch).reverse();
+    }
+
+    return _objectSpread2(_objectSpread2({}, structuredPatch), {}, {
+      oldFileName: structuredPatch.newFileName,
+      oldHeader: structuredPatch.newHeader,
+      newFileName: structuredPatch.oldFileName,
+      newHeader: structuredPatch.oldHeader,
+      hunks: structuredPatch.hunks.map(function (hunk) {
+        return {
+          oldLines: hunk.newLines,
+          oldStart: hunk.newStart,
+          newLines: hunk.oldLines,
+          newStart: hunk.oldStart,
+          linedelimiters: hunk.linedelimiters,
+          lines: hunk.lines.map(function (l) {
+            if (l.startsWith('-')) {
+              return "+".concat(l.slice(1));
+            }
+
+            if (l.startsWith('+')) {
+              return "-".concat(l.slice(1));
+            }
+
+            return l;
+          })
+        };
+      })
+    });
+  }
+
   // See: http://code.google.com/p/google-diff-match-patch/wiki/API
   function convertChangesToDMP(changes) {
     var ret = [],
@@ -1618,8 +1719,10 @@ OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   exports.diffTrimmedLines = diffTrimmedLines;
   exports.diffWords = diffWords;
   exports.diffWordsWithSpace = diffWordsWithSpace;
+  exports.formatPatch = formatPatch;
   exports.merge = merge;
   exports.parsePatch = parsePatch;
+  exports.reversePatch = reversePatch;
   exports.structuredPatch = structuredPatch;
 
   Object.defineProperty(exports, '__esModule', { value: true });
diff --git a/deps/npm/node_modules/diff/dist/diff.min.js b/deps/npm/node_modules/diff/dist/diff.min.js
index 80c20de5b757df..078bcc5c2e6a73 100644
--- a/deps/npm/node_modules/diff/dist/diff.min.js
+++ b/deps/npm/node_modules/diff/dist/diff.min.js
@@ -1,38 +1 @@
-/*!
-
- diff v5.1.0
-
-Software License Agreement (BSD License)
-
-Copyright (c) 2009-2015, Kevin Decker 
-
-All rights reserved.
-
-Redistribution and use of this software in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above
-  copyright notice, this list of conditions and the
-  following disclaimer.
-
-* Redistributions in binary form must reproduce the above
-  copyright notice, this list of conditions and the
-  following disclaimer in the documentation and/or other
-  materials provided with the distribution.
-
-* Neither the name of Kevin Decker nor the names of its
-  contributors may be used to endorse or promote products
-  derived from this software without specific prior
-  written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR
-IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
-CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
-IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-@license
-*/
-!function(e,n){"object"==typeof exports&&"undefined"!=typeof module?n(exports):"function"==typeof define&&define.amd?define(["exports"],n):n((e=e||self).Diff={})}(this,function(e){"use strict";function t(){}t.prototype={diff:function(u,a,e){var n=2=c&&h<=i+1)return d([{value:this.join(a),count:a.length}]);function o(){for(var e,n=-1*p;n<=p;n+=2){var t=void 0,r=v[n-1],i=v[n+1],o=(i?i.newPos:0)-n;r&&(v[n-1]=void 0);var l=r&&r.newPos+1=c&&h<=o+1)return d(function(e,n,t,r,i){for(var o=0,l=n.length,s=0,u=0;oe.length?t:e}),d.value=e.join(f)):d.value=e.join(t.slice(s,s+d.count)),s+=d.count,d.added||(u+=d.count))}var c=n[l-1];1e.length)&&(n=e.length);for(var t=0,r=new Array(n);t=c.length-2&&u.length<=d.context&&(i=/\n$/.test(a),o=/\n$/.test(f),l=0==u.length&&g.length>r.oldLines,!i&&l&&0e.length)return!1;for(var t=0;t"):i.removed&&t.push(""),t.push((n=i.value,n.replace(/&/g,"&").replace(//g,">").replace(/"/g,"""))),i.added?t.push(""):i.removed&&t.push("")}return t.join("")},e.createPatch=function(e,n,t,r,i,o){return y(e,e,n,t,r,i,o)},e.createTwoFilesPatch=y,e.diffArrays=function(e,n,t){return g.diff(e,n,t)},e.diffChars=function(e,n,t){return r.diff(e,n,t)},e.diffCss=function(e,n,t){return f.diff(e,n,t)},e.diffJson=function(e,n,t){return p.diff(e,n,t)},e.diffLines=L,e.diffSentences=function(e,n,t){return a.diff(e,n,t)},e.diffTrimmedLines=function(e,n,t){var r=i(t,{ignoreWhitespace:!0});return u.diff(e,n,r)},e.diffWords=function(e,n,t){return t=i(t,{ignoreWhitespace:!0}),s.diff(e,n,t)},e.diffWordsWithSpace=function(e,n,t){return s.diff(e,n,t)},e.merge=function(e,n,t){e=b(e,t),n=b(n,t);var r={};(e.index||n.index)&&(r.index=e.index||n.index),(e.newFileName||n.newFileName)&&(F(e)?F(n)?(r.oldFileName=N(r,e.oldFileName,n.oldFileName),r.newFileName=N(r,e.newFileName,n.newFileName),r.oldHeader=N(r,e.oldHeader,n.oldHeader),r.newHeader=N(r,e.newHeader,n.newHeader)):(r.oldFileName=e.oldFileName,r.newFileName=e.newFileName,r.oldHeader=e.oldHeader,r.newHeader=e.newHeader):(r.oldFileName=n.oldFileName||e.oldFileName,r.newFileName=n.newFileName||e.newFileName,r.oldHeader=n.oldHeader||e.oldHeader,r.newHeader=n.newHeader||e.newHeader)),r.hunks=[];for(var i=0,o=0,l=0,s=0;i=c&&f<=v+1)return d([{value:this.join(a),count:a.length}]);var m=-1/0,g=1/0;function w(){for(var e=Math.max(m,-p);e<=Math.min(g,p);e+=2){var n=void 0,t=h[e-1],r=h[e+1];t&&(h[e-1]=void 0);var i,o=!1;r&&(i=r.oldPos-e,o=r&&0<=i&&i=c&&f<=v+1)return d(function(e,n,t,r,i){var o,l=[];for(;n;)l.push(n),o=n.previousComponent,delete n.previousComponent,n=o;l.reverse();for(var s=0,a=l.length,u=0,d=0;se.length?t:e}),p.value=e.join(c)):p.value=e.join(t.slice(u,u+p.count)),u+=p.count,p.added||(d+=p.count))}var h=l[a-1];1=c&&(g=Math.min(g,e-1)),f<=v+1&&(m=Math.max(m,e+1))}else h[e]=void 0}p++}if(r)!function e(){setTimeout(function(){return il?r():void(w()||e())},0)}();else for(;p<=i&&Date.now()<=l;){var y=w();if(y)return y}},addToPath:function(e,n,t,r){var i=e.lastComponent;return i&&i.added===n&&i.removed===t?{oldPos:e.oldPos+r,lastComponent:{count:i.count+1,added:n,removed:t,previousComponent:i.previousComponent}}:{oldPos:e.oldPos+r,lastComponent:{count:1,added:n,removed:t,previousComponent:i}}},extractCommon:function(e,n,t,r){for(var i=n.length,o=t.length,l=e.oldPos,s=l-r,a=0;s+1e.length)&&(n=e.length);for(var t=0,r=new Array(n);t=c.length-2&&a.length<=f.context&&(i=/\n$/.test(u),o=/\n$/.test(d),l=0==a.length&&m.length>r.oldLines,!i&&l&&0e.length)return!1;for(var t=0;t"):i.removed&&t.push(""),t.push((n=i.value,n.replace(/&/g,"&").replace(//g,">").replace(/"/g,"""))),i.added?t.push(""):i.removed&&t.push("")}return t.join("")},e.createPatch=function(e,n,t,r,i,o){return b(e,e,n,t,r,i,o)},e.createTwoFilesPatch=b,e.diffArrays=function(e,n,t){return g.diff(e,n,t)},e.diffChars=function(e,n,t){return r.diff(e,n,t)},e.diffCss=function(e,n,t){return d.diff(e,n,t)},e.diffJson=function(e,n,t){return v.diff(e,n,t)},e.diffLines=L,e.diffSentences=function(e,n,t){return u.diff(e,n,t)},e.diffTrimmedLines=function(e,n,t){var r=i(t,{ignoreWhitespace:!0});return a.diff(e,n,r)},e.diffWords=function(e,n,t){return t=i(t,{ignoreWhitespace:!0}),s.diff(e,n,t)},e.diffWordsWithSpace=function(e,n,t){return s.diff(e,n,t)},e.formatPatch=S,e.merge=function(e,n,t){e=N(e,t),n=N(n,t);var r={};(e.index||n.index)&&(r.index=e.index||n.index),(e.newFileName||n.newFileName)&&(P(e)?P(n)?(r.oldFileName=j(r,e.oldFileName,n.oldFileName),r.newFileName=j(r,e.newFileName,n.newFileName),r.oldHeader=j(r,e.oldHeader,n.oldHeader),r.newHeader=j(r,e.newHeader,n.newHeader)):(r.oldFileName=e.oldFileName,r.newFileName=e.newFileName,r.oldHeader=e.oldHeader,r.newHeader=e.newHeader):(r.oldFileName=n.oldFileName||e.oldFileName,r.newFileName=n.newFileName||e.newFileName,r.oldHeader=n.oldHeader||e.oldHeader,r.newHeader=n.newHeader||e.newHeader)),r.hunks=[];for(var i=0,o=0,l=0,s=0;i 2 && arguments[2] !== undefined ? arguments[2] : {};
@@ -53,68 +55,104 @@ Diff.prototype = {
       maxEditLength = Math.min(maxEditLength, options.maxEditLength);
     }
 
+    var maxExecutionTime =
+    /*istanbul ignore start*/
+    (_options$timeout =
+    /*istanbul ignore end*/
+    options.timeout) !== null && _options$timeout !== void 0 ? _options$timeout : Infinity;
+    var abortAfterTimestamp = Date.now() + maxExecutionTime;
     var bestPath = [{
-      newPos: -1,
-      components: []
+      oldPos: -1,
+      lastComponent: undefined
     }]; // Seed editLength = 0, i.e. the content starts with the same values
 
-    var oldPos = this.extractCommon(bestPath[0], newString, oldString, 0);
+    var newPos = this.extractCommon(bestPath[0], newString, oldString, 0);
 
-    if (bestPath[0].newPos + 1 >= newLen && oldPos + 1 >= oldLen) {
+    if (bestPath[0].oldPos + 1 >= oldLen && newPos + 1 >= newLen) {
       // Identity per the equality and tokenizer
       return done([{
         value: this.join(newString),
         count: newString.length
       }]);
-    } // Main worker method. checks all permutations of a given edit length for acceptance.
-
+    } // Once we hit the right edge of the edit graph on some diagonal k, we can
+    // definitely reach the end of the edit graph in no more than k edits, so
+    // there's no point in considering any moves to diagonal k+1 any more (from
+    // which we're guaranteed to need at least k+1 more edits).
+    // Similarly, once we've reached the bottom of the edit graph, there's no
+    // point considering moves to lower diagonals.
+    // We record this fact by setting minDiagonalToConsider and
+    // maxDiagonalToConsider to some finite value once we've hit the edge of
+    // the edit graph.
+    // This optimization is not faithful to the original algorithm presented in
+    // Myers's paper, which instead pointlessly extends D-paths off the end of
+    // the edit graph - see page 7 of Myers's paper which notes this point
+    // explicitly and illustrates it with a diagram. This has major performance
+    // implications for some common scenarios. For instance, to compute a diff
+    // where the new text simply appends d characters on the end of the
+    // original text of length n, the true Myers algorithm will take O(n+d^2)
+    // time while this optimization needs only O(n+d) time.
+
+
+    var minDiagonalToConsider = -Infinity,
+        maxDiagonalToConsider = Infinity; // Main worker method. checks all permutations of a given edit length for acceptance.
 
     function execEditLength() {
-      for (var diagonalPath = -1 * editLength; diagonalPath <= editLength; diagonalPath += 2) {
+      for (var diagonalPath = Math.max(minDiagonalToConsider, -editLength); diagonalPath <= Math.min(maxDiagonalToConsider, editLength); diagonalPath += 2) {
         var basePath =
         /*istanbul ignore start*/
         void 0
         /*istanbul ignore end*/
         ;
+        var removePath = bestPath[diagonalPath - 1],
+            addPath = bestPath[diagonalPath + 1];
 
-        var addPath = bestPath[diagonalPath - 1],
-            removePath = bestPath[diagonalPath + 1],
-            _oldPos = (removePath ? removePath.newPos : 0) - diagonalPath;
-
-        if (addPath) {
+        if (removePath) {
           // No one else is going to attempt to use this value, clear it
           bestPath[diagonalPath - 1] = undefined;
         }
 
-        var canAdd = addPath && addPath.newPos + 1 < newLen,
-            canRemove = removePath && 0 <= _oldPos && _oldPos < oldLen;
+        var canAdd = false;
+
+        if (addPath) {
+          // what newPos will be after we do an insertion:
+          var addPathNewPos = addPath.oldPos - diagonalPath;
+          canAdd = addPath && 0 <= addPathNewPos && addPathNewPos < newLen;
+        }
+
+        var canRemove = removePath && removePath.oldPos + 1 < oldLen;
 
         if (!canAdd && !canRemove) {
           // If this path is a terminal then prune
           bestPath[diagonalPath] = undefined;
           continue;
         } // Select the diagonal that we want to branch from. We select the prior
-        // path whose position in the new string is the farthest from the origin
+        // path whose position in the old string is the farthest from the origin
         // and does not pass the bounds of the diff graph
+        // TODO: Remove the `+ 1` here to make behavior match Myers algorithm
+        //       and prefer to order removals before insertions.
 
 
-        if (!canAdd || canRemove && addPath.newPos < removePath.newPos) {
-          basePath = clonePath(removePath);
-          self.pushComponent(basePath.components, undefined, true);
+        if (!canRemove || canAdd && removePath.oldPos + 1 < addPath.oldPos) {
+          basePath = self.addToPath(addPath, true, undefined, 0);
         } else {
-          basePath = addPath; // No need to clone, we've pulled it from the list
-
-          basePath.newPos++;
-          self.pushComponent(basePath.components, true, undefined);
+          basePath = self.addToPath(removePath, undefined, true, 1);
         }
 
-        _oldPos = self.extractCommon(basePath, newString, oldString, diagonalPath); // If we have hit the end of both strings, then we are done
+        newPos = self.extractCommon(basePath, newString, oldString, diagonalPath);
 
-        if (basePath.newPos + 1 >= newLen && _oldPos + 1 >= oldLen) {
-          return done(buildValues(self, basePath.components, newString, oldString, self.useLongestToken));
+        if (basePath.oldPos + 1 >= oldLen && newPos + 1 >= newLen) {
+          // If we have hit the end of both strings, then we are done
+          return done(buildValues(self, basePath.lastComponent, newString, oldString, self.useLongestToken));
         } else {
-          // Otherwise track this path as a potential candidate and continue.
           bestPath[diagonalPath] = basePath;
+
+          if (basePath.oldPos + 1 >= oldLen) {
+            maxDiagonalToConsider = Math.min(maxDiagonalToConsider, diagonalPath - 1);
+          }
+
+          if (newPos + 1 >= newLen) {
+            minDiagonalToConsider = Math.max(minDiagonalToConsider, diagonalPath + 1);
+          }
         }
       }
 
@@ -128,7 +166,7 @@ Diff.prototype = {
     if (callback) {
       (function exec() {
         setTimeout(function () {
-          if (editLength > maxEditLength) {
+          if (editLength > maxEditLength || Date.now() > abortAfterTimestamp) {
             return callback();
           }
 
@@ -138,7 +176,7 @@ Diff.prototype = {
         }, 0);
       })();
     } else {
-      while (editLength <= maxEditLength) {
+      while (editLength <= maxEditLength && Date.now() <= abortAfterTimestamp) {
         var ret = execEditLength();
 
         if (ret) {
@@ -151,23 +189,29 @@ Diff.prototype = {
   /*istanbul ignore start*/
 
   /*istanbul ignore end*/
-  pushComponent: function pushComponent(components, added, removed) {
-    var last = components[components.length - 1];
+  addToPath: function addToPath(path, added, removed, oldPosInc) {
+    var last = path.lastComponent;
 
     if (last && last.added === added && last.removed === removed) {
-      // We need to clone here as the component clone operation is just
-      // as shallow array clone
-      components[components.length - 1] = {
-        count: last.count + 1,
-        added: added,
-        removed: removed
+      return {
+        oldPos: path.oldPos + oldPosInc,
+        lastComponent: {
+          count: last.count + 1,
+          added: added,
+          removed: removed,
+          previousComponent: last.previousComponent
+        }
       };
     } else {
-      components.push({
-        count: 1,
-        added: added,
-        removed: removed
-      });
+      return {
+        oldPos: path.oldPos + oldPosInc,
+        lastComponent: {
+          count: 1,
+          added: added,
+          removed: removed,
+          previousComponent: last
+        }
+      };
     }
   },
 
@@ -177,8 +221,8 @@ Diff.prototype = {
   extractCommon: function extractCommon(basePath, newString, oldString, diagonalPath) {
     var newLen = newString.length,
         oldLen = oldString.length,
-        newPos = basePath.newPos,
-        oldPos = newPos - diagonalPath,
+        oldPos = basePath.oldPos,
+        newPos = oldPos - diagonalPath,
         commonCount = 0;
 
     while (newPos + 1 < newLen && oldPos + 1 < oldLen && this.equals(newString[newPos + 1], oldString[oldPos + 1])) {
@@ -188,13 +232,14 @@ Diff.prototype = {
     }
 
     if (commonCount) {
-      basePath.components.push({
-        count: commonCount
-      });
+      basePath.lastComponent = {
+        count: commonCount,
+        previousComponent: basePath.lastComponent
+      };
     }
 
-    basePath.newPos = newPos;
-    return oldPos;
+    basePath.oldPos = oldPos;
+    return newPos;
   },
 
   /*istanbul ignore start*/
@@ -245,7 +290,20 @@ Diff.prototype = {
   }
 };
 
-function buildValues(diff, components, newString, oldString, useLongestToken) {
+function buildValues(diff, lastComponent, newString, oldString, useLongestToken) {
+  // First we convert our linked list of components in reverse order to an
+  // array in the right order:
+  var components = [];
+  var nextComponent;
+
+  while (lastComponent) {
+    components.push(lastComponent);
+    nextComponent = lastComponent.previousComponent;
+    delete lastComponent.previousComponent;
+    lastComponent = nextComponent;
+  }
+
+  components.reverse();
   var componentPos = 0,
       componentLen = components.length,
       newPos = 0,
@@ -288,20 +346,13 @@ function buildValues(diff, components, newString, oldString, useLongestToken) {
   // This is only available for string mode.
 
 
-  var lastComponent = components[componentLen - 1];
+  var finalComponent = components[componentLen - 1];
 
-  if (componentLen > 1 && typeof lastComponent.value === 'string' && (lastComponent.added || lastComponent.removed) && diff.equals('', lastComponent.value)) {
-    components[componentLen - 2].value += lastComponent.value;
+  if (componentLen > 1 && typeof finalComponent.value === 'string' && (finalComponent.added || finalComponent.removed) && diff.equals('', finalComponent.value)) {
+    components[componentLen - 2].value += finalComponent.value;
     components.pop();
   }
 
   return components;
 }
-
-function clonePath(path) {
-  return {
-    newPos: path.newPos,
-    components: path.components.slice(0)
-  };
-}
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9kaWZmL2Jhc2UuanMiXSwibmFtZXMiOlsiRGlmZiIsInByb3RvdHlwZSIsImRpZmYiLCJvbGRTdHJpbmciLCJuZXdTdHJpbmciLCJvcHRpb25zIiwiY2FsbGJhY2siLCJzZWxmIiwiZG9uZSIsInZhbHVlIiwic2V0VGltZW91dCIsInVuZGVmaW5lZCIsImNhc3RJbnB1dCIsInJlbW92ZUVtcHR5IiwidG9rZW5pemUiLCJuZXdMZW4iLCJsZW5ndGgiLCJvbGRMZW4iLCJlZGl0TGVuZ3RoIiwibWF4RWRpdExlbmd0aCIsIk1hdGgiLCJtaW4iLCJiZXN0UGF0aCIsIm5ld1BvcyIsImNvbXBvbmVudHMiLCJvbGRQb3MiLCJleHRyYWN0Q29tbW9uIiwiam9pbiIsImNvdW50IiwiZXhlY0VkaXRMZW5ndGgiLCJkaWFnb25hbFBhdGgiLCJiYXNlUGF0aCIsImFkZFBhdGgiLCJyZW1vdmVQYXRoIiwiY2FuQWRkIiwiY2FuUmVtb3ZlIiwiY2xvbmVQYXRoIiwicHVzaENvbXBvbmVudCIsImJ1aWxkVmFsdWVzIiwidXNlTG9uZ2VzdFRva2VuIiwiZXhlYyIsInJldCIsImFkZGVkIiwicmVtb3ZlZCIsImxhc3QiLCJwdXNoIiwiY29tbW9uQ291bnQiLCJlcXVhbHMiLCJsZWZ0IiwicmlnaHQiLCJjb21wYXJhdG9yIiwiaWdub3JlQ2FzZSIsInRvTG93ZXJDYXNlIiwiYXJyYXkiLCJpIiwic3BsaXQiLCJjaGFycyIsImNvbXBvbmVudFBvcyIsImNvbXBvbmVudExlbiIsImNvbXBvbmVudCIsInNsaWNlIiwibWFwIiwib2xkVmFsdWUiLCJ0bXAiLCJsYXN0Q29tcG9uZW50IiwicG9wIiwicGF0aCJdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7O0FBQWUsU0FBU0EsSUFBVCxHQUFnQixDQUFFOztBQUVqQ0EsSUFBSSxDQUFDQyxTQUFMLEdBQWlCO0FBQUE7O0FBQUE7QUFDZkMsRUFBQUEsSUFEZSxnQkFDVkMsU0FEVSxFQUNDQyxTQURELEVBQzBCO0FBQUE7QUFBQTtBQUFBO0FBQWRDLElBQUFBLE9BQWMsdUVBQUosRUFBSTtBQUN2QyxRQUFJQyxRQUFRLEdBQUdELE9BQU8sQ0FBQ0MsUUFBdkI7O0FBQ0EsUUFBSSxPQUFPRCxPQUFQLEtBQW1CLFVBQXZCLEVBQW1DO0FBQ2pDQyxNQUFBQSxRQUFRLEdBQUdELE9BQVg7QUFDQUEsTUFBQUEsT0FBTyxHQUFHLEVBQVY7QUFDRDs7QUFDRCxTQUFLQSxPQUFMLEdBQWVBLE9BQWY7QUFFQSxRQUFJRSxJQUFJLEdBQUcsSUFBWDs7QUFFQSxhQUFTQyxJQUFULENBQWNDLEtBQWQsRUFBcUI7QUFDbkIsVUFBSUgsUUFBSixFQUFjO0FBQ1pJLFFBQUFBLFVBQVUsQ0FBQyxZQUFXO0FBQUVKLFVBQUFBLFFBQVEsQ0FBQ0ssU0FBRCxFQUFZRixLQUFaLENBQVI7QUFBNkIsU0FBM0MsRUFBNkMsQ0FBN0MsQ0FBVjtBQUNBLGVBQU8sSUFBUDtBQUNELE9BSEQsTUFHTztBQUNMLGVBQU9BLEtBQVA7QUFDRDtBQUNGLEtBakJzQyxDQW1CdkM7OztBQUNBTixJQUFBQSxTQUFTLEdBQUcsS0FBS1MsU0FBTCxDQUFlVCxTQUFmLENBQVo7QUFDQUMsSUFBQUEsU0FBUyxHQUFHLEtBQUtRLFNBQUwsQ0FBZVIsU0FBZixDQUFaO0FBRUFELElBQUFBLFNBQVMsR0FBRyxLQUFLVSxXQUFMLENBQWlCLEtBQUtDLFFBQUwsQ0FBY1gsU0FBZCxDQUFqQixDQUFaO0FBQ0FDLElBQUFBLFNBQVMsR0FBRyxLQUFLUyxXQUFMLENBQWlCLEtBQUtDLFFBQUwsQ0FBY1YsU0FBZCxDQUFqQixDQUFaO0FBRUEsUUFBSVcsTUFBTSxHQUFHWCxTQUFTLENBQUNZLE1BQXZCO0FBQUEsUUFBK0JDLE1BQU0sR0FBR2QsU0FBUyxDQUFDYSxNQUFsRDtBQUNBLFFBQUlFLFVBQVUsR0FBRyxDQUFqQjtBQUNBLFFBQUlDLGFBQWEsR0FBR0osTUFBTSxHQUFHRSxNQUE3Qjs7QUFDQSxRQUFHWixPQUFPLENBQUNjLGFBQVgsRUFBMEI7QUFDeEJBLE1BQUFBLGFBQWEsR0FBR0MsSUFBSSxDQUFDQyxHQUFMLENBQVNGLGFBQVQsRUFBd0JkLE9BQU8sQ0FBQ2MsYUFBaEMsQ0FBaEI7QUFDRDs7QUFFRCxRQUFJRyxRQUFRLEdBQUcsQ0FBQztBQUFFQyxNQUFBQSxNQUFNLEVBQUUsQ0FBQyxDQUFYO0FBQWNDLE1BQUFBLFVBQVUsRUFBRTtBQUExQixLQUFELENBQWYsQ0FqQ3VDLENBbUN2Qzs7QUFDQSxRQUFJQyxNQUFNLEdBQUcsS0FBS0MsYUFBTCxDQUFtQkosUUFBUSxDQUFDLENBQUQsQ0FBM0IsRUFBZ0NsQixTQUFoQyxFQUEyQ0QsU0FBM0MsRUFBc0QsQ0FBdEQsQ0FBYjs7QUFDQSxRQUFJbUIsUUFBUSxDQUFDLENBQUQsQ0FBUixDQUFZQyxNQUFaLEdBQXFCLENBQXJCLElBQTBCUixNQUExQixJQUFvQ1UsTUFBTSxHQUFHLENBQVQsSUFBY1IsTUFBdEQsRUFBOEQ7QUFDNUQ7QUFDQSxhQUFPVCxJQUFJLENBQUMsQ0FBQztBQUFDQyxRQUFBQSxLQUFLLEVBQUUsS0FBS2tCLElBQUwsQ0FBVXZCLFNBQVYsQ0FBUjtBQUE4QndCLFFBQUFBLEtBQUssRUFBRXhCLFNBQVMsQ0FBQ1k7QUFBL0MsT0FBRCxDQUFELENBQVg7QUFDRCxLQXhDc0MsQ0EwQ3ZDOzs7QUFDQSxhQUFTYSxjQUFULEdBQTBCO0FBQ3hCLFdBQUssSUFBSUMsWUFBWSxHQUFHLENBQUMsQ0FBRCxHQUFLWixVQUE3QixFQUF5Q1ksWUFBWSxJQUFJWixVQUF6RCxFQUFxRVksWUFBWSxJQUFJLENBQXJGLEVBQXdGO0FBQ3RGLFlBQUlDLFFBQVE7QUFBQTtBQUFBO0FBQVo7QUFBQTs7QUFDQSxZQUFJQyxPQUFPLEdBQUdWLFFBQVEsQ0FBQ1EsWUFBWSxHQUFHLENBQWhCLENBQXRCO0FBQUEsWUFDSUcsVUFBVSxHQUFHWCxRQUFRLENBQUNRLFlBQVksR0FBRyxDQUFoQixDQUR6QjtBQUFBLFlBRUlMLE9BQU0sR0FBRyxDQUFDUSxVQUFVLEdBQUdBLFVBQVUsQ0FBQ1YsTUFBZCxHQUF1QixDQUFsQyxJQUF1Q08sWUFGcEQ7O0FBR0EsWUFBSUUsT0FBSixFQUFhO0FBQ1g7QUFDQVYsVUFBQUEsUUFBUSxDQUFDUSxZQUFZLEdBQUcsQ0FBaEIsQ0FBUixHQUE2Qm5CLFNBQTdCO0FBQ0Q7O0FBRUQsWUFBSXVCLE1BQU0sR0FBR0YsT0FBTyxJQUFJQSxPQUFPLENBQUNULE1BQVIsR0FBaUIsQ0FBakIsR0FBcUJSLE1BQTdDO0FBQUEsWUFDSW9CLFNBQVMsR0FBR0YsVUFBVSxJQUFJLEtBQUtSLE9BQW5CLElBQTZCQSxPQUFNLEdBQUdSLE1BRHREOztBQUVBLFlBQUksQ0FBQ2lCLE1BQUQsSUFBVyxDQUFDQyxTQUFoQixFQUEyQjtBQUN6QjtBQUNBYixVQUFBQSxRQUFRLENBQUNRLFlBQUQsQ0FBUixHQUF5Qm5CLFNBQXpCO0FBQ0E7QUFDRCxTQWhCcUYsQ0FrQnRGO0FBQ0E7QUFDQTs7O0FBQ0EsWUFBSSxDQUFDdUIsTUFBRCxJQUFZQyxTQUFTLElBQUlILE9BQU8sQ0FBQ1QsTUFBUixHQUFpQlUsVUFBVSxDQUFDVixNQUF6RCxFQUFrRTtBQUNoRVEsVUFBQUEsUUFBUSxHQUFHSyxTQUFTLENBQUNILFVBQUQsQ0FBcEI7QUFDQTFCLFVBQUFBLElBQUksQ0FBQzhCLGFBQUwsQ0FBbUJOLFFBQVEsQ0FBQ1AsVUFBNUIsRUFBd0NiLFNBQXhDLEVBQW1ELElBQW5EO0FBQ0QsU0FIRCxNQUdPO0FBQ0xvQixVQUFBQSxRQUFRLEdBQUdDLE9BQVgsQ0FESyxDQUNlOztBQUNwQkQsVUFBQUEsUUFBUSxDQUFDUixNQUFUO0FBQ0FoQixVQUFBQSxJQUFJLENBQUM4QixhQUFMLENBQW1CTixRQUFRLENBQUNQLFVBQTVCLEVBQXdDLElBQXhDLEVBQThDYixTQUE5QztBQUNEOztBQUVEYyxRQUFBQSxPQUFNLEdBQUdsQixJQUFJLENBQUNtQixhQUFMLENBQW1CSyxRQUFuQixFQUE2QjNCLFNBQTdCLEVBQXdDRCxTQUF4QyxFQUFtRDJCLFlBQW5ELENBQVQsQ0E5QnNGLENBZ0N0Rjs7QUFDQSxZQUFJQyxRQUFRLENBQUNSLE1BQVQsR0FBa0IsQ0FBbEIsSUFBdUJSLE1BQXZCLElBQWlDVSxPQUFNLEdBQUcsQ0FBVCxJQUFjUixNQUFuRCxFQUEyRDtBQUN6RCxpQkFBT1QsSUFBSSxDQUFDOEIsV0FBVyxDQUFDL0IsSUFBRCxFQUFPd0IsUUFBUSxDQUFDUCxVQUFoQixFQUE0QnBCLFNBQTVCLEVBQXVDRCxTQUF2QyxFQUFrREksSUFBSSxDQUFDZ0MsZUFBdkQsQ0FBWixDQUFYO0FBQ0QsU0FGRCxNQUVPO0FBQ0w7QUFDQWpCLFVBQUFBLFFBQVEsQ0FBQ1EsWUFBRCxDQUFSLEdBQXlCQyxRQUF6QjtBQUNEO0FBQ0Y7O0FBRURiLE1BQUFBLFVBQVU7QUFDWCxLQXRGc0MsQ0F3RnZDO0FBQ0E7QUFDQTtBQUNBOzs7QUFDQSxRQUFJWixRQUFKLEVBQWM7QUFDWCxnQkFBU2tDLElBQVQsR0FBZ0I7QUFDZjlCLFFBQUFBLFVBQVUsQ0FBQyxZQUFXO0FBQ3BCLGNBQUlRLFVBQVUsR0FBR0MsYUFBakIsRUFBZ0M7QUFDOUIsbUJBQU9iLFFBQVEsRUFBZjtBQUNEOztBQUVELGNBQUksQ0FBQ3VCLGNBQWMsRUFBbkIsRUFBdUI7QUFDckJXLFlBQUFBLElBQUk7QUFDTDtBQUNGLFNBUlMsRUFRUCxDQVJPLENBQVY7QUFTRCxPQVZBLEdBQUQ7QUFXRCxLQVpELE1BWU87QUFDTCxhQUFPdEIsVUFBVSxJQUFJQyxhQUFyQixFQUFvQztBQUNsQyxZQUFJc0IsR0FBRyxHQUFHWixjQUFjLEVBQXhCOztBQUNBLFlBQUlZLEdBQUosRUFBUztBQUNQLGlCQUFPQSxHQUFQO0FBQ0Q7QUFDRjtBQUNGO0FBQ0YsR0FqSGM7O0FBQUE7O0FBQUE7QUFtSGZKLEVBQUFBLGFBbkhlLHlCQW1IRGIsVUFuSEMsRUFtSFdrQixLQW5IWCxFQW1Ia0JDLE9BbkhsQixFQW1IMkI7QUFDeEMsUUFBSUMsSUFBSSxHQUFHcEIsVUFBVSxDQUFDQSxVQUFVLENBQUNSLE1BQVgsR0FBb0IsQ0FBckIsQ0FBckI7O0FBQ0EsUUFBSTRCLElBQUksSUFBSUEsSUFBSSxDQUFDRixLQUFMLEtBQWVBLEtBQXZCLElBQWdDRSxJQUFJLENBQUNELE9BQUwsS0FBaUJBLE9BQXJELEVBQThEO0FBQzVEO0FBQ0E7QUFDQW5CLE1BQUFBLFVBQVUsQ0FBQ0EsVUFBVSxDQUFDUixNQUFYLEdBQW9CLENBQXJCLENBQVYsR0FBb0M7QUFBQ1ksUUFBQUEsS0FBSyxFQUFFZ0IsSUFBSSxDQUFDaEIsS0FBTCxHQUFhLENBQXJCO0FBQXdCYyxRQUFBQSxLQUFLLEVBQUVBLEtBQS9CO0FBQXNDQyxRQUFBQSxPQUFPLEVBQUVBO0FBQS9DLE9BQXBDO0FBQ0QsS0FKRCxNQUlPO0FBQ0xuQixNQUFBQSxVQUFVLENBQUNxQixJQUFYLENBQWdCO0FBQUNqQixRQUFBQSxLQUFLLEVBQUUsQ0FBUjtBQUFXYyxRQUFBQSxLQUFLLEVBQUVBLEtBQWxCO0FBQXlCQyxRQUFBQSxPQUFPLEVBQUVBO0FBQWxDLE9BQWhCO0FBQ0Q7QUFDRixHQTVIYzs7QUFBQTs7QUFBQTtBQTZIZmpCLEVBQUFBLGFBN0hlLHlCQTZIREssUUE3SEMsRUE2SFMzQixTQTdIVCxFQTZIb0JELFNBN0hwQixFQTZIK0IyQixZQTdIL0IsRUE2SDZDO0FBQzFELFFBQUlmLE1BQU0sR0FBR1gsU0FBUyxDQUFDWSxNQUF2QjtBQUFBLFFBQ0lDLE1BQU0sR0FBR2QsU0FBUyxDQUFDYSxNQUR2QjtBQUFBLFFBRUlPLE1BQU0sR0FBR1EsUUFBUSxDQUFDUixNQUZ0QjtBQUFBLFFBR0lFLE1BQU0sR0FBR0YsTUFBTSxHQUFHTyxZQUh0QjtBQUFBLFFBS0lnQixXQUFXLEdBQUcsQ0FMbEI7O0FBTUEsV0FBT3ZCLE1BQU0sR0FBRyxDQUFULEdBQWFSLE1BQWIsSUFBdUJVLE1BQU0sR0FBRyxDQUFULEdBQWFSLE1BQXBDLElBQThDLEtBQUs4QixNQUFMLENBQVkzQyxTQUFTLENBQUNtQixNQUFNLEdBQUcsQ0FBVixDQUFyQixFQUFtQ3BCLFNBQVMsQ0FBQ3NCLE1BQU0sR0FBRyxDQUFWLENBQTVDLENBQXJELEVBQWdIO0FBQzlHRixNQUFBQSxNQUFNO0FBQ05FLE1BQUFBLE1BQU07QUFDTnFCLE1BQUFBLFdBQVc7QUFDWjs7QUFFRCxRQUFJQSxXQUFKLEVBQWlCO0FBQ2ZmLE1BQUFBLFFBQVEsQ0FBQ1AsVUFBVCxDQUFvQnFCLElBQXBCLENBQXlCO0FBQUNqQixRQUFBQSxLQUFLLEVBQUVrQjtBQUFSLE9BQXpCO0FBQ0Q7O0FBRURmLElBQUFBLFFBQVEsQ0FBQ1IsTUFBVCxHQUFrQkEsTUFBbEI7QUFDQSxXQUFPRSxNQUFQO0FBQ0QsR0FoSmM7O0FBQUE7O0FBQUE7QUFrSmZzQixFQUFBQSxNQWxKZSxrQkFrSlJDLElBbEpRLEVBa0pGQyxLQWxKRSxFQWtKSztBQUNsQixRQUFJLEtBQUs1QyxPQUFMLENBQWE2QyxVQUFqQixFQUE2QjtBQUMzQixhQUFPLEtBQUs3QyxPQUFMLENBQWE2QyxVQUFiLENBQXdCRixJQUF4QixFQUE4QkMsS0FBOUIsQ0FBUDtBQUNELEtBRkQsTUFFTztBQUNMLGFBQU9ELElBQUksS0FBS0MsS0FBVCxJQUNELEtBQUs1QyxPQUFMLENBQWE4QyxVQUFiLElBQTJCSCxJQUFJLENBQUNJLFdBQUwsT0FBdUJILEtBQUssQ0FBQ0csV0FBTixFQUR4RDtBQUVEO0FBQ0YsR0F6SmM7O0FBQUE7O0FBQUE7QUEwSmZ2QyxFQUFBQSxXQTFKZSx1QkEwSkh3QyxLQTFKRyxFQTBKSTtBQUNqQixRQUFJWixHQUFHLEdBQUcsRUFBVjs7QUFDQSxTQUFLLElBQUlhLENBQUMsR0FBRyxDQUFiLEVBQWdCQSxDQUFDLEdBQUdELEtBQUssQ0FBQ3JDLE1BQTFCLEVBQWtDc0MsQ0FBQyxFQUFuQyxFQUF1QztBQUNyQyxVQUFJRCxLQUFLLENBQUNDLENBQUQsQ0FBVCxFQUFjO0FBQ1piLFFBQUFBLEdBQUcsQ0FBQ0ksSUFBSixDQUFTUSxLQUFLLENBQUNDLENBQUQsQ0FBZDtBQUNEO0FBQ0Y7O0FBQ0QsV0FBT2IsR0FBUDtBQUNELEdBbEtjOztBQUFBOztBQUFBO0FBbUtmN0IsRUFBQUEsU0FuS2UscUJBbUtMSCxLQW5LSyxFQW1LRTtBQUNmLFdBQU9BLEtBQVA7QUFDRCxHQXJLYzs7QUFBQTs7QUFBQTtBQXNLZkssRUFBQUEsUUF0S2Usb0JBc0tOTCxLQXRLTSxFQXNLQztBQUNkLFdBQU9BLEtBQUssQ0FBQzhDLEtBQU4sQ0FBWSxFQUFaLENBQVA7QUFDRCxHQXhLYzs7QUFBQTs7QUFBQTtBQXlLZjVCLEVBQUFBLElBektlLGdCQXlLVjZCLEtBektVLEVBeUtIO0FBQ1YsV0FBT0EsS0FBSyxDQUFDN0IsSUFBTixDQUFXLEVBQVgsQ0FBUDtBQUNEO0FBM0tjLENBQWpCOztBQThLQSxTQUFTVyxXQUFULENBQXFCcEMsSUFBckIsRUFBMkJzQixVQUEzQixFQUF1Q3BCLFNBQXZDLEVBQWtERCxTQUFsRCxFQUE2RG9DLGVBQTdELEVBQThFO0FBQzVFLE1BQUlrQixZQUFZLEdBQUcsQ0FBbkI7QUFBQSxNQUNJQyxZQUFZLEdBQUdsQyxVQUFVLENBQUNSLE1BRDlCO0FBQUEsTUFFSU8sTUFBTSxHQUFHLENBRmI7QUFBQSxNQUdJRSxNQUFNLEdBQUcsQ0FIYjs7QUFLQSxTQUFPZ0MsWUFBWSxHQUFHQyxZQUF0QixFQUFvQ0QsWUFBWSxFQUFoRCxFQUFvRDtBQUNsRCxRQUFJRSxTQUFTLEdBQUduQyxVQUFVLENBQUNpQyxZQUFELENBQTFCOztBQUNBLFFBQUksQ0FBQ0UsU0FBUyxDQUFDaEIsT0FBZixFQUF3QjtBQUN0QixVQUFJLENBQUNnQixTQUFTLENBQUNqQixLQUFYLElBQW9CSCxlQUF4QixFQUF5QztBQUN2QyxZQUFJOUIsS0FBSyxHQUFHTCxTQUFTLENBQUN3RCxLQUFWLENBQWdCckMsTUFBaEIsRUFBd0JBLE1BQU0sR0FBR29DLFNBQVMsQ0FBQy9CLEtBQTNDLENBQVo7QUFDQW5CLFFBQUFBLEtBQUssR0FBR0EsS0FBSyxDQUFDb0QsR0FBTixDQUFVLFVBQVNwRCxLQUFULEVBQWdCNkMsQ0FBaEIsRUFBbUI7QUFDbkMsY0FBSVEsUUFBUSxHQUFHM0QsU0FBUyxDQUFDc0IsTUFBTSxHQUFHNkIsQ0FBVixDQUF4QjtBQUNBLGlCQUFPUSxRQUFRLENBQUM5QyxNQUFULEdBQWtCUCxLQUFLLENBQUNPLE1BQXhCLEdBQWlDOEMsUUFBakMsR0FBNENyRCxLQUFuRDtBQUNELFNBSE8sQ0FBUjtBQUtBa0QsUUFBQUEsU0FBUyxDQUFDbEQsS0FBVixHQUFrQlAsSUFBSSxDQUFDeUIsSUFBTCxDQUFVbEIsS0FBVixDQUFsQjtBQUNELE9BUkQsTUFRTztBQUNMa0QsUUFBQUEsU0FBUyxDQUFDbEQsS0FBVixHQUFrQlAsSUFBSSxDQUFDeUIsSUFBTCxDQUFVdkIsU0FBUyxDQUFDd0QsS0FBVixDQUFnQnJDLE1BQWhCLEVBQXdCQSxNQUFNLEdBQUdvQyxTQUFTLENBQUMvQixLQUEzQyxDQUFWLENBQWxCO0FBQ0Q7O0FBQ0RMLE1BQUFBLE1BQU0sSUFBSW9DLFNBQVMsQ0FBQy9CLEtBQXBCLENBWnNCLENBY3RCOztBQUNBLFVBQUksQ0FBQytCLFNBQVMsQ0FBQ2pCLEtBQWYsRUFBc0I7QUFDcEJqQixRQUFBQSxNQUFNLElBQUlrQyxTQUFTLENBQUMvQixLQUFwQjtBQUNEO0FBQ0YsS0FsQkQsTUFrQk87QUFDTCtCLE1BQUFBLFNBQVMsQ0FBQ2xELEtBQVYsR0FBa0JQLElBQUksQ0FBQ3lCLElBQUwsQ0FBVXhCLFNBQVMsQ0FBQ3lELEtBQVYsQ0FBZ0JuQyxNQUFoQixFQUF3QkEsTUFBTSxHQUFHa0MsU0FBUyxDQUFDL0IsS0FBM0MsQ0FBVixDQUFsQjtBQUNBSCxNQUFBQSxNQUFNLElBQUlrQyxTQUFTLENBQUMvQixLQUFwQixDQUZLLENBSUw7QUFDQTtBQUNBOztBQUNBLFVBQUk2QixZQUFZLElBQUlqQyxVQUFVLENBQUNpQyxZQUFZLEdBQUcsQ0FBaEIsQ0FBVixDQUE2QmYsS0FBakQsRUFBd0Q7QUFDdEQsWUFBSXFCLEdBQUcsR0FBR3ZDLFVBQVUsQ0FBQ2lDLFlBQVksR0FBRyxDQUFoQixDQUFwQjtBQUNBakMsUUFBQUEsVUFBVSxDQUFDaUMsWUFBWSxHQUFHLENBQWhCLENBQVYsR0FBK0JqQyxVQUFVLENBQUNpQyxZQUFELENBQXpDO0FBQ0FqQyxRQUFBQSxVQUFVLENBQUNpQyxZQUFELENBQVYsR0FBMkJNLEdBQTNCO0FBQ0Q7QUFDRjtBQUNGLEdBdkMyRSxDQXlDNUU7QUFDQTtBQUNBOzs7QUFDQSxNQUFJQyxhQUFhLEdBQUd4QyxVQUFVLENBQUNrQyxZQUFZLEdBQUcsQ0FBaEIsQ0FBOUI7O0FBQ0EsTUFBSUEsWUFBWSxHQUFHLENBQWYsSUFDRyxPQUFPTSxhQUFhLENBQUN2RCxLQUFyQixLQUErQixRQURsQyxLQUVJdUQsYUFBYSxDQUFDdEIsS0FBZCxJQUF1QnNCLGFBQWEsQ0FBQ3JCLE9BRnpDLEtBR0d6QyxJQUFJLENBQUM2QyxNQUFMLENBQVksRUFBWixFQUFnQmlCLGFBQWEsQ0FBQ3ZELEtBQTlCLENBSFAsRUFHNkM7QUFDM0NlLElBQUFBLFVBQVUsQ0FBQ2tDLFlBQVksR0FBRyxDQUFoQixDQUFWLENBQTZCakQsS0FBN0IsSUFBc0N1RCxhQUFhLENBQUN2RCxLQUFwRDtBQUNBZSxJQUFBQSxVQUFVLENBQUN5QyxHQUFYO0FBQ0Q7O0FBRUQsU0FBT3pDLFVBQVA7QUFDRDs7QUFFRCxTQUFTWSxTQUFULENBQW1COEIsSUFBbkIsRUFBeUI7QUFDdkIsU0FBTztBQUFFM0MsSUFBQUEsTUFBTSxFQUFFMkMsSUFBSSxDQUFDM0MsTUFBZjtBQUF1QkMsSUFBQUEsVUFBVSxFQUFFMEMsSUFBSSxDQUFDMUMsVUFBTCxDQUFnQm9DLEtBQWhCLENBQXNCLENBQXRCO0FBQW5DLEdBQVA7QUFDRCIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCBkZWZhdWx0IGZ1bmN0aW9uIERpZmYoKSB7fVxuXG5EaWZmLnByb3RvdHlwZSA9IHtcbiAgZGlmZihvbGRTdHJpbmcsIG5ld1N0cmluZywgb3B0aW9ucyA9IHt9KSB7XG4gICAgbGV0IGNhbGxiYWNrID0gb3B0aW9ucy5jYWxsYmFjaztcbiAgICBpZiAodHlwZW9mIG9wdGlvbnMgPT09ICdmdW5jdGlvbicpIHtcbiAgICAgIGNhbGxiYWNrID0gb3B0aW9ucztcbiAgICAgIG9wdGlvbnMgPSB7fTtcbiAgICB9XG4gICAgdGhpcy5vcHRpb25zID0gb3B0aW9ucztcblxuICAgIGxldCBzZWxmID0gdGhpcztcblxuICAgIGZ1bmN0aW9uIGRvbmUodmFsdWUpIHtcbiAgICAgIGlmIChjYWxsYmFjaykge1xuICAgICAgICBzZXRUaW1lb3V0KGZ1bmN0aW9uKCkgeyBjYWxsYmFjayh1bmRlZmluZWQsIHZhbHVlKTsgfSwgMCk7XG4gICAgICAgIHJldHVybiB0cnVlO1xuICAgICAgfSBlbHNlIHtcbiAgICAgICAgcmV0dXJuIHZhbHVlO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIEFsbG93IHN1YmNsYXNzZXMgdG8gbWFzc2FnZSB0aGUgaW5wdXQgcHJpb3IgdG8gcnVubmluZ1xuICAgIG9sZFN0cmluZyA9IHRoaXMuY2FzdElucHV0KG9sZFN0cmluZyk7XG4gICAgbmV3U3RyaW5nID0gdGhpcy5jYXN0SW5wdXQobmV3U3RyaW5nKTtcblxuICAgIG9sZFN0cmluZyA9IHRoaXMucmVtb3ZlRW1wdHkodGhpcy50b2tlbml6ZShvbGRTdHJpbmcpKTtcbiAgICBuZXdTdHJpbmcgPSB0aGlzLnJlbW92ZUVtcHR5KHRoaXMudG9rZW5pemUobmV3U3RyaW5nKSk7XG5cbiAgICBsZXQgbmV3TGVuID0gbmV3U3RyaW5nLmxlbmd0aCwgb2xkTGVuID0gb2xkU3RyaW5nLmxlbmd0aDtcbiAgICBsZXQgZWRpdExlbmd0aCA9IDE7XG4gICAgbGV0IG1heEVkaXRMZW5ndGggPSBuZXdMZW4gKyBvbGRMZW47XG4gICAgaWYob3B0aW9ucy5tYXhFZGl0TGVuZ3RoKSB7XG4gICAgICBtYXhFZGl0TGVuZ3RoID0gTWF0aC5taW4obWF4RWRpdExlbmd0aCwgb3B0aW9ucy5tYXhFZGl0TGVuZ3RoKTtcbiAgICB9XG5cbiAgICBsZXQgYmVzdFBhdGggPSBbeyBuZXdQb3M6IC0xLCBjb21wb25lbnRzOiBbXSB9XTtcblxuICAgIC8vIFNlZWQgZWRpdExlbmd0aCA9IDAsIGkuZS4gdGhlIGNvbnRlbnQgc3RhcnRzIHdpdGggdGhlIHNhbWUgdmFsdWVzXG4gICAgbGV0IG9sZFBvcyA9IHRoaXMuZXh0cmFjdENvbW1vbihiZXN0UGF0aFswXSwgbmV3U3RyaW5nLCBvbGRTdHJpbmcsIDApO1xuICAgIGlmIChiZXN0UGF0aFswXS5uZXdQb3MgKyAxID49IG5ld0xlbiAmJiBvbGRQb3MgKyAxID49IG9sZExlbikge1xuICAgICAgLy8gSWRlbnRpdHkgcGVyIHRoZSBlcXVhbGl0eSBhbmQgdG9rZW5pemVyXG4gICAgICByZXR1cm4gZG9uZShbe3ZhbHVlOiB0aGlzLmpvaW4obmV3U3RyaW5nKSwgY291bnQ6IG5ld1N0cmluZy5sZW5ndGh9XSk7XG4gICAgfVxuXG4gICAgLy8gTWFpbiB3b3JrZXIgbWV0aG9kLiBjaGVja3MgYWxsIHBlcm11dGF0aW9ucyBvZiBhIGdpdmVuIGVkaXQgbGVuZ3RoIGZvciBhY2NlcHRhbmNlLlxuICAgIGZ1bmN0aW9uIGV4ZWNFZGl0TGVuZ3RoKCkge1xuICAgICAgZm9yIChsZXQgZGlhZ29uYWxQYXRoID0gLTEgKiBlZGl0TGVuZ3RoOyBkaWFnb25hbFBhdGggPD0gZWRpdExlbmd0aDsgZGlhZ29uYWxQYXRoICs9IDIpIHtcbiAgICAgICAgbGV0IGJhc2VQYXRoO1xuICAgICAgICBsZXQgYWRkUGF0aCA9IGJlc3RQYXRoW2RpYWdvbmFsUGF0aCAtIDFdLFxuICAgICAgICAgICAgcmVtb3ZlUGF0aCA9IGJlc3RQYXRoW2RpYWdvbmFsUGF0aCArIDFdLFxuICAgICAgICAgICAgb2xkUG9zID0gKHJlbW92ZVBhdGggPyByZW1vdmVQYXRoLm5ld1BvcyA6IDApIC0gZGlhZ29uYWxQYXRoO1xuICAgICAgICBpZiAoYWRkUGF0aCkge1xuICAgICAgICAgIC8vIE5vIG9uZSBlbHNlIGlzIGdvaW5nIHRvIGF0dGVtcHQgdG8gdXNlIHRoaXMgdmFsdWUsIGNsZWFyIGl0XG4gICAgICAgICAgYmVzdFBhdGhbZGlhZ29uYWxQYXRoIC0gMV0gPSB1bmRlZmluZWQ7XG4gICAgICAgIH1cblxuICAgICAgICBsZXQgY2FuQWRkID0gYWRkUGF0aCAmJiBhZGRQYXRoLm5ld1BvcyArIDEgPCBuZXdMZW4sXG4gICAgICAgICAgICBjYW5SZW1vdmUgPSByZW1vdmVQYXRoICYmIDAgPD0gb2xkUG9zICYmIG9sZFBvcyA8IG9sZExlbjtcbiAgICAgICAgaWYgKCFjYW5BZGQgJiYgIWNhblJlbW92ZSkge1xuICAgICAgICAgIC8vIElmIHRoaXMgcGF0aCBpcyBhIHRlcm1pbmFsIHRoZW4gcHJ1bmVcbiAgICAgICAgICBiZXN0UGF0aFtkaWFnb25hbFBhdGhdID0gdW5kZWZpbmVkO1xuICAgICAgICAgIGNvbnRpbnVlO1xuICAgICAgICB9XG5cbiAgICAgICAgLy8gU2VsZWN0IHRoZSBkaWFnb25hbCB0aGF0IHdlIHdhbnQgdG8gYnJhbmNoIGZyb20uIFdlIHNlbGVjdCB0aGUgcHJpb3JcbiAgICAgICAgLy8gcGF0aCB3aG9zZSBwb3NpdGlvbiBpbiB0aGUgbmV3IHN0cmluZyBpcyB0aGUgZmFydGhlc3QgZnJvbSB0aGUgb3JpZ2luXG4gICAgICAgIC8vIGFuZCBkb2VzIG5vdCBwYXNzIHRoZSBib3VuZHMgb2YgdGhlIGRpZmYgZ3JhcGhcbiAgICAgICAgaWYgKCFjYW5BZGQgfHwgKGNhblJlbW92ZSAmJiBhZGRQYXRoLm5ld1BvcyA8IHJlbW92ZVBhdGgubmV3UG9zKSkge1xuICAgICAgICAgIGJhc2VQYXRoID0gY2xvbmVQYXRoKHJlbW92ZVBhdGgpO1xuICAgICAgICAgIHNlbGYucHVzaENvbXBvbmVudChiYXNlUGF0aC5jb21wb25lbnRzLCB1bmRlZmluZWQsIHRydWUpO1xuICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgIGJhc2VQYXRoID0gYWRkUGF0aDsgLy8gTm8gbmVlZCB0byBjbG9uZSwgd2UndmUgcHVsbGVkIGl0IGZyb20gdGhlIGxpc3RcbiAgICAgICAgICBiYXNlUGF0aC5uZXdQb3MrKztcbiAgICAgICAgICBzZWxmLnB1c2hDb21wb25lbnQoYmFzZVBhdGguY29tcG9uZW50cywgdHJ1ZSwgdW5kZWZpbmVkKTtcbiAgICAgICAgfVxuXG4gICAgICAgIG9sZFBvcyA9IHNlbGYuZXh0cmFjdENvbW1vbihiYXNlUGF0aCwgbmV3U3RyaW5nLCBvbGRTdHJpbmcsIGRpYWdvbmFsUGF0aCk7XG5cbiAgICAgICAgLy8gSWYgd2UgaGF2ZSBoaXQgdGhlIGVuZCBvZiBib3RoIHN0cmluZ3MsIHRoZW4gd2UgYXJlIGRvbmVcbiAgICAgICAgaWYgKGJhc2VQYXRoLm5ld1BvcyArIDEgPj0gbmV3TGVuICYmIG9sZFBvcyArIDEgPj0gb2xkTGVuKSB7XG4gICAgICAgICAgcmV0dXJuIGRvbmUoYnVpbGRWYWx1ZXMoc2VsZiwgYmFzZVBhdGguY29tcG9uZW50cywgbmV3U3RyaW5nLCBvbGRTdHJpbmcsIHNlbGYudXNlTG9uZ2VzdFRva2VuKSk7XG4gICAgICAgIH0gZWxzZSB7XG4gICAgICAgICAgLy8gT3RoZXJ3aXNlIHRyYWNrIHRoaXMgcGF0aCBhcyBhIHBvdGVudGlhbCBjYW5kaWRhdGUgYW5kIGNvbnRpbnVlLlxuICAgICAgICAgIGJlc3RQYXRoW2RpYWdvbmFsUGF0aF0gPSBiYXNlUGF0aDtcbiAgICAgICAgfVxuICAgICAgfVxuXG4gICAgICBlZGl0TGVuZ3RoKys7XG4gICAgfVxuXG4gICAgLy8gUGVyZm9ybXMgdGhlIGxlbmd0aCBvZiBlZGl0IGl0ZXJhdGlvbi4gSXMgYSBiaXQgZnVnbHkgYXMgdGhpcyBoYXMgdG8gc3VwcG9ydCB0aGVcbiAgICAvLyBzeW5jIGFuZCBhc3luYyBtb2RlIHdoaWNoIGlzIG5ldmVyIGZ1bi4gTG9vcHMgb3ZlciBleGVjRWRpdExlbmd0aCB1bnRpbCBhIHZhbHVlXG4gICAgLy8gaXMgcHJvZHVjZWQsIG9yIHVudGlsIHRoZSBlZGl0IGxlbmd0aCBleGNlZWRzIG9wdGlvbnMubWF4RWRpdExlbmd0aCAoaWYgZ2l2ZW4pLFxuICAgIC8vIGluIHdoaWNoIGNhc2UgaXQgd2lsbCByZXR1cm4gdW5kZWZpbmVkLlxuICAgIGlmIChjYWxsYmFjaykge1xuICAgICAgKGZ1bmN0aW9uIGV4ZWMoKSB7XG4gICAgICAgIHNldFRpbWVvdXQoZnVuY3Rpb24oKSB7XG4gICAgICAgICAgaWYgKGVkaXRMZW5ndGggPiBtYXhFZGl0TGVuZ3RoKSB7XG4gICAgICAgICAgICByZXR1cm4gY2FsbGJhY2soKTtcbiAgICAgICAgICB9XG5cbiAgICAgICAgICBpZiAoIWV4ZWNFZGl0TGVuZ3RoKCkpIHtcbiAgICAgICAgICAgIGV4ZWMoKTtcbiAgICAgICAgICB9XG4gICAgICAgIH0sIDApO1xuICAgICAgfSgpKTtcbiAgICB9IGVsc2Uge1xuICAgICAgd2hpbGUgKGVkaXRMZW5ndGggPD0gbWF4RWRpdExlbmd0aCkge1xuICAgICAgICBsZXQgcmV0ID0gZXhlY0VkaXRMZW5ndGgoKTtcbiAgICAgICAgaWYgKHJldCkge1xuICAgICAgICAgIHJldHVybiByZXQ7XG4gICAgICAgIH1cbiAgICAgIH1cbiAgICB9XG4gIH0sXG5cbiAgcHVzaENvbXBvbmVudChjb21wb25lbnRzLCBhZGRlZCwgcmVtb3ZlZCkge1xuICAgIGxldCBsYXN0ID0gY29tcG9uZW50c1tjb21wb25lbnRzLmxlbmd0aCAtIDFdO1xuICAgIGlmIChsYXN0ICYmIGxhc3QuYWRkZWQgPT09IGFkZGVkICYmIGxhc3QucmVtb3ZlZCA9PT0gcmVtb3ZlZCkge1xuICAgICAgLy8gV2UgbmVlZCB0byBjbG9uZSBoZXJlIGFzIHRoZSBjb21wb25lbnQgY2xvbmUgb3BlcmF0aW9uIGlzIGp1c3RcbiAgICAgIC8vIGFzIHNoYWxsb3cgYXJyYXkgY2xvbmVcbiAgICAgIGNvbXBvbmVudHNbY29tcG9uZW50cy5sZW5ndGggLSAxXSA9IHtjb3VudDogbGFzdC5jb3VudCArIDEsIGFkZGVkOiBhZGRlZCwgcmVtb3ZlZDogcmVtb3ZlZCB9O1xuICAgIH0gZWxzZSB7XG4gICAgICBjb21wb25lbnRzLnB1c2goe2NvdW50OiAxLCBhZGRlZDogYWRkZWQsIHJlbW92ZWQ6IHJlbW92ZWQgfSk7XG4gICAgfVxuICB9LFxuICBleHRyYWN0Q29tbW9uKGJhc2VQYXRoLCBuZXdTdHJpbmcsIG9sZFN0cmluZywgZGlhZ29uYWxQYXRoKSB7XG4gICAgbGV0IG5ld0xlbiA9IG5ld1N0cmluZy5sZW5ndGgsXG4gICAgICAgIG9sZExlbiA9IG9sZFN0cmluZy5sZW5ndGgsXG4gICAgICAgIG5ld1BvcyA9IGJhc2VQYXRoLm5ld1BvcyxcbiAgICAgICAgb2xkUG9zID0gbmV3UG9zIC0gZGlhZ29uYWxQYXRoLFxuXG4gICAgICAgIGNvbW1vbkNvdW50ID0gMDtcbiAgICB3aGlsZSAobmV3UG9zICsgMSA8IG5ld0xlbiAmJiBvbGRQb3MgKyAxIDwgb2xkTGVuICYmIHRoaXMuZXF1YWxzKG5ld1N0cmluZ1tuZXdQb3MgKyAxXSwgb2xkU3RyaW5nW29sZFBvcyArIDFdKSkge1xuICAgICAgbmV3UG9zKys7XG4gICAgICBvbGRQb3MrKztcbiAgICAgIGNvbW1vbkNvdW50Kys7XG4gICAgfVxuXG4gICAgaWYgKGNvbW1vbkNvdW50KSB7XG4gICAgICBiYXNlUGF0aC5jb21wb25lbnRzLnB1c2goe2NvdW50OiBjb21tb25Db3VudH0pO1xuICAgIH1cblxuICAgIGJhc2VQYXRoLm5ld1BvcyA9IG5ld1BvcztcbiAgICByZXR1cm4gb2xkUG9zO1xuICB9LFxuXG4gIGVxdWFscyhsZWZ0LCByaWdodCkge1xuICAgIGlmICh0aGlzLm9wdGlvbnMuY29tcGFyYXRvcikge1xuICAgICAgcmV0dXJuIHRoaXMub3B0aW9ucy5jb21wYXJhdG9yKGxlZnQsIHJpZ2h0KTtcbiAgICB9IGVsc2Uge1xuICAgICAgcmV0dXJuIGxlZnQgPT09IHJpZ2h0XG4gICAgICAgIHx8ICh0aGlzLm9wdGlvbnMuaWdub3JlQ2FzZSAmJiBsZWZ0LnRvTG93ZXJDYXNlKCkgPT09IHJpZ2h0LnRvTG93ZXJDYXNlKCkpO1xuICAgIH1cbiAgfSxcbiAgcmVtb3ZlRW1wdHkoYXJyYXkpIHtcbiAgICBsZXQgcmV0ID0gW107XG4gICAgZm9yIChsZXQgaSA9IDA7IGkgPCBhcnJheS5sZW5ndGg7IGkrKykge1xuICAgICAgaWYgKGFycmF5W2ldKSB7XG4gICAgICAgIHJldC5wdXNoKGFycmF5W2ldKTtcbiAgICAgIH1cbiAgICB9XG4gICAgcmV0dXJuIHJldDtcbiAgfSxcbiAgY2FzdElucHV0KHZhbHVlKSB7XG4gICAgcmV0dXJuIHZhbHVlO1xuICB9LFxuICB0b2tlbml6ZSh2YWx1ZSkge1xuICAgIHJldHVybiB2YWx1ZS5zcGxpdCgnJyk7XG4gIH0sXG4gIGpvaW4oY2hhcnMpIHtcbiAgICByZXR1cm4gY2hhcnMuam9pbignJyk7XG4gIH1cbn07XG5cbmZ1bmN0aW9uIGJ1aWxkVmFsdWVzKGRpZmYsIGNvbXBvbmVudHMsIG5ld1N0cmluZywgb2xkU3RyaW5nLCB1c2VMb25nZXN0VG9rZW4pIHtcbiAgbGV0IGNvbXBvbmVudFBvcyA9IDAsXG4gICAgICBjb21wb25lbnRMZW4gPSBjb21wb25lbnRzLmxlbmd0aCxcbiAgICAgIG5ld1BvcyA9IDAsXG4gICAgICBvbGRQb3MgPSAwO1xuXG4gIGZvciAoOyBjb21wb25lbnRQb3MgPCBjb21wb25lbnRMZW47IGNvbXBvbmVudFBvcysrKSB7XG4gICAgbGV0IGNvbXBvbmVudCA9IGNvbXBvbmVudHNbY29tcG9uZW50UG9zXTtcbiAgICBpZiAoIWNvbXBvbmVudC5yZW1vdmVkKSB7XG4gICAgICBpZiAoIWNvbXBvbmVudC5hZGRlZCAmJiB1c2VMb25nZXN0VG9rZW4pIHtcbiAgICAgICAgbGV0IHZhbHVlID0gbmV3U3RyaW5nLnNsaWNlKG5ld1BvcywgbmV3UG9zICsgY29tcG9uZW50LmNvdW50KTtcbiAgICAgICAgdmFsdWUgPSB2YWx1ZS5tYXAoZnVuY3Rpb24odmFsdWUsIGkpIHtcbiAgICAgICAgICBsZXQgb2xkVmFsdWUgPSBvbGRTdHJpbmdbb2xkUG9zICsgaV07XG4gICAgICAgICAgcmV0dXJuIG9sZFZhbHVlLmxlbmd0aCA+IHZhbHVlLmxlbmd0aCA/IG9sZFZhbHVlIDogdmFsdWU7XG4gICAgICAgIH0pO1xuXG4gICAgICAgIGNvbXBvbmVudC52YWx1ZSA9IGRpZmYuam9pbih2YWx1ZSk7XG4gICAgICB9IGVsc2Uge1xuICAgICAgICBjb21wb25lbnQudmFsdWUgPSBkaWZmLmpvaW4obmV3U3RyaW5nLnNsaWNlKG5ld1BvcywgbmV3UG9zICsgY29tcG9uZW50LmNvdW50KSk7XG4gICAgICB9XG4gICAgICBuZXdQb3MgKz0gY29tcG9uZW50LmNvdW50O1xuXG4gICAgICAvLyBDb21tb24gY2FzZVxuICAgICAgaWYgKCFjb21wb25lbnQuYWRkZWQpIHtcbiAgICAgICAgb2xkUG9zICs9IGNvbXBvbmVudC5jb3VudDtcbiAgICAgIH1cbiAgICB9IGVsc2Uge1xuICAgICAgY29tcG9uZW50LnZhbHVlID0gZGlmZi5qb2luKG9sZFN0cmluZy5zbGljZShvbGRQb3MsIG9sZFBvcyArIGNvbXBvbmVudC5jb3VudCkpO1xuICAgICAgb2xkUG9zICs9IGNvbXBvbmVudC5jb3VudDtcblxuICAgICAgLy8gUmV2ZXJzZSBhZGQgYW5kIHJlbW92ZSBzbyByZW1vdmVzIGFyZSBvdXRwdXQgZmlyc3QgdG8gbWF0Y2ggY29tbW9uIGNvbnZlbnRpb25cbiAgICAgIC8vIFRoZSBkaWZmaW5nIGFsZ29yaXRobSBpcyB0aWVkIHRvIGFkZCB0aGVuIHJlbW92ZSBvdXRwdXQgYW5kIHRoaXMgaXMgdGhlIHNpbXBsZXN0XG4gICAgICAvLyByb3V0ZSB0byBnZXQgdGhlIGRlc2lyZWQgb3V0cHV0IHdpdGggbWluaW1hbCBvdmVyaGVhZC5cbiAgICAgIGlmIChjb21wb25lbnRQb3MgJiYgY29tcG9uZW50c1tjb21wb25lbnRQb3MgLSAxXS5hZGRlZCkge1xuICAgICAgICBsZXQgdG1wID0gY29tcG9uZW50c1tjb21wb25lbnRQb3MgLSAxXTtcbiAgICAgICAgY29tcG9uZW50c1tjb21wb25lbnRQb3MgLSAxXSA9IGNvbXBvbmVudHNbY29tcG9uZW50UG9zXTtcbiAgICAgICAgY29tcG9uZW50c1tjb21wb25lbnRQb3NdID0gdG1wO1xuICAgICAgfVxuICAgIH1cbiAgfVxuXG4gIC8vIFNwZWNpYWwgY2FzZSBoYW5kbGUgZm9yIHdoZW4gb25lIHRlcm1pbmFsIGlzIGlnbm9yZWQgKGkuZS4gd2hpdGVzcGFjZSkuXG4gIC8vIEZvciB0aGlzIGNhc2Ugd2UgbWVyZ2UgdGhlIHRlcm1pbmFsIGludG8gdGhlIHByaW9yIHN0cmluZyBhbmQgZHJvcCB0aGUgY2hhbmdlLlxuICAvLyBUaGlzIGlzIG9ubHkgYXZhaWxhYmxlIGZvciBzdHJpbmcgbW9kZS5cbiAgbGV0IGxhc3RDb21wb25lbnQgPSBjb21wb25lbnRzW2NvbXBvbmVudExlbiAtIDFdO1xuICBpZiAoY29tcG9uZW50TGVuID4gMVxuICAgICAgJiYgdHlwZW9mIGxhc3RDb21wb25lbnQudmFsdWUgPT09ICdzdHJpbmcnXG4gICAgICAmJiAobGFzdENvbXBvbmVudC5hZGRlZCB8fCBsYXN0Q29tcG9uZW50LnJlbW92ZWQpXG4gICAgICAmJiBkaWZmLmVxdWFscygnJywgbGFzdENvbXBvbmVudC52YWx1ZSkpIHtcbiAgICBjb21wb25lbnRzW2NvbXBvbmVudExlbiAtIDJdLnZhbHVlICs9IGxhc3RDb21wb25lbnQudmFsdWU7XG4gICAgY29tcG9uZW50cy5wb3AoKTtcbiAgfVxuXG4gIHJldHVybiBjb21wb25lbnRzO1xufVxuXG5mdW5jdGlvbiBjbG9uZVBhdGgocGF0aCkge1xuICByZXR1cm4geyBuZXdQb3M6IHBhdGgubmV3UG9zLCBjb21wb25lbnRzOiBwYXRoLmNvbXBvbmVudHMuc2xpY2UoMCkgfTtcbn1cbiJdfQ==
+//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9kaWZmL2Jhc2UuanMiXSwibmFtZXMiOlsiRGlmZiIsInByb3RvdHlwZSIsImRpZmYiLCJvbGRTdHJpbmciLCJuZXdTdHJpbmciLCJvcHRpb25zIiwiY2FsbGJhY2siLCJzZWxmIiwiZG9uZSIsInZhbHVlIiwic2V0VGltZW91dCIsInVuZGVmaW5lZCIsImNhc3RJbnB1dCIsInJlbW92ZUVtcHR5IiwidG9rZW5pemUiLCJuZXdMZW4iLCJsZW5ndGgiLCJvbGRMZW4iLCJlZGl0TGVuZ3RoIiwibWF4RWRpdExlbmd0aCIsIk1hdGgiLCJtaW4iLCJtYXhFeGVjdXRpb25UaW1lIiwidGltZW91dCIsIkluZmluaXR5IiwiYWJvcnRBZnRlclRpbWVzdGFtcCIsIkRhdGUiLCJub3ciLCJiZXN0UGF0aCIsIm9sZFBvcyIsImxhc3RDb21wb25lbnQiLCJuZXdQb3MiLCJleHRyYWN0Q29tbW9uIiwiam9pbiIsImNvdW50IiwibWluRGlhZ29uYWxUb0NvbnNpZGVyIiwibWF4RGlhZ29uYWxUb0NvbnNpZGVyIiwiZXhlY0VkaXRMZW5ndGgiLCJkaWFnb25hbFBhdGgiLCJtYXgiLCJiYXNlUGF0aCIsInJlbW92ZVBhdGgiLCJhZGRQYXRoIiwiY2FuQWRkIiwiYWRkUGF0aE5ld1BvcyIsImNhblJlbW92ZSIsImFkZFRvUGF0aCIsImJ1aWxkVmFsdWVzIiwidXNlTG9uZ2VzdFRva2VuIiwiZXhlYyIsInJldCIsInBhdGgiLCJhZGRlZCIsInJlbW92ZWQiLCJvbGRQb3NJbmMiLCJsYXN0IiwicHJldmlvdXNDb21wb25lbnQiLCJjb21tb25Db3VudCIsImVxdWFscyIsImxlZnQiLCJyaWdodCIsImNvbXBhcmF0b3IiLCJpZ25vcmVDYXNlIiwidG9Mb3dlckNhc2UiLCJhcnJheSIsImkiLCJwdXNoIiwic3BsaXQiLCJjaGFycyIsImNvbXBvbmVudHMiLCJuZXh0Q29tcG9uZW50IiwicmV2ZXJzZSIsImNvbXBvbmVudFBvcyIsImNvbXBvbmVudExlbiIsImNvbXBvbmVudCIsInNsaWNlIiwibWFwIiwib2xkVmFsdWUiLCJ0bXAiLCJmaW5hbENvbXBvbmVudCIsInBvcCJdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7O0FBQWUsU0FBU0EsSUFBVCxHQUFnQixDQUFFOztBQUVqQ0EsSUFBSSxDQUFDQyxTQUFMLEdBQWlCO0FBQUE7O0FBQUE7QUFDZkMsRUFBQUEsSUFEZSxnQkFDVkMsU0FEVSxFQUNDQyxTQURELEVBQzBCO0FBQUE7QUFBQTs7QUFBQTtBQUFBO0FBQWRDLElBQUFBLE9BQWMsdUVBQUosRUFBSTtBQUN2QyxRQUFJQyxRQUFRLEdBQUdELE9BQU8sQ0FBQ0MsUUFBdkI7O0FBQ0EsUUFBSSxPQUFPRCxPQUFQLEtBQW1CLFVBQXZCLEVBQW1DO0FBQ2pDQyxNQUFBQSxRQUFRLEdBQUdELE9BQVg7QUFDQUEsTUFBQUEsT0FBTyxHQUFHLEVBQVY7QUFDRDs7QUFDRCxTQUFLQSxPQUFMLEdBQWVBLE9BQWY7QUFFQSxRQUFJRSxJQUFJLEdBQUcsSUFBWDs7QUFFQSxhQUFTQyxJQUFULENBQWNDLEtBQWQsRUFBcUI7QUFDbkIsVUFBSUgsUUFBSixFQUFjO0FBQ1pJLFFBQUFBLFVBQVUsQ0FBQyxZQUFXO0FBQUVKLFVBQUFBLFFBQVEsQ0FBQ0ssU0FBRCxFQUFZRixLQUFaLENBQVI7QUFBNkIsU0FBM0MsRUFBNkMsQ0FBN0MsQ0FBVjtBQUNBLGVBQU8sSUFBUDtBQUNELE9BSEQsTUFHTztBQUNMLGVBQU9BLEtBQVA7QUFDRDtBQUNGLEtBakJzQyxDQW1CdkM7OztBQUNBTixJQUFBQSxTQUFTLEdBQUcsS0FBS1MsU0FBTCxDQUFlVCxTQUFmLENBQVo7QUFDQUMsSUFBQUEsU0FBUyxHQUFHLEtBQUtRLFNBQUwsQ0FBZVIsU0FBZixDQUFaO0FBRUFELElBQUFBLFNBQVMsR0FBRyxLQUFLVSxXQUFMLENBQWlCLEtBQUtDLFFBQUwsQ0FBY1gsU0FBZCxDQUFqQixDQUFaO0FBQ0FDLElBQUFBLFNBQVMsR0FBRyxLQUFLUyxXQUFMLENBQWlCLEtBQUtDLFFBQUwsQ0FBY1YsU0FBZCxDQUFqQixDQUFaO0FBRUEsUUFBSVcsTUFBTSxHQUFHWCxTQUFTLENBQUNZLE1BQXZCO0FBQUEsUUFBK0JDLE1BQU0sR0FBR2QsU0FBUyxDQUFDYSxNQUFsRDtBQUNBLFFBQUlFLFVBQVUsR0FBRyxDQUFqQjtBQUNBLFFBQUlDLGFBQWEsR0FBR0osTUFBTSxHQUFHRSxNQUE3Qjs7QUFDQSxRQUFHWixPQUFPLENBQUNjLGFBQVgsRUFBMEI7QUFDeEJBLE1BQUFBLGFBQWEsR0FBR0MsSUFBSSxDQUFDQyxHQUFMLENBQVNGLGFBQVQsRUFBd0JkLE9BQU8sQ0FBQ2MsYUFBaEMsQ0FBaEI7QUFDRDs7QUFDRCxRQUFNRyxnQkFBZ0I7QUFBQTtBQUFBO0FBQUE7QUFBR2pCLElBQUFBLE9BQU8sQ0FBQ2tCLE9BQVgsK0RBQXNCQyxRQUE1QztBQUNBLFFBQU1DLG1CQUFtQixHQUFHQyxJQUFJLENBQUNDLEdBQUwsS0FBYUwsZ0JBQXpDO0FBRUEsUUFBSU0sUUFBUSxHQUFHLENBQUM7QUFBRUMsTUFBQUEsTUFBTSxFQUFFLENBQUMsQ0FBWDtBQUFjQyxNQUFBQSxhQUFhLEVBQUVuQjtBQUE3QixLQUFELENBQWYsQ0FuQ3VDLENBcUN2Qzs7QUFDQSxRQUFJb0IsTUFBTSxHQUFHLEtBQUtDLGFBQUwsQ0FBbUJKLFFBQVEsQ0FBQyxDQUFELENBQTNCLEVBQWdDeEIsU0FBaEMsRUFBMkNELFNBQTNDLEVBQXNELENBQXRELENBQWI7O0FBQ0EsUUFBSXlCLFFBQVEsQ0FBQyxDQUFELENBQVIsQ0FBWUMsTUFBWixHQUFxQixDQUFyQixJQUEwQlosTUFBMUIsSUFBb0NjLE1BQU0sR0FBRyxDQUFULElBQWNoQixNQUF0RCxFQUE4RDtBQUM1RDtBQUNBLGFBQU9QLElBQUksQ0FBQyxDQUFDO0FBQUNDLFFBQUFBLEtBQUssRUFBRSxLQUFLd0IsSUFBTCxDQUFVN0IsU0FBVixDQUFSO0FBQThCOEIsUUFBQUEsS0FBSyxFQUFFOUIsU0FBUyxDQUFDWTtBQUEvQyxPQUFELENBQUQsQ0FBWDtBQUNELEtBMUNzQyxDQTRDdkM7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTtBQUNBO0FBQ0E7QUFDQTs7O0FBQ0EsUUFBSW1CLHFCQUFxQixHQUFHLENBQUNYLFFBQTdCO0FBQUEsUUFBdUNZLHFCQUFxQixHQUFHWixRQUEvRCxDQTdEdUMsQ0ErRHZDOztBQUNBLGFBQVNhLGNBQVQsR0FBMEI7QUFDeEIsV0FDRSxJQUFJQyxZQUFZLEdBQUdsQixJQUFJLENBQUNtQixHQUFMLENBQVNKLHFCQUFULEVBQWdDLENBQUNqQixVQUFqQyxDQURyQixFQUVFb0IsWUFBWSxJQUFJbEIsSUFBSSxDQUFDQyxHQUFMLENBQVNlLHFCQUFULEVBQWdDbEIsVUFBaEMsQ0FGbEIsRUFHRW9CLFlBQVksSUFBSSxDQUhsQixFQUlFO0FBQ0EsWUFBSUUsUUFBUTtBQUFBO0FBQUE7QUFBWjtBQUFBO0FBQ0EsWUFBSUMsVUFBVSxHQUFHYixRQUFRLENBQUNVLFlBQVksR0FBRyxDQUFoQixDQUF6QjtBQUFBLFlBQ0lJLE9BQU8sR0FBR2QsUUFBUSxDQUFDVSxZQUFZLEdBQUcsQ0FBaEIsQ0FEdEI7O0FBRUEsWUFBSUcsVUFBSixFQUFnQjtBQUNkO0FBQ0FiLFVBQUFBLFFBQVEsQ0FBQ1UsWUFBWSxHQUFHLENBQWhCLENBQVIsR0FBNkIzQixTQUE3QjtBQUNEOztBQUVELFlBQUlnQyxNQUFNLEdBQUcsS0FBYjs7QUFDQSxZQUFJRCxPQUFKLEVBQWE7QUFDWDtBQUNBLGNBQU1FLGFBQWEsR0FBR0YsT0FBTyxDQUFDYixNQUFSLEdBQWlCUyxZQUF2QztBQUNBSyxVQUFBQSxNQUFNLEdBQUdELE9BQU8sSUFBSSxLQUFLRSxhQUFoQixJQUFpQ0EsYUFBYSxHQUFHN0IsTUFBMUQ7QUFDRDs7QUFFRCxZQUFJOEIsU0FBUyxHQUFHSixVQUFVLElBQUlBLFVBQVUsQ0FBQ1osTUFBWCxHQUFvQixDQUFwQixHQUF3QlosTUFBdEQ7O0FBQ0EsWUFBSSxDQUFDMEIsTUFBRCxJQUFXLENBQUNFLFNBQWhCLEVBQTJCO0FBQ3pCO0FBQ0FqQixVQUFBQSxRQUFRLENBQUNVLFlBQUQsQ0FBUixHQUF5QjNCLFNBQXpCO0FBQ0E7QUFDRCxTQXJCRCxDQXVCQTtBQUNBO0FBQ0E7QUFDQTtBQUNBOzs7QUFDQSxZQUFJLENBQUNrQyxTQUFELElBQWVGLE1BQU0sSUFBSUYsVUFBVSxDQUFDWixNQUFYLEdBQW9CLENBQXBCLEdBQXdCYSxPQUFPLENBQUNiLE1BQTdELEVBQXNFO0FBQ3BFVyxVQUFBQSxRQUFRLEdBQUdqQyxJQUFJLENBQUN1QyxTQUFMLENBQWVKLE9BQWYsRUFBd0IsSUFBeEIsRUFBOEIvQixTQUE5QixFQUF5QyxDQUF6QyxDQUFYO0FBQ0QsU0FGRCxNQUVPO0FBQ0w2QixVQUFBQSxRQUFRLEdBQUdqQyxJQUFJLENBQUN1QyxTQUFMLENBQWVMLFVBQWYsRUFBMkI5QixTQUEzQixFQUFzQyxJQUF0QyxFQUE0QyxDQUE1QyxDQUFYO0FBQ0Q7O0FBRURvQixRQUFBQSxNQUFNLEdBQUd4QixJQUFJLENBQUN5QixhQUFMLENBQW1CUSxRQUFuQixFQUE2QnBDLFNBQTdCLEVBQXdDRCxTQUF4QyxFQUFtRG1DLFlBQW5ELENBQVQ7O0FBRUEsWUFBSUUsUUFBUSxDQUFDWCxNQUFULEdBQWtCLENBQWxCLElBQXVCWixNQUF2QixJQUFpQ2MsTUFBTSxHQUFHLENBQVQsSUFBY2hCLE1BQW5ELEVBQTJEO0FBQ3pEO0FBQ0EsaUJBQU9QLElBQUksQ0FBQ3VDLFdBQVcsQ0FBQ3hDLElBQUQsRUFBT2lDLFFBQVEsQ0FBQ1YsYUFBaEIsRUFBK0IxQixTQUEvQixFQUEwQ0QsU0FBMUMsRUFBcURJLElBQUksQ0FBQ3lDLGVBQTFELENBQVosQ0FBWDtBQUNELFNBSEQsTUFHTztBQUNMcEIsVUFBQUEsUUFBUSxDQUFDVSxZQUFELENBQVIsR0FBeUJFLFFBQXpCOztBQUNBLGNBQUlBLFFBQVEsQ0FBQ1gsTUFBVCxHQUFrQixDQUFsQixJQUF1QlosTUFBM0IsRUFBbUM7QUFDakNtQixZQUFBQSxxQkFBcUIsR0FBR2hCLElBQUksQ0FBQ0MsR0FBTCxDQUFTZSxxQkFBVCxFQUFnQ0UsWUFBWSxHQUFHLENBQS9DLENBQXhCO0FBQ0Q7O0FBQ0QsY0FBSVAsTUFBTSxHQUFHLENBQVQsSUFBY2hCLE1BQWxCLEVBQTBCO0FBQ3hCb0IsWUFBQUEscUJBQXFCLEdBQUdmLElBQUksQ0FBQ21CLEdBQUwsQ0FBU0oscUJBQVQsRUFBZ0NHLFlBQVksR0FBRyxDQUEvQyxDQUF4QjtBQUNEO0FBQ0Y7QUFDRjs7QUFFRHBCLE1BQUFBLFVBQVU7QUFDWCxLQXhIc0MsQ0EwSHZDO0FBQ0E7QUFDQTtBQUNBOzs7QUFDQSxRQUFJWixRQUFKLEVBQWM7QUFDWCxnQkFBUzJDLElBQVQsR0FBZ0I7QUFDZnZDLFFBQUFBLFVBQVUsQ0FBQyxZQUFXO0FBQ3BCLGNBQUlRLFVBQVUsR0FBR0MsYUFBYixJQUE4Qk8sSUFBSSxDQUFDQyxHQUFMLEtBQWFGLG1CQUEvQyxFQUFvRTtBQUNsRSxtQkFBT25CLFFBQVEsRUFBZjtBQUNEOztBQUVELGNBQUksQ0FBQytCLGNBQWMsRUFBbkIsRUFBdUI7QUFDckJZLFlBQUFBLElBQUk7QUFDTDtBQUNGLFNBUlMsRUFRUCxDQVJPLENBQVY7QUFTRCxPQVZBLEdBQUQ7QUFXRCxLQVpELE1BWU87QUFDTCxhQUFPL0IsVUFBVSxJQUFJQyxhQUFkLElBQStCTyxJQUFJLENBQUNDLEdBQUwsTUFBY0YsbUJBQXBELEVBQXlFO0FBQ3ZFLFlBQUl5QixHQUFHLEdBQUdiLGNBQWMsRUFBeEI7O0FBQ0EsWUFBSWEsR0FBSixFQUFTO0FBQ1AsaUJBQU9BLEdBQVA7QUFDRDtBQUNGO0FBQ0Y7QUFDRixHQW5KYzs7QUFBQTs7QUFBQTtBQXFKZkosRUFBQUEsU0FySmUscUJBcUpMSyxJQXJKSyxFQXFKQ0MsS0FySkQsRUFxSlFDLE9BckpSLEVBcUppQkMsU0FySmpCLEVBcUo0QjtBQUN6QyxRQUFJQyxJQUFJLEdBQUdKLElBQUksQ0FBQ3JCLGFBQWhCOztBQUNBLFFBQUl5QixJQUFJLElBQUlBLElBQUksQ0FBQ0gsS0FBTCxLQUFlQSxLQUF2QixJQUFnQ0csSUFBSSxDQUFDRixPQUFMLEtBQWlCQSxPQUFyRCxFQUE4RDtBQUM1RCxhQUFPO0FBQ0x4QixRQUFBQSxNQUFNLEVBQUVzQixJQUFJLENBQUN0QixNQUFMLEdBQWN5QixTQURqQjtBQUVMeEIsUUFBQUEsYUFBYSxFQUFFO0FBQUNJLFVBQUFBLEtBQUssRUFBRXFCLElBQUksQ0FBQ3JCLEtBQUwsR0FBYSxDQUFyQjtBQUF3QmtCLFVBQUFBLEtBQUssRUFBRUEsS0FBL0I7QUFBc0NDLFVBQUFBLE9BQU8sRUFBRUEsT0FBL0M7QUFBd0RHLFVBQUFBLGlCQUFpQixFQUFFRCxJQUFJLENBQUNDO0FBQWhGO0FBRlYsT0FBUDtBQUlELEtBTEQsTUFLTztBQUNMLGFBQU87QUFDTDNCLFFBQUFBLE1BQU0sRUFBRXNCLElBQUksQ0FBQ3RCLE1BQUwsR0FBY3lCLFNBRGpCO0FBRUx4QixRQUFBQSxhQUFhLEVBQUU7QUFBQ0ksVUFBQUEsS0FBSyxFQUFFLENBQVI7QUFBV2tCLFVBQUFBLEtBQUssRUFBRUEsS0FBbEI7QUFBeUJDLFVBQUFBLE9BQU8sRUFBRUEsT0FBbEM7QUFBMkNHLFVBQUFBLGlCQUFpQixFQUFFRDtBQUE5RDtBQUZWLE9BQVA7QUFJRDtBQUNGLEdBbEtjOztBQUFBOztBQUFBO0FBbUtmdkIsRUFBQUEsYUFuS2UseUJBbUtEUSxRQW5LQyxFQW1LU3BDLFNBbktULEVBbUtvQkQsU0FuS3BCLEVBbUsrQm1DLFlBbksvQixFQW1LNkM7QUFDMUQsUUFBSXZCLE1BQU0sR0FBR1gsU0FBUyxDQUFDWSxNQUF2QjtBQUFBLFFBQ0lDLE1BQU0sR0FBR2QsU0FBUyxDQUFDYSxNQUR2QjtBQUFBLFFBRUlhLE1BQU0sR0FBR1csUUFBUSxDQUFDWCxNQUZ0QjtBQUFBLFFBR0lFLE1BQU0sR0FBR0YsTUFBTSxHQUFHUyxZQUh0QjtBQUFBLFFBS0ltQixXQUFXLEdBQUcsQ0FMbEI7O0FBTUEsV0FBTzFCLE1BQU0sR0FBRyxDQUFULEdBQWFoQixNQUFiLElBQXVCYyxNQUFNLEdBQUcsQ0FBVCxHQUFhWixNQUFwQyxJQUE4QyxLQUFLeUMsTUFBTCxDQUFZdEQsU0FBUyxDQUFDMkIsTUFBTSxHQUFHLENBQVYsQ0FBckIsRUFBbUM1QixTQUFTLENBQUMwQixNQUFNLEdBQUcsQ0FBVixDQUE1QyxDQUFyRCxFQUFnSDtBQUM5R0UsTUFBQUEsTUFBTTtBQUNORixNQUFBQSxNQUFNO0FBQ040QixNQUFBQSxXQUFXO0FBQ1o7O0FBRUQsUUFBSUEsV0FBSixFQUFpQjtBQUNmakIsTUFBQUEsUUFBUSxDQUFDVixhQUFULEdBQXlCO0FBQUNJLFFBQUFBLEtBQUssRUFBRXVCLFdBQVI7QUFBcUJELFFBQUFBLGlCQUFpQixFQUFFaEIsUUFBUSxDQUFDVjtBQUFqRCxPQUF6QjtBQUNEOztBQUVEVSxJQUFBQSxRQUFRLENBQUNYLE1BQVQsR0FBa0JBLE1BQWxCO0FBQ0EsV0FBT0UsTUFBUDtBQUNELEdBdExjOztBQUFBOztBQUFBO0FBd0xmMkIsRUFBQUEsTUF4TGUsa0JBd0xSQyxJQXhMUSxFQXdMRkMsS0F4TEUsRUF3TEs7QUFDbEIsUUFBSSxLQUFLdkQsT0FBTCxDQUFhd0QsVUFBakIsRUFBNkI7QUFDM0IsYUFBTyxLQUFLeEQsT0FBTCxDQUFhd0QsVUFBYixDQUF3QkYsSUFBeEIsRUFBOEJDLEtBQTlCLENBQVA7QUFDRCxLQUZELE1BRU87QUFDTCxhQUFPRCxJQUFJLEtBQUtDLEtBQVQsSUFDRCxLQUFLdkQsT0FBTCxDQUFheUQsVUFBYixJQUEyQkgsSUFBSSxDQUFDSSxXQUFMLE9BQXVCSCxLQUFLLENBQUNHLFdBQU4sRUFEeEQ7QUFFRDtBQUNGLEdBL0xjOztBQUFBOztBQUFBO0FBZ01mbEQsRUFBQUEsV0FoTWUsdUJBZ01IbUQsS0FoTUcsRUFnTUk7QUFDakIsUUFBSWQsR0FBRyxHQUFHLEVBQVY7O0FBQ0EsU0FBSyxJQUFJZSxDQUFDLEdBQUcsQ0FBYixFQUFnQkEsQ0FBQyxHQUFHRCxLQUFLLENBQUNoRCxNQUExQixFQUFrQ2lELENBQUMsRUFBbkMsRUFBdUM7QUFDckMsVUFBSUQsS0FBSyxDQUFDQyxDQUFELENBQVQsRUFBYztBQUNaZixRQUFBQSxHQUFHLENBQUNnQixJQUFKLENBQVNGLEtBQUssQ0FBQ0MsQ0FBRCxDQUFkO0FBQ0Q7QUFDRjs7QUFDRCxXQUFPZixHQUFQO0FBQ0QsR0F4TWM7O0FBQUE7O0FBQUE7QUF5TWZ0QyxFQUFBQSxTQXpNZSxxQkF5TUxILEtBek1LLEVBeU1FO0FBQ2YsV0FBT0EsS0FBUDtBQUNELEdBM01jOztBQUFBOztBQUFBO0FBNE1mSyxFQUFBQSxRQTVNZSxvQkE0TU5MLEtBNU1NLEVBNE1DO0FBQ2QsV0FBT0EsS0FBSyxDQUFDMEQsS0FBTixDQUFZLEVBQVosQ0FBUDtBQUNELEdBOU1jOztBQUFBOztBQUFBO0FBK01mbEMsRUFBQUEsSUEvTWUsZ0JBK01WbUMsS0EvTVUsRUErTUg7QUFDVixXQUFPQSxLQUFLLENBQUNuQyxJQUFOLENBQVcsRUFBWCxDQUFQO0FBQ0Q7QUFqTmMsQ0FBakI7O0FBb05BLFNBQVNjLFdBQVQsQ0FBcUI3QyxJQUFyQixFQUEyQjRCLGFBQTNCLEVBQTBDMUIsU0FBMUMsRUFBcURELFNBQXJELEVBQWdFNkMsZUFBaEUsRUFBaUY7QUFDL0U7QUFDQTtBQUNBLE1BQU1xQixVQUFVLEdBQUcsRUFBbkI7QUFDQSxNQUFJQyxhQUFKOztBQUNBLFNBQU94QyxhQUFQLEVBQXNCO0FBQ3BCdUMsSUFBQUEsVUFBVSxDQUFDSCxJQUFYLENBQWdCcEMsYUFBaEI7QUFDQXdDLElBQUFBLGFBQWEsR0FBR3hDLGFBQWEsQ0FBQzBCLGlCQUE5QjtBQUNBLFdBQU8xQixhQUFhLENBQUMwQixpQkFBckI7QUFDQTFCLElBQUFBLGFBQWEsR0FBR3dDLGFBQWhCO0FBQ0Q7O0FBQ0RELEVBQUFBLFVBQVUsQ0FBQ0UsT0FBWDtBQUVBLE1BQUlDLFlBQVksR0FBRyxDQUFuQjtBQUFBLE1BQ0lDLFlBQVksR0FBR0osVUFBVSxDQUFDckQsTUFEOUI7QUFBQSxNQUVJZSxNQUFNLEdBQUcsQ0FGYjtBQUFBLE1BR0lGLE1BQU0sR0FBRyxDQUhiOztBQUtBLFNBQU8yQyxZQUFZLEdBQUdDLFlBQXRCLEVBQW9DRCxZQUFZLEVBQWhELEVBQW9EO0FBQ2xELFFBQUlFLFNBQVMsR0FBR0wsVUFBVSxDQUFDRyxZQUFELENBQTFCOztBQUNBLFFBQUksQ0FBQ0UsU0FBUyxDQUFDckIsT0FBZixFQUF3QjtBQUN0QixVQUFJLENBQUNxQixTQUFTLENBQUN0QixLQUFYLElBQW9CSixlQUF4QixFQUF5QztBQUN2QyxZQUFJdkMsS0FBSyxHQUFHTCxTQUFTLENBQUN1RSxLQUFWLENBQWdCNUMsTUFBaEIsRUFBd0JBLE1BQU0sR0FBRzJDLFNBQVMsQ0FBQ3hDLEtBQTNDLENBQVo7QUFDQXpCLFFBQUFBLEtBQUssR0FBR0EsS0FBSyxDQUFDbUUsR0FBTixDQUFVLFVBQVNuRSxLQUFULEVBQWdCd0QsQ0FBaEIsRUFBbUI7QUFDbkMsY0FBSVksUUFBUSxHQUFHMUUsU0FBUyxDQUFDMEIsTUFBTSxHQUFHb0MsQ0FBVixDQUF4QjtBQUNBLGlCQUFPWSxRQUFRLENBQUM3RCxNQUFULEdBQWtCUCxLQUFLLENBQUNPLE1BQXhCLEdBQWlDNkQsUUFBakMsR0FBNENwRSxLQUFuRDtBQUNELFNBSE8sQ0FBUjtBQUtBaUUsUUFBQUEsU0FBUyxDQUFDakUsS0FBVixHQUFrQlAsSUFBSSxDQUFDK0IsSUFBTCxDQUFVeEIsS0FBVixDQUFsQjtBQUNELE9BUkQsTUFRTztBQUNMaUUsUUFBQUEsU0FBUyxDQUFDakUsS0FBVixHQUFrQlAsSUFBSSxDQUFDK0IsSUFBTCxDQUFVN0IsU0FBUyxDQUFDdUUsS0FBVixDQUFnQjVDLE1BQWhCLEVBQXdCQSxNQUFNLEdBQUcyQyxTQUFTLENBQUN4QyxLQUEzQyxDQUFWLENBQWxCO0FBQ0Q7O0FBQ0RILE1BQUFBLE1BQU0sSUFBSTJDLFNBQVMsQ0FBQ3hDLEtBQXBCLENBWnNCLENBY3RCOztBQUNBLFVBQUksQ0FBQ3dDLFNBQVMsQ0FBQ3RCLEtBQWYsRUFBc0I7QUFDcEJ2QixRQUFBQSxNQUFNLElBQUk2QyxTQUFTLENBQUN4QyxLQUFwQjtBQUNEO0FBQ0YsS0FsQkQsTUFrQk87QUFDTHdDLE1BQUFBLFNBQVMsQ0FBQ2pFLEtBQVYsR0FBa0JQLElBQUksQ0FBQytCLElBQUwsQ0FBVTlCLFNBQVMsQ0FBQ3dFLEtBQVYsQ0FBZ0I5QyxNQUFoQixFQUF3QkEsTUFBTSxHQUFHNkMsU0FBUyxDQUFDeEMsS0FBM0MsQ0FBVixDQUFsQjtBQUNBTCxNQUFBQSxNQUFNLElBQUk2QyxTQUFTLENBQUN4QyxLQUFwQixDQUZLLENBSUw7QUFDQTtBQUNBOztBQUNBLFVBQUlzQyxZQUFZLElBQUlILFVBQVUsQ0FBQ0csWUFBWSxHQUFHLENBQWhCLENBQVYsQ0FBNkJwQixLQUFqRCxFQUF3RDtBQUN0RCxZQUFJMEIsR0FBRyxHQUFHVCxVQUFVLENBQUNHLFlBQVksR0FBRyxDQUFoQixDQUFwQjtBQUNBSCxRQUFBQSxVQUFVLENBQUNHLFlBQVksR0FBRyxDQUFoQixDQUFWLEdBQStCSCxVQUFVLENBQUNHLFlBQUQsQ0FBekM7QUFDQUgsUUFBQUEsVUFBVSxDQUFDRyxZQUFELENBQVYsR0FBMkJNLEdBQTNCO0FBQ0Q7QUFDRjtBQUNGLEdBbkQ4RSxDQXFEL0U7QUFDQTtBQUNBOzs7QUFDQSxNQUFJQyxjQUFjLEdBQUdWLFVBQVUsQ0FBQ0ksWUFBWSxHQUFHLENBQWhCLENBQS9COztBQUNBLE1BQUlBLFlBQVksR0FBRyxDQUFmLElBQ0csT0FBT00sY0FBYyxDQUFDdEUsS0FBdEIsS0FBZ0MsUUFEbkMsS0FFSXNFLGNBQWMsQ0FBQzNCLEtBQWYsSUFBd0IyQixjQUFjLENBQUMxQixPQUYzQyxLQUdHbkQsSUFBSSxDQUFDd0QsTUFBTCxDQUFZLEVBQVosRUFBZ0JxQixjQUFjLENBQUN0RSxLQUEvQixDQUhQLEVBRzhDO0FBQzVDNEQsSUFBQUEsVUFBVSxDQUFDSSxZQUFZLEdBQUcsQ0FBaEIsQ0FBVixDQUE2QmhFLEtBQTdCLElBQXNDc0UsY0FBYyxDQUFDdEUsS0FBckQ7QUFDQTRELElBQUFBLFVBQVUsQ0FBQ1csR0FBWDtBQUNEOztBQUVELFNBQU9YLFVBQVA7QUFDRCIsInNvdXJjZXNDb250ZW50IjpbImV4cG9ydCBkZWZhdWx0IGZ1bmN0aW9uIERpZmYoKSB7fVxuXG5EaWZmLnByb3RvdHlwZSA9IHtcbiAgZGlmZihvbGRTdHJpbmcsIG5ld1N0cmluZywgb3B0aW9ucyA9IHt9KSB7XG4gICAgbGV0IGNhbGxiYWNrID0gb3B0aW9ucy5jYWxsYmFjaztcbiAgICBpZiAodHlwZW9mIG9wdGlvbnMgPT09ICdmdW5jdGlvbicpIHtcbiAgICAgIGNhbGxiYWNrID0gb3B0aW9ucztcbiAgICAgIG9wdGlvbnMgPSB7fTtcbiAgICB9XG4gICAgdGhpcy5vcHRpb25zID0gb3B0aW9ucztcblxuICAgIGxldCBzZWxmID0gdGhpcztcblxuICAgIGZ1bmN0aW9uIGRvbmUodmFsdWUpIHtcbiAgICAgIGlmIChjYWxsYmFjaykge1xuICAgICAgICBzZXRUaW1lb3V0KGZ1bmN0aW9uKCkgeyBjYWxsYmFjayh1bmRlZmluZWQsIHZhbHVlKTsgfSwgMCk7XG4gICAgICAgIHJldHVybiB0cnVlO1xuICAgICAgfSBlbHNlIHtcbiAgICAgICAgcmV0dXJuIHZhbHVlO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIEFsbG93IHN1YmNsYXNzZXMgdG8gbWFzc2FnZSB0aGUgaW5wdXQgcHJpb3IgdG8gcnVubmluZ1xuICAgIG9sZFN0cmluZyA9IHRoaXMuY2FzdElucHV0KG9sZFN0cmluZyk7XG4gICAgbmV3U3RyaW5nID0gdGhpcy5jYXN0SW5wdXQobmV3U3RyaW5nKTtcblxuICAgIG9sZFN0cmluZyA9IHRoaXMucmVtb3ZlRW1wdHkodGhpcy50b2tlbml6ZShvbGRTdHJpbmcpKTtcbiAgICBuZXdTdHJpbmcgPSB0aGlzLnJlbW92ZUVtcHR5KHRoaXMudG9rZW5pemUobmV3U3RyaW5nKSk7XG5cbiAgICBsZXQgbmV3TGVuID0gbmV3U3RyaW5nLmxlbmd0aCwgb2xkTGVuID0gb2xkU3RyaW5nLmxlbmd0aDtcbiAgICBsZXQgZWRpdExlbmd0aCA9IDE7XG4gICAgbGV0IG1heEVkaXRMZW5ndGggPSBuZXdMZW4gKyBvbGRMZW47XG4gICAgaWYob3B0aW9ucy5tYXhFZGl0TGVuZ3RoKSB7XG4gICAgICBtYXhFZGl0TGVuZ3RoID0gTWF0aC5taW4obWF4RWRpdExlbmd0aCwgb3B0aW9ucy5tYXhFZGl0TGVuZ3RoKTtcbiAgICB9XG4gICAgY29uc3QgbWF4RXhlY3V0aW9uVGltZSA9IG9wdGlvbnMudGltZW91dCA/PyBJbmZpbml0eTtcbiAgICBjb25zdCBhYm9ydEFmdGVyVGltZXN0YW1wID0gRGF0ZS5ub3coKSArIG1heEV4ZWN1dGlvblRpbWU7XG5cbiAgICBsZXQgYmVzdFBhdGggPSBbeyBvbGRQb3M6IC0xLCBsYXN0Q29tcG9uZW50OiB1bmRlZmluZWQgfV07XG5cbiAgICAvLyBTZWVkIGVkaXRMZW5ndGggPSAwLCBpLmUuIHRoZSBjb250ZW50IHN0YXJ0cyB3aXRoIHRoZSBzYW1lIHZhbHVlc1xuICAgIGxldCBuZXdQb3MgPSB0aGlzLmV4dHJhY3RDb21tb24oYmVzdFBhdGhbMF0sIG5ld1N0cmluZywgb2xkU3RyaW5nLCAwKTtcbiAgICBpZiAoYmVzdFBhdGhbMF0ub2xkUG9zICsgMSA+PSBvbGRMZW4gJiYgbmV3UG9zICsgMSA+PSBuZXdMZW4pIHtcbiAgICAgIC8vIElkZW50aXR5IHBlciB0aGUgZXF1YWxpdHkgYW5kIHRva2VuaXplclxuICAgICAgcmV0dXJuIGRvbmUoW3t2YWx1ZTogdGhpcy5qb2luKG5ld1N0cmluZyksIGNvdW50OiBuZXdTdHJpbmcubGVuZ3RofV0pO1xuICAgIH1cblxuICAgIC8vIE9uY2Ugd2UgaGl0IHRoZSByaWdodCBlZGdlIG9mIHRoZSBlZGl0IGdyYXBoIG9uIHNvbWUgZGlhZ29uYWwgaywgd2UgY2FuXG4gICAgLy8gZGVmaW5pdGVseSByZWFjaCB0aGUgZW5kIG9mIHRoZSBlZGl0IGdyYXBoIGluIG5vIG1vcmUgdGhhbiBrIGVkaXRzLCBzb1xuICAgIC8vIHRoZXJlJ3Mgbm8gcG9pbnQgaW4gY29uc2lkZXJpbmcgYW55IG1vdmVzIHRvIGRpYWdvbmFsIGsrMSBhbnkgbW9yZSAoZnJvbVxuICAgIC8vIHdoaWNoIHdlJ3JlIGd1YXJhbnRlZWQgdG8gbmVlZCBhdCBsZWFzdCBrKzEgbW9yZSBlZGl0cykuXG4gICAgLy8gU2ltaWxhcmx5LCBvbmNlIHdlJ3ZlIHJlYWNoZWQgdGhlIGJvdHRvbSBvZiB0aGUgZWRpdCBncmFwaCwgdGhlcmUncyBub1xuICAgIC8vIHBvaW50IGNvbnNpZGVyaW5nIG1vdmVzIHRvIGxvd2VyIGRpYWdvbmFscy5cbiAgICAvLyBXZSByZWNvcmQgdGhpcyBmYWN0IGJ5IHNldHRpbmcgbWluRGlhZ29uYWxUb0NvbnNpZGVyIGFuZFxuICAgIC8vIG1heERpYWdvbmFsVG9Db25zaWRlciB0byBzb21lIGZpbml0ZSB2YWx1ZSBvbmNlIHdlJ3ZlIGhpdCB0aGUgZWRnZSBvZlxuICAgIC8vIHRoZSBlZGl0IGdyYXBoLlxuICAgIC8vIFRoaXMgb3B0aW1pemF0aW9uIGlzIG5vdCBmYWl0aGZ1bCB0byB0aGUgb3JpZ2luYWwgYWxnb3JpdGhtIHByZXNlbnRlZCBpblxuICAgIC8vIE15ZXJzJ3MgcGFwZXIsIHdoaWNoIGluc3RlYWQgcG9pbnRsZXNzbHkgZXh0ZW5kcyBELXBhdGhzIG9mZiB0aGUgZW5kIG9mXG4gICAgLy8gdGhlIGVkaXQgZ3JhcGggLSBzZWUgcGFnZSA3IG9mIE15ZXJzJ3MgcGFwZXIgd2hpY2ggbm90ZXMgdGhpcyBwb2ludFxuICAgIC8vIGV4cGxpY2l0bHkgYW5kIGlsbHVzdHJhdGVzIGl0IHdpdGggYSBkaWFncmFtLiBUaGlzIGhhcyBtYWpvciBwZXJmb3JtYW5jZVxuICAgIC8vIGltcGxpY2F0aW9ucyBmb3Igc29tZSBjb21tb24gc2NlbmFyaW9zLiBGb3IgaW5zdGFuY2UsIHRvIGNvbXB1dGUgYSBkaWZmXG4gICAgLy8gd2hlcmUgdGhlIG5ldyB0ZXh0IHNpbXBseSBhcHBlbmRzIGQgY2hhcmFjdGVycyBvbiB0aGUgZW5kIG9mIHRoZVxuICAgIC8vIG9yaWdpbmFsIHRleHQgb2YgbGVuZ3RoIG4sIHRoZSB0cnVlIE15ZXJzIGFsZ29yaXRobSB3aWxsIHRha2UgTyhuK2ReMilcbiAgICAvLyB0aW1lIHdoaWxlIHRoaXMgb3B0aW1pemF0aW9uIG5lZWRzIG9ubHkgTyhuK2QpIHRpbWUuXG4gICAgbGV0IG1pbkRpYWdvbmFsVG9Db25zaWRlciA9IC1JbmZpbml0eSwgbWF4RGlhZ29uYWxUb0NvbnNpZGVyID0gSW5maW5pdHk7XG5cbiAgICAvLyBNYWluIHdvcmtlciBtZXRob2QuIGNoZWNrcyBhbGwgcGVybXV0YXRpb25zIG9mIGEgZ2l2ZW4gZWRpdCBsZW5ndGggZm9yIGFjY2VwdGFuY2UuXG4gICAgZnVuY3Rpb24gZXhlY0VkaXRMZW5ndGgoKSB7XG4gICAgICBmb3IgKFxuICAgICAgICBsZXQgZGlhZ29uYWxQYXRoID0gTWF0aC5tYXgobWluRGlhZ29uYWxUb0NvbnNpZGVyLCAtZWRpdExlbmd0aCk7XG4gICAgICAgIGRpYWdvbmFsUGF0aCA8PSBNYXRoLm1pbihtYXhEaWFnb25hbFRvQ29uc2lkZXIsIGVkaXRMZW5ndGgpO1xuICAgICAgICBkaWFnb25hbFBhdGggKz0gMlxuICAgICAgKSB7XG4gICAgICAgIGxldCBiYXNlUGF0aDtcbiAgICAgICAgbGV0IHJlbW92ZVBhdGggPSBiZXN0UGF0aFtkaWFnb25hbFBhdGggLSAxXSxcbiAgICAgICAgICAgIGFkZFBhdGggPSBiZXN0UGF0aFtkaWFnb25hbFBhdGggKyAxXTtcbiAgICAgICAgaWYgKHJlbW92ZVBhdGgpIHtcbiAgICAgICAgICAvLyBObyBvbmUgZWxzZSBpcyBnb2luZyB0byBhdHRlbXB0IHRvIHVzZSB0aGlzIHZhbHVlLCBjbGVhciBpdFxuICAgICAgICAgIGJlc3RQYXRoW2RpYWdvbmFsUGF0aCAtIDFdID0gdW5kZWZpbmVkO1xuICAgICAgICB9XG5cbiAgICAgICAgbGV0IGNhbkFkZCA9IGZhbHNlO1xuICAgICAgICBpZiAoYWRkUGF0aCkge1xuICAgICAgICAgIC8vIHdoYXQgbmV3UG9zIHdpbGwgYmUgYWZ0ZXIgd2UgZG8gYW4gaW5zZXJ0aW9uOlxuICAgICAgICAgIGNvbnN0IGFkZFBhdGhOZXdQb3MgPSBhZGRQYXRoLm9sZFBvcyAtIGRpYWdvbmFsUGF0aDtcbiAgICAgICAgICBjYW5BZGQgPSBhZGRQYXRoICYmIDAgPD0gYWRkUGF0aE5ld1BvcyAmJiBhZGRQYXRoTmV3UG9zIDwgbmV3TGVuO1xuICAgICAgICB9XG5cbiAgICAgICAgbGV0IGNhblJlbW92ZSA9IHJlbW92ZVBhdGggJiYgcmVtb3ZlUGF0aC5vbGRQb3MgKyAxIDwgb2xkTGVuO1xuICAgICAgICBpZiAoIWNhbkFkZCAmJiAhY2FuUmVtb3ZlKSB7XG4gICAgICAgICAgLy8gSWYgdGhpcyBwYXRoIGlzIGEgdGVybWluYWwgdGhlbiBwcnVuZVxuICAgICAgICAgIGJlc3RQYXRoW2RpYWdvbmFsUGF0aF0gPSB1bmRlZmluZWQ7XG4gICAgICAgICAgY29udGludWU7XG4gICAgICAgIH1cblxuICAgICAgICAvLyBTZWxlY3QgdGhlIGRpYWdvbmFsIHRoYXQgd2Ugd2FudCB0byBicmFuY2ggZnJvbS4gV2Ugc2VsZWN0IHRoZSBwcmlvclxuICAgICAgICAvLyBwYXRoIHdob3NlIHBvc2l0aW9uIGluIHRoZSBvbGQgc3RyaW5nIGlzIHRoZSBmYXJ0aGVzdCBmcm9tIHRoZSBvcmlnaW5cbiAgICAgICAgLy8gYW5kIGRvZXMgbm90IHBhc3MgdGhlIGJvdW5kcyBvZiB0aGUgZGlmZiBncmFwaFxuICAgICAgICAvLyBUT0RPOiBSZW1vdmUgdGhlIGArIDFgIGhlcmUgdG8gbWFrZSBiZWhhdmlvciBtYXRjaCBNeWVycyBhbGdvcml0aG1cbiAgICAgICAgLy8gICAgICAgYW5kIHByZWZlciB0byBvcmRlciByZW1vdmFscyBiZWZvcmUgaW5zZXJ0aW9ucy5cbiAgICAgICAgaWYgKCFjYW5SZW1vdmUgfHwgKGNhbkFkZCAmJiByZW1vdmVQYXRoLm9sZFBvcyArIDEgPCBhZGRQYXRoLm9sZFBvcykpIHtcbiAgICAgICAgICBiYXNlUGF0aCA9IHNlbGYuYWRkVG9QYXRoKGFkZFBhdGgsIHRydWUsIHVuZGVmaW5lZCwgMCk7XG4gICAgICAgIH0gZWxzZSB7XG4gICAgICAgICAgYmFzZVBhdGggPSBzZWxmLmFkZFRvUGF0aChyZW1vdmVQYXRoLCB1bmRlZmluZWQsIHRydWUsIDEpO1xuICAgICAgICB9XG5cbiAgICAgICAgbmV3UG9zID0gc2VsZi5leHRyYWN0Q29tbW9uKGJhc2VQYXRoLCBuZXdTdHJpbmcsIG9sZFN0cmluZywgZGlhZ29uYWxQYXRoKTtcblxuICAgICAgICBpZiAoYmFzZVBhdGgub2xkUG9zICsgMSA+PSBvbGRMZW4gJiYgbmV3UG9zICsgMSA+PSBuZXdMZW4pIHtcbiAgICAgICAgICAvLyBJZiB3ZSBoYXZlIGhpdCB0aGUgZW5kIG9mIGJvdGggc3RyaW5ncywgdGhlbiB3ZSBhcmUgZG9uZVxuICAgICAgICAgIHJldHVybiBkb25lKGJ1aWxkVmFsdWVzKHNlbGYsIGJhc2VQYXRoLmxhc3RDb21wb25lbnQsIG5ld1N0cmluZywgb2xkU3RyaW5nLCBzZWxmLnVzZUxvbmdlc3RUb2tlbikpO1xuICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgIGJlc3RQYXRoW2RpYWdvbmFsUGF0aF0gPSBiYXNlUGF0aDtcbiAgICAgICAgICBpZiAoYmFzZVBhdGgub2xkUG9zICsgMSA+PSBvbGRMZW4pIHtcbiAgICAgICAgICAgIG1heERpYWdvbmFsVG9Db25zaWRlciA9IE1hdGgubWluKG1heERpYWdvbmFsVG9Db25zaWRlciwgZGlhZ29uYWxQYXRoIC0gMSk7XG4gICAgICAgICAgfVxuICAgICAgICAgIGlmIChuZXdQb3MgKyAxID49IG5ld0xlbikge1xuICAgICAgICAgICAgbWluRGlhZ29uYWxUb0NvbnNpZGVyID0gTWF0aC5tYXgobWluRGlhZ29uYWxUb0NvbnNpZGVyLCBkaWFnb25hbFBhdGggKyAxKTtcbiAgICAgICAgICB9XG4gICAgICAgIH1cbiAgICAgIH1cblxuICAgICAgZWRpdExlbmd0aCsrO1xuICAgIH1cblxuICAgIC8vIFBlcmZvcm1zIHRoZSBsZW5ndGggb2YgZWRpdCBpdGVyYXRpb24uIElzIGEgYml0IGZ1Z2x5IGFzIHRoaXMgaGFzIHRvIHN1cHBvcnQgdGhlXG4gICAgLy8gc3luYyBhbmQgYXN5bmMgbW9kZSB3aGljaCBpcyBuZXZlciBmdW4uIExvb3BzIG92ZXIgZXhlY0VkaXRMZW5ndGggdW50aWwgYSB2YWx1ZVxuICAgIC8vIGlzIHByb2R1Y2VkLCBvciB1bnRpbCB0aGUgZWRpdCBsZW5ndGggZXhjZWVkcyBvcHRpb25zLm1heEVkaXRMZW5ndGggKGlmIGdpdmVuKSxcbiAgICAvLyBpbiB3aGljaCBjYXNlIGl0IHdpbGwgcmV0dXJuIHVuZGVmaW5lZC5cbiAgICBpZiAoY2FsbGJhY2spIHtcbiAgICAgIChmdW5jdGlvbiBleGVjKCkge1xuICAgICAgICBzZXRUaW1lb3V0KGZ1bmN0aW9uKCkge1xuICAgICAgICAgIGlmIChlZGl0TGVuZ3RoID4gbWF4RWRpdExlbmd0aCB8fCBEYXRlLm5vdygpID4gYWJvcnRBZnRlclRpbWVzdGFtcCkge1xuICAgICAgICAgICAgcmV0dXJuIGNhbGxiYWNrKCk7XG4gICAgICAgICAgfVxuXG4gICAgICAgICAgaWYgKCFleGVjRWRpdExlbmd0aCgpKSB7XG4gICAgICAgICAgICBleGVjKCk7XG4gICAgICAgICAgfVxuICAgICAgICB9LCAwKTtcbiAgICAgIH0oKSk7XG4gICAgfSBlbHNlIHtcbiAgICAgIHdoaWxlIChlZGl0TGVuZ3RoIDw9IG1heEVkaXRMZW5ndGggJiYgRGF0ZS5ub3coKSA8PSBhYm9ydEFmdGVyVGltZXN0YW1wKSB7XG4gICAgICAgIGxldCByZXQgPSBleGVjRWRpdExlbmd0aCgpO1xuICAgICAgICBpZiAocmV0KSB7XG4gICAgICAgICAgcmV0dXJuIHJldDtcbiAgICAgICAgfVxuICAgICAgfVxuICAgIH1cbiAgfSxcblxuICBhZGRUb1BhdGgocGF0aCwgYWRkZWQsIHJlbW92ZWQsIG9sZFBvc0luYykge1xuICAgIGxldCBsYXN0ID0gcGF0aC5sYXN0Q29tcG9uZW50O1xuICAgIGlmIChsYXN0ICYmIGxhc3QuYWRkZWQgPT09IGFkZGVkICYmIGxhc3QucmVtb3ZlZCA9PT0gcmVtb3ZlZCkge1xuICAgICAgcmV0dXJuIHtcbiAgICAgICAgb2xkUG9zOiBwYXRoLm9sZFBvcyArIG9sZFBvc0luYyxcbiAgICAgICAgbGFzdENvbXBvbmVudDoge2NvdW50OiBsYXN0LmNvdW50ICsgMSwgYWRkZWQ6IGFkZGVkLCByZW1vdmVkOiByZW1vdmVkLCBwcmV2aW91c0NvbXBvbmVudDogbGFzdC5wcmV2aW91c0NvbXBvbmVudCB9XG4gICAgICB9O1xuICAgIH0gZWxzZSB7XG4gICAgICByZXR1cm4ge1xuICAgICAgICBvbGRQb3M6IHBhdGgub2xkUG9zICsgb2xkUG9zSW5jLFxuICAgICAgICBsYXN0Q29tcG9uZW50OiB7Y291bnQ6IDEsIGFkZGVkOiBhZGRlZCwgcmVtb3ZlZDogcmVtb3ZlZCwgcHJldmlvdXNDb21wb25lbnQ6IGxhc3QgfVxuICAgICAgfTtcbiAgICB9XG4gIH0sXG4gIGV4dHJhY3RDb21tb24oYmFzZVBhdGgsIG5ld1N0cmluZywgb2xkU3RyaW5nLCBkaWFnb25hbFBhdGgpIHtcbiAgICBsZXQgbmV3TGVuID0gbmV3U3RyaW5nLmxlbmd0aCxcbiAgICAgICAgb2xkTGVuID0gb2xkU3RyaW5nLmxlbmd0aCxcbiAgICAgICAgb2xkUG9zID0gYmFzZVBhdGgub2xkUG9zLFxuICAgICAgICBuZXdQb3MgPSBvbGRQb3MgLSBkaWFnb25hbFBhdGgsXG5cbiAgICAgICAgY29tbW9uQ291bnQgPSAwO1xuICAgIHdoaWxlIChuZXdQb3MgKyAxIDwgbmV3TGVuICYmIG9sZFBvcyArIDEgPCBvbGRMZW4gJiYgdGhpcy5lcXVhbHMobmV3U3RyaW5nW25ld1BvcyArIDFdLCBvbGRTdHJpbmdbb2xkUG9zICsgMV0pKSB7XG4gICAgICBuZXdQb3MrKztcbiAgICAgIG9sZFBvcysrO1xuICAgICAgY29tbW9uQ291bnQrKztcbiAgICB9XG5cbiAgICBpZiAoY29tbW9uQ291bnQpIHtcbiAgICAgIGJhc2VQYXRoLmxhc3RDb21wb25lbnQgPSB7Y291bnQ6IGNvbW1vbkNvdW50LCBwcmV2aW91c0NvbXBvbmVudDogYmFzZVBhdGgubGFzdENvbXBvbmVudH07XG4gICAgfVxuXG4gICAgYmFzZVBhdGgub2xkUG9zID0gb2xkUG9zO1xuICAgIHJldHVybiBuZXdQb3M7XG4gIH0sXG5cbiAgZXF1YWxzKGxlZnQsIHJpZ2h0KSB7XG4gICAgaWYgKHRoaXMub3B0aW9ucy5jb21wYXJhdG9yKSB7XG4gICAgICByZXR1cm4gdGhpcy5vcHRpb25zLmNvbXBhcmF0b3IobGVmdCwgcmlnaHQpO1xuICAgIH0gZWxzZSB7XG4gICAgICByZXR1cm4gbGVmdCA9PT0gcmlnaHRcbiAgICAgICAgfHwgKHRoaXMub3B0aW9ucy5pZ25vcmVDYXNlICYmIGxlZnQudG9Mb3dlckNhc2UoKSA9PT0gcmlnaHQudG9Mb3dlckNhc2UoKSk7XG4gICAgfVxuICB9LFxuICByZW1vdmVFbXB0eShhcnJheSkge1xuICAgIGxldCByZXQgPSBbXTtcbiAgICBmb3IgKGxldCBpID0gMDsgaSA8IGFycmF5Lmxlbmd0aDsgaSsrKSB7XG4gICAgICBpZiAoYXJyYXlbaV0pIHtcbiAgICAgICAgcmV0LnB1c2goYXJyYXlbaV0pO1xuICAgICAgfVxuICAgIH1cbiAgICByZXR1cm4gcmV0O1xuICB9LFxuICBjYXN0SW5wdXQodmFsdWUpIHtcbiAgICByZXR1cm4gdmFsdWU7XG4gIH0sXG4gIHRva2VuaXplKHZhbHVlKSB7XG4gICAgcmV0dXJuIHZhbHVlLnNwbGl0KCcnKTtcbiAgfSxcbiAgam9pbihjaGFycykge1xuICAgIHJldHVybiBjaGFycy5qb2luKCcnKTtcbiAgfVxufTtcblxuZnVuY3Rpb24gYnVpbGRWYWx1ZXMoZGlmZiwgbGFzdENvbXBvbmVudCwgbmV3U3RyaW5nLCBvbGRTdHJpbmcsIHVzZUxvbmdlc3RUb2tlbikge1xuICAvLyBGaXJzdCB3ZSBjb252ZXJ0IG91ciBsaW5rZWQgbGlzdCBvZiBjb21wb25lbnRzIGluIHJldmVyc2Ugb3JkZXIgdG8gYW5cbiAgLy8gYXJyYXkgaW4gdGhlIHJpZ2h0IG9yZGVyOlxuICBjb25zdCBjb21wb25lbnRzID0gW107XG4gIGxldCBuZXh0Q29tcG9uZW50O1xuICB3aGlsZSAobGFzdENvbXBvbmVudCkge1xuICAgIGNvbXBvbmVudHMucHVzaChsYXN0Q29tcG9uZW50KTtcbiAgICBuZXh0Q29tcG9uZW50ID0gbGFzdENvbXBvbmVudC5wcmV2aW91c0NvbXBvbmVudDtcbiAgICBkZWxldGUgbGFzdENvbXBvbmVudC5wcmV2aW91c0NvbXBvbmVudDtcbiAgICBsYXN0Q29tcG9uZW50ID0gbmV4dENvbXBvbmVudDtcbiAgfVxuICBjb21wb25lbnRzLnJldmVyc2UoKTtcblxuICBsZXQgY29tcG9uZW50UG9zID0gMCxcbiAgICAgIGNvbXBvbmVudExlbiA9IGNvbXBvbmVudHMubGVuZ3RoLFxuICAgICAgbmV3UG9zID0gMCxcbiAgICAgIG9sZFBvcyA9IDA7XG5cbiAgZm9yICg7IGNvbXBvbmVudFBvcyA8IGNvbXBvbmVudExlbjsgY29tcG9uZW50UG9zKyspIHtcbiAgICBsZXQgY29tcG9uZW50ID0gY29tcG9uZW50c1tjb21wb25lbnRQb3NdO1xuICAgIGlmICghY29tcG9uZW50LnJlbW92ZWQpIHtcbiAgICAgIGlmICghY29tcG9uZW50LmFkZGVkICYmIHVzZUxvbmdlc3RUb2tlbikge1xuICAgICAgICBsZXQgdmFsdWUgPSBuZXdTdHJpbmcuc2xpY2UobmV3UG9zLCBuZXdQb3MgKyBjb21wb25lbnQuY291bnQpO1xuICAgICAgICB2YWx1ZSA9IHZhbHVlLm1hcChmdW5jdGlvbih2YWx1ZSwgaSkge1xuICAgICAgICAgIGxldCBvbGRWYWx1ZSA9IG9sZFN0cmluZ1tvbGRQb3MgKyBpXTtcbiAgICAgICAgICByZXR1cm4gb2xkVmFsdWUubGVuZ3RoID4gdmFsdWUubGVuZ3RoID8gb2xkVmFsdWUgOiB2YWx1ZTtcbiAgICAgICAgfSk7XG5cbiAgICAgICAgY29tcG9uZW50LnZhbHVlID0gZGlmZi5qb2luKHZhbHVlKTtcbiAgICAgIH0gZWxzZSB7XG4gICAgICAgIGNvbXBvbmVudC52YWx1ZSA9IGRpZmYuam9pbihuZXdTdHJpbmcuc2xpY2UobmV3UG9zLCBuZXdQb3MgKyBjb21wb25lbnQuY291bnQpKTtcbiAgICAgIH1cbiAgICAgIG5ld1BvcyArPSBjb21wb25lbnQuY291bnQ7XG5cbiAgICAgIC8vIENvbW1vbiBjYXNlXG4gICAgICBpZiAoIWNvbXBvbmVudC5hZGRlZCkge1xuICAgICAgICBvbGRQb3MgKz0gY29tcG9uZW50LmNvdW50O1xuICAgICAgfVxuICAgIH0gZWxzZSB7XG4gICAgICBjb21wb25lbnQudmFsdWUgPSBkaWZmLmpvaW4ob2xkU3RyaW5nLnNsaWNlKG9sZFBvcywgb2xkUG9zICsgY29tcG9uZW50LmNvdW50KSk7XG4gICAgICBvbGRQb3MgKz0gY29tcG9uZW50LmNvdW50O1xuXG4gICAgICAvLyBSZXZlcnNlIGFkZCBhbmQgcmVtb3ZlIHNvIHJlbW92ZXMgYXJlIG91dHB1dCBmaXJzdCB0byBtYXRjaCBjb21tb24gY29udmVudGlvblxuICAgICAgLy8gVGhlIGRpZmZpbmcgYWxnb3JpdGhtIGlzIHRpZWQgdG8gYWRkIHRoZW4gcmVtb3ZlIG91dHB1dCBhbmQgdGhpcyBpcyB0aGUgc2ltcGxlc3RcbiAgICAgIC8vIHJvdXRlIHRvIGdldCB0aGUgZGVzaXJlZCBvdXRwdXQgd2l0aCBtaW5pbWFsIG92ZXJoZWFkLlxuICAgICAgaWYgKGNvbXBvbmVudFBvcyAmJiBjb21wb25lbnRzW2NvbXBvbmVudFBvcyAtIDFdLmFkZGVkKSB7XG4gICAgICAgIGxldCB0bXAgPSBjb21wb25lbnRzW2NvbXBvbmVudFBvcyAtIDFdO1xuICAgICAgICBjb21wb25lbnRzW2NvbXBvbmVudFBvcyAtIDFdID0gY29tcG9uZW50c1tjb21wb25lbnRQb3NdO1xuICAgICAgICBjb21wb25lbnRzW2NvbXBvbmVudFBvc10gPSB0bXA7XG4gICAgICB9XG4gICAgfVxuICB9XG5cbiAgLy8gU3BlY2lhbCBjYXNlIGhhbmRsZSBmb3Igd2hlbiBvbmUgdGVybWluYWwgaXMgaWdub3JlZCAoaS5lLiB3aGl0ZXNwYWNlKS5cbiAgLy8gRm9yIHRoaXMgY2FzZSB3ZSBtZXJnZSB0aGUgdGVybWluYWwgaW50byB0aGUgcHJpb3Igc3RyaW5nIGFuZCBkcm9wIHRoZSBjaGFuZ2UuXG4gIC8vIFRoaXMgaXMgb25seSBhdmFpbGFibGUgZm9yIHN0cmluZyBtb2RlLlxuICBsZXQgZmluYWxDb21wb25lbnQgPSBjb21wb25lbnRzW2NvbXBvbmVudExlbiAtIDFdO1xuICBpZiAoY29tcG9uZW50TGVuID4gMVxuICAgICAgJiYgdHlwZW9mIGZpbmFsQ29tcG9uZW50LnZhbHVlID09PSAnc3RyaW5nJ1xuICAgICAgJiYgKGZpbmFsQ29tcG9uZW50LmFkZGVkIHx8IGZpbmFsQ29tcG9uZW50LnJlbW92ZWQpXG4gICAgICAmJiBkaWZmLmVxdWFscygnJywgZmluYWxDb21wb25lbnQudmFsdWUpKSB7XG4gICAgY29tcG9uZW50c1tjb21wb25lbnRMZW4gLSAyXS52YWx1ZSArPSBmaW5hbENvbXBvbmVudC52YWx1ZTtcbiAgICBjb21wb25lbnRzLnBvcCgpO1xuICB9XG5cbiAgcmV0dXJuIGNvbXBvbmVudHM7XG59XG4iXX0=
diff --git a/deps/npm/node_modules/diff/lib/diff/line.js b/deps/npm/node_modules/diff/lib/diff/line.js
index 855fe30b9cc2c8..30bc74d2383d20 100644
--- a/deps/npm/node_modules/diff/lib/diff/line.js
+++ b/deps/npm/node_modules/diff/lib/diff/line.js
@@ -39,6 +39,11 @@ exports.lineDiff = lineDiff;
 
 /*istanbul ignore end*/
 lineDiff.tokenize = function (value) {
+  if (this.options.stripTrailingCr) {
+    // remove one \r before \n to match GNU diff's --strip-trailing-cr behavior
+    value = value.replace(/\r\n/g, '\n');
+  }
+
   var retLines = [],
       linesAndNewlines = value.split(/(\n|\r\n)/); // Ignore the final empty token that occurs if the string ends with a new line
 
@@ -86,4 +91,4 @@ function diffTrimmedLines(oldStr, newStr, callback) {
   });
   return lineDiff.diff(oldStr, newStr, options);
 }
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9kaWZmL2xpbmUuanMiXSwibmFtZXMiOlsibGluZURpZmYiLCJEaWZmIiwidG9rZW5pemUiLCJ2YWx1ZSIsInJldExpbmVzIiwibGluZXNBbmROZXdsaW5lcyIsInNwbGl0IiwibGVuZ3RoIiwicG9wIiwiaSIsImxpbmUiLCJvcHRpb25zIiwibmV3bGluZUlzVG9rZW4iLCJpZ25vcmVXaGl0ZXNwYWNlIiwidHJpbSIsInB1c2giLCJkaWZmTGluZXMiLCJvbGRTdHIiLCJuZXdTdHIiLCJjYWxsYmFjayIsImRpZmYiLCJkaWZmVHJpbW1lZExpbmVzIiwiZ2VuZXJhdGVPcHRpb25zIl0sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7OztBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7O0FBQ0E7QUFBQTtBQUFBO0FBQUE7QUFBQTs7Ozs7QUFFTyxJQUFNQSxRQUFRLEdBQUc7QUFBSUM7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUEsQ0FBSixFQUFqQjs7Ozs7O0FBQ1BELFFBQVEsQ0FBQ0UsUUFBVCxHQUFvQixVQUFTQyxLQUFULEVBQWdCO0FBQ2xDLE1BQUlDLFFBQVEsR0FBRyxFQUFmO0FBQUEsTUFDSUMsZ0JBQWdCLEdBQUdGLEtBQUssQ0FBQ0csS0FBTixDQUFZLFdBQVosQ0FEdkIsQ0FEa0MsQ0FJbEM7O0FBQ0EsTUFBSSxDQUFDRCxnQkFBZ0IsQ0FBQ0EsZ0JBQWdCLENBQUNFLE1BQWpCLEdBQTBCLENBQTNCLENBQXJCLEVBQW9EO0FBQ2xERixJQUFBQSxnQkFBZ0IsQ0FBQ0csR0FBakI7QUFDRCxHQVBpQyxDQVNsQzs7O0FBQ0EsT0FBSyxJQUFJQyxDQUFDLEdBQUcsQ0FBYixFQUFnQkEsQ0FBQyxHQUFHSixnQkFBZ0IsQ0FBQ0UsTUFBckMsRUFBNkNFLENBQUMsRUFBOUMsRUFBa0Q7QUFDaEQsUUFBSUMsSUFBSSxHQUFHTCxnQkFBZ0IsQ0FBQ0ksQ0FBRCxDQUEzQjs7QUFFQSxRQUFJQSxDQUFDLEdBQUcsQ0FBSixJQUFTLENBQUMsS0FBS0UsT0FBTCxDQUFhQyxjQUEzQixFQUEyQztBQUN6Q1IsTUFBQUEsUUFBUSxDQUFDQSxRQUFRLENBQUNHLE1BQVQsR0FBa0IsQ0FBbkIsQ0FBUixJQUFpQ0csSUFBakM7QUFDRCxLQUZELE1BRU87QUFDTCxVQUFJLEtBQUtDLE9BQUwsQ0FBYUUsZ0JBQWpCLEVBQW1DO0FBQ2pDSCxRQUFBQSxJQUFJLEdBQUdBLElBQUksQ0FBQ0ksSUFBTCxFQUFQO0FBQ0Q7O0FBQ0RWLE1BQUFBLFFBQVEsQ0FBQ1csSUFBVCxDQUFjTCxJQUFkO0FBQ0Q7QUFDRjs7QUFFRCxTQUFPTixRQUFQO0FBQ0QsQ0F4QkQ7O0FBMEJPLFNBQVNZLFNBQVQsQ0FBbUJDLE1BQW5CLEVBQTJCQyxNQUEzQixFQUFtQ0MsUUFBbkMsRUFBNkM7QUFBRSxTQUFPbkIsUUFBUSxDQUFDb0IsSUFBVCxDQUFjSCxNQUFkLEVBQXNCQyxNQUF0QixFQUE4QkMsUUFBOUIsQ0FBUDtBQUFpRDs7QUFDaEcsU0FBU0UsZ0JBQVQsQ0FBMEJKLE1BQTFCLEVBQWtDQyxNQUFsQyxFQUEwQ0MsUUFBMUMsRUFBb0Q7QUFDekQsTUFBSVIsT0FBTztBQUFHO0FBQUE7QUFBQTs7QUFBQVc7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQTtBQUFBLEdBQWdCSCxRQUFoQixFQUEwQjtBQUFDTixJQUFBQSxnQkFBZ0IsRUFBRTtBQUFuQixHQUExQixDQUFkO0FBQ0EsU0FBT2IsUUFBUSxDQUFDb0IsSUFBVCxDQUFjSCxNQUFkLEVBQXNCQyxNQUF0QixFQUE4QlAsT0FBOUIsQ0FBUDtBQUNEIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IERpZmYgZnJvbSAnLi9iYXNlJztcbmltcG9ydCB7Z2VuZXJhdGVPcHRpb25zfSBmcm9tICcuLi91dGlsL3BhcmFtcyc7XG5cbmV4cG9ydCBjb25zdCBsaW5lRGlmZiA9IG5ldyBEaWZmKCk7XG5saW5lRGlmZi50b2tlbml6ZSA9IGZ1bmN0aW9uKHZhbHVlKSB7XG4gIGxldCByZXRMaW5lcyA9IFtdLFxuICAgICAgbGluZXNBbmROZXdsaW5lcyA9IHZhbHVlLnNwbGl0KC8oXFxufFxcclxcbikvKTtcblxuICAvLyBJZ25vcmUgdGhlIGZpbmFsIGVtcHR5IHRva2VuIHRoYXQgb2NjdXJzIGlmIHRoZSBzdHJpbmcgZW5kcyB3aXRoIGEgbmV3IGxpbmVcbiAgaWYgKCFsaW5lc0FuZE5ld2xpbmVzW2xpbmVzQW5kTmV3bGluZXMubGVuZ3RoIC0gMV0pIHtcbiAgICBsaW5lc0FuZE5ld2xpbmVzLnBvcCgpO1xuICB9XG5cbiAgLy8gTWVyZ2UgdGhlIGNvbnRlbnQgYW5kIGxpbmUgc2VwYXJhdG9ycyBpbnRvIHNpbmdsZSB0b2tlbnNcbiAgZm9yIChsZXQgaSA9IDA7IGkgPCBsaW5lc0FuZE5ld2xpbmVzLmxlbmd0aDsgaSsrKSB7XG4gICAgbGV0IGxpbmUgPSBsaW5lc0FuZE5ld2xpbmVzW2ldO1xuXG4gICAgaWYgKGkgJSAyICYmICF0aGlzLm9wdGlvbnMubmV3bGluZUlzVG9rZW4pIHtcbiAgICAgIHJldExpbmVzW3JldExpbmVzLmxlbmd0aCAtIDFdICs9IGxpbmU7XG4gICAgfSBlbHNlIHtcbiAgICAgIGlmICh0aGlzLm9wdGlvbnMuaWdub3JlV2hpdGVzcGFjZSkge1xuICAgICAgICBsaW5lID0gbGluZS50cmltKCk7XG4gICAgICB9XG4gICAgICByZXRMaW5lcy5wdXNoKGxpbmUpO1xuICAgIH1cbiAgfVxuXG4gIHJldHVybiByZXRMaW5lcztcbn07XG5cbmV4cG9ydCBmdW5jdGlvbiBkaWZmTGluZXMob2xkU3RyLCBuZXdTdHIsIGNhbGxiYWNrKSB7IHJldHVybiBsaW5lRGlmZi5kaWZmKG9sZFN0ciwgbmV3U3RyLCBjYWxsYmFjayk7IH1cbmV4cG9ydCBmdW5jdGlvbiBkaWZmVHJpbW1lZExpbmVzKG9sZFN0ciwgbmV3U3RyLCBjYWxsYmFjaykge1xuICBsZXQgb3B0aW9ucyA9IGdlbmVyYXRlT3B0aW9ucyhjYWxsYmFjaywge2lnbm9yZVdoaXRlc3BhY2U6IHRydWV9KTtcbiAgcmV0dXJuIGxpbmVEaWZmLmRpZmYob2xkU3RyLCBuZXdTdHIsIG9wdGlvbnMpO1xufVxuIl19
+//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9kaWZmL2xpbmUuanMiXSwibmFtZXMiOlsibGluZURpZmYiLCJEaWZmIiwidG9rZW5pemUiLCJ2YWx1ZSIsIm9wdGlvbnMiLCJzdHJpcFRyYWlsaW5nQ3IiLCJyZXBsYWNlIiwicmV0TGluZXMiLCJsaW5lc0FuZE5ld2xpbmVzIiwic3BsaXQiLCJsZW5ndGgiLCJwb3AiLCJpIiwibGluZSIsIm5ld2xpbmVJc1Rva2VuIiwiaWdub3JlV2hpdGVzcGFjZSIsInRyaW0iLCJwdXNoIiwiZGlmZkxpbmVzIiwib2xkU3RyIiwibmV3U3RyIiwiY2FsbGJhY2siLCJkaWZmIiwiZGlmZlRyaW1tZWRMaW5lcyIsImdlbmVyYXRlT3B0aW9ucyJdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBOztBQUNBO0FBQUE7QUFBQTtBQUFBO0FBQUE7Ozs7O0FBRU8sSUFBTUEsUUFBUSxHQUFHO0FBQUlDO0FBQUFBO0FBQUFBO0FBQUFBO0FBQUFBO0FBQUFBO0FBQUFBO0FBQUFBLENBQUosRUFBakI7Ozs7OztBQUNQRCxRQUFRLENBQUNFLFFBQVQsR0FBb0IsVUFBU0MsS0FBVCxFQUFnQjtBQUNsQyxNQUFHLEtBQUtDLE9BQUwsQ0FBYUMsZUFBaEIsRUFBaUM7QUFDL0I7QUFDQUYsSUFBQUEsS0FBSyxHQUFHQSxLQUFLLENBQUNHLE9BQU4sQ0FBYyxPQUFkLEVBQXVCLElBQXZCLENBQVI7QUFDRDs7QUFFRCxNQUFJQyxRQUFRLEdBQUcsRUFBZjtBQUFBLE1BQ0lDLGdCQUFnQixHQUFHTCxLQUFLLENBQUNNLEtBQU4sQ0FBWSxXQUFaLENBRHZCLENBTmtDLENBU2xDOztBQUNBLE1BQUksQ0FBQ0QsZ0JBQWdCLENBQUNBLGdCQUFnQixDQUFDRSxNQUFqQixHQUEwQixDQUEzQixDQUFyQixFQUFvRDtBQUNsREYsSUFBQUEsZ0JBQWdCLENBQUNHLEdBQWpCO0FBQ0QsR0FaaUMsQ0FjbEM7OztBQUNBLE9BQUssSUFBSUMsQ0FBQyxHQUFHLENBQWIsRUFBZ0JBLENBQUMsR0FBR0osZ0JBQWdCLENBQUNFLE1BQXJDLEVBQTZDRSxDQUFDLEVBQTlDLEVBQWtEO0FBQ2hELFFBQUlDLElBQUksR0FBR0wsZ0JBQWdCLENBQUNJLENBQUQsQ0FBM0I7O0FBRUEsUUFBSUEsQ0FBQyxHQUFHLENBQUosSUFBUyxDQUFDLEtBQUtSLE9BQUwsQ0FBYVUsY0FBM0IsRUFBMkM7QUFDekNQLE1BQUFBLFFBQVEsQ0FBQ0EsUUFBUSxDQUFDRyxNQUFULEdBQWtCLENBQW5CLENBQVIsSUFBaUNHLElBQWpDO0FBQ0QsS0FGRCxNQUVPO0FBQ0wsVUFBSSxLQUFLVCxPQUFMLENBQWFXLGdCQUFqQixFQUFtQztBQUNqQ0YsUUFBQUEsSUFBSSxHQUFHQSxJQUFJLENBQUNHLElBQUwsRUFBUDtBQUNEOztBQUNEVCxNQUFBQSxRQUFRLENBQUNVLElBQVQsQ0FBY0osSUFBZDtBQUNEO0FBQ0Y7O0FBRUQsU0FBT04sUUFBUDtBQUNELENBN0JEOztBQStCTyxTQUFTVyxTQUFULENBQW1CQyxNQUFuQixFQUEyQkMsTUFBM0IsRUFBbUNDLFFBQW5DLEVBQTZDO0FBQUUsU0FBT3JCLFFBQVEsQ0FBQ3NCLElBQVQsQ0FBY0gsTUFBZCxFQUFzQkMsTUFBdEIsRUFBOEJDLFFBQTlCLENBQVA7QUFBaUQ7O0FBQ2hHLFNBQVNFLGdCQUFULENBQTBCSixNQUExQixFQUFrQ0MsTUFBbEMsRUFBMENDLFFBQTFDLEVBQW9EO0FBQ3pELE1BQUlqQixPQUFPO0FBQUc7QUFBQTtBQUFBOztBQUFBb0I7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQTtBQUFBLEdBQWdCSCxRQUFoQixFQUEwQjtBQUFDTixJQUFBQSxnQkFBZ0IsRUFBRTtBQUFuQixHQUExQixDQUFkO0FBQ0EsU0FBT2YsUUFBUSxDQUFDc0IsSUFBVCxDQUFjSCxNQUFkLEVBQXNCQyxNQUF0QixFQUE4QmhCLE9BQTlCLENBQVA7QUFDRCIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCBEaWZmIGZyb20gJy4vYmFzZSc7XG5pbXBvcnQge2dlbmVyYXRlT3B0aW9uc30gZnJvbSAnLi4vdXRpbC9wYXJhbXMnO1xuXG5leHBvcnQgY29uc3QgbGluZURpZmYgPSBuZXcgRGlmZigpO1xubGluZURpZmYudG9rZW5pemUgPSBmdW5jdGlvbih2YWx1ZSkge1xuICBpZih0aGlzLm9wdGlvbnMuc3RyaXBUcmFpbGluZ0NyKSB7XG4gICAgLy8gcmVtb3ZlIG9uZSBcXHIgYmVmb3JlIFxcbiB0byBtYXRjaCBHTlUgZGlmZidzIC0tc3RyaXAtdHJhaWxpbmctY3IgYmVoYXZpb3JcbiAgICB2YWx1ZSA9IHZhbHVlLnJlcGxhY2UoL1xcclxcbi9nLCAnXFxuJyk7XG4gIH1cblxuICBsZXQgcmV0TGluZXMgPSBbXSxcbiAgICAgIGxpbmVzQW5kTmV3bGluZXMgPSB2YWx1ZS5zcGxpdCgvKFxcbnxcXHJcXG4pLyk7XG5cbiAgLy8gSWdub3JlIHRoZSBmaW5hbCBlbXB0eSB0b2tlbiB0aGF0IG9jY3VycyBpZiB0aGUgc3RyaW5nIGVuZHMgd2l0aCBhIG5ldyBsaW5lXG4gIGlmICghbGluZXNBbmROZXdsaW5lc1tsaW5lc0FuZE5ld2xpbmVzLmxlbmd0aCAtIDFdKSB7XG4gICAgbGluZXNBbmROZXdsaW5lcy5wb3AoKTtcbiAgfVxuXG4gIC8vIE1lcmdlIHRoZSBjb250ZW50IGFuZCBsaW5lIHNlcGFyYXRvcnMgaW50byBzaW5nbGUgdG9rZW5zXG4gIGZvciAobGV0IGkgPSAwOyBpIDwgbGluZXNBbmROZXdsaW5lcy5sZW5ndGg7IGkrKykge1xuICAgIGxldCBsaW5lID0gbGluZXNBbmROZXdsaW5lc1tpXTtcblxuICAgIGlmIChpICUgMiAmJiAhdGhpcy5vcHRpb25zLm5ld2xpbmVJc1Rva2VuKSB7XG4gICAgICByZXRMaW5lc1tyZXRMaW5lcy5sZW5ndGggLSAxXSArPSBsaW5lO1xuICAgIH0gZWxzZSB7XG4gICAgICBpZiAodGhpcy5vcHRpb25zLmlnbm9yZVdoaXRlc3BhY2UpIHtcbiAgICAgICAgbGluZSA9IGxpbmUudHJpbSgpO1xuICAgICAgfVxuICAgICAgcmV0TGluZXMucHVzaChsaW5lKTtcbiAgICB9XG4gIH1cblxuICByZXR1cm4gcmV0TGluZXM7XG59O1xuXG5leHBvcnQgZnVuY3Rpb24gZGlmZkxpbmVzKG9sZFN0ciwgbmV3U3RyLCBjYWxsYmFjaykgeyByZXR1cm4gbGluZURpZmYuZGlmZihvbGRTdHIsIG5ld1N0ciwgY2FsbGJhY2spOyB9XG5leHBvcnQgZnVuY3Rpb24gZGlmZlRyaW1tZWRMaW5lcyhvbGRTdHIsIG5ld1N0ciwgY2FsbGJhY2spIHtcbiAgbGV0IG9wdGlvbnMgPSBnZW5lcmF0ZU9wdGlvbnMoY2FsbGJhY2ssIHtpZ25vcmVXaGl0ZXNwYWNlOiB0cnVlfSk7XG4gIHJldHVybiBsaW5lRGlmZi5kaWZmKG9sZFN0ciwgbmV3U3RyLCBvcHRpb25zKTtcbn1cbiJdfQ==
diff --git a/deps/npm/node_modules/diff/lib/index.es6.js b/deps/npm/node_modules/diff/lib/index.es6.js
index c2a00135a4e242..a0ace0182ab14e 100644
--- a/deps/npm/node_modules/diff/lib/index.es6.js
+++ b/deps/npm/node_modules/diff/lib/index.es6.js
@@ -1,6 +1,8 @@
 function Diff() {}
 Diff.prototype = {
   diff: function diff(oldString, newString) {
+    var _options$timeout;
+
     var options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
     var callback = options.callback;
 
@@ -37,64 +39,96 @@ Diff.prototype = {
       maxEditLength = Math.min(maxEditLength, options.maxEditLength);
     }
 
+    var maxExecutionTime = (_options$timeout = options.timeout) !== null && _options$timeout !== void 0 ? _options$timeout : Infinity;
+    var abortAfterTimestamp = Date.now() + maxExecutionTime;
     var bestPath = [{
-      newPos: -1,
-      components: []
+      oldPos: -1,
+      lastComponent: undefined
     }]; // Seed editLength = 0, i.e. the content starts with the same values
 
-    var oldPos = this.extractCommon(bestPath[0], newString, oldString, 0);
+    var newPos = this.extractCommon(bestPath[0], newString, oldString, 0);
 
-    if (bestPath[0].newPos + 1 >= newLen && oldPos + 1 >= oldLen) {
+    if (bestPath[0].oldPos + 1 >= oldLen && newPos + 1 >= newLen) {
       // Identity per the equality and tokenizer
       return done([{
         value: this.join(newString),
         count: newString.length
       }]);
-    } // Main worker method. checks all permutations of a given edit length for acceptance.
-
+    } // Once we hit the right edge of the edit graph on some diagonal k, we can
+    // definitely reach the end of the edit graph in no more than k edits, so
+    // there's no point in considering any moves to diagonal k+1 any more (from
+    // which we're guaranteed to need at least k+1 more edits).
+    // Similarly, once we've reached the bottom of the edit graph, there's no
+    // point considering moves to lower diagonals.
+    // We record this fact by setting minDiagonalToConsider and
+    // maxDiagonalToConsider to some finite value once we've hit the edge of
+    // the edit graph.
+    // This optimization is not faithful to the original algorithm presented in
+    // Myers's paper, which instead pointlessly extends D-paths off the end of
+    // the edit graph - see page 7 of Myers's paper which notes this point
+    // explicitly and illustrates it with a diagram. This has major performance
+    // implications for some common scenarios. For instance, to compute a diff
+    // where the new text simply appends d characters on the end of the
+    // original text of length n, the true Myers algorithm will take O(n+d^2)
+    // time while this optimization needs only O(n+d) time.
+
+
+    var minDiagonalToConsider = -Infinity,
+        maxDiagonalToConsider = Infinity; // Main worker method. checks all permutations of a given edit length for acceptance.
 
     function execEditLength() {
-      for (var diagonalPath = -1 * editLength; diagonalPath <= editLength; diagonalPath += 2) {
+      for (var diagonalPath = Math.max(minDiagonalToConsider, -editLength); diagonalPath <= Math.min(maxDiagonalToConsider, editLength); diagonalPath += 2) {
         var basePath = void 0;
+        var removePath = bestPath[diagonalPath - 1],
+            addPath = bestPath[diagonalPath + 1];
 
-        var addPath = bestPath[diagonalPath - 1],
-            removePath = bestPath[diagonalPath + 1],
-            _oldPos = (removePath ? removePath.newPos : 0) - diagonalPath;
-
-        if (addPath) {
+        if (removePath) {
           // No one else is going to attempt to use this value, clear it
           bestPath[diagonalPath - 1] = undefined;
         }
 
-        var canAdd = addPath && addPath.newPos + 1 < newLen,
-            canRemove = removePath && 0 <= _oldPos && _oldPos < oldLen;
+        var canAdd = false;
+
+        if (addPath) {
+          // what newPos will be after we do an insertion:
+          var addPathNewPos = addPath.oldPos - diagonalPath;
+          canAdd = addPath && 0 <= addPathNewPos && addPathNewPos < newLen;
+        }
+
+        var canRemove = removePath && removePath.oldPos + 1 < oldLen;
 
         if (!canAdd && !canRemove) {
           // If this path is a terminal then prune
           bestPath[diagonalPath] = undefined;
           continue;
         } // Select the diagonal that we want to branch from. We select the prior
-        // path whose position in the new string is the farthest from the origin
+        // path whose position in the old string is the farthest from the origin
         // and does not pass the bounds of the diff graph
+        // TODO: Remove the `+ 1` here to make behavior match Myers algorithm
+        //       and prefer to order removals before insertions.
 
 
-        if (!canAdd || canRemove && addPath.newPos < removePath.newPos) {
-          basePath = clonePath(removePath);
-          self.pushComponent(basePath.components, undefined, true);
+        if (!canRemove || canAdd && removePath.oldPos + 1 < addPath.oldPos) {
+          basePath = self.addToPath(addPath, true, undefined, 0);
         } else {
-          basePath = addPath; // No need to clone, we've pulled it from the list
-
-          basePath.newPos++;
-          self.pushComponent(basePath.components, true, undefined);
+          basePath = self.addToPath(removePath, undefined, true, 1);
         }
 
-        _oldPos = self.extractCommon(basePath, newString, oldString, diagonalPath); // If we have hit the end of both strings, then we are done
+        newPos = self.extractCommon(basePath, newString, oldString, diagonalPath);
 
-        if (basePath.newPos + 1 >= newLen && _oldPos + 1 >= oldLen) {
-          return done(buildValues(self, basePath.components, newString, oldString, self.useLongestToken));
+        if (basePath.oldPos + 1 >= oldLen && newPos + 1 >= newLen) {
+          // If we have hit the end of both strings, then we are done
+          return done(buildValues(self, basePath.lastComponent, newString, oldString, self.useLongestToken));
         } else {
-          // Otherwise track this path as a potential candidate and continue.
           bestPath[diagonalPath] = basePath;
+
+          if (basePath.oldPos + 1 >= oldLen) {
+            maxDiagonalToConsider = Math.min(maxDiagonalToConsider, diagonalPath - 1);
+          }
+
+          if (newPos + 1 >= newLen) {
+            minDiagonalToConsider = Math.max(minDiagonalToConsider, diagonalPath + 1);
+          }
         }
       }
 
@@ -108,7 +142,7 @@ Diff.prototype = {
     if (callback) {
       (function exec() {
         setTimeout(function () {
-          if (editLength > maxEditLength) {
+          if (editLength > maxEditLength || Date.now() > abortAfterTimestamp) {
             return callback();
           }
 
@@ -118,7 +152,7 @@ Diff.prototype = {
         }, 0);
       })();
     } else {
-      while (editLength <= maxEditLength) {
+      while (editLength <= maxEditLength && Date.now() <= abortAfterTimestamp) {
         var ret = execEditLength();
 
         if (ret) {
@@ -127,30 +161,36 @@ Diff.prototype = {
       }
     }
   },
-  pushComponent: function pushComponent(components, added, removed) {
-    var last = components[components.length - 1];
+  addToPath: function addToPath(path, added, removed, oldPosInc) {
+    var last = path.lastComponent;
 
     if (last && last.added === added && last.removed === removed) {
-      // We need to clone here as the component clone operation is just
-      // as shallow array clone
-      components[components.length - 1] = {
-        count: last.count + 1,
-        added: added,
-        removed: removed
+      return {
+        oldPos: path.oldPos + oldPosInc,
+        lastComponent: {
+          count: last.count + 1,
+          added: added,
+          removed: removed,
+          previousComponent: last.previousComponent
+        }
       };
     } else {
-      components.push({
-        count: 1,
-        added: added,
-        removed: removed
-      });
+      return {
+        oldPos: path.oldPos + oldPosInc,
+        lastComponent: {
+          count: 1,
+          added: added,
+          removed: removed,
+          previousComponent: last
+        }
+      };
     }
   },
   extractCommon: function extractCommon(basePath, newString, oldString, diagonalPath) {
     var newLen = newString.length,
         oldLen = oldString.length,
-        newPos = basePath.newPos,
-        oldPos = newPos - diagonalPath,
+        oldPos = basePath.oldPos,
+        newPos = oldPos - diagonalPath,
         commonCount = 0;
 
     while (newPos + 1 < newLen && oldPos + 1 < oldLen && this.equals(newString[newPos + 1], oldString[oldPos + 1])) {
@@ -160,13 +200,14 @@ Diff.prototype = {
     }
 
     if (commonCount) {
-      basePath.components.push({
-        count: commonCount
-      });
+      basePath.lastComponent = {
+        count: commonCount,
+        previousComponent: basePath.lastComponent
+      };
     }
 
-    basePath.newPos = newPos;
-    return oldPos;
+    basePath.oldPos = oldPos;
+    return newPos;
   },
   equals: function equals(left, right) {
     if (this.options.comparator) {
@@ -197,7 +238,20 @@ Diff.prototype = {
   }
 };
 
-function buildValues(diff, components, newString, oldString, useLongestToken) {
+function buildValues(diff, lastComponent, newString, oldString, useLongestToken) {
+  // First we convert our linked list of components in reverse order to an
+  // array in the right order:
+  var components = [];
+  var nextComponent;
+
+  while (lastComponent) {
+    components.push(lastComponent);
+    nextComponent = lastComponent.previousComponent;
+    delete lastComponent.previousComponent;
+    lastComponent = nextComponent;
+  }
+
+  components.reverse();
   var componentPos = 0,
       componentLen = components.length,
       newPos = 0,
@@ -240,23 +294,16 @@ function buildValues(diff, components, newString, oldString, useLongestToken) {
   // This is only available for string mode.
 
 
-  var lastComponent = components[componentLen - 1];
+  var finalComponent = components[componentLen - 1];
 
-  if (componentLen > 1 && typeof lastComponent.value === 'string' && (lastComponent.added || lastComponent.removed) && diff.equals('', lastComponent.value)) {
-    components[componentLen - 2].value += lastComponent.value;
+  if (componentLen > 1 && typeof finalComponent.value === 'string' && (finalComponent.added || finalComponent.removed) && diff.equals('', finalComponent.value)) {
+    components[componentLen - 2].value += finalComponent.value;
     components.pop();
   }
 
   return components;
 }
 
-function clonePath(path) {
-  return {
-    newPos: path.newPos,
-    components: path.components.slice(0)
-  };
-}
-
 var characterDiff = new Diff();
 function diffChars(oldStr, newStr, options) {
   return characterDiff.diff(oldStr, newStr, options);
@@ -337,6 +384,11 @@ function diffWordsWithSpace(oldStr, newStr, options) {
 var lineDiff = new Diff();
 
 lineDiff.tokenize = function (value) {
+  if (this.options.stripTrailingCr) {
+    // remove one \r before \n to match GNU diff's --strip-trailing-cr behavior
+    value = value.replace(/\r\n/g, '\n');
+  }
+
   var retLines = [],
       linesAndNewlines = value.split(/(\n|\r\n)/); // Ignore the final empty token that occurs if the string ends with a new line
 
@@ -408,6 +460,55 @@ function _typeof(obj) {
   return _typeof(obj);
 }
 
+function _defineProperty(obj, key, value) {
+  if (key in obj) {
+    Object.defineProperty(obj, key, {
+      value: value,
+      enumerable: true,
+      configurable: true,
+      writable: true
+    });
+  } else {
+    obj[key] = value;
+  }
+
+  return obj;
+}
+
+function ownKeys(object, enumerableOnly) {
+  var keys = Object.keys(object);
+
+  if (Object.getOwnPropertySymbols) {
+    var symbols = Object.getOwnPropertySymbols(object);
+    if (enumerableOnly) symbols = symbols.filter(function (sym) {
+      return Object.getOwnPropertyDescriptor(object, sym).enumerable;
+    });
+    keys.push.apply(keys, symbols);
+  }
+
+  return keys;
+}
+
+function _objectSpread2(target) {
+  for (var i = 1; i < arguments.length; i++) {
+    var source = arguments[i] != null ? arguments[i] : {};
+
+    if (i % 2) {
+      ownKeys(Object(source), true).forEach(function (key) {
+        _defineProperty(target, key, source[key]);
+      });
+    } else if (Object.getOwnPropertyDescriptors) {
+      Object.defineProperties(target, Object.getOwnPropertyDescriptors(source));
+    } else {
+      ownKeys(Object(source)).forEach(function (key) {
+        Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));
+      });
+    }
+  }
+
+  return target;
+}
+
 function _toConsumableArray(arr) {
   return _arrayWithoutHoles(arr) || _iterableToArray(arr) || _unsupportedIterableToArray(arr) || _nonIterableSpread();
 }
@@ -840,7 +941,7 @@ function applyPatch(source, uniDiff) {
       var line = _hunk.lines[j],
           operation = line.length > 0 ? line[0] : ' ',
           content = line.length > 0 ? line.substr(1) : line,
-          delimiter = _hunk.linedelimiters[j];
+          delimiter = _hunk.linedelimiters && _hunk.linedelimiters[j] || '\n';
 
       if (operation === ' ') {
         _toPos++;
@@ -1047,6 +1148,10 @@ function structuredPatch(oldFileName, newFileName, oldStr, newStr, oldHeader, ne
   };
 }
 function formatPatch(diff) {
+  if (Array.isArray(diff)) {
+    return diff.map(formatPatch).join('\n');
+  }
+
   var ret = [];
 
   if (diff.oldFileName == diff.newFileName) {
@@ -1502,6 +1607,39 @@ function calcOldNewLineCount(lines) {
   };
 }
 
+function reversePatch(structuredPatch) {
+  if (Array.isArray(structuredPatch)) {
+    return structuredPatch.map(reversePatch).reverse();
+  }
+
+  return _objectSpread2(_objectSpread2({}, structuredPatch), {}, {
+    oldFileName: structuredPatch.newFileName,
+    oldHeader: structuredPatch.newHeader,
+    newFileName: structuredPatch.oldFileName,
+    newHeader: structuredPatch.oldHeader,
+    hunks: structuredPatch.hunks.map(function (hunk) {
+      return {
+        oldLines: hunk.newLines,
+        oldStart: hunk.newStart,
+        newLines: hunk.oldLines,
+        newStart: hunk.oldStart,
+        linedelimiters: hunk.linedelimiters,
+        lines: hunk.lines.map(function (l) {
+          if (l.startsWith('-')) {
+            return "+".concat(l.slice(1));
+          }
+
+          if (l.startsWith('+')) {
+            return "-".concat(l.slice(1));
+          }
+
+          return l;
+        })
+      };
+    })
+  });
+}
+
 // See: http://code.google.com/p/google-diff-match-patch/wiki/API
 function convertChangesToDMP(changes) {
   var ret = [],
@@ -1558,4 +1696,4 @@ function escapeHTML(s) {
   return n;
 }
 
-export { Diff, applyPatch, applyPatches, canonicalize, convertChangesToDMP, convertChangesToXML, createPatch, createTwoFilesPatch, diffArrays, diffChars, diffCss, diffJson, diffLines, diffSentences, diffTrimmedLines, diffWords, diffWordsWithSpace, merge, parsePatch, structuredPatch };
+export { Diff, applyPatch, applyPatches, canonicalize, convertChangesToDMP, convertChangesToXML, createPatch, createTwoFilesPatch, diffArrays, diffChars, diffCss, diffJson, diffLines, diffSentences, diffTrimmedLines, diffWords, diffWordsWithSpace, formatPatch, merge, parsePatch, reversePatch, structuredPatch };
diff --git a/deps/npm/node_modules/diff/lib/index.js b/deps/npm/node_modules/diff/lib/index.js
index 920f0feeb0caf9..09d885e1182926 100644
--- a/deps/npm/node_modules/diff/lib/index.js
+++ b/deps/npm/node_modules/diff/lib/index.js
@@ -94,6 +94,12 @@ Object.defineProperty(exports, "merge", {
     return _merge.merge;
   }
 });
+Object.defineProperty(exports, "reversePatch", {
+  enumerable: true,
+  get: function get() {
+    return _reverse.reversePatch;
+  }
+});
 Object.defineProperty(exports, "structuredPatch", {
   enumerable: true,
   get: function get() {
@@ -112,6 +118,12 @@ Object.defineProperty(exports, "createPatch", {
     return _create.createPatch;
   }
 });
+Object.defineProperty(exports, "formatPatch", {
+  enumerable: true,
+  get: function get() {
+    return _create.formatPatch;
+  }
+});
 Object.defineProperty(exports, "convertChangesToDMP", {
   enumerable: true,
   get: function get() {
@@ -192,6 +204,12 @@ _merge = require("./patch/merge")
 /*istanbul ignore end*/
 ;
 
+var
+/*istanbul ignore start*/
+_reverse = require("./patch/reverse")
+/*istanbul ignore end*/
+;
+
 var
 /*istanbul ignore start*/
 _create = require("./patch/create")
@@ -213,4 +231,4 @@ _xml = require("./convert/xml")
 /*istanbul ignore start*/ function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { "default": obj }; }
 
 /*istanbul ignore end*/
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uL3NyYy9pbmRleC5qcyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQWdCQTtBQUFBO0FBQUE7QUFBQTtBQUFBOztBQUNBO0FBQUE7QUFBQTtBQUFBO0FBQUE7O0FBQ0E7QUFBQTtBQUFBO0FBQUE7QUFBQTs7QUFDQTtBQUFBO0FBQUE7QUFBQTtBQUFBOztBQUNBO0FBQUE7QUFBQTtBQUFBO0FBQUE7O0FBRUE7QUFBQTtBQUFBO0FBQUE7QUFBQTs7QUFDQTtBQUFBO0FBQUE7QUFBQTtBQUFBOztBQUVBO0FBQUE7QUFBQTtBQUFBO0FBQUE7O0FBRUE7QUFBQTtBQUFBO0FBQUE7QUFBQTs7QUFDQTtBQUFBO0FBQUE7QUFBQTtBQUFBOztBQUNBO0FBQUE7QUFBQTtBQUFBO0FBQUE7O0FBQ0E7QUFBQTtBQUFBO0FBQUE7QUFBQTs7QUFFQTtBQUFBO0FBQUE7QUFBQTtBQUFBOztBQUNBO0FBQUE7QUFBQTtBQUFBO0FBQUEiLCJzb3VyY2VzQ29udGVudCI6WyIvKiBTZWUgTElDRU5TRSBmaWxlIGZvciB0ZXJtcyBvZiB1c2UgKi9cblxuLypcbiAqIFRleHQgZGlmZiBpbXBsZW1lbnRhdGlvbi5cbiAqXG4gKiBUaGlzIGxpYnJhcnkgc3VwcG9ydHMgdGhlIGZvbGxvd2luZyBBUElTOlxuICogSnNEaWZmLmRpZmZDaGFyczogQ2hhcmFjdGVyIGJ5IGNoYXJhY3RlciBkaWZmXG4gKiBKc0RpZmYuZGlmZldvcmRzOiBXb3JkIChhcyBkZWZpbmVkIGJ5IFxcYiByZWdleCkgZGlmZiB3aGljaCBpZ25vcmVzIHdoaXRlc3BhY2VcbiAqIEpzRGlmZi5kaWZmTGluZXM6IExpbmUgYmFzZWQgZGlmZlxuICpcbiAqIEpzRGlmZi5kaWZmQ3NzOiBEaWZmIHRhcmdldGVkIGF0IENTUyBjb250ZW50XG4gKlxuICogVGhlc2UgbWV0aG9kcyBhcmUgYmFzZWQgb24gdGhlIGltcGxlbWVudGF0aW9uIHByb3Bvc2VkIGluXG4gKiBcIkFuIE8oTkQpIERpZmZlcmVuY2UgQWxnb3JpdGhtIGFuZCBpdHMgVmFyaWF0aW9uc1wiIChNeWVycywgMTk4NikuXG4gKiBodHRwOi8vY2l0ZXNlZXJ4LmlzdC5wc3UuZWR1L3ZpZXdkb2Mvc3VtbWFyeT9kb2k9MTAuMS4xLjQuNjkyN1xuICovXG5pbXBvcnQgRGlmZiBmcm9tICcuL2RpZmYvYmFzZSc7XG5pbXBvcnQge2RpZmZDaGFyc30gZnJvbSAnLi9kaWZmL2NoYXJhY3Rlcic7XG5pbXBvcnQge2RpZmZXb3JkcywgZGlmZldvcmRzV2l0aFNwYWNlfSBmcm9tICcuL2RpZmYvd29yZCc7XG5pbXBvcnQge2RpZmZMaW5lcywgZGlmZlRyaW1tZWRMaW5lc30gZnJvbSAnLi9kaWZmL2xpbmUnO1xuaW1wb3J0IHtkaWZmU2VudGVuY2VzfSBmcm9tICcuL2RpZmYvc2VudGVuY2UnO1xuXG5pbXBvcnQge2RpZmZDc3N9IGZyb20gJy4vZGlmZi9jc3MnO1xuaW1wb3J0IHtkaWZmSnNvbiwgY2Fub25pY2FsaXplfSBmcm9tICcuL2RpZmYvanNvbic7XG5cbmltcG9ydCB7ZGlmZkFycmF5c30gZnJvbSAnLi9kaWZmL2FycmF5JztcblxuaW1wb3J0IHthcHBseVBhdGNoLCBhcHBseVBhdGNoZXN9IGZyb20gJy4vcGF0Y2gvYXBwbHknO1xuaW1wb3J0IHtwYXJzZVBhdGNofSBmcm9tICcuL3BhdGNoL3BhcnNlJztcbmltcG9ydCB7bWVyZ2V9IGZyb20gJy4vcGF0Y2gvbWVyZ2UnO1xuaW1wb3J0IHtzdHJ1Y3R1cmVkUGF0Y2gsIGNyZWF0ZVR3b0ZpbGVzUGF0Y2gsIGNyZWF0ZVBhdGNofSBmcm9tICcuL3BhdGNoL2NyZWF0ZSc7XG5cbmltcG9ydCB7Y29udmVydENoYW5nZXNUb0RNUH0gZnJvbSAnLi9jb252ZXJ0L2RtcCc7XG5pbXBvcnQge2NvbnZlcnRDaGFuZ2VzVG9YTUx9IGZyb20gJy4vY29udmVydC94bWwnO1xuXG5leHBvcnQge1xuICBEaWZmLFxuXG4gIGRpZmZDaGFycyxcbiAgZGlmZldvcmRzLFxuICBkaWZmV29yZHNXaXRoU3BhY2UsXG4gIGRpZmZMaW5lcyxcbiAgZGlmZlRyaW1tZWRMaW5lcyxcbiAgZGlmZlNlbnRlbmNlcyxcblxuICBkaWZmQ3NzLFxuICBkaWZmSnNvbixcblxuICBkaWZmQXJyYXlzLFxuXG4gIHN0cnVjdHVyZWRQYXRjaCxcbiAgY3JlYXRlVHdvRmlsZXNQYXRjaCxcbiAgY3JlYXRlUGF0Y2gsXG4gIGFwcGx5UGF0Y2gsXG4gIGFwcGx5UGF0Y2hlcyxcbiAgcGFyc2VQYXRjaCxcbiAgbWVyZ2UsXG4gIGNvbnZlcnRDaGFuZ2VzVG9ETVAsXG4gIGNvbnZlcnRDaGFuZ2VzVG9YTUwsXG4gIGNhbm9uaWNhbGl6ZVxufTtcbiJdfQ==
+//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uL3NyYy9pbmRleC5qcyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQWdCQTtBQUFBO0FBQUE7QUFBQTtBQUFBOztBQUNBO0FBQUE7QUFBQTtBQUFBO0FBQUE7O0FBQ0E7QUFBQTtBQUFBO0FBQUE7QUFBQTs7QUFDQTtBQUFBO0FBQUE7QUFBQTtBQUFBOztBQUNBO0FBQUE7QUFBQTtBQUFBO0FBQUE7O0FBRUE7QUFBQTtBQUFBO0FBQUE7QUFBQTs7QUFDQTtBQUFBO0FBQUE7QUFBQTtBQUFBOztBQUVBO0FBQUE7QUFBQTtBQUFBO0FBQUE7O0FBRUE7QUFBQTtBQUFBO0FBQUE7QUFBQTs7QUFDQTtBQUFBO0FBQUE7QUFBQTtBQUFBOztBQUNBO0FBQUE7QUFBQTtBQUFBO0FBQUE7O0FBQ0E7QUFBQTtBQUFBO0FBQUE7QUFBQTs7QUFDQTtBQUFBO0FBQUE7QUFBQTtBQUFBOztBQUVBO0FBQUE7QUFBQTtBQUFBO0FBQUE7O0FBQ0E7QUFBQTtBQUFBO0FBQUE7QUFBQSIsInNvdXJjZXNDb250ZW50IjpbIi8qIFNlZSBMSUNFTlNFIGZpbGUgZm9yIHRlcm1zIG9mIHVzZSAqL1xuXG4vKlxuICogVGV4dCBkaWZmIGltcGxlbWVudGF0aW9uLlxuICpcbiAqIFRoaXMgbGlicmFyeSBzdXBwb3J0cyB0aGUgZm9sbG93aW5nIEFQSXM6XG4gKiBEaWZmLmRpZmZDaGFyczogQ2hhcmFjdGVyIGJ5IGNoYXJhY3RlciBkaWZmXG4gKiBEaWZmLmRpZmZXb3JkczogV29yZCAoYXMgZGVmaW5lZCBieSBcXGIgcmVnZXgpIGRpZmYgd2hpY2ggaWdub3JlcyB3aGl0ZXNwYWNlXG4gKiBEaWZmLmRpZmZMaW5lczogTGluZSBiYXNlZCBkaWZmXG4gKlxuICogRGlmZi5kaWZmQ3NzOiBEaWZmIHRhcmdldGVkIGF0IENTUyBjb250ZW50XG4gKlxuICogVGhlc2UgbWV0aG9kcyBhcmUgYmFzZWQgb24gdGhlIGltcGxlbWVudGF0aW9uIHByb3Bvc2VkIGluXG4gKiBcIkFuIE8oTkQpIERpZmZlcmVuY2UgQWxnb3JpdGhtIGFuZCBpdHMgVmFyaWF0aW9uc1wiIChNeWVycywgMTk4NikuXG4gKiBodHRwOi8vY2l0ZXNlZXJ4LmlzdC5wc3UuZWR1L3ZpZXdkb2Mvc3VtbWFyeT9kb2k9MTAuMS4xLjQuNjkyN1xuICovXG5pbXBvcnQgRGlmZiBmcm9tICcuL2RpZmYvYmFzZSc7XG5pbXBvcnQge2RpZmZDaGFyc30gZnJvbSAnLi9kaWZmL2NoYXJhY3Rlcic7XG5pbXBvcnQge2RpZmZXb3JkcywgZGlmZldvcmRzV2l0aFNwYWNlfSBmcm9tICcuL2RpZmYvd29yZCc7XG5pbXBvcnQge2RpZmZMaW5lcywgZGlmZlRyaW1tZWRMaW5lc30gZnJvbSAnLi9kaWZmL2xpbmUnO1xuaW1wb3J0IHtkaWZmU2VudGVuY2VzfSBmcm9tICcuL2RpZmYvc2VudGVuY2UnO1xuXG5pbXBvcnQge2RpZmZDc3N9IGZyb20gJy4vZGlmZi9jc3MnO1xuaW1wb3J0IHtkaWZmSnNvbiwgY2Fub25pY2FsaXplfSBmcm9tICcuL2RpZmYvanNvbic7XG5cbmltcG9ydCB7ZGlmZkFycmF5c30gZnJvbSAnLi9kaWZmL2FycmF5JztcblxuaW1wb3J0IHthcHBseVBhdGNoLCBhcHBseVBhdGNoZXN9IGZyb20gJy4vcGF0Y2gvYXBwbHknO1xuaW1wb3J0IHtwYXJzZVBhdGNofSBmcm9tICcuL3BhdGNoL3BhcnNlJztcbmltcG9ydCB7bWVyZ2V9IGZyb20gJy4vcGF0Y2gvbWVyZ2UnO1xuaW1wb3J0IHtyZXZlcnNlUGF0Y2h9IGZyb20gJy4vcGF0Y2gvcmV2ZXJzZSc7XG5pbXBvcnQge3N0cnVjdHVyZWRQYXRjaCwgY3JlYXRlVHdvRmlsZXNQYXRjaCwgY3JlYXRlUGF0Y2gsIGZvcm1hdFBhdGNofSBmcm9tICcuL3BhdGNoL2NyZWF0ZSc7XG5cbmltcG9ydCB7Y29udmVydENoYW5nZXNUb0RNUH0gZnJvbSAnLi9jb252ZXJ0L2RtcCc7XG5pbXBvcnQge2NvbnZlcnRDaGFuZ2VzVG9YTUx9IGZyb20gJy4vY29udmVydC94bWwnO1xuXG5leHBvcnQge1xuICBEaWZmLFxuXG4gIGRpZmZDaGFycyxcbiAgZGlmZldvcmRzLFxuICBkaWZmV29yZHNXaXRoU3BhY2UsXG4gIGRpZmZMaW5lcyxcbiAgZGlmZlRyaW1tZWRMaW5lcyxcbiAgZGlmZlNlbnRlbmNlcyxcblxuICBkaWZmQ3NzLFxuICBkaWZmSnNvbixcblxuICBkaWZmQXJyYXlzLFxuXG4gIHN0cnVjdHVyZWRQYXRjaCxcbiAgY3JlYXRlVHdvRmlsZXNQYXRjaCxcbiAgY3JlYXRlUGF0Y2gsXG4gIGZvcm1hdFBhdGNoLFxuICBhcHBseVBhdGNoLFxuICBhcHBseVBhdGNoZXMsXG4gIHBhcnNlUGF0Y2gsXG4gIG1lcmdlLFxuICByZXZlcnNlUGF0Y2gsXG4gIGNvbnZlcnRDaGFuZ2VzVG9ETVAsXG4gIGNvbnZlcnRDaGFuZ2VzVG9YTUwsXG4gIGNhbm9uaWNhbGl6ZVxufTtcbiJdfQ==
diff --git a/deps/npm/node_modules/diff/lib/index.mjs b/deps/npm/node_modules/diff/lib/index.mjs
index c2a00135a4e242..a0ace0182ab14e 100644
--- a/deps/npm/node_modules/diff/lib/index.mjs
+++ b/deps/npm/node_modules/diff/lib/index.mjs
@@ -1,6 +1,8 @@
 function Diff() {}
 Diff.prototype = {
   diff: function diff(oldString, newString) {
+    var _options$timeout;
+
     var options = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : {};
     var callback = options.callback;
 
@@ -37,64 +39,96 @@ Diff.prototype = {
       maxEditLength = Math.min(maxEditLength, options.maxEditLength);
     }
 
+    var maxExecutionTime = (_options$timeout = options.timeout) !== null && _options$timeout !== void 0 ? _options$timeout : Infinity;
+    var abortAfterTimestamp = Date.now() + maxExecutionTime;
     var bestPath = [{
-      newPos: -1,
-      components: []
+      oldPos: -1,
+      lastComponent: undefined
     }]; // Seed editLength = 0, i.e. the content starts with the same values
 
-    var oldPos = this.extractCommon(bestPath[0], newString, oldString, 0);
+    var newPos = this.extractCommon(bestPath[0], newString, oldString, 0);
 
-    if (bestPath[0].newPos + 1 >= newLen && oldPos + 1 >= oldLen) {
+    if (bestPath[0].oldPos + 1 >= oldLen && newPos + 1 >= newLen) {
       // Identity per the equality and tokenizer
       return done([{
         value: this.join(newString),
         count: newString.length
       }]);
-    } // Main worker method. checks all permutations of a given edit length for acceptance.
-
+    } // Once we hit the right edge of the edit graph on some diagonal k, we can
+    // definitely reach the end of the edit graph in no more than k edits, so
+    // there's no point in considering any moves to diagonal k+1 any more (from
+    // which we're guaranteed to need at least k+1 more edits).
+    // Similarly, once we've reached the bottom of the edit graph, there's no
+    // point considering moves to lower diagonals.
+    // We record this fact by setting minDiagonalToConsider and
+    // maxDiagonalToConsider to some finite value once we've hit the edge of
+    // the edit graph.
+    // This optimization is not faithful to the original algorithm presented in
+    // Myers's paper, which instead pointlessly extends D-paths off the end of
+    // the edit graph - see page 7 of Myers's paper which notes this point
+    // explicitly and illustrates it with a diagram. This has major performance
+    // implications for some common scenarios. For instance, to compute a diff
+    // where the new text simply appends d characters on the end of the
+    // original text of length n, the true Myers algorithm will take O(n+d^2)
+    // time while this optimization needs only O(n+d) time.
+
+
+    var minDiagonalToConsider = -Infinity,
+        maxDiagonalToConsider = Infinity; // Main worker method. checks all permutations of a given edit length for acceptance.
 
     function execEditLength() {
-      for (var diagonalPath = -1 * editLength; diagonalPath <= editLength; diagonalPath += 2) {
+      for (var diagonalPath = Math.max(minDiagonalToConsider, -editLength); diagonalPath <= Math.min(maxDiagonalToConsider, editLength); diagonalPath += 2) {
         var basePath = void 0;
+        var removePath = bestPath[diagonalPath - 1],
+            addPath = bestPath[diagonalPath + 1];
 
-        var addPath = bestPath[diagonalPath - 1],
-            removePath = bestPath[diagonalPath + 1],
-            _oldPos = (removePath ? removePath.newPos : 0) - diagonalPath;
-
-        if (addPath) {
+        if (removePath) {
           // No one else is going to attempt to use this value, clear it
           bestPath[diagonalPath - 1] = undefined;
         }
 
-        var canAdd = addPath && addPath.newPos + 1 < newLen,
-            canRemove = removePath && 0 <= _oldPos && _oldPos < oldLen;
+        var canAdd = false;
+
+        if (addPath) {
+          // what newPos will be after we do an insertion:
+          var addPathNewPos = addPath.oldPos - diagonalPath;
+          canAdd = addPath && 0 <= addPathNewPos && addPathNewPos < newLen;
+        }
+
+        var canRemove = removePath && removePath.oldPos + 1 < oldLen;
 
         if (!canAdd && !canRemove) {
           // If this path is a terminal then prune
           bestPath[diagonalPath] = undefined;
           continue;
         } // Select the diagonal that we want to branch from. We select the prior
-        // path whose position in the new string is the farthest from the origin
+        // path whose position in the old string is the farthest from the origin
         // and does not pass the bounds of the diff graph
+        // TODO: Remove the `+ 1` here to make behavior match Myers algorithm
+        //       and prefer to order removals before insertions.
 
 
-        if (!canAdd || canRemove && addPath.newPos < removePath.newPos) {
-          basePath = clonePath(removePath);
-          self.pushComponent(basePath.components, undefined, true);
+        if (!canRemove || canAdd && removePath.oldPos + 1 < addPath.oldPos) {
+          basePath = self.addToPath(addPath, true, undefined, 0);
         } else {
-          basePath = addPath; // No need to clone, we've pulled it from the list
-
-          basePath.newPos++;
-          self.pushComponent(basePath.components, true, undefined);
+          basePath = self.addToPath(removePath, undefined, true, 1);
         }
 
-        _oldPos = self.extractCommon(basePath, newString, oldString, diagonalPath); // If we have hit the end of both strings, then we are done
+        newPos = self.extractCommon(basePath, newString, oldString, diagonalPath);
 
-        if (basePath.newPos + 1 >= newLen && _oldPos + 1 >= oldLen) {
-          return done(buildValues(self, basePath.components, newString, oldString, self.useLongestToken));
+        if (basePath.oldPos + 1 >= oldLen && newPos + 1 >= newLen) {
+          // If we have hit the end of both strings, then we are done
+          return done(buildValues(self, basePath.lastComponent, newString, oldString, self.useLongestToken));
         } else {
-          // Otherwise track this path as a potential candidate and continue.
           bestPath[diagonalPath] = basePath;
+
+          if (basePath.oldPos + 1 >= oldLen) {
+            maxDiagonalToConsider = Math.min(maxDiagonalToConsider, diagonalPath - 1);
+          }
+
+          if (newPos + 1 >= newLen) {
+            minDiagonalToConsider = Math.max(minDiagonalToConsider, diagonalPath + 1);
+          }
         }
       }
 
@@ -108,7 +142,7 @@ Diff.prototype = {
     if (callback) {
       (function exec() {
         setTimeout(function () {
-          if (editLength > maxEditLength) {
+          if (editLength > maxEditLength || Date.now() > abortAfterTimestamp) {
             return callback();
           }
 
@@ -118,7 +152,7 @@ Diff.prototype = {
         }, 0);
       })();
     } else {
-      while (editLength <= maxEditLength) {
+      while (editLength <= maxEditLength && Date.now() <= abortAfterTimestamp) {
         var ret = execEditLength();
 
         if (ret) {
@@ -127,30 +161,36 @@ Diff.prototype = {
       }
     }
   },
-  pushComponent: function pushComponent(components, added, removed) {
-    var last = components[components.length - 1];
+  addToPath: function addToPath(path, added, removed, oldPosInc) {
+    var last = path.lastComponent;
 
     if (last && last.added === added && last.removed === removed) {
-      // We need to clone here as the component clone operation is just
-      // as shallow array clone
-      components[components.length - 1] = {
-        count: last.count + 1,
-        added: added,
-        removed: removed
+      return {
+        oldPos: path.oldPos + oldPosInc,
+        lastComponent: {
+          count: last.count + 1,
+          added: added,
+          removed: removed,
+          previousComponent: last.previousComponent
+        }
       };
     } else {
-      components.push({
-        count: 1,
-        added: added,
-        removed: removed
-      });
+      return {
+        oldPos: path.oldPos + oldPosInc,
+        lastComponent: {
+          count: 1,
+          added: added,
+          removed: removed,
+          previousComponent: last
+        }
+      };
     }
   },
   extractCommon: function extractCommon(basePath, newString, oldString, diagonalPath) {
     var newLen = newString.length,
         oldLen = oldString.length,
-        newPos = basePath.newPos,
-        oldPos = newPos - diagonalPath,
+        oldPos = basePath.oldPos,
+        newPos = oldPos - diagonalPath,
         commonCount = 0;
 
     while (newPos + 1 < newLen && oldPos + 1 < oldLen && this.equals(newString[newPos + 1], oldString[oldPos + 1])) {
@@ -160,13 +200,14 @@ Diff.prototype = {
     }
 
     if (commonCount) {
-      basePath.components.push({
-        count: commonCount
-      });
+      basePath.lastComponent = {
+        count: commonCount,
+        previousComponent: basePath.lastComponent
+      };
     }
 
-    basePath.newPos = newPos;
-    return oldPos;
+    basePath.oldPos = oldPos;
+    return newPos;
   },
   equals: function equals(left, right) {
     if (this.options.comparator) {
@@ -197,7 +238,20 @@ Diff.prototype = {
   }
 };
 
-function buildValues(diff, components, newString, oldString, useLongestToken) {
+function buildValues(diff, lastComponent, newString, oldString, useLongestToken) {
+  // First we convert our linked list of components in reverse order to an
+  // array in the right order:
+  var components = [];
+  var nextComponent;
+
+  while (lastComponent) {
+    components.push(lastComponent);
+    nextComponent = lastComponent.previousComponent;
+    delete lastComponent.previousComponent;
+    lastComponent = nextComponent;
+  }
+
+  components.reverse();
   var componentPos = 0,
       componentLen = components.length,
       newPos = 0,
@@ -240,23 +294,16 @@ function buildValues(diff, components, newString, oldString, useLongestToken) {
   // This is only available for string mode.
 
 
-  var lastComponent = components[componentLen - 1];
+  var finalComponent = components[componentLen - 1];
 
-  if (componentLen > 1 && typeof lastComponent.value === 'string' && (lastComponent.added || lastComponent.removed) && diff.equals('', lastComponent.value)) {
-    components[componentLen - 2].value += lastComponent.value;
+  if (componentLen > 1 && typeof finalComponent.value === 'string' && (finalComponent.added || finalComponent.removed) && diff.equals('', finalComponent.value)) {
+    components[componentLen - 2].value += finalComponent.value;
     components.pop();
   }
 
   return components;
 }
 
-function clonePath(path) {
-  return {
-    newPos: path.newPos,
-    components: path.components.slice(0)
-  };
-}
-
 var characterDiff = new Diff();
 function diffChars(oldStr, newStr, options) {
   return characterDiff.diff(oldStr, newStr, options);
@@ -337,6 +384,11 @@ function diffWordsWithSpace(oldStr, newStr, options) {
 var lineDiff = new Diff();
 
 lineDiff.tokenize = function (value) {
+  if (this.options.stripTrailingCr) {
+    // remove one \r before \n to match GNU diff's --strip-trailing-cr behavior
+    value = value.replace(/\r\n/g, '\n');
+  }
+
   var retLines = [],
       linesAndNewlines = value.split(/(\n|\r\n)/); // Ignore the final empty token that occurs if the string ends with a new line
 
@@ -408,6 +460,55 @@ function _typeof(obj) {
   return _typeof(obj);
 }
 
+function _defineProperty(obj, key, value) {
+  if (key in obj) {
+    Object.defineProperty(obj, key, {
+      value: value,
+      enumerable: true,
+      configurable: true,
+      writable: true
+    });
+  } else {
+    obj[key] = value;
+  }
+
+  return obj;
+}
+
+function ownKeys(object, enumerableOnly) {
+  var keys = Object.keys(object);
+
+  if (Object.getOwnPropertySymbols) {
+    var symbols = Object.getOwnPropertySymbols(object);
+    if (enumerableOnly) symbols = symbols.filter(function (sym) {
+      return Object.getOwnPropertyDescriptor(object, sym).enumerable;
+    });
+    keys.push.apply(keys, symbols);
+  }
+
+  return keys;
+}
+
+function _objectSpread2(target) {
+  for (var i = 1; i < arguments.length; i++) {
+    var source = arguments[i] != null ? arguments[i] : {};
+
+    if (i % 2) {
+      ownKeys(Object(source), true).forEach(function (key) {
+        _defineProperty(target, key, source[key]);
+      });
+    } else if (Object.getOwnPropertyDescriptors) {
+      Object.defineProperties(target, Object.getOwnPropertyDescriptors(source));
+    } else {
+      ownKeys(Object(source)).forEach(function (key) {
+        Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));
+      });
+    }
+  }
+
+  return target;
+}
+
 function _toConsumableArray(arr) {
   return _arrayWithoutHoles(arr) || _iterableToArray(arr) || _unsupportedIterableToArray(arr) || _nonIterableSpread();
 }
@@ -840,7 +941,7 @@ function applyPatch(source, uniDiff) {
       var line = _hunk.lines[j],
           operation = line.length > 0 ? line[0] : ' ',
           content = line.length > 0 ? line.substr(1) : line,
-          delimiter = _hunk.linedelimiters[j];
+          delimiter = _hunk.linedelimiters && _hunk.linedelimiters[j] || '\n';
 
       if (operation === ' ') {
         _toPos++;
@@ -1047,6 +1148,10 @@ function structuredPatch(oldFileName, newFileName, oldStr, newStr, oldHeader, ne
   };
 }
 function formatPatch(diff) {
+  if (Array.isArray(diff)) {
+    return diff.map(formatPatch).join('\n');
+  }
+
   var ret = [];
 
   if (diff.oldFileName == diff.newFileName) {
@@ -1502,6 +1607,39 @@ function calcOldNewLineCount(lines) {
   };
 }
 
+function reversePatch(structuredPatch) {
+  if (Array.isArray(structuredPatch)) {
+    return structuredPatch.map(reversePatch).reverse();
+  }
+
+  return _objectSpread2(_objectSpread2({}, structuredPatch), {}, {
+    oldFileName: structuredPatch.newFileName,
+    oldHeader: structuredPatch.newHeader,
+    newFileName: structuredPatch.oldFileName,
+    newHeader: structuredPatch.oldHeader,
+    hunks: structuredPatch.hunks.map(function (hunk) {
+      return {
+        oldLines: hunk.newLines,
+        oldStart: hunk.newStart,
+        newLines: hunk.oldLines,
+        newStart: hunk.oldStart,
+        linedelimiters: hunk.linedelimiters,
+        lines: hunk.lines.map(function (l) {
+          if (l.startsWith('-')) {
+            return "+".concat(l.slice(1));
+          }
+
+          if (l.startsWith('+')) {
+            return "-".concat(l.slice(1));
+          }
+
+          return l;
+        })
+      };
+    })
+  });
+}
+
 // See: http://code.google.com/p/google-diff-match-patch/wiki/API
 function convertChangesToDMP(changes) {
   var ret = [],
@@ -1558,4 +1696,4 @@ function escapeHTML(s) {
   return n;
 }
 
-export { Diff, applyPatch, applyPatches, canonicalize, convertChangesToDMP, convertChangesToXML, createPatch, createTwoFilesPatch, diffArrays, diffChars, diffCss, diffJson, diffLines, diffSentences, diffTrimmedLines, diffWords, diffWordsWithSpace, merge, parsePatch, structuredPatch };
+export { Diff, applyPatch, applyPatches, canonicalize, convertChangesToDMP, convertChangesToXML, createPatch, createTwoFilesPatch, diffArrays, diffChars, diffCss, diffJson, diffLines, diffSentences, diffTrimmedLines, diffWords, diffWordsWithSpace, formatPatch, merge, parsePatch, reversePatch, structuredPatch };
diff --git a/deps/npm/node_modules/diff/lib/patch/apply.js b/deps/npm/node_modules/diff/lib/patch/apply.js
index 21c76ddb76ba78..cefea04dae73b0 100644
--- a/deps/npm/node_modules/diff/lib/patch/apply.js
+++ b/deps/npm/node_modules/diff/lib/patch/apply.js
@@ -148,7 +148,7 @@ function applyPatch(source, uniDiff) {
       var line = _hunk.lines[j],
           operation = line.length > 0 ? line[0] : ' ',
           content = line.length > 0 ? line.substr(1) : line,
-          delimiter = _hunk.linedelimiters[j];
+          delimiter = _hunk.linedelimiters && _hunk.linedelimiters[j] || '\n';
 
       if (operation === ' ') {
         _toPos++;
@@ -235,4 +235,4 @@ function applyPatches(uniDiff, options) {
 
   processIndex();
 }
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9wYXRjaC9hcHBseS5qcyJdLCJuYW1lcyI6WyJhcHBseVBhdGNoIiwic291cmNlIiwidW5pRGlmZiIsIm9wdGlvbnMiLCJwYXJzZVBhdGNoIiwiQXJyYXkiLCJpc0FycmF5IiwibGVuZ3RoIiwiRXJyb3IiLCJsaW5lcyIsInNwbGl0IiwiZGVsaW1pdGVycyIsIm1hdGNoIiwiaHVua3MiLCJjb21wYXJlTGluZSIsImxpbmVOdW1iZXIiLCJsaW5lIiwib3BlcmF0aW9uIiwicGF0Y2hDb250ZW50IiwiZXJyb3JDb3VudCIsImZ1enpGYWN0b3IiLCJtaW5MaW5lIiwib2Zmc2V0IiwicmVtb3ZlRU9GTkwiLCJhZGRFT0ZOTCIsImh1bmtGaXRzIiwiaHVuayIsInRvUG9zIiwiaiIsImNvbnRlbnQiLCJzdWJzdHIiLCJpIiwibWF4TGluZSIsIm9sZExpbmVzIiwibG9jYWxPZmZzZXQiLCJvbGRTdGFydCIsIml0ZXJhdG9yIiwiZGlzdGFuY2VJdGVyYXRvciIsInVuZGVmaW5lZCIsImRpZmZPZmZzZXQiLCJuZXdMaW5lcyIsImRlbGltaXRlciIsImxpbmVkZWxpbWl0ZXJzIiwic3BsaWNlIiwicHJldmlvdXNPcGVyYXRpb24iLCJwb3AiLCJwdXNoIiwiX2siLCJqb2luIiwiYXBwbHlQYXRjaGVzIiwiY3VycmVudEluZGV4IiwicHJvY2Vzc0luZGV4IiwiaW5kZXgiLCJjb21wbGV0ZSIsImxvYWRGaWxlIiwiZXJyIiwiZGF0YSIsInVwZGF0ZWRDb250ZW50IiwicGF0Y2hlZCJdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7OztBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7O0FBQ0E7QUFBQTtBQUFBO0FBQUE7QUFBQTs7Ozs7QUFFTyxTQUFTQSxVQUFULENBQW9CQyxNQUFwQixFQUE0QkMsT0FBNUIsRUFBbUQ7QUFBQTtBQUFBO0FBQUE7QUFBZEMsRUFBQUEsT0FBYyx1RUFBSixFQUFJOztBQUN4RCxNQUFJLE9BQU9ELE9BQVAsS0FBbUIsUUFBdkIsRUFBaUM7QUFDL0JBLElBQUFBLE9BQU87QUFBRztBQUFBO0FBQUE7O0FBQUFFO0FBQUFBO0FBQUFBO0FBQUFBO0FBQUFBO0FBQUFBO0FBQUE7QUFBQSxLQUFXRixPQUFYLENBQVY7QUFDRDs7QUFFRCxNQUFJRyxLQUFLLENBQUNDLE9BQU4sQ0FBY0osT0FBZCxDQUFKLEVBQTRCO0FBQzFCLFFBQUlBLE9BQU8sQ0FBQ0ssTUFBUixHQUFpQixDQUFyQixFQUF3QjtBQUN0QixZQUFNLElBQUlDLEtBQUosQ0FBVSw0Q0FBVixDQUFOO0FBQ0Q7O0FBRUROLElBQUFBLE9BQU8sR0FBR0EsT0FBTyxDQUFDLENBQUQsQ0FBakI7QUFDRCxHQVh1RCxDQWF4RDs7O0FBQ0EsTUFBSU8sS0FBSyxHQUFHUixNQUFNLENBQUNTLEtBQVAsQ0FBYSxxQkFBYixDQUFaO0FBQUEsTUFDSUMsVUFBVSxHQUFHVixNQUFNLENBQUNXLEtBQVAsQ0FBYSxzQkFBYixLQUF3QyxFQUR6RDtBQUFBLE1BRUlDLEtBQUssR0FBR1gsT0FBTyxDQUFDVyxLQUZwQjtBQUFBLE1BSUlDLFdBQVcsR0FBR1gsT0FBTyxDQUFDVyxXQUFSLElBQXdCLFVBQUNDLFVBQUQsRUFBYUMsSUFBYixFQUFtQkMsU0FBbkIsRUFBOEJDLFlBQTlCO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBK0NGLE1BQUFBLElBQUksS0FBS0U7QUFBeEQ7QUFBQSxHQUoxQztBQUFBLE1BS0lDLFVBQVUsR0FBRyxDQUxqQjtBQUFBLE1BTUlDLFVBQVUsR0FBR2pCLE9BQU8sQ0FBQ2lCLFVBQVIsSUFBc0IsQ0FOdkM7QUFBQSxNQU9JQyxPQUFPLEdBQUcsQ0FQZDtBQUFBLE1BUUlDLE1BQU0sR0FBRyxDQVJiO0FBQUEsTUFVSUMsV0FWSjtBQUFBLE1BV0lDLFFBWEo7QUFhQTs7Ozs7QUFHQSxXQUFTQyxRQUFULENBQWtCQyxJQUFsQixFQUF3QkMsS0FBeEIsRUFBK0I7QUFDN0IsU0FBSyxJQUFJQyxDQUFDLEdBQUcsQ0FBYixFQUFnQkEsQ0FBQyxHQUFHRixJQUFJLENBQUNqQixLQUFMLENBQVdGLE1BQS9CLEVBQXVDcUIsQ0FBQyxFQUF4QyxFQUE0QztBQUMxQyxVQUFJWixJQUFJLEdBQUdVLElBQUksQ0FBQ2pCLEtBQUwsQ0FBV21CLENBQVgsQ0FBWDtBQUFBLFVBQ0lYLFNBQVMsR0FBSUQsSUFBSSxDQUFDVCxNQUFMLEdBQWMsQ0FBZCxHQUFrQlMsSUFBSSxDQUFDLENBQUQsQ0FBdEIsR0FBNEIsR0FEN0M7QUFBQSxVQUVJYSxPQUFPLEdBQUliLElBQUksQ0FBQ1QsTUFBTCxHQUFjLENBQWQsR0FBa0JTLElBQUksQ0FBQ2MsTUFBTCxDQUFZLENBQVosQ0FBbEIsR0FBbUNkLElBRmxEOztBQUlBLFVBQUlDLFNBQVMsS0FBSyxHQUFkLElBQXFCQSxTQUFTLEtBQUssR0FBdkMsRUFBNEM7QUFDMUM7QUFDQSxZQUFJLENBQUNILFdBQVcsQ0FBQ2EsS0FBSyxHQUFHLENBQVQsRUFBWWxCLEtBQUssQ0FBQ2tCLEtBQUQsQ0FBakIsRUFBMEJWLFNBQTFCLEVBQXFDWSxPQUFyQyxDQUFoQixFQUErRDtBQUM3RFYsVUFBQUEsVUFBVTs7QUFFVixjQUFJQSxVQUFVLEdBQUdDLFVBQWpCLEVBQTZCO0FBQzNCLG1CQUFPLEtBQVA7QUFDRDtBQUNGOztBQUNETyxRQUFBQSxLQUFLO0FBQ047QUFDRjs7QUFFRCxXQUFPLElBQVA7QUFDRCxHQWxEdUQsQ0FvRHhEOzs7QUFDQSxPQUFLLElBQUlJLENBQUMsR0FBRyxDQUFiLEVBQWdCQSxDQUFDLEdBQUdsQixLQUFLLENBQUNOLE1BQTFCLEVBQWtDd0IsQ0FBQyxFQUFuQyxFQUF1QztBQUNyQyxRQUFJTCxJQUFJLEdBQUdiLEtBQUssQ0FBQ2tCLENBQUQsQ0FBaEI7QUFBQSxRQUNJQyxPQUFPLEdBQUd2QixLQUFLLENBQUNGLE1BQU4sR0FBZW1CLElBQUksQ0FBQ08sUUFEbEM7QUFBQSxRQUVJQyxXQUFXLEdBQUcsQ0FGbEI7QUFBQSxRQUdJUCxLQUFLLEdBQUdMLE1BQU0sR0FBR0ksSUFBSSxDQUFDUyxRQUFkLEdBQXlCLENBSHJDO0FBS0EsUUFBSUMsUUFBUTtBQUFHO0FBQUE7QUFBQTs7QUFBQUM7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUEsT0FBaUJWLEtBQWpCLEVBQXdCTixPQUF4QixFQUFpQ1csT0FBakMsQ0FBZjs7QUFFQSxXQUFPRSxXQUFXLEtBQUtJLFNBQXZCLEVBQWtDSixXQUFXLEdBQUdFLFFBQVEsRUFBeEQsRUFBNEQ7QUFDMUQsVUFBSVgsUUFBUSxDQUFDQyxJQUFELEVBQU9DLEtBQUssR0FBR08sV0FBZixDQUFaLEVBQXlDO0FBQ3ZDUixRQUFBQSxJQUFJLENBQUNKLE1BQUwsR0FBY0EsTUFBTSxJQUFJWSxXQUF4QjtBQUNBO0FBQ0Q7QUFDRjs7QUFFRCxRQUFJQSxXQUFXLEtBQUtJLFNBQXBCLEVBQStCO0FBQzdCLGFBQU8sS0FBUDtBQUNELEtBakJvQyxDQW1CckM7QUFDQTs7O0FBQ0FqQixJQUFBQSxPQUFPLEdBQUdLLElBQUksQ0FBQ0osTUFBTCxHQUFjSSxJQUFJLENBQUNTLFFBQW5CLEdBQThCVCxJQUFJLENBQUNPLFFBQTdDO0FBQ0QsR0EzRXVELENBNkV4RDs7O0FBQ0EsTUFBSU0sVUFBVSxHQUFHLENBQWpCOztBQUNBLE9BQUssSUFBSVIsRUFBQyxHQUFHLENBQWIsRUFBZ0JBLEVBQUMsR0FBR2xCLEtBQUssQ0FBQ04sTUFBMUIsRUFBa0N3QixFQUFDLEVBQW5DLEVBQXVDO0FBQ3JDLFFBQUlMLEtBQUksR0FBR2IsS0FBSyxDQUFDa0IsRUFBRCxDQUFoQjtBQUFBLFFBQ0lKLE1BQUssR0FBR0QsS0FBSSxDQUFDUyxRQUFMLEdBQWdCVCxLQUFJLENBQUNKLE1BQXJCLEdBQThCaUIsVUFBOUIsR0FBMkMsQ0FEdkQ7O0FBRUFBLElBQUFBLFVBQVUsSUFBSWIsS0FBSSxDQUFDYyxRQUFMLEdBQWdCZCxLQUFJLENBQUNPLFFBQW5DOztBQUVBLFNBQUssSUFBSUwsQ0FBQyxHQUFHLENBQWIsRUFBZ0JBLENBQUMsR0FBR0YsS0FBSSxDQUFDakIsS0FBTCxDQUFXRixNQUEvQixFQUF1Q3FCLENBQUMsRUFBeEMsRUFBNEM7QUFDMUMsVUFBSVosSUFBSSxHQUFHVSxLQUFJLENBQUNqQixLQUFMLENBQVdtQixDQUFYLENBQVg7QUFBQSxVQUNJWCxTQUFTLEdBQUlELElBQUksQ0FBQ1QsTUFBTCxHQUFjLENBQWQsR0FBa0JTLElBQUksQ0FBQyxDQUFELENBQXRCLEdBQTRCLEdBRDdDO0FBQUEsVUFFSWEsT0FBTyxHQUFJYixJQUFJLENBQUNULE1BQUwsR0FBYyxDQUFkLEdBQWtCUyxJQUFJLENBQUNjLE1BQUwsQ0FBWSxDQUFaLENBQWxCLEdBQW1DZCxJQUZsRDtBQUFBLFVBR0l5QixTQUFTLEdBQUdmLEtBQUksQ0FBQ2dCLGNBQUwsQ0FBb0JkLENBQXBCLENBSGhCOztBQUtBLFVBQUlYLFNBQVMsS0FBSyxHQUFsQixFQUF1QjtBQUNyQlUsUUFBQUEsTUFBSztBQUNOLE9BRkQsTUFFTyxJQUFJVixTQUFTLEtBQUssR0FBbEIsRUFBdUI7QUFDNUJSLFFBQUFBLEtBQUssQ0FBQ2tDLE1BQU4sQ0FBYWhCLE1BQWIsRUFBb0IsQ0FBcEI7QUFDQWhCLFFBQUFBLFVBQVUsQ0FBQ2dDLE1BQVgsQ0FBa0JoQixNQUFsQixFQUF5QixDQUF6QjtBQUNGO0FBQ0MsT0FKTSxNQUlBLElBQUlWLFNBQVMsS0FBSyxHQUFsQixFQUF1QjtBQUM1QlIsUUFBQUEsS0FBSyxDQUFDa0MsTUFBTixDQUFhaEIsTUFBYixFQUFvQixDQUFwQixFQUF1QkUsT0FBdkI7QUFDQWxCLFFBQUFBLFVBQVUsQ0FBQ2dDLE1BQVgsQ0FBa0JoQixNQUFsQixFQUF5QixDQUF6QixFQUE0QmMsU0FBNUI7QUFDQWQsUUFBQUEsTUFBSztBQUNOLE9BSk0sTUFJQSxJQUFJVixTQUFTLEtBQUssSUFBbEIsRUFBd0I7QUFDN0IsWUFBSTJCLGlCQUFpQixHQUFHbEIsS0FBSSxDQUFDakIsS0FBTCxDQUFXbUIsQ0FBQyxHQUFHLENBQWYsSUFBb0JGLEtBQUksQ0FBQ2pCLEtBQUwsQ0FBV21CLENBQUMsR0FBRyxDQUFmLEVBQWtCLENBQWxCLENBQXBCLEdBQTJDLElBQW5FOztBQUNBLFlBQUlnQixpQkFBaUIsS0FBSyxHQUExQixFQUErQjtBQUM3QnJCLFVBQUFBLFdBQVcsR0FBRyxJQUFkO0FBQ0QsU0FGRCxNQUVPLElBQUlxQixpQkFBaUIsS0FBSyxHQUExQixFQUErQjtBQUNwQ3BCLFVBQUFBLFFBQVEsR0FBRyxJQUFYO0FBQ0Q7QUFDRjtBQUNGO0FBQ0YsR0E3R3VELENBK0d4RDs7O0FBQ0EsTUFBSUQsV0FBSixFQUFpQjtBQUNmLFdBQU8sQ0FBQ2QsS0FBSyxDQUFDQSxLQUFLLENBQUNGLE1BQU4sR0FBZSxDQUFoQixDQUFiLEVBQWlDO0FBQy9CRSxNQUFBQSxLQUFLLENBQUNvQyxHQUFOO0FBQ0FsQyxNQUFBQSxVQUFVLENBQUNrQyxHQUFYO0FBQ0Q7QUFDRixHQUxELE1BS08sSUFBSXJCLFFBQUosRUFBYztBQUNuQmYsSUFBQUEsS0FBSyxDQUFDcUMsSUFBTixDQUFXLEVBQVg7QUFDQW5DLElBQUFBLFVBQVUsQ0FBQ21DLElBQVgsQ0FBZ0IsSUFBaEI7QUFDRDs7QUFDRCxPQUFLLElBQUlDLEVBQUUsR0FBRyxDQUFkLEVBQWlCQSxFQUFFLEdBQUd0QyxLQUFLLENBQUNGLE1BQU4sR0FBZSxDQUFyQyxFQUF3Q3dDLEVBQUUsRUFBMUMsRUFBOEM7QUFDNUN0QyxJQUFBQSxLQUFLLENBQUNzQyxFQUFELENBQUwsR0FBWXRDLEtBQUssQ0FBQ3NDLEVBQUQsQ0FBTCxHQUFZcEMsVUFBVSxDQUFDb0MsRUFBRCxDQUFsQztBQUNEOztBQUNELFNBQU90QyxLQUFLLENBQUN1QyxJQUFOLENBQVcsRUFBWCxDQUFQO0FBQ0QsQyxDQUVEOzs7QUFDTyxTQUFTQyxZQUFULENBQXNCL0MsT0FBdEIsRUFBK0JDLE9BQS9CLEVBQXdDO0FBQzdDLE1BQUksT0FBT0QsT0FBUCxLQUFtQixRQUF2QixFQUFpQztBQUMvQkEsSUFBQUEsT0FBTztBQUFHO0FBQUE7QUFBQTs7QUFBQUU7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQTtBQUFBLEtBQVdGLE9BQVgsQ0FBVjtBQUNEOztBQUVELE1BQUlnRCxZQUFZLEdBQUcsQ0FBbkI7O0FBQ0EsV0FBU0MsWUFBVCxHQUF3QjtBQUN0QixRQUFJQyxLQUFLLEdBQUdsRCxPQUFPLENBQUNnRCxZQUFZLEVBQWIsQ0FBbkI7O0FBQ0EsUUFBSSxDQUFDRSxLQUFMLEVBQVk7QUFDVixhQUFPakQsT0FBTyxDQUFDa0QsUUFBUixFQUFQO0FBQ0Q7O0FBRURsRCxJQUFBQSxPQUFPLENBQUNtRCxRQUFSLENBQWlCRixLQUFqQixFQUF3QixVQUFTRyxHQUFULEVBQWNDLElBQWQsRUFBb0I7QUFDMUMsVUFBSUQsR0FBSixFQUFTO0FBQ1AsZUFBT3BELE9BQU8sQ0FBQ2tELFFBQVIsQ0FBaUJFLEdBQWpCLENBQVA7QUFDRDs7QUFFRCxVQUFJRSxjQUFjLEdBQUd6RCxVQUFVLENBQUN3RCxJQUFELEVBQU9KLEtBQVAsRUFBY2pELE9BQWQsQ0FBL0I7QUFDQUEsTUFBQUEsT0FBTyxDQUFDdUQsT0FBUixDQUFnQk4sS0FBaEIsRUFBdUJLLGNBQXZCLEVBQXVDLFVBQVNGLEdBQVQsRUFBYztBQUNuRCxZQUFJQSxHQUFKLEVBQVM7QUFDUCxpQkFBT3BELE9BQU8sQ0FBQ2tELFFBQVIsQ0FBaUJFLEdBQWpCLENBQVA7QUFDRDs7QUFFREosUUFBQUEsWUFBWTtBQUNiLE9BTkQ7QUFPRCxLQWJEO0FBY0Q7O0FBQ0RBLEVBQUFBLFlBQVk7QUFDYiIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7cGFyc2VQYXRjaH0gZnJvbSAnLi9wYXJzZSc7XG5pbXBvcnQgZGlzdGFuY2VJdGVyYXRvciBmcm9tICcuLi91dGlsL2Rpc3RhbmNlLWl0ZXJhdG9yJztcblxuZXhwb3J0IGZ1bmN0aW9uIGFwcGx5UGF0Y2goc291cmNlLCB1bmlEaWZmLCBvcHRpb25zID0ge30pIHtcbiAgaWYgKHR5cGVvZiB1bmlEaWZmID09PSAnc3RyaW5nJykge1xuICAgIHVuaURpZmYgPSBwYXJzZVBhdGNoKHVuaURpZmYpO1xuICB9XG5cbiAgaWYgKEFycmF5LmlzQXJyYXkodW5pRGlmZikpIHtcbiAgICBpZiAodW5pRGlmZi5sZW5ndGggPiAxKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ2FwcGx5UGF0Y2ggb25seSB3b3JrcyB3aXRoIGEgc2luZ2xlIGlucHV0LicpO1xuICAgIH1cblxuICAgIHVuaURpZmYgPSB1bmlEaWZmWzBdO1xuICB9XG5cbiAgLy8gQXBwbHkgdGhlIGRpZmYgdG8gdGhlIGlucHV0XG4gIGxldCBsaW5lcyA9IHNvdXJjZS5zcGxpdCgvXFxyXFxufFtcXG5cXHZcXGZcXHJcXHg4NV0vKSxcbiAgICAgIGRlbGltaXRlcnMgPSBzb3VyY2UubWF0Y2goL1xcclxcbnxbXFxuXFx2XFxmXFxyXFx4ODVdL2cpIHx8IFtdLFxuICAgICAgaHVua3MgPSB1bmlEaWZmLmh1bmtzLFxuXG4gICAgICBjb21wYXJlTGluZSA9IG9wdGlvbnMuY29tcGFyZUxpbmUgfHwgKChsaW5lTnVtYmVyLCBsaW5lLCBvcGVyYXRpb24sIHBhdGNoQ29udGVudCkgPT4gbGluZSA9PT0gcGF0Y2hDb250ZW50KSxcbiAgICAgIGVycm9yQ291bnQgPSAwLFxuICAgICAgZnV6ekZhY3RvciA9IG9wdGlvbnMuZnV6ekZhY3RvciB8fCAwLFxuICAgICAgbWluTGluZSA9IDAsXG4gICAgICBvZmZzZXQgPSAwLFxuXG4gICAgICByZW1vdmVFT0ZOTCxcbiAgICAgIGFkZEVPRk5MO1xuXG4gIC8qKlxuICAgKiBDaGVja3MgaWYgdGhlIGh1bmsgZXhhY3RseSBmaXRzIG9uIHRoZSBwcm92aWRlZCBsb2NhdGlvblxuICAgKi9cbiAgZnVuY3Rpb24gaHVua0ZpdHMoaHVuaywgdG9Qb3MpIHtcbiAgICBmb3IgKGxldCBqID0gMDsgaiA8IGh1bmsubGluZXMubGVuZ3RoOyBqKyspIHtcbiAgICAgIGxldCBsaW5lID0gaHVuay5saW5lc1tqXSxcbiAgICAgICAgICBvcGVyYXRpb24gPSAobGluZS5sZW5ndGggPiAwID8gbGluZVswXSA6ICcgJyksXG4gICAgICAgICAgY29udGVudCA9IChsaW5lLmxlbmd0aCA+IDAgPyBsaW5lLnN1YnN0cigxKSA6IGxpbmUpO1xuXG4gICAgICBpZiAob3BlcmF0aW9uID09PSAnICcgfHwgb3BlcmF0aW9uID09PSAnLScpIHtcbiAgICAgICAgLy8gQ29udGV4dCBzYW5pdHkgY2hlY2tcbiAgICAgICAgaWYgKCFjb21wYXJlTGluZSh0b1BvcyArIDEsIGxpbmVzW3RvUG9zXSwgb3BlcmF0aW9uLCBjb250ZW50KSkge1xuICAgICAgICAgIGVycm9yQ291bnQrKztcblxuICAgICAgICAgIGlmIChlcnJvckNvdW50ID4gZnV6ekZhY3Rvcikge1xuICAgICAgICAgICAgcmV0dXJuIGZhbHNlO1xuICAgICAgICAgIH1cbiAgICAgICAgfVxuICAgICAgICB0b1BvcysrO1xuICAgICAgfVxuICAgIH1cblxuICAgIHJldHVybiB0cnVlO1xuICB9XG5cbiAgLy8gU2VhcmNoIGJlc3QgZml0IG9mZnNldHMgZm9yIGVhY2ggaHVuayBiYXNlZCBvbiB0aGUgcHJldmlvdXMgb25lc1xuICBmb3IgKGxldCBpID0gMDsgaSA8IGh1bmtzLmxlbmd0aDsgaSsrKSB7XG4gICAgbGV0IGh1bmsgPSBodW5rc1tpXSxcbiAgICAgICAgbWF4TGluZSA9IGxpbmVzLmxlbmd0aCAtIGh1bmsub2xkTGluZXMsXG4gICAgICAgIGxvY2FsT2Zmc2V0ID0gMCxcbiAgICAgICAgdG9Qb3MgPSBvZmZzZXQgKyBodW5rLm9sZFN0YXJ0IC0gMTtcblxuICAgIGxldCBpdGVyYXRvciA9IGRpc3RhbmNlSXRlcmF0b3IodG9Qb3MsIG1pbkxpbmUsIG1heExpbmUpO1xuXG4gICAgZm9yICg7IGxvY2FsT2Zmc2V0ICE9PSB1bmRlZmluZWQ7IGxvY2FsT2Zmc2V0ID0gaXRlcmF0b3IoKSkge1xuICAgICAgaWYgKGh1bmtGaXRzKGh1bmssIHRvUG9zICsgbG9jYWxPZmZzZXQpKSB7XG4gICAgICAgIGh1bmsub2Zmc2V0ID0gb2Zmc2V0ICs9IGxvY2FsT2Zmc2V0O1xuICAgICAgICBicmVhaztcbiAgICAgIH1cbiAgICB9XG5cbiAgICBpZiAobG9jYWxPZmZzZXQgPT09IHVuZGVmaW5lZCkge1xuICAgICAgcmV0dXJuIGZhbHNlO1xuICAgIH1cblxuICAgIC8vIFNldCBsb3dlciB0ZXh0IGxpbWl0IHRvIGVuZCBvZiB0aGUgY3VycmVudCBodW5rLCBzbyBuZXh0IG9uZXMgZG9uJ3QgdHJ5XG4gICAgLy8gdG8gZml0IG92ZXIgYWxyZWFkeSBwYXRjaGVkIHRleHRcbiAgICBtaW5MaW5lID0gaHVuay5vZmZzZXQgKyBodW5rLm9sZFN0YXJ0ICsgaHVuay5vbGRMaW5lcztcbiAgfVxuXG4gIC8vIEFwcGx5IHBhdGNoIGh1bmtzXG4gIGxldCBkaWZmT2Zmc2V0ID0gMDtcbiAgZm9yIChsZXQgaSA9IDA7IGkgPCBodW5rcy5sZW5ndGg7IGkrKykge1xuICAgIGxldCBodW5rID0gaHVua3NbaV0sXG4gICAgICAgIHRvUG9zID0gaHVuay5vbGRTdGFydCArIGh1bmsub2Zmc2V0ICsgZGlmZk9mZnNldCAtIDE7XG4gICAgZGlmZk9mZnNldCArPSBodW5rLm5ld0xpbmVzIC0gaHVuay5vbGRMaW5lcztcblxuICAgIGZvciAobGV0IGogPSAwOyBqIDwgaHVuay5saW5lcy5sZW5ndGg7IGorKykge1xuICAgICAgbGV0IGxpbmUgPSBodW5rLmxpbmVzW2pdLFxuICAgICAgICAgIG9wZXJhdGlvbiA9IChsaW5lLmxlbmd0aCA+IDAgPyBsaW5lWzBdIDogJyAnKSxcbiAgICAgICAgICBjb250ZW50ID0gKGxpbmUubGVuZ3RoID4gMCA/IGxpbmUuc3Vic3RyKDEpIDogbGluZSksXG4gICAgICAgICAgZGVsaW1pdGVyID0gaHVuay5saW5lZGVsaW1pdGVyc1tqXTtcblxuICAgICAgaWYgKG9wZXJhdGlvbiA9PT0gJyAnKSB7XG4gICAgICAgIHRvUG9zKys7XG4gICAgICB9IGVsc2UgaWYgKG9wZXJhdGlvbiA9PT0gJy0nKSB7XG4gICAgICAgIGxpbmVzLnNwbGljZSh0b1BvcywgMSk7XG4gICAgICAgIGRlbGltaXRlcnMuc3BsaWNlKHRvUG9zLCAxKTtcbiAgICAgIC8qIGlzdGFuYnVsIGlnbm9yZSBlbHNlICovXG4gICAgICB9IGVsc2UgaWYgKG9wZXJhdGlvbiA9PT0gJysnKSB7XG4gICAgICAgIGxpbmVzLnNwbGljZSh0b1BvcywgMCwgY29udGVudCk7XG4gICAgICAgIGRlbGltaXRlcnMuc3BsaWNlKHRvUG9zLCAwLCBkZWxpbWl0ZXIpO1xuICAgICAgICB0b1BvcysrO1xuICAgICAgfSBlbHNlIGlmIChvcGVyYXRpb24gPT09ICdcXFxcJykge1xuICAgICAgICBsZXQgcHJldmlvdXNPcGVyYXRpb24gPSBodW5rLmxpbmVzW2ogLSAxXSA/IGh1bmsubGluZXNbaiAtIDFdWzBdIDogbnVsbDtcbiAgICAgICAgaWYgKHByZXZpb3VzT3BlcmF0aW9uID09PSAnKycpIHtcbiAgICAgICAgICByZW1vdmVFT0ZOTCA9IHRydWU7XG4gICAgICAgIH0gZWxzZSBpZiAocHJldmlvdXNPcGVyYXRpb24gPT09ICctJykge1xuICAgICAgICAgIGFkZEVPRk5MID0gdHJ1ZTtcbiAgICAgICAgfVxuICAgICAgfVxuICAgIH1cbiAgfVxuXG4gIC8vIEhhbmRsZSBFT0ZOTCBpbnNlcnRpb24vcmVtb3ZhbFxuICBpZiAocmVtb3ZlRU9GTkwpIHtcbiAgICB3aGlsZSAoIWxpbmVzW2xpbmVzLmxlbmd0aCAtIDFdKSB7XG4gICAgICBsaW5lcy5wb3AoKTtcbiAgICAgIGRlbGltaXRlcnMucG9wKCk7XG4gICAgfVxuICB9IGVsc2UgaWYgKGFkZEVPRk5MKSB7XG4gICAgbGluZXMucHVzaCgnJyk7XG4gICAgZGVsaW1pdGVycy5wdXNoKCdcXG4nKTtcbiAgfVxuICBmb3IgKGxldCBfayA9IDA7IF9rIDwgbGluZXMubGVuZ3RoIC0gMTsgX2srKykge1xuICAgIGxpbmVzW19rXSA9IGxpbmVzW19rXSArIGRlbGltaXRlcnNbX2tdO1xuICB9XG4gIHJldHVybiBsaW5lcy5qb2luKCcnKTtcbn1cblxuLy8gV3JhcHBlciB0aGF0IHN1cHBvcnRzIG11bHRpcGxlIGZpbGUgcGF0Y2hlcyB2aWEgY2FsbGJhY2tzLlxuZXhwb3J0IGZ1bmN0aW9uIGFwcGx5UGF0Y2hlcyh1bmlEaWZmLCBvcHRpb25zKSB7XG4gIGlmICh0eXBlb2YgdW5pRGlmZiA9PT0gJ3N0cmluZycpIHtcbiAgICB1bmlEaWZmID0gcGFyc2VQYXRjaCh1bmlEaWZmKTtcbiAgfVxuXG4gIGxldCBjdXJyZW50SW5kZXggPSAwO1xuICBmdW5jdGlvbiBwcm9jZXNzSW5kZXgoKSB7XG4gICAgbGV0IGluZGV4ID0gdW5pRGlmZltjdXJyZW50SW5kZXgrK107XG4gICAgaWYgKCFpbmRleCkge1xuICAgICAgcmV0dXJuIG9wdGlvbnMuY29tcGxldGUoKTtcbiAgICB9XG5cbiAgICBvcHRpb25zLmxvYWRGaWxlKGluZGV4LCBmdW5jdGlvbihlcnIsIGRhdGEpIHtcbiAgICAgIGlmIChlcnIpIHtcbiAgICAgICAgcmV0dXJuIG9wdGlvbnMuY29tcGxldGUoZXJyKTtcbiAgICAgIH1cblxuICAgICAgbGV0IHVwZGF0ZWRDb250ZW50ID0gYXBwbHlQYXRjaChkYXRhLCBpbmRleCwgb3B0aW9ucyk7XG4gICAgICBvcHRpb25zLnBhdGNoZWQoaW5kZXgsIHVwZGF0ZWRDb250ZW50LCBmdW5jdGlvbihlcnIpIHtcbiAgICAgICAgaWYgKGVycikge1xuICAgICAgICAgIHJldHVybiBvcHRpb25zLmNvbXBsZXRlKGVycik7XG4gICAgICAgIH1cblxuICAgICAgICBwcm9jZXNzSW5kZXgoKTtcbiAgICAgIH0pO1xuICAgIH0pO1xuICB9XG4gIHByb2Nlc3NJbmRleCgpO1xufVxuIl19
+//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9wYXRjaC9hcHBseS5qcyJdLCJuYW1lcyI6WyJhcHBseVBhdGNoIiwic291cmNlIiwidW5pRGlmZiIsIm9wdGlvbnMiLCJwYXJzZVBhdGNoIiwiQXJyYXkiLCJpc0FycmF5IiwibGVuZ3RoIiwiRXJyb3IiLCJsaW5lcyIsInNwbGl0IiwiZGVsaW1pdGVycyIsIm1hdGNoIiwiaHVua3MiLCJjb21wYXJlTGluZSIsImxpbmVOdW1iZXIiLCJsaW5lIiwib3BlcmF0aW9uIiwicGF0Y2hDb250ZW50IiwiZXJyb3JDb3VudCIsImZ1enpGYWN0b3IiLCJtaW5MaW5lIiwib2Zmc2V0IiwicmVtb3ZlRU9GTkwiLCJhZGRFT0ZOTCIsImh1bmtGaXRzIiwiaHVuayIsInRvUG9zIiwiaiIsImNvbnRlbnQiLCJzdWJzdHIiLCJpIiwibWF4TGluZSIsIm9sZExpbmVzIiwibG9jYWxPZmZzZXQiLCJvbGRTdGFydCIsIml0ZXJhdG9yIiwiZGlzdGFuY2VJdGVyYXRvciIsInVuZGVmaW5lZCIsImRpZmZPZmZzZXQiLCJuZXdMaW5lcyIsImRlbGltaXRlciIsImxpbmVkZWxpbWl0ZXJzIiwic3BsaWNlIiwicHJldmlvdXNPcGVyYXRpb24iLCJwb3AiLCJwdXNoIiwiX2siLCJqb2luIiwiYXBwbHlQYXRjaGVzIiwiY3VycmVudEluZGV4IiwicHJvY2Vzc0luZGV4IiwiaW5kZXgiLCJjb21wbGV0ZSIsImxvYWRGaWxlIiwiZXJyIiwiZGF0YSIsInVwZGF0ZWRDb250ZW50IiwicGF0Y2hlZCJdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7OztBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7O0FBQ0E7QUFBQTtBQUFBO0FBQUE7QUFBQTs7Ozs7QUFFTyxTQUFTQSxVQUFULENBQW9CQyxNQUFwQixFQUE0QkMsT0FBNUIsRUFBbUQ7QUFBQTtBQUFBO0FBQUE7QUFBZEMsRUFBQUEsT0FBYyx1RUFBSixFQUFJOztBQUN4RCxNQUFJLE9BQU9ELE9BQVAsS0FBbUIsUUFBdkIsRUFBaUM7QUFDL0JBLElBQUFBLE9BQU87QUFBRztBQUFBO0FBQUE7O0FBQUFFO0FBQUFBO0FBQUFBO0FBQUFBO0FBQUFBO0FBQUFBO0FBQUE7QUFBQSxLQUFXRixPQUFYLENBQVY7QUFDRDs7QUFFRCxNQUFJRyxLQUFLLENBQUNDLE9BQU4sQ0FBY0osT0FBZCxDQUFKLEVBQTRCO0FBQzFCLFFBQUlBLE9BQU8sQ0FBQ0ssTUFBUixHQUFpQixDQUFyQixFQUF3QjtBQUN0QixZQUFNLElBQUlDLEtBQUosQ0FBVSw0Q0FBVixDQUFOO0FBQ0Q7O0FBRUROLElBQUFBLE9BQU8sR0FBR0EsT0FBTyxDQUFDLENBQUQsQ0FBakI7QUFDRCxHQVh1RCxDQWF4RDs7O0FBQ0EsTUFBSU8sS0FBSyxHQUFHUixNQUFNLENBQUNTLEtBQVAsQ0FBYSxxQkFBYixDQUFaO0FBQUEsTUFDSUMsVUFBVSxHQUFHVixNQUFNLENBQUNXLEtBQVAsQ0FBYSxzQkFBYixLQUF3QyxFQUR6RDtBQUFBLE1BRUlDLEtBQUssR0FBR1gsT0FBTyxDQUFDVyxLQUZwQjtBQUFBLE1BSUlDLFdBQVcsR0FBR1gsT0FBTyxDQUFDVyxXQUFSLElBQXdCLFVBQUNDLFVBQUQsRUFBYUMsSUFBYixFQUFtQkMsU0FBbkIsRUFBOEJDLFlBQTlCO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBK0NGLE1BQUFBLElBQUksS0FBS0U7QUFBeEQ7QUFBQSxHQUoxQztBQUFBLE1BS0lDLFVBQVUsR0FBRyxDQUxqQjtBQUFBLE1BTUlDLFVBQVUsR0FBR2pCLE9BQU8sQ0FBQ2lCLFVBQVIsSUFBc0IsQ0FOdkM7QUFBQSxNQU9JQyxPQUFPLEdBQUcsQ0FQZDtBQUFBLE1BUUlDLE1BQU0sR0FBRyxDQVJiO0FBQUEsTUFVSUMsV0FWSjtBQUFBLE1BV0lDLFFBWEo7QUFhQTs7Ozs7QUFHQSxXQUFTQyxRQUFULENBQWtCQyxJQUFsQixFQUF3QkMsS0FBeEIsRUFBK0I7QUFDN0IsU0FBSyxJQUFJQyxDQUFDLEdBQUcsQ0FBYixFQUFnQkEsQ0FBQyxHQUFHRixJQUFJLENBQUNqQixLQUFMLENBQVdGLE1BQS9CLEVBQXVDcUIsQ0FBQyxFQUF4QyxFQUE0QztBQUMxQyxVQUFJWixJQUFJLEdBQUdVLElBQUksQ0FBQ2pCLEtBQUwsQ0FBV21CLENBQVgsQ0FBWDtBQUFBLFVBQ0lYLFNBQVMsR0FBSUQsSUFBSSxDQUFDVCxNQUFMLEdBQWMsQ0FBZCxHQUFrQlMsSUFBSSxDQUFDLENBQUQsQ0FBdEIsR0FBNEIsR0FEN0M7QUFBQSxVQUVJYSxPQUFPLEdBQUliLElBQUksQ0FBQ1QsTUFBTCxHQUFjLENBQWQsR0FBa0JTLElBQUksQ0FBQ2MsTUFBTCxDQUFZLENBQVosQ0FBbEIsR0FBbUNkLElBRmxEOztBQUlBLFVBQUlDLFNBQVMsS0FBSyxHQUFkLElBQXFCQSxTQUFTLEtBQUssR0FBdkMsRUFBNEM7QUFDMUM7QUFDQSxZQUFJLENBQUNILFdBQVcsQ0FBQ2EsS0FBSyxHQUFHLENBQVQsRUFBWWxCLEtBQUssQ0FBQ2tCLEtBQUQsQ0FBakIsRUFBMEJWLFNBQTFCLEVBQXFDWSxPQUFyQyxDQUFoQixFQUErRDtBQUM3RFYsVUFBQUEsVUFBVTs7QUFFVixjQUFJQSxVQUFVLEdBQUdDLFVBQWpCLEVBQTZCO0FBQzNCLG1CQUFPLEtBQVA7QUFDRDtBQUNGOztBQUNETyxRQUFBQSxLQUFLO0FBQ047QUFDRjs7QUFFRCxXQUFPLElBQVA7QUFDRCxHQWxEdUQsQ0FvRHhEOzs7QUFDQSxPQUFLLElBQUlJLENBQUMsR0FBRyxDQUFiLEVBQWdCQSxDQUFDLEdBQUdsQixLQUFLLENBQUNOLE1BQTFCLEVBQWtDd0IsQ0FBQyxFQUFuQyxFQUF1QztBQUNyQyxRQUFJTCxJQUFJLEdBQUdiLEtBQUssQ0FBQ2tCLENBQUQsQ0FBaEI7QUFBQSxRQUNJQyxPQUFPLEdBQUd2QixLQUFLLENBQUNGLE1BQU4sR0FBZW1CLElBQUksQ0FBQ08sUUFEbEM7QUFBQSxRQUVJQyxXQUFXLEdBQUcsQ0FGbEI7QUFBQSxRQUdJUCxLQUFLLEdBQUdMLE1BQU0sR0FBR0ksSUFBSSxDQUFDUyxRQUFkLEdBQXlCLENBSHJDO0FBS0EsUUFBSUMsUUFBUTtBQUFHO0FBQUE7QUFBQTs7QUFBQUM7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUE7QUFBQUEsT0FBaUJWLEtBQWpCLEVBQXdCTixPQUF4QixFQUFpQ1csT0FBakMsQ0FBZjs7QUFFQSxXQUFPRSxXQUFXLEtBQUtJLFNBQXZCLEVBQWtDSixXQUFXLEdBQUdFLFFBQVEsRUFBeEQsRUFBNEQ7QUFDMUQsVUFBSVgsUUFBUSxDQUFDQyxJQUFELEVBQU9DLEtBQUssR0FBR08sV0FBZixDQUFaLEVBQXlDO0FBQ3ZDUixRQUFBQSxJQUFJLENBQUNKLE1BQUwsR0FBY0EsTUFBTSxJQUFJWSxXQUF4QjtBQUNBO0FBQ0Q7QUFDRjs7QUFFRCxRQUFJQSxXQUFXLEtBQUtJLFNBQXBCLEVBQStCO0FBQzdCLGFBQU8sS0FBUDtBQUNELEtBakJvQyxDQW1CckM7QUFDQTs7O0FBQ0FqQixJQUFBQSxPQUFPLEdBQUdLLElBQUksQ0FBQ0osTUFBTCxHQUFjSSxJQUFJLENBQUNTLFFBQW5CLEdBQThCVCxJQUFJLENBQUNPLFFBQTdDO0FBQ0QsR0EzRXVELENBNkV4RDs7O0FBQ0EsTUFBSU0sVUFBVSxHQUFHLENBQWpCOztBQUNBLE9BQUssSUFBSVIsRUFBQyxHQUFHLENBQWIsRUFBZ0JBLEVBQUMsR0FBR2xCLEtBQUssQ0FBQ04sTUFBMUIsRUFBa0N3QixFQUFDLEVBQW5DLEVBQXVDO0FBQ3JDLFFBQUlMLEtBQUksR0FBR2IsS0FBSyxDQUFDa0IsRUFBRCxDQUFoQjtBQUFBLFFBQ0lKLE1BQUssR0FBR0QsS0FBSSxDQUFDUyxRQUFMLEdBQWdCVCxLQUFJLENBQUNKLE1BQXJCLEdBQThCaUIsVUFBOUIsR0FBMkMsQ0FEdkQ7O0FBRUFBLElBQUFBLFVBQVUsSUFBSWIsS0FBSSxDQUFDYyxRQUFMLEdBQWdCZCxLQUFJLENBQUNPLFFBQW5DOztBQUVBLFNBQUssSUFBSUwsQ0FBQyxHQUFHLENBQWIsRUFBZ0JBLENBQUMsR0FBR0YsS0FBSSxDQUFDakIsS0FBTCxDQUFXRixNQUEvQixFQUF1Q3FCLENBQUMsRUFBeEMsRUFBNEM7QUFDMUMsVUFBSVosSUFBSSxHQUFHVSxLQUFJLENBQUNqQixLQUFMLENBQVdtQixDQUFYLENBQVg7QUFBQSxVQUNJWCxTQUFTLEdBQUlELElBQUksQ0FBQ1QsTUFBTCxHQUFjLENBQWQsR0FBa0JTLElBQUksQ0FBQyxDQUFELENBQXRCLEdBQTRCLEdBRDdDO0FBQUEsVUFFSWEsT0FBTyxHQUFJYixJQUFJLENBQUNULE1BQUwsR0FBYyxDQUFkLEdBQWtCUyxJQUFJLENBQUNjLE1BQUwsQ0FBWSxDQUFaLENBQWxCLEdBQW1DZCxJQUZsRDtBQUFBLFVBR0l5QixTQUFTLEdBQUdmLEtBQUksQ0FBQ2dCLGNBQUwsSUFBdUJoQixLQUFJLENBQUNnQixjQUFMLENBQW9CZCxDQUFwQixDQUF2QixJQUFpRCxJQUhqRTs7QUFLQSxVQUFJWCxTQUFTLEtBQUssR0FBbEIsRUFBdUI7QUFDckJVLFFBQUFBLE1BQUs7QUFDTixPQUZELE1BRU8sSUFBSVYsU0FBUyxLQUFLLEdBQWxCLEVBQXVCO0FBQzVCUixRQUFBQSxLQUFLLENBQUNrQyxNQUFOLENBQWFoQixNQUFiLEVBQW9CLENBQXBCO0FBQ0FoQixRQUFBQSxVQUFVLENBQUNnQyxNQUFYLENBQWtCaEIsTUFBbEIsRUFBeUIsQ0FBekI7QUFDRjtBQUNDLE9BSk0sTUFJQSxJQUFJVixTQUFTLEtBQUssR0FBbEIsRUFBdUI7QUFDNUJSLFFBQUFBLEtBQUssQ0FBQ2tDLE1BQU4sQ0FBYWhCLE1BQWIsRUFBb0IsQ0FBcEIsRUFBdUJFLE9BQXZCO0FBQ0FsQixRQUFBQSxVQUFVLENBQUNnQyxNQUFYLENBQWtCaEIsTUFBbEIsRUFBeUIsQ0FBekIsRUFBNEJjLFNBQTVCO0FBQ0FkLFFBQUFBLE1BQUs7QUFDTixPQUpNLE1BSUEsSUFBSVYsU0FBUyxLQUFLLElBQWxCLEVBQXdCO0FBQzdCLFlBQUkyQixpQkFBaUIsR0FBR2xCLEtBQUksQ0FBQ2pCLEtBQUwsQ0FBV21CLENBQUMsR0FBRyxDQUFmLElBQW9CRixLQUFJLENBQUNqQixLQUFMLENBQVdtQixDQUFDLEdBQUcsQ0FBZixFQUFrQixDQUFsQixDQUFwQixHQUEyQyxJQUFuRTs7QUFDQSxZQUFJZ0IsaUJBQWlCLEtBQUssR0FBMUIsRUFBK0I7QUFDN0JyQixVQUFBQSxXQUFXLEdBQUcsSUFBZDtBQUNELFNBRkQsTUFFTyxJQUFJcUIsaUJBQWlCLEtBQUssR0FBMUIsRUFBK0I7QUFDcENwQixVQUFBQSxRQUFRLEdBQUcsSUFBWDtBQUNEO0FBQ0Y7QUFDRjtBQUNGLEdBN0d1RCxDQStHeEQ7OztBQUNBLE1BQUlELFdBQUosRUFBaUI7QUFDZixXQUFPLENBQUNkLEtBQUssQ0FBQ0EsS0FBSyxDQUFDRixNQUFOLEdBQWUsQ0FBaEIsQ0FBYixFQUFpQztBQUMvQkUsTUFBQUEsS0FBSyxDQUFDb0MsR0FBTjtBQUNBbEMsTUFBQUEsVUFBVSxDQUFDa0MsR0FBWDtBQUNEO0FBQ0YsR0FMRCxNQUtPLElBQUlyQixRQUFKLEVBQWM7QUFDbkJmLElBQUFBLEtBQUssQ0FBQ3FDLElBQU4sQ0FBVyxFQUFYO0FBQ0FuQyxJQUFBQSxVQUFVLENBQUNtQyxJQUFYLENBQWdCLElBQWhCO0FBQ0Q7O0FBQ0QsT0FBSyxJQUFJQyxFQUFFLEdBQUcsQ0FBZCxFQUFpQkEsRUFBRSxHQUFHdEMsS0FBSyxDQUFDRixNQUFOLEdBQWUsQ0FBckMsRUFBd0N3QyxFQUFFLEVBQTFDLEVBQThDO0FBQzVDdEMsSUFBQUEsS0FBSyxDQUFDc0MsRUFBRCxDQUFMLEdBQVl0QyxLQUFLLENBQUNzQyxFQUFELENBQUwsR0FBWXBDLFVBQVUsQ0FBQ29DLEVBQUQsQ0FBbEM7QUFDRDs7QUFDRCxTQUFPdEMsS0FBSyxDQUFDdUMsSUFBTixDQUFXLEVBQVgsQ0FBUDtBQUNELEMsQ0FFRDs7O0FBQ08sU0FBU0MsWUFBVCxDQUFzQi9DLE9BQXRCLEVBQStCQyxPQUEvQixFQUF3QztBQUM3QyxNQUFJLE9BQU9ELE9BQVAsS0FBbUIsUUFBdkIsRUFBaUM7QUFDL0JBLElBQUFBLE9BQU87QUFBRztBQUFBO0FBQUE7O0FBQUFFO0FBQUFBO0FBQUFBO0FBQUFBO0FBQUFBO0FBQUFBO0FBQUE7QUFBQSxLQUFXRixPQUFYLENBQVY7QUFDRDs7QUFFRCxNQUFJZ0QsWUFBWSxHQUFHLENBQW5COztBQUNBLFdBQVNDLFlBQVQsR0FBd0I7QUFDdEIsUUFBSUMsS0FBSyxHQUFHbEQsT0FBTyxDQUFDZ0QsWUFBWSxFQUFiLENBQW5COztBQUNBLFFBQUksQ0FBQ0UsS0FBTCxFQUFZO0FBQ1YsYUFBT2pELE9BQU8sQ0FBQ2tELFFBQVIsRUFBUDtBQUNEOztBQUVEbEQsSUFBQUEsT0FBTyxDQUFDbUQsUUFBUixDQUFpQkYsS0FBakIsRUFBd0IsVUFBU0csR0FBVCxFQUFjQyxJQUFkLEVBQW9CO0FBQzFDLFVBQUlELEdBQUosRUFBUztBQUNQLGVBQU9wRCxPQUFPLENBQUNrRCxRQUFSLENBQWlCRSxHQUFqQixDQUFQO0FBQ0Q7O0FBRUQsVUFBSUUsY0FBYyxHQUFHekQsVUFBVSxDQUFDd0QsSUFBRCxFQUFPSixLQUFQLEVBQWNqRCxPQUFkLENBQS9CO0FBQ0FBLE1BQUFBLE9BQU8sQ0FBQ3VELE9BQVIsQ0FBZ0JOLEtBQWhCLEVBQXVCSyxjQUF2QixFQUF1QyxVQUFTRixHQUFULEVBQWM7QUFDbkQsWUFBSUEsR0FBSixFQUFTO0FBQ1AsaUJBQU9wRCxPQUFPLENBQUNrRCxRQUFSLENBQWlCRSxHQUFqQixDQUFQO0FBQ0Q7O0FBRURKLFFBQUFBLFlBQVk7QUFDYixPQU5EO0FBT0QsS0FiRDtBQWNEOztBQUNEQSxFQUFBQSxZQUFZO0FBQ2IiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQge3BhcnNlUGF0Y2h9IGZyb20gJy4vcGFyc2UnO1xuaW1wb3J0IGRpc3RhbmNlSXRlcmF0b3IgZnJvbSAnLi4vdXRpbC9kaXN0YW5jZS1pdGVyYXRvcic7XG5cbmV4cG9ydCBmdW5jdGlvbiBhcHBseVBhdGNoKHNvdXJjZSwgdW5pRGlmZiwgb3B0aW9ucyA9IHt9KSB7XG4gIGlmICh0eXBlb2YgdW5pRGlmZiA9PT0gJ3N0cmluZycpIHtcbiAgICB1bmlEaWZmID0gcGFyc2VQYXRjaCh1bmlEaWZmKTtcbiAgfVxuXG4gIGlmIChBcnJheS5pc0FycmF5KHVuaURpZmYpKSB7XG4gICAgaWYgKHVuaURpZmYubGVuZ3RoID4gMSkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKCdhcHBseVBhdGNoIG9ubHkgd29ya3Mgd2l0aCBhIHNpbmdsZSBpbnB1dC4nKTtcbiAgICB9XG5cbiAgICB1bmlEaWZmID0gdW5pRGlmZlswXTtcbiAgfVxuXG4gIC8vIEFwcGx5IHRoZSBkaWZmIHRvIHRoZSBpbnB1dFxuICBsZXQgbGluZXMgPSBzb3VyY2Uuc3BsaXQoL1xcclxcbnxbXFxuXFx2XFxmXFxyXFx4ODVdLyksXG4gICAgICBkZWxpbWl0ZXJzID0gc291cmNlLm1hdGNoKC9cXHJcXG58W1xcblxcdlxcZlxcclxceDg1XS9nKSB8fCBbXSxcbiAgICAgIGh1bmtzID0gdW5pRGlmZi5odW5rcyxcblxuICAgICAgY29tcGFyZUxpbmUgPSBvcHRpb25zLmNvbXBhcmVMaW5lIHx8ICgobGluZU51bWJlciwgbGluZSwgb3BlcmF0aW9uLCBwYXRjaENvbnRlbnQpID0+IGxpbmUgPT09IHBhdGNoQ29udGVudCksXG4gICAgICBlcnJvckNvdW50ID0gMCxcbiAgICAgIGZ1enpGYWN0b3IgPSBvcHRpb25zLmZ1enpGYWN0b3IgfHwgMCxcbiAgICAgIG1pbkxpbmUgPSAwLFxuICAgICAgb2Zmc2V0ID0gMCxcblxuICAgICAgcmVtb3ZlRU9GTkwsXG4gICAgICBhZGRFT0ZOTDtcblxuICAvKipcbiAgICogQ2hlY2tzIGlmIHRoZSBodW5rIGV4YWN0bHkgZml0cyBvbiB0aGUgcHJvdmlkZWQgbG9jYXRpb25cbiAgICovXG4gIGZ1bmN0aW9uIGh1bmtGaXRzKGh1bmssIHRvUG9zKSB7XG4gICAgZm9yIChsZXQgaiA9IDA7IGogPCBodW5rLmxpbmVzLmxlbmd0aDsgaisrKSB7XG4gICAgICBsZXQgbGluZSA9IGh1bmsubGluZXNbal0sXG4gICAgICAgICAgb3BlcmF0aW9uID0gKGxpbmUubGVuZ3RoID4gMCA/IGxpbmVbMF0gOiAnICcpLFxuICAgICAgICAgIGNvbnRlbnQgPSAobGluZS5sZW5ndGggPiAwID8gbGluZS5zdWJzdHIoMSkgOiBsaW5lKTtcblxuICAgICAgaWYgKG9wZXJhdGlvbiA9PT0gJyAnIHx8IG9wZXJhdGlvbiA9PT0gJy0nKSB7XG4gICAgICAgIC8vIENvbnRleHQgc2FuaXR5IGNoZWNrXG4gICAgICAgIGlmICghY29tcGFyZUxpbmUodG9Qb3MgKyAxLCBsaW5lc1t0b1Bvc10sIG9wZXJhdGlvbiwgY29udGVudCkpIHtcbiAgICAgICAgICBlcnJvckNvdW50Kys7XG5cbiAgICAgICAgICBpZiAoZXJyb3JDb3VudCA+IGZ1enpGYWN0b3IpIHtcbiAgICAgICAgICAgIHJldHVybiBmYWxzZTtcbiAgICAgICAgICB9XG4gICAgICAgIH1cbiAgICAgICAgdG9Qb3MrKztcbiAgICAgIH1cbiAgICB9XG5cbiAgICByZXR1cm4gdHJ1ZTtcbiAgfVxuXG4gIC8vIFNlYXJjaCBiZXN0IGZpdCBvZmZzZXRzIGZvciBlYWNoIGh1bmsgYmFzZWQgb24gdGhlIHByZXZpb3VzIG9uZXNcbiAgZm9yIChsZXQgaSA9IDA7IGkgPCBodW5rcy5sZW5ndGg7IGkrKykge1xuICAgIGxldCBodW5rID0gaHVua3NbaV0sXG4gICAgICAgIG1heExpbmUgPSBsaW5lcy5sZW5ndGggLSBodW5rLm9sZExpbmVzLFxuICAgICAgICBsb2NhbE9mZnNldCA9IDAsXG4gICAgICAgIHRvUG9zID0gb2Zmc2V0ICsgaHVuay5vbGRTdGFydCAtIDE7XG5cbiAgICBsZXQgaXRlcmF0b3IgPSBkaXN0YW5jZUl0ZXJhdG9yKHRvUG9zLCBtaW5MaW5lLCBtYXhMaW5lKTtcblxuICAgIGZvciAoOyBsb2NhbE9mZnNldCAhPT0gdW5kZWZpbmVkOyBsb2NhbE9mZnNldCA9IGl0ZXJhdG9yKCkpIHtcbiAgICAgIGlmIChodW5rRml0cyhodW5rLCB0b1BvcyArIGxvY2FsT2Zmc2V0KSkge1xuICAgICAgICBodW5rLm9mZnNldCA9IG9mZnNldCArPSBsb2NhbE9mZnNldDtcbiAgICAgICAgYnJlYWs7XG4gICAgICB9XG4gICAgfVxuXG4gICAgaWYgKGxvY2FsT2Zmc2V0ID09PSB1bmRlZmluZWQpIHtcbiAgICAgIHJldHVybiBmYWxzZTtcbiAgICB9XG5cbiAgICAvLyBTZXQgbG93ZXIgdGV4dCBsaW1pdCB0byBlbmQgb2YgdGhlIGN1cnJlbnQgaHVuaywgc28gbmV4dCBvbmVzIGRvbid0IHRyeVxuICAgIC8vIHRvIGZpdCBvdmVyIGFscmVhZHkgcGF0Y2hlZCB0ZXh0XG4gICAgbWluTGluZSA9IGh1bmsub2Zmc2V0ICsgaHVuay5vbGRTdGFydCArIGh1bmsub2xkTGluZXM7XG4gIH1cblxuICAvLyBBcHBseSBwYXRjaCBodW5rc1xuICBsZXQgZGlmZk9mZnNldCA9IDA7XG4gIGZvciAobGV0IGkgPSAwOyBpIDwgaHVua3MubGVuZ3RoOyBpKyspIHtcbiAgICBsZXQgaHVuayA9IGh1bmtzW2ldLFxuICAgICAgICB0b1BvcyA9IGh1bmsub2xkU3RhcnQgKyBodW5rLm9mZnNldCArIGRpZmZPZmZzZXQgLSAxO1xuICAgIGRpZmZPZmZzZXQgKz0gaHVuay5uZXdMaW5lcyAtIGh1bmsub2xkTGluZXM7XG5cbiAgICBmb3IgKGxldCBqID0gMDsgaiA8IGh1bmsubGluZXMubGVuZ3RoOyBqKyspIHtcbiAgICAgIGxldCBsaW5lID0gaHVuay5saW5lc1tqXSxcbiAgICAgICAgICBvcGVyYXRpb24gPSAobGluZS5sZW5ndGggPiAwID8gbGluZVswXSA6ICcgJyksXG4gICAgICAgICAgY29udGVudCA9IChsaW5lLmxlbmd0aCA+IDAgPyBsaW5lLnN1YnN0cigxKSA6IGxpbmUpLFxuICAgICAgICAgIGRlbGltaXRlciA9IGh1bmsubGluZWRlbGltaXRlcnMgJiYgaHVuay5saW5lZGVsaW1pdGVyc1tqXSB8fCAnXFxuJztcblxuICAgICAgaWYgKG9wZXJhdGlvbiA9PT0gJyAnKSB7XG4gICAgICAgIHRvUG9zKys7XG4gICAgICB9IGVsc2UgaWYgKG9wZXJhdGlvbiA9PT0gJy0nKSB7XG4gICAgICAgIGxpbmVzLnNwbGljZSh0b1BvcywgMSk7XG4gICAgICAgIGRlbGltaXRlcnMuc3BsaWNlKHRvUG9zLCAxKTtcbiAgICAgIC8qIGlzdGFuYnVsIGlnbm9yZSBlbHNlICovXG4gICAgICB9IGVsc2UgaWYgKG9wZXJhdGlvbiA9PT0gJysnKSB7XG4gICAgICAgIGxpbmVzLnNwbGljZSh0b1BvcywgMCwgY29udGVudCk7XG4gICAgICAgIGRlbGltaXRlcnMuc3BsaWNlKHRvUG9zLCAwLCBkZWxpbWl0ZXIpO1xuICAgICAgICB0b1BvcysrO1xuICAgICAgfSBlbHNlIGlmIChvcGVyYXRpb24gPT09ICdcXFxcJykge1xuICAgICAgICBsZXQgcHJldmlvdXNPcGVyYXRpb24gPSBodW5rLmxpbmVzW2ogLSAxXSA/IGh1bmsubGluZXNbaiAtIDFdWzBdIDogbnVsbDtcbiAgICAgICAgaWYgKHByZXZpb3VzT3BlcmF0aW9uID09PSAnKycpIHtcbiAgICAgICAgICByZW1vdmVFT0ZOTCA9IHRydWU7XG4gICAgICAgIH0gZWxzZSBpZiAocHJldmlvdXNPcGVyYXRpb24gPT09ICctJykge1xuICAgICAgICAgIGFkZEVPRk5MID0gdHJ1ZTtcbiAgICAgICAgfVxuICAgICAgfVxuICAgIH1cbiAgfVxuXG4gIC8vIEhhbmRsZSBFT0ZOTCBpbnNlcnRpb24vcmVtb3ZhbFxuICBpZiAocmVtb3ZlRU9GTkwpIHtcbiAgICB3aGlsZSAoIWxpbmVzW2xpbmVzLmxlbmd0aCAtIDFdKSB7XG4gICAgICBsaW5lcy5wb3AoKTtcbiAgICAgIGRlbGltaXRlcnMucG9wKCk7XG4gICAgfVxuICB9IGVsc2UgaWYgKGFkZEVPRk5MKSB7XG4gICAgbGluZXMucHVzaCgnJyk7XG4gICAgZGVsaW1pdGVycy5wdXNoKCdcXG4nKTtcbiAgfVxuICBmb3IgKGxldCBfayA9IDA7IF9rIDwgbGluZXMubGVuZ3RoIC0gMTsgX2srKykge1xuICAgIGxpbmVzW19rXSA9IGxpbmVzW19rXSArIGRlbGltaXRlcnNbX2tdO1xuICB9XG4gIHJldHVybiBsaW5lcy5qb2luKCcnKTtcbn1cblxuLy8gV3JhcHBlciB0aGF0IHN1cHBvcnRzIG11bHRpcGxlIGZpbGUgcGF0Y2hlcyB2aWEgY2FsbGJhY2tzLlxuZXhwb3J0IGZ1bmN0aW9uIGFwcGx5UGF0Y2hlcyh1bmlEaWZmLCBvcHRpb25zKSB7XG4gIGlmICh0eXBlb2YgdW5pRGlmZiA9PT0gJ3N0cmluZycpIHtcbiAgICB1bmlEaWZmID0gcGFyc2VQYXRjaCh1bmlEaWZmKTtcbiAgfVxuXG4gIGxldCBjdXJyZW50SW5kZXggPSAwO1xuICBmdW5jdGlvbiBwcm9jZXNzSW5kZXgoKSB7XG4gICAgbGV0IGluZGV4ID0gdW5pRGlmZltjdXJyZW50SW5kZXgrK107XG4gICAgaWYgKCFpbmRleCkge1xuICAgICAgcmV0dXJuIG9wdGlvbnMuY29tcGxldGUoKTtcbiAgICB9XG5cbiAgICBvcHRpb25zLmxvYWRGaWxlKGluZGV4LCBmdW5jdGlvbihlcnIsIGRhdGEpIHtcbiAgICAgIGlmIChlcnIpIHtcbiAgICAgICAgcmV0dXJuIG9wdGlvbnMuY29tcGxldGUoZXJyKTtcbiAgICAgIH1cblxuICAgICAgbGV0IHVwZGF0ZWRDb250ZW50ID0gYXBwbHlQYXRjaChkYXRhLCBpbmRleCwgb3B0aW9ucyk7XG4gICAgICBvcHRpb25zLnBhdGNoZWQoaW5kZXgsIHVwZGF0ZWRDb250ZW50LCBmdW5jdGlvbihlcnIpIHtcbiAgICAgICAgaWYgKGVycikge1xuICAgICAgICAgIHJldHVybiBvcHRpb25zLmNvbXBsZXRlKGVycik7XG4gICAgICAgIH1cblxuICAgICAgICBwcm9jZXNzSW5kZXgoKTtcbiAgICAgIH0pO1xuICAgIH0pO1xuICB9XG4gIHByb2Nlc3NJbmRleCgpO1xufVxuIl19
diff --git a/deps/npm/node_modules/diff/lib/patch/create.js b/deps/npm/node_modules/diff/lib/patch/create.js
index 1d3b4c303ce4bc..45be1512a5a088 100644
--- a/deps/npm/node_modules/diff/lib/patch/create.js
+++ b/deps/npm/node_modules/diff/lib/patch/create.js
@@ -232,6 +232,10 @@ function structuredPatch(oldFileName, newFileName, oldStr, newStr, oldHeader, ne
 }
 
 function formatPatch(diff) {
+  if (Array.isArray(diff)) {
+    return diff.map(formatPatch).join('\n');
+  }
+
   var ret = [];
 
   if (diff.oldFileName == diff.newFileName) {
@@ -269,4 +273,4 @@ function createTwoFilesPatch(oldFileName, newFileName, oldStr, newStr, oldHeader
 function createPatch(fileName, oldStr, newStr, oldHeader, newHeader, options) {
   return createTwoFilesPatch(fileName, fileName, oldStr, newStr, oldHeader, newHeader, options);
 }
-//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9wYXRjaC9jcmVhdGUuanMiXSwibmFtZXMiOlsic3RydWN0dXJlZFBhdGNoIiwib2xkRmlsZU5hbWUiLCJuZXdGaWxlTmFtZSIsIm9sZFN0ciIsIm5ld1N0ciIsIm9sZEhlYWRlciIsIm5ld0hlYWRlciIsIm9wdGlvbnMiLCJjb250ZXh0IiwiZGlmZiIsImRpZmZMaW5lcyIsInB1c2giLCJ2YWx1ZSIsImxpbmVzIiwiY29udGV4dExpbmVzIiwibWFwIiwiZW50cnkiLCJodW5rcyIsIm9sZFJhbmdlU3RhcnQiLCJuZXdSYW5nZVN0YXJ0IiwiY3VyUmFuZ2UiLCJvbGRMaW5lIiwibmV3TGluZSIsImkiLCJjdXJyZW50IiwicmVwbGFjZSIsInNwbGl0IiwiYWRkZWQiLCJyZW1vdmVkIiwicHJldiIsInNsaWNlIiwibGVuZ3RoIiwiY29udGV4dFNpemUiLCJNYXRoIiwibWluIiwiaHVuayIsIm9sZFN0YXJ0Iiwib2xkTGluZXMiLCJuZXdTdGFydCIsIm5ld0xpbmVzIiwib2xkRU9GTmV3bGluZSIsInRlc3QiLCJuZXdFT0ZOZXdsaW5lIiwibm9ObEJlZm9yZUFkZHMiLCJzcGxpY2UiLCJmb3JtYXRQYXRjaCIsInJldCIsImFwcGx5Iiwiam9pbiIsImNyZWF0ZVR3b0ZpbGVzUGF0Y2giLCJjcmVhdGVQYXRjaCIsImZpbGVOYW1lIl0sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBOzs7Ozs7Ozs7Ozs7Ozs7QUFFTyxTQUFTQSxlQUFULENBQXlCQyxXQUF6QixFQUFzQ0MsV0FBdEMsRUFBbURDLE1BQW5ELEVBQTJEQyxNQUEzRCxFQUFtRUMsU0FBbkUsRUFBOEVDLFNBQTlFLEVBQXlGQyxPQUF6RixFQUFrRztBQUN2RyxNQUFJLENBQUNBLE9BQUwsRUFBYztBQUNaQSxJQUFBQSxPQUFPLEdBQUcsRUFBVjtBQUNEOztBQUNELE1BQUksT0FBT0EsT0FBTyxDQUFDQyxPQUFmLEtBQTJCLFdBQS9CLEVBQTRDO0FBQzFDRCxJQUFBQSxPQUFPLENBQUNDLE9BQVIsR0FBa0IsQ0FBbEI7QUFDRDs7QUFFRCxNQUFNQyxJQUFJO0FBQUc7QUFBQTtBQUFBOztBQUFBQztBQUFBQTtBQUFBQTtBQUFBQTtBQUFBQTtBQUFBQTtBQUFBO0FBQUEsR0FBVVAsTUFBVixFQUFrQkMsTUFBbEIsRUFBMEJHLE9BQTFCLENBQWI7O0FBQ0EsTUFBRyxDQUFDRSxJQUFKLEVBQVU7QUFDUjtBQUNEOztBQUVEQSxFQUFBQSxJQUFJLENBQUNFLElBQUwsQ0FBVTtBQUFDQyxJQUFBQSxLQUFLLEVBQUUsRUFBUjtBQUFZQyxJQUFBQSxLQUFLLEVBQUU7QUFBbkIsR0FBVixFQWJ1RyxDQWFwRTs7QUFFbkMsV0FBU0MsWUFBVCxDQUFzQkQsS0FBdEIsRUFBNkI7QUFDM0IsV0FBT0EsS0FBSyxDQUFDRSxHQUFOLENBQVUsVUFBU0MsS0FBVCxFQUFnQjtBQUFFLGFBQU8sTUFBTUEsS0FBYjtBQUFxQixLQUFqRCxDQUFQO0FBQ0Q7O0FBRUQsTUFBSUMsS0FBSyxHQUFHLEVBQVo7QUFDQSxNQUFJQyxhQUFhLEdBQUcsQ0FBcEI7QUFBQSxNQUF1QkMsYUFBYSxHQUFHLENBQXZDO0FBQUEsTUFBMENDLFFBQVEsR0FBRyxFQUFyRDtBQUFBLE1BQ0lDLE9BQU8sR0FBRyxDQURkO0FBQUEsTUFDaUJDLE9BQU8sR0FBRyxDQUQzQjs7QUFwQnVHO0FBQUE7QUFBQTtBQXNCOUZDLEVBQUFBLENBdEI4RjtBQXVCckcsUUFBTUMsT0FBTyxHQUFHZixJQUFJLENBQUNjLENBQUQsQ0FBcEI7QUFBQSxRQUNNVixLQUFLLEdBQUdXLE9BQU8sQ0FBQ1gsS0FBUixJQUFpQlcsT0FBTyxDQUFDWixLQUFSLENBQWNhLE9BQWQsQ0FBc0IsS0FBdEIsRUFBNkIsRUFBN0IsRUFBaUNDLEtBQWpDLENBQXVDLElBQXZDLENBRC9CO0FBRUFGLElBQUFBLE9BQU8sQ0FBQ1gsS0FBUixHQUFnQkEsS0FBaEI7O0FBRUEsUUFBSVcsT0FBTyxDQUFDRyxLQUFSLElBQWlCSCxPQUFPLENBQUNJLE9BQTdCLEVBQXNDO0FBQUE7QUFBQTs7QUFBQTtBQUNwQztBQUNBLFVBQUksQ0FBQ1YsYUFBTCxFQUFvQjtBQUNsQixZQUFNVyxJQUFJLEdBQUdwQixJQUFJLENBQUNjLENBQUMsR0FBRyxDQUFMLENBQWpCO0FBQ0FMLFFBQUFBLGFBQWEsR0FBR0csT0FBaEI7QUFDQUYsUUFBQUEsYUFBYSxHQUFHRyxPQUFoQjs7QUFFQSxZQUFJTyxJQUFKLEVBQVU7QUFDUlQsVUFBQUEsUUFBUSxHQUFHYixPQUFPLENBQUNDLE9BQVIsR0FBa0IsQ0FBbEIsR0FBc0JNLFlBQVksQ0FBQ2UsSUFBSSxDQUFDaEIsS0FBTCxDQUFXaUIsS0FBWCxDQUFpQixDQUFDdkIsT0FBTyxDQUFDQyxPQUExQixDQUFELENBQWxDLEdBQXlFLEVBQXBGO0FBQ0FVLFVBQUFBLGFBQWEsSUFBSUUsUUFBUSxDQUFDVyxNQUExQjtBQUNBWixVQUFBQSxhQUFhLElBQUlDLFFBQVEsQ0FBQ1csTUFBMUI7QUFDRDtBQUNGLE9BWm1DLENBY3BDOzs7QUFDQTs7QUFBQTs7QUFBQTtBQUFBO0FBQUE7QUFBQVgsTUFBQUEsUUFBUSxFQUFDVCxJQUFUO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBa0JFLE1BQUFBLEtBQUssQ0FBQ0UsR0FBTixDQUFVLFVBQVNDLEtBQVQsRUFBZ0I7QUFDMUMsZUFBTyxDQUFDUSxPQUFPLENBQUNHLEtBQVIsR0FBZ0IsR0FBaEIsR0FBc0IsR0FBdkIsSUFBOEJYLEtBQXJDO0FBQ0QsT0FGaUIsQ0FBbEIsR0Fmb0MsQ0FtQnBDOzs7QUFDQSxVQUFJUSxPQUFPLENBQUNHLEtBQVosRUFBbUI7QUFDakJMLFFBQUFBLE9BQU8sSUFBSVQsS0FBSyxDQUFDa0IsTUFBakI7QUFDRCxPQUZELE1BRU87QUFDTFYsUUFBQUEsT0FBTyxJQUFJUixLQUFLLENBQUNrQixNQUFqQjtBQUNEO0FBQ0YsS0F6QkQsTUF5Qk87QUFDTDtBQUNBLFVBQUliLGFBQUosRUFBbUI7QUFDakI7QUFDQSxZQUFJTCxLQUFLLENBQUNrQixNQUFOLElBQWdCeEIsT0FBTyxDQUFDQyxPQUFSLEdBQWtCLENBQWxDLElBQXVDZSxDQUFDLEdBQUdkLElBQUksQ0FBQ3NCLE1BQUwsR0FBYyxDQUE3RCxFQUFnRTtBQUFBO0FBQUE7O0FBQUE7QUFDOUQ7O0FBQ0E7O0FBQUE7O0FBQUE7QUFBQTtBQUFBO0FBQUFYLFVBQUFBLFFBQVEsRUFBQ1QsSUFBVDtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQWtCRyxVQUFBQSxZQUFZLENBQUNELEtBQUQsQ0FBOUI7QUFDRCxTQUhELE1BR087QUFBQTtBQUFBOztBQUFBO0FBQ0w7QUFDQSxjQUFJbUIsV0FBVyxHQUFHQyxJQUFJLENBQUNDLEdBQUwsQ0FBU3JCLEtBQUssQ0FBQ2tCLE1BQWYsRUFBdUJ4QixPQUFPLENBQUNDLE9BQS9CLENBQWxCOztBQUNBOztBQUFBOztBQUFBO0FBQUE7QUFBQTtBQUFBWSxVQUFBQSxRQUFRLEVBQUNULElBQVQ7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFrQkcsVUFBQUEsWUFBWSxDQUFDRCxLQUFLLENBQUNpQixLQUFOLENBQVksQ0FBWixFQUFlRSxXQUFmLENBQUQsQ0FBOUI7O0FBRUEsY0FBSUcsSUFBSSxHQUFHO0FBQ1RDLFlBQUFBLFFBQVEsRUFBRWxCLGFBREQ7QUFFVG1CLFlBQUFBLFFBQVEsRUFBR2hCLE9BQU8sR0FBR0gsYUFBVixHQUEwQmMsV0FGNUI7QUFHVE0sWUFBQUEsUUFBUSxFQUFFbkIsYUFIRDtBQUlUb0IsWUFBQUEsUUFBUSxFQUFHakIsT0FBTyxHQUFHSCxhQUFWLEdBQTBCYSxXQUo1QjtBQUtUbkIsWUFBQUEsS0FBSyxFQUFFTztBQUxFLFdBQVg7O0FBT0EsY0FBSUcsQ0FBQyxJQUFJZCxJQUFJLENBQUNzQixNQUFMLEdBQWMsQ0FBbkIsSUFBd0JsQixLQUFLLENBQUNrQixNQUFOLElBQWdCeEIsT0FBTyxDQUFDQyxPQUFwRCxFQUE2RDtBQUMzRDtBQUNBLGdCQUFJZ0MsYUFBYSxHQUFLLEtBQUQsQ0FBUUMsSUFBUixDQUFhdEMsTUFBYixDQUFyQjtBQUNBLGdCQUFJdUMsYUFBYSxHQUFLLEtBQUQsQ0FBUUQsSUFBUixDQUFhckMsTUFBYixDQUFyQjtBQUNBLGdCQUFJdUMsY0FBYyxHQUFHOUIsS0FBSyxDQUFDa0IsTUFBTixJQUFnQixDQUFoQixJQUFxQlgsUUFBUSxDQUFDVyxNQUFULEdBQWtCSSxJQUFJLENBQUNFLFFBQWpFOztBQUNBLGdCQUFJLENBQUNHLGFBQUQsSUFBa0JHLGNBQWxCLElBQW9DeEMsTUFBTSxDQUFDNEIsTUFBUCxHQUFnQixDQUF4RCxFQUEyRDtBQUN6RDtBQUNBO0FBQ0FYLGNBQUFBLFFBQVEsQ0FBQ3dCLE1BQVQsQ0FBZ0JULElBQUksQ0FBQ0UsUUFBckIsRUFBK0IsQ0FBL0IsRUFBa0MsOEJBQWxDO0FBQ0Q7O0FBQ0QsZ0JBQUssQ0FBQ0csYUFBRCxJQUFrQixDQUFDRyxjQUFwQixJQUF1QyxDQUFDRCxhQUE1QyxFQUEyRDtBQUN6RHRCLGNBQUFBLFFBQVEsQ0FBQ1QsSUFBVCxDQUFjLDhCQUFkO0FBQ0Q7QUFDRjs7QUFDRE0sVUFBQUEsS0FBSyxDQUFDTixJQUFOLENBQVd3QixJQUFYO0FBRUFqQixVQUFBQSxhQUFhLEdBQUcsQ0FBaEI7QUFDQUMsVUFBQUEsYUFBYSxHQUFHLENBQWhCO0FBQ0FDLFVBQUFBLFFBQVEsR0FBRyxFQUFYO0FBQ0Q7QUFDRjs7QUFDREMsTUFBQUEsT0FBTyxJQUFJUixLQUFLLENBQUNrQixNQUFqQjtBQUNBVCxNQUFBQSxPQUFPLElBQUlULEtBQUssQ0FBQ2tCLE1BQWpCO0FBQ0Q7QUE5Rm9HOztBQXNCdkcsT0FBSyxJQUFJUixDQUFDLEdBQUcsQ0FBYixFQUFnQkEsQ0FBQyxHQUFHZCxJQUFJLENBQUNzQixNQUF6QixFQUFpQ1IsQ0FBQyxFQUFsQyxFQUFzQztBQUFBO0FBQUE7QUFBQTtBQUE3QkEsSUFBQUEsQ0FBNkI7QUF5RXJDOztBQUVELFNBQU87QUFDTHRCLElBQUFBLFdBQVcsRUFBRUEsV0FEUjtBQUNxQkMsSUFBQUEsV0FBVyxFQUFFQSxXQURsQztBQUVMRyxJQUFBQSxTQUFTLEVBQUVBLFNBRk47QUFFaUJDLElBQUFBLFNBQVMsRUFBRUEsU0FGNUI7QUFHTFcsSUFBQUEsS0FBSyxFQUFFQTtBQUhGLEdBQVA7QUFLRDs7QUFFTSxTQUFTNEIsV0FBVCxDQUFxQnBDLElBQXJCLEVBQTJCO0FBQ2hDLE1BQU1xQyxHQUFHLEdBQUcsRUFBWjs7QUFDQSxNQUFJckMsSUFBSSxDQUFDUixXQUFMLElBQW9CUSxJQUFJLENBQUNQLFdBQTdCLEVBQTBDO0FBQ3hDNEMsSUFBQUEsR0FBRyxDQUFDbkMsSUFBSixDQUFTLFlBQVlGLElBQUksQ0FBQ1IsV0FBMUI7QUFDRDs7QUFDRDZDLEVBQUFBLEdBQUcsQ0FBQ25DLElBQUosQ0FBUyxxRUFBVDtBQUNBbUMsRUFBQUEsR0FBRyxDQUFDbkMsSUFBSixDQUFTLFNBQVNGLElBQUksQ0FBQ1IsV0FBZCxJQUE2QixPQUFPUSxJQUFJLENBQUNKLFNBQVosS0FBMEIsV0FBMUIsR0FBd0MsRUFBeEMsR0FBNkMsT0FBT0ksSUFBSSxDQUFDSixTQUF0RixDQUFUO0FBQ0F5QyxFQUFBQSxHQUFHLENBQUNuQyxJQUFKLENBQVMsU0FBU0YsSUFBSSxDQUFDUCxXQUFkLElBQTZCLE9BQU9PLElBQUksQ0FBQ0gsU0FBWixLQUEwQixXQUExQixHQUF3QyxFQUF4QyxHQUE2QyxPQUFPRyxJQUFJLENBQUNILFNBQXRGLENBQVQ7O0FBRUEsT0FBSyxJQUFJaUIsQ0FBQyxHQUFHLENBQWIsRUFBZ0JBLENBQUMsR0FBR2QsSUFBSSxDQUFDUSxLQUFMLENBQVdjLE1BQS9CLEVBQXVDUixDQUFDLEVBQXhDLEVBQTRDO0FBQzFDLFFBQU1ZLElBQUksR0FBRzFCLElBQUksQ0FBQ1EsS0FBTCxDQUFXTSxDQUFYLENBQWIsQ0FEMEMsQ0FFMUM7QUFDQTtBQUNBOztBQUNBLFFBQUlZLElBQUksQ0FBQ0UsUUFBTCxLQUFrQixDQUF0QixFQUF5QjtBQUN2QkYsTUFBQUEsSUFBSSxDQUFDQyxRQUFMLElBQWlCLENBQWpCO0FBQ0Q7O0FBQ0QsUUFBSUQsSUFBSSxDQUFDSSxRQUFMLEtBQWtCLENBQXRCLEVBQXlCO0FBQ3ZCSixNQUFBQSxJQUFJLENBQUNHLFFBQUwsSUFBaUIsQ0FBakI7QUFDRDs7QUFDRFEsSUFBQUEsR0FBRyxDQUFDbkMsSUFBSixDQUNFLFNBQVN3QixJQUFJLENBQUNDLFFBQWQsR0FBeUIsR0FBekIsR0FBK0JELElBQUksQ0FBQ0UsUUFBcEMsR0FDRSxJQURGLEdBQ1NGLElBQUksQ0FBQ0csUUFEZCxHQUN5QixHQUR6QixHQUMrQkgsSUFBSSxDQUFDSSxRQURwQyxHQUVFLEtBSEo7QUFLQU8sSUFBQUEsR0FBRyxDQUFDbkMsSUFBSixDQUFTb0MsS0FBVCxDQUFlRCxHQUFmLEVBQW9CWCxJQUFJLENBQUN0QixLQUF6QjtBQUNEOztBQUVELFNBQU9pQyxHQUFHLENBQUNFLElBQUosQ0FBUyxJQUFULElBQWlCLElBQXhCO0FBQ0Q7O0FBRU0sU0FBU0MsbUJBQVQsQ0FBNkJoRCxXQUE3QixFQUEwQ0MsV0FBMUMsRUFBdURDLE1BQXZELEVBQStEQyxNQUEvRCxFQUF1RUMsU0FBdkUsRUFBa0ZDLFNBQWxGLEVBQTZGQyxPQUE3RixFQUFzRztBQUMzRyxTQUFPc0MsV0FBVyxDQUFDN0MsZUFBZSxDQUFDQyxXQUFELEVBQWNDLFdBQWQsRUFBMkJDLE1BQTNCLEVBQW1DQyxNQUFuQyxFQUEyQ0MsU0FBM0MsRUFBc0RDLFNBQXRELEVBQWlFQyxPQUFqRSxDQUFoQixDQUFsQjtBQUNEOztBQUVNLFNBQVMyQyxXQUFULENBQXFCQyxRQUFyQixFQUErQmhELE1BQS9CLEVBQXVDQyxNQUF2QyxFQUErQ0MsU0FBL0MsRUFBMERDLFNBQTFELEVBQXFFQyxPQUFyRSxFQUE4RTtBQUNuRixTQUFPMEMsbUJBQW1CLENBQUNFLFFBQUQsRUFBV0EsUUFBWCxFQUFxQmhELE1BQXJCLEVBQTZCQyxNQUE3QixFQUFxQ0MsU0FBckMsRUFBZ0RDLFNBQWhELEVBQTJEQyxPQUEzRCxDQUExQjtBQUNEIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHtkaWZmTGluZXN9IGZyb20gJy4uL2RpZmYvbGluZSc7XG5cbmV4cG9ydCBmdW5jdGlvbiBzdHJ1Y3R1cmVkUGF0Y2gob2xkRmlsZU5hbWUsIG5ld0ZpbGVOYW1lLCBvbGRTdHIsIG5ld1N0ciwgb2xkSGVhZGVyLCBuZXdIZWFkZXIsIG9wdGlvbnMpIHtcbiAgaWYgKCFvcHRpb25zKSB7XG4gICAgb3B0aW9ucyA9IHt9O1xuICB9XG4gIGlmICh0eXBlb2Ygb3B0aW9ucy5jb250ZXh0ID09PSAndW5kZWZpbmVkJykge1xuICAgIG9wdGlvbnMuY29udGV4dCA9IDQ7XG4gIH1cblxuICBjb25zdCBkaWZmID0gZGlmZkxpbmVzKG9sZFN0ciwgbmV3U3RyLCBvcHRpb25zKTtcbiAgaWYoIWRpZmYpIHtcbiAgICByZXR1cm47XG4gIH1cblxuICBkaWZmLnB1c2goe3ZhbHVlOiAnJywgbGluZXM6IFtdfSk7IC8vIEFwcGVuZCBhbiBlbXB0eSB2YWx1ZSB0byBtYWtlIGNsZWFudXAgZWFzaWVyXG5cbiAgZnVuY3Rpb24gY29udGV4dExpbmVzKGxpbmVzKSB7XG4gICAgcmV0dXJuIGxpbmVzLm1hcChmdW5jdGlvbihlbnRyeSkgeyByZXR1cm4gJyAnICsgZW50cnk7IH0pO1xuICB9XG5cbiAgbGV0IGh1bmtzID0gW107XG4gIGxldCBvbGRSYW5nZVN0YXJ0ID0gMCwgbmV3UmFuZ2VTdGFydCA9IDAsIGN1clJhbmdlID0gW10sXG4gICAgICBvbGRMaW5lID0gMSwgbmV3TGluZSA9IDE7XG4gIGZvciAobGV0IGkgPSAwOyBpIDwgZGlmZi5sZW5ndGg7IGkrKykge1xuICAgIGNvbnN0IGN1cnJlbnQgPSBkaWZmW2ldLFxuICAgICAgICAgIGxpbmVzID0gY3VycmVudC5saW5lcyB8fCBjdXJyZW50LnZhbHVlLnJlcGxhY2UoL1xcbiQvLCAnJykuc3BsaXQoJ1xcbicpO1xuICAgIGN1cnJlbnQubGluZXMgPSBsaW5lcztcblxuICAgIGlmIChjdXJyZW50LmFkZGVkIHx8IGN1cnJlbnQucmVtb3ZlZCkge1xuICAgICAgLy8gSWYgd2UgaGF2ZSBwcmV2aW91cyBjb250ZXh0LCBzdGFydCB3aXRoIHRoYXRcbiAgICAgIGlmICghb2xkUmFuZ2VTdGFydCkge1xuICAgICAgICBjb25zdCBwcmV2ID0gZGlmZltpIC0gMV07XG4gICAgICAgIG9sZFJhbmdlU3RhcnQgPSBvbGRMaW5lO1xuICAgICAgICBuZXdSYW5nZVN0YXJ0ID0gbmV3TGluZTtcblxuICAgICAgICBpZiAocHJldikge1xuICAgICAgICAgIGN1clJhbmdlID0gb3B0aW9ucy5jb250ZXh0ID4gMCA/IGNvbnRleHRMaW5lcyhwcmV2LmxpbmVzLnNsaWNlKC1vcHRpb25zLmNvbnRleHQpKSA6IFtdO1xuICAgICAgICAgIG9sZFJhbmdlU3RhcnQgLT0gY3VyUmFuZ2UubGVuZ3RoO1xuICAgICAgICAgIG5ld1JhbmdlU3RhcnQgLT0gY3VyUmFuZ2UubGVuZ3RoO1xuICAgICAgICB9XG4gICAgICB9XG5cbiAgICAgIC8vIE91dHB1dCBvdXIgY2hhbmdlc1xuICAgICAgY3VyUmFuZ2UucHVzaCguLi4gbGluZXMubWFwKGZ1bmN0aW9uKGVudHJ5KSB7XG4gICAgICAgIHJldHVybiAoY3VycmVudC5hZGRlZCA/ICcrJyA6ICctJykgKyBlbnRyeTtcbiAgICAgIH0pKTtcblxuICAgICAgLy8gVHJhY2sgdGhlIHVwZGF0ZWQgZmlsZSBwb3NpdGlvblxuICAgICAgaWYgKGN1cnJlbnQuYWRkZWQpIHtcbiAgICAgICAgbmV3TGluZSArPSBsaW5lcy5sZW5ndGg7XG4gICAgICB9IGVsc2Uge1xuICAgICAgICBvbGRMaW5lICs9IGxpbmVzLmxlbmd0aDtcbiAgICAgIH1cbiAgICB9IGVsc2Uge1xuICAgICAgLy8gSWRlbnRpY2FsIGNvbnRleHQgbGluZXMuIFRyYWNrIGxpbmUgY2hhbmdlc1xuICAgICAgaWYgKG9sZFJhbmdlU3RhcnQpIHtcbiAgICAgICAgLy8gQ2xvc2Ugb3V0IGFueSBjaGFuZ2VzIHRoYXQgaGF2ZSBiZWVuIG91dHB1dCAob3Igam9pbiBvdmVybGFwcGluZylcbiAgICAgICAgaWYgKGxpbmVzLmxlbmd0aCA8PSBvcHRpb25zLmNvbnRleHQgKiAyICYmIGkgPCBkaWZmLmxlbmd0aCAtIDIpIHtcbiAgICAgICAgICAvLyBPdmVybGFwcGluZ1xuICAgICAgICAgIGN1clJhbmdlLnB1c2goLi4uIGNvbnRleHRMaW5lcyhsaW5lcykpO1xuICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgIC8vIGVuZCB0aGUgcmFuZ2UgYW5kIG91dHB1dFxuICAgICAgICAgIGxldCBjb250ZXh0U2l6ZSA9IE1hdGgubWluKGxpbmVzLmxlbmd0aCwgb3B0aW9ucy5jb250ZXh0KTtcbiAgICAgICAgICBjdXJSYW5nZS5wdXNoKC4uLiBjb250ZXh0TGluZXMobGluZXMuc2xpY2UoMCwgY29udGV4dFNpemUpKSk7XG5cbiAgICAgICAgICBsZXQgaHVuayA9IHtcbiAgICAgICAgICAgIG9sZFN0YXJ0OiBvbGRSYW5nZVN0YXJ0LFxuICAgICAgICAgICAgb2xkTGluZXM6IChvbGRMaW5lIC0gb2xkUmFuZ2VTdGFydCArIGNvbnRleHRTaXplKSxcbiAgICAgICAgICAgIG5ld1N0YXJ0OiBuZXdSYW5nZVN0YXJ0LFxuICAgICAgICAgICAgbmV3TGluZXM6IChuZXdMaW5lIC0gbmV3UmFuZ2VTdGFydCArIGNvbnRleHRTaXplKSxcbiAgICAgICAgICAgIGxpbmVzOiBjdXJSYW5nZVxuICAgICAgICAgIH07XG4gICAgICAgICAgaWYgKGkgPj0gZGlmZi5sZW5ndGggLSAyICYmIGxpbmVzLmxlbmd0aCA8PSBvcHRpb25zLmNvbnRleHQpIHtcbiAgICAgICAgICAgIC8vIEVPRiBpcyBpbnNpZGUgdGhpcyBodW5rXG4gICAgICAgICAgICBsZXQgb2xkRU9GTmV3bGluZSA9ICgoL1xcbiQvKS50ZXN0KG9sZFN0cikpO1xuICAgICAgICAgICAgbGV0IG5ld0VPRk5ld2xpbmUgPSAoKC9cXG4kLykudGVzdChuZXdTdHIpKTtcbiAgICAgICAgICAgIGxldCBub05sQmVmb3JlQWRkcyA9IGxpbmVzLmxlbmd0aCA9PSAwICYmIGN1clJhbmdlLmxlbmd0aCA+IGh1bmsub2xkTGluZXM7XG4gICAgICAgICAgICBpZiAoIW9sZEVPRk5ld2xpbmUgJiYgbm9ObEJlZm9yZUFkZHMgJiYgb2xkU3RyLmxlbmd0aCA+IDApIHtcbiAgICAgICAgICAgICAgLy8gc3BlY2lhbCBjYXNlOiBvbGQgaGFzIG5vIGVvbCBhbmQgbm8gdHJhaWxpbmcgY29udGV4dDsgbm8tbmwgY2FuIGVuZCB1cCBiZWZvcmUgYWRkc1xuICAgICAgICAgICAgICAvLyBob3dldmVyLCBpZiB0aGUgb2xkIGZpbGUgaXMgZW1wdHksIGRvIG5vdCBvdXRwdXQgdGhlIG5vLW5sIGxpbmVcbiAgICAgICAgICAgICAgY3VyUmFuZ2Uuc3BsaWNlKGh1bmsub2xkTGluZXMsIDAsICdcXFxcIE5vIG5ld2xpbmUgYXQgZW5kIG9mIGZpbGUnKTtcbiAgICAgICAgICAgIH1cbiAgICAgICAgICAgIGlmICgoIW9sZEVPRk5ld2xpbmUgJiYgIW5vTmxCZWZvcmVBZGRzKSB8fCAhbmV3RU9GTmV3bGluZSkge1xuICAgICAgICAgICAgICBjdXJSYW5nZS5wdXNoKCdcXFxcIE5vIG5ld2xpbmUgYXQgZW5kIG9mIGZpbGUnKTtcbiAgICAgICAgICAgIH1cbiAgICAgICAgICB9XG4gICAgICAgICAgaHVua3MucHVzaChodW5rKTtcblxuICAgICAgICAgIG9sZFJhbmdlU3RhcnQgPSAwO1xuICAgICAgICAgIG5ld1JhbmdlU3RhcnQgPSAwO1xuICAgICAgICAgIGN1clJhbmdlID0gW107XG4gICAgICAgIH1cbiAgICAgIH1cbiAgICAgIG9sZExpbmUgKz0gbGluZXMubGVuZ3RoO1xuICAgICAgbmV3TGluZSArPSBsaW5lcy5sZW5ndGg7XG4gICAgfVxuICB9XG5cbiAgcmV0dXJuIHtcbiAgICBvbGRGaWxlTmFtZTogb2xkRmlsZU5hbWUsIG5ld0ZpbGVOYW1lOiBuZXdGaWxlTmFtZSxcbiAgICBvbGRIZWFkZXI6IG9sZEhlYWRlciwgbmV3SGVhZGVyOiBuZXdIZWFkZXIsXG4gICAgaHVua3M6IGh1bmtzXG4gIH07XG59XG5cbmV4cG9ydCBmdW5jdGlvbiBmb3JtYXRQYXRjaChkaWZmKSB7XG4gIGNvbnN0IHJldCA9IFtdO1xuICBpZiAoZGlmZi5vbGRGaWxlTmFtZSA9PSBkaWZmLm5ld0ZpbGVOYW1lKSB7XG4gICAgcmV0LnB1c2goJ0luZGV4OiAnICsgZGlmZi5vbGRGaWxlTmFtZSk7XG4gIH1cbiAgcmV0LnB1c2goJz09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0nKTtcbiAgcmV0LnB1c2goJy0tLSAnICsgZGlmZi5vbGRGaWxlTmFtZSArICh0eXBlb2YgZGlmZi5vbGRIZWFkZXIgPT09ICd1bmRlZmluZWQnID8gJycgOiAnXFx0JyArIGRpZmYub2xkSGVhZGVyKSk7XG4gIHJldC5wdXNoKCcrKysgJyArIGRpZmYubmV3RmlsZU5hbWUgKyAodHlwZW9mIGRpZmYubmV3SGVhZGVyID09PSAndW5kZWZpbmVkJyA/ICcnIDogJ1xcdCcgKyBkaWZmLm5ld0hlYWRlcikpO1xuXG4gIGZvciAobGV0IGkgPSAwOyBpIDwgZGlmZi5odW5rcy5sZW5ndGg7IGkrKykge1xuICAgIGNvbnN0IGh1bmsgPSBkaWZmLmh1bmtzW2ldO1xuICAgIC8vIFVuaWZpZWQgRGlmZiBGb3JtYXQgcXVpcms6IElmIHRoZSBjaHVuayBzaXplIGlzIDAsXG4gICAgLy8gdGhlIGZpcnN0IG51bWJlciBpcyBvbmUgbG93ZXIgdGhhbiBvbmUgd291bGQgZXhwZWN0LlxuICAgIC8vIGh0dHBzOi8vd3d3LmFydGltYS5jb20vd2VibG9ncy92aWV3cG9zdC5qc3A/dGhyZWFkPTE2NDI5M1xuICAgIGlmIChodW5rLm9sZExpbmVzID09PSAwKSB7XG4gICAgICBodW5rLm9sZFN0YXJ0IC09IDE7XG4gICAgfVxuICAgIGlmIChodW5rLm5ld0xpbmVzID09PSAwKSB7XG4gICAgICBodW5rLm5ld1N0YXJ0IC09IDE7XG4gICAgfVxuICAgIHJldC5wdXNoKFxuICAgICAgJ0BAIC0nICsgaHVuay5vbGRTdGFydCArICcsJyArIGh1bmsub2xkTGluZXNcbiAgICAgICsgJyArJyArIGh1bmsubmV3U3RhcnQgKyAnLCcgKyBodW5rLm5ld0xpbmVzXG4gICAgICArICcgQEAnXG4gICAgKTtcbiAgICByZXQucHVzaC5hcHBseShyZXQsIGh1bmsubGluZXMpO1xuICB9XG5cbiAgcmV0dXJuIHJldC5qb2luKCdcXG4nKSArICdcXG4nO1xufVxuXG5leHBvcnQgZnVuY3Rpb24gY3JlYXRlVHdvRmlsZXNQYXRjaChvbGRGaWxlTmFtZSwgbmV3RmlsZU5hbWUsIG9sZFN0ciwgbmV3U3RyLCBvbGRIZWFkZXIsIG5ld0hlYWRlciwgb3B0aW9ucykge1xuICByZXR1cm4gZm9ybWF0UGF0Y2goc3RydWN0dXJlZFBhdGNoKG9sZEZpbGVOYW1lLCBuZXdGaWxlTmFtZSwgb2xkU3RyLCBuZXdTdHIsIG9sZEhlYWRlciwgbmV3SGVhZGVyLCBvcHRpb25zKSk7XG59XG5cbmV4cG9ydCBmdW5jdGlvbiBjcmVhdGVQYXRjaChmaWxlTmFtZSwgb2xkU3RyLCBuZXdTdHIsIG9sZEhlYWRlciwgbmV3SGVhZGVyLCBvcHRpb25zKSB7XG4gIHJldHVybiBjcmVhdGVUd29GaWxlc1BhdGNoKGZpbGVOYW1lLCBmaWxlTmFtZSwgb2xkU3RyLCBuZXdTdHIsIG9sZEhlYWRlciwgbmV3SGVhZGVyLCBvcHRpb25zKTtcbn1cbiJdfQ==
+//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9wYXRjaC9jcmVhdGUuanMiXSwibmFtZXMiOlsic3RydWN0dXJlZFBhdGNoIiwib2xkRmlsZU5hbWUiLCJuZXdGaWxlTmFtZSIsIm9sZFN0ciIsIm5ld1N0ciIsIm9sZEhlYWRlciIsIm5ld0hlYWRlciIsIm9wdGlvbnMiLCJjb250ZXh0IiwiZGlmZiIsImRpZmZMaW5lcyIsInB1c2giLCJ2YWx1ZSIsImxpbmVzIiwiY29udGV4dExpbmVzIiwibWFwIiwiZW50cnkiLCJodW5rcyIsIm9sZFJhbmdlU3RhcnQiLCJuZXdSYW5nZVN0YXJ0IiwiY3VyUmFuZ2UiLCJvbGRMaW5lIiwibmV3TGluZSIsImkiLCJjdXJyZW50IiwicmVwbGFjZSIsInNwbGl0IiwiYWRkZWQiLCJyZW1vdmVkIiwicHJldiIsInNsaWNlIiwibGVuZ3RoIiwiY29udGV4dFNpemUiLCJNYXRoIiwibWluIiwiaHVuayIsIm9sZFN0YXJ0Iiwib2xkTGluZXMiLCJuZXdTdGFydCIsIm5ld0xpbmVzIiwib2xkRU9GTmV3bGluZSIsInRlc3QiLCJuZXdFT0ZOZXdsaW5lIiwibm9ObEJlZm9yZUFkZHMiLCJzcGxpY2UiLCJmb3JtYXRQYXRjaCIsIkFycmF5IiwiaXNBcnJheSIsImpvaW4iLCJyZXQiLCJhcHBseSIsImNyZWF0ZVR3b0ZpbGVzUGF0Y2giLCJjcmVhdGVQYXRjaCIsImZpbGVOYW1lIl0sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBOzs7Ozs7Ozs7Ozs7Ozs7QUFFTyxTQUFTQSxlQUFULENBQXlCQyxXQUF6QixFQUFzQ0MsV0FBdEMsRUFBbURDLE1BQW5ELEVBQTJEQyxNQUEzRCxFQUFtRUMsU0FBbkUsRUFBOEVDLFNBQTlFLEVBQXlGQyxPQUF6RixFQUFrRztBQUN2RyxNQUFJLENBQUNBLE9BQUwsRUFBYztBQUNaQSxJQUFBQSxPQUFPLEdBQUcsRUFBVjtBQUNEOztBQUNELE1BQUksT0FBT0EsT0FBTyxDQUFDQyxPQUFmLEtBQTJCLFdBQS9CLEVBQTRDO0FBQzFDRCxJQUFBQSxPQUFPLENBQUNDLE9BQVIsR0FBa0IsQ0FBbEI7QUFDRDs7QUFFRCxNQUFNQyxJQUFJO0FBQUc7QUFBQTtBQUFBOztBQUFBQztBQUFBQTtBQUFBQTtBQUFBQTtBQUFBQTtBQUFBQTtBQUFBO0FBQUEsR0FBVVAsTUFBVixFQUFrQkMsTUFBbEIsRUFBMEJHLE9BQTFCLENBQWI7O0FBQ0EsTUFBRyxDQUFDRSxJQUFKLEVBQVU7QUFDUjtBQUNEOztBQUVEQSxFQUFBQSxJQUFJLENBQUNFLElBQUwsQ0FBVTtBQUFDQyxJQUFBQSxLQUFLLEVBQUUsRUFBUjtBQUFZQyxJQUFBQSxLQUFLLEVBQUU7QUFBbkIsR0FBVixFQWJ1RyxDQWFwRTs7QUFFbkMsV0FBU0MsWUFBVCxDQUFzQkQsS0FBdEIsRUFBNkI7QUFDM0IsV0FBT0EsS0FBSyxDQUFDRSxHQUFOLENBQVUsVUFBU0MsS0FBVCxFQUFnQjtBQUFFLGFBQU8sTUFBTUEsS0FBYjtBQUFxQixLQUFqRCxDQUFQO0FBQ0Q7O0FBRUQsTUFBSUMsS0FBSyxHQUFHLEVBQVo7QUFDQSxNQUFJQyxhQUFhLEdBQUcsQ0FBcEI7QUFBQSxNQUF1QkMsYUFBYSxHQUFHLENBQXZDO0FBQUEsTUFBMENDLFFBQVEsR0FBRyxFQUFyRDtBQUFBLE1BQ0lDLE9BQU8sR0FBRyxDQURkO0FBQUEsTUFDaUJDLE9BQU8sR0FBRyxDQUQzQjs7QUFwQnVHO0FBQUE7QUFBQTtBQXNCOUZDLEVBQUFBLENBdEI4RjtBQXVCckcsUUFBTUMsT0FBTyxHQUFHZixJQUFJLENBQUNjLENBQUQsQ0FBcEI7QUFBQSxRQUNNVixLQUFLLEdBQUdXLE9BQU8sQ0FBQ1gsS0FBUixJQUFpQlcsT0FBTyxDQUFDWixLQUFSLENBQWNhLE9BQWQsQ0FBc0IsS0FBdEIsRUFBNkIsRUFBN0IsRUFBaUNDLEtBQWpDLENBQXVDLElBQXZDLENBRC9CO0FBRUFGLElBQUFBLE9BQU8sQ0FBQ1gsS0FBUixHQUFnQkEsS0FBaEI7O0FBRUEsUUFBSVcsT0FBTyxDQUFDRyxLQUFSLElBQWlCSCxPQUFPLENBQUNJLE9BQTdCLEVBQXNDO0FBQUE7QUFBQTs7QUFBQTtBQUNwQztBQUNBLFVBQUksQ0FBQ1YsYUFBTCxFQUFvQjtBQUNsQixZQUFNVyxJQUFJLEdBQUdwQixJQUFJLENBQUNjLENBQUMsR0FBRyxDQUFMLENBQWpCO0FBQ0FMLFFBQUFBLGFBQWEsR0FBR0csT0FBaEI7QUFDQUYsUUFBQUEsYUFBYSxHQUFHRyxPQUFoQjs7QUFFQSxZQUFJTyxJQUFKLEVBQVU7QUFDUlQsVUFBQUEsUUFBUSxHQUFHYixPQUFPLENBQUNDLE9BQVIsR0FBa0IsQ0FBbEIsR0FBc0JNLFlBQVksQ0FBQ2UsSUFBSSxDQUFDaEIsS0FBTCxDQUFXaUIsS0FBWCxDQUFpQixDQUFDdkIsT0FBTyxDQUFDQyxPQUExQixDQUFELENBQWxDLEdBQXlFLEVBQXBGO0FBQ0FVLFVBQUFBLGFBQWEsSUFBSUUsUUFBUSxDQUFDVyxNQUExQjtBQUNBWixVQUFBQSxhQUFhLElBQUlDLFFBQVEsQ0FBQ1csTUFBMUI7QUFDRDtBQUNGLE9BWm1DLENBY3BDOzs7QUFDQTs7QUFBQTs7QUFBQTtBQUFBO0FBQUE7QUFBQVgsTUFBQUEsUUFBUSxFQUFDVCxJQUFUO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBa0JFLE1BQUFBLEtBQUssQ0FBQ0UsR0FBTixDQUFVLFVBQVNDLEtBQVQsRUFBZ0I7QUFDMUMsZUFBTyxDQUFDUSxPQUFPLENBQUNHLEtBQVIsR0FBZ0IsR0FBaEIsR0FBc0IsR0FBdkIsSUFBOEJYLEtBQXJDO0FBQ0QsT0FGaUIsQ0FBbEIsR0Fmb0MsQ0FtQnBDOzs7QUFDQSxVQUFJUSxPQUFPLENBQUNHLEtBQVosRUFBbUI7QUFDakJMLFFBQUFBLE9BQU8sSUFBSVQsS0FBSyxDQUFDa0IsTUFBakI7QUFDRCxPQUZELE1BRU87QUFDTFYsUUFBQUEsT0FBTyxJQUFJUixLQUFLLENBQUNrQixNQUFqQjtBQUNEO0FBQ0YsS0F6QkQsTUF5Qk87QUFDTDtBQUNBLFVBQUliLGFBQUosRUFBbUI7QUFDakI7QUFDQSxZQUFJTCxLQUFLLENBQUNrQixNQUFOLElBQWdCeEIsT0FBTyxDQUFDQyxPQUFSLEdBQWtCLENBQWxDLElBQXVDZSxDQUFDLEdBQUdkLElBQUksQ0FBQ3NCLE1BQUwsR0FBYyxDQUE3RCxFQUFnRTtBQUFBO0FBQUE7O0FBQUE7QUFDOUQ7O0FBQ0E7O0FBQUE7O0FBQUE7QUFBQTtBQUFBO0FBQUFYLFVBQUFBLFFBQVEsRUFBQ1QsSUFBVDtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQWtCRyxVQUFBQSxZQUFZLENBQUNELEtBQUQsQ0FBOUI7QUFDRCxTQUhELE1BR087QUFBQTtBQUFBOztBQUFBO0FBQ0w7QUFDQSxjQUFJbUIsV0FBVyxHQUFHQyxJQUFJLENBQUNDLEdBQUwsQ0FBU3JCLEtBQUssQ0FBQ2tCLE1BQWYsRUFBdUJ4QixPQUFPLENBQUNDLE9BQS9CLENBQWxCOztBQUNBOztBQUFBOztBQUFBO0FBQUE7QUFBQTtBQUFBWSxVQUFBQSxRQUFRLEVBQUNULElBQVQ7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFrQkcsVUFBQUEsWUFBWSxDQUFDRCxLQUFLLENBQUNpQixLQUFOLENBQVksQ0FBWixFQUFlRSxXQUFmLENBQUQsQ0FBOUI7O0FBRUEsY0FBSUcsSUFBSSxHQUFHO0FBQ1RDLFlBQUFBLFFBQVEsRUFBRWxCLGFBREQ7QUFFVG1CLFlBQUFBLFFBQVEsRUFBR2hCLE9BQU8sR0FBR0gsYUFBVixHQUEwQmMsV0FGNUI7QUFHVE0sWUFBQUEsUUFBUSxFQUFFbkIsYUFIRDtBQUlUb0IsWUFBQUEsUUFBUSxFQUFHakIsT0FBTyxHQUFHSCxhQUFWLEdBQTBCYSxXQUo1QjtBQUtUbkIsWUFBQUEsS0FBSyxFQUFFTztBQUxFLFdBQVg7O0FBT0EsY0FBSUcsQ0FBQyxJQUFJZCxJQUFJLENBQUNzQixNQUFMLEdBQWMsQ0FBbkIsSUFBd0JsQixLQUFLLENBQUNrQixNQUFOLElBQWdCeEIsT0FBTyxDQUFDQyxPQUFwRCxFQUE2RDtBQUMzRDtBQUNBLGdCQUFJZ0MsYUFBYSxHQUFLLEtBQUQsQ0FBUUMsSUFBUixDQUFhdEMsTUFBYixDQUFyQjtBQUNBLGdCQUFJdUMsYUFBYSxHQUFLLEtBQUQsQ0FBUUQsSUFBUixDQUFhckMsTUFBYixDQUFyQjtBQUNBLGdCQUFJdUMsY0FBYyxHQUFHOUIsS0FBSyxDQUFDa0IsTUFBTixJQUFnQixDQUFoQixJQUFxQlgsUUFBUSxDQUFDVyxNQUFULEdBQWtCSSxJQUFJLENBQUNFLFFBQWpFOztBQUNBLGdCQUFJLENBQUNHLGFBQUQsSUFBa0JHLGNBQWxCLElBQW9DeEMsTUFBTSxDQUFDNEIsTUFBUCxHQUFnQixDQUF4RCxFQUEyRDtBQUN6RDtBQUNBO0FBQ0FYLGNBQUFBLFFBQVEsQ0FBQ3dCLE1BQVQsQ0FBZ0JULElBQUksQ0FBQ0UsUUFBckIsRUFBK0IsQ0FBL0IsRUFBa0MsOEJBQWxDO0FBQ0Q7O0FBQ0QsZ0JBQUssQ0FBQ0csYUFBRCxJQUFrQixDQUFDRyxjQUFwQixJQUF1QyxDQUFDRCxhQUE1QyxFQUEyRDtBQUN6RHRCLGNBQUFBLFFBQVEsQ0FBQ1QsSUFBVCxDQUFjLDhCQUFkO0FBQ0Q7QUFDRjs7QUFDRE0sVUFBQUEsS0FBSyxDQUFDTixJQUFOLENBQVd3QixJQUFYO0FBRUFqQixVQUFBQSxhQUFhLEdBQUcsQ0FBaEI7QUFDQUMsVUFBQUEsYUFBYSxHQUFHLENBQWhCO0FBQ0FDLFVBQUFBLFFBQVEsR0FBRyxFQUFYO0FBQ0Q7QUFDRjs7QUFDREMsTUFBQUEsT0FBTyxJQUFJUixLQUFLLENBQUNrQixNQUFqQjtBQUNBVCxNQUFBQSxPQUFPLElBQUlULEtBQUssQ0FBQ2tCLE1BQWpCO0FBQ0Q7QUE5Rm9HOztBQXNCdkcsT0FBSyxJQUFJUixDQUFDLEdBQUcsQ0FBYixFQUFnQkEsQ0FBQyxHQUFHZCxJQUFJLENBQUNzQixNQUF6QixFQUFpQ1IsQ0FBQyxFQUFsQyxFQUFzQztBQUFBO0FBQUE7QUFBQTtBQUE3QkEsSUFBQUEsQ0FBNkI7QUF5RXJDOztBQUVELFNBQU87QUFDTHRCLElBQUFBLFdBQVcsRUFBRUEsV0FEUjtBQUNxQkMsSUFBQUEsV0FBVyxFQUFFQSxXQURsQztBQUVMRyxJQUFBQSxTQUFTLEVBQUVBLFNBRk47QUFFaUJDLElBQUFBLFNBQVMsRUFBRUEsU0FGNUI7QUFHTFcsSUFBQUEsS0FBSyxFQUFFQTtBQUhGLEdBQVA7QUFLRDs7QUFFTSxTQUFTNEIsV0FBVCxDQUFxQnBDLElBQXJCLEVBQTJCO0FBQ2hDLE1BQUlxQyxLQUFLLENBQUNDLE9BQU4sQ0FBY3RDLElBQWQsQ0FBSixFQUF5QjtBQUN2QixXQUFPQSxJQUFJLENBQUNNLEdBQUwsQ0FBUzhCLFdBQVQsRUFBc0JHLElBQXRCLENBQTJCLElBQTNCLENBQVA7QUFDRDs7QUFFRCxNQUFNQyxHQUFHLEdBQUcsRUFBWjs7QUFDQSxNQUFJeEMsSUFBSSxDQUFDUixXQUFMLElBQW9CUSxJQUFJLENBQUNQLFdBQTdCLEVBQTBDO0FBQ3hDK0MsSUFBQUEsR0FBRyxDQUFDdEMsSUFBSixDQUFTLFlBQVlGLElBQUksQ0FBQ1IsV0FBMUI7QUFDRDs7QUFDRGdELEVBQUFBLEdBQUcsQ0FBQ3RDLElBQUosQ0FBUyxxRUFBVDtBQUNBc0MsRUFBQUEsR0FBRyxDQUFDdEMsSUFBSixDQUFTLFNBQVNGLElBQUksQ0FBQ1IsV0FBZCxJQUE2QixPQUFPUSxJQUFJLENBQUNKLFNBQVosS0FBMEIsV0FBMUIsR0FBd0MsRUFBeEMsR0FBNkMsT0FBT0ksSUFBSSxDQUFDSixTQUF0RixDQUFUO0FBQ0E0QyxFQUFBQSxHQUFHLENBQUN0QyxJQUFKLENBQVMsU0FBU0YsSUFBSSxDQUFDUCxXQUFkLElBQTZCLE9BQU9PLElBQUksQ0FBQ0gsU0FBWixLQUEwQixXQUExQixHQUF3QyxFQUF4QyxHQUE2QyxPQUFPRyxJQUFJLENBQUNILFNBQXRGLENBQVQ7O0FBRUEsT0FBSyxJQUFJaUIsQ0FBQyxHQUFHLENBQWIsRUFBZ0JBLENBQUMsR0FBR2QsSUFBSSxDQUFDUSxLQUFMLENBQVdjLE1BQS9CLEVBQXVDUixDQUFDLEVBQXhDLEVBQTRDO0FBQzFDLFFBQU1ZLElBQUksR0FBRzFCLElBQUksQ0FBQ1EsS0FBTCxDQUFXTSxDQUFYLENBQWIsQ0FEMEMsQ0FFMUM7QUFDQTtBQUNBOztBQUNBLFFBQUlZLElBQUksQ0FBQ0UsUUFBTCxLQUFrQixDQUF0QixFQUF5QjtBQUN2QkYsTUFBQUEsSUFBSSxDQUFDQyxRQUFMLElBQWlCLENBQWpCO0FBQ0Q7O0FBQ0QsUUFBSUQsSUFBSSxDQUFDSSxRQUFMLEtBQWtCLENBQXRCLEVBQXlCO0FBQ3ZCSixNQUFBQSxJQUFJLENBQUNHLFFBQUwsSUFBaUIsQ0FBakI7QUFDRDs7QUFDRFcsSUFBQUEsR0FBRyxDQUFDdEMsSUFBSixDQUNFLFNBQVN3QixJQUFJLENBQUNDLFFBQWQsR0FBeUIsR0FBekIsR0FBK0JELElBQUksQ0FBQ0UsUUFBcEMsR0FDRSxJQURGLEdBQ1NGLElBQUksQ0FBQ0csUUFEZCxHQUN5QixHQUR6QixHQUMrQkgsSUFBSSxDQUFDSSxRQURwQyxHQUVFLEtBSEo7QUFLQVUsSUFBQUEsR0FBRyxDQUFDdEMsSUFBSixDQUFTdUMsS0FBVCxDQUFlRCxHQUFmLEVBQW9CZCxJQUFJLENBQUN0QixLQUF6QjtBQUNEOztBQUVELFNBQU9vQyxHQUFHLENBQUNELElBQUosQ0FBUyxJQUFULElBQWlCLElBQXhCO0FBQ0Q7O0FBRU0sU0FBU0csbUJBQVQsQ0FBNkJsRCxXQUE3QixFQUEwQ0MsV0FBMUMsRUFBdURDLE1BQXZELEVBQStEQyxNQUEvRCxFQUF1RUMsU0FBdkUsRUFBa0ZDLFNBQWxGLEVBQTZGQyxPQUE3RixFQUFzRztBQUMzRyxTQUFPc0MsV0FBVyxDQUFDN0MsZUFBZSxDQUFDQyxXQUFELEVBQWNDLFdBQWQsRUFBMkJDLE1BQTNCLEVBQW1DQyxNQUFuQyxFQUEyQ0MsU0FBM0MsRUFBc0RDLFNBQXRELEVBQWlFQyxPQUFqRSxDQUFoQixDQUFsQjtBQUNEOztBQUVNLFNBQVM2QyxXQUFULENBQXFCQyxRQUFyQixFQUErQmxELE1BQS9CLEVBQXVDQyxNQUF2QyxFQUErQ0MsU0FBL0MsRUFBMERDLFNBQTFELEVBQXFFQyxPQUFyRSxFQUE4RTtBQUNuRixTQUFPNEMsbUJBQW1CLENBQUNFLFFBQUQsRUFBV0EsUUFBWCxFQUFxQmxELE1BQXJCLEVBQTZCQyxNQUE3QixFQUFxQ0MsU0FBckMsRUFBZ0RDLFNBQWhELEVBQTJEQyxPQUEzRCxDQUExQjtBQUNEIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHtkaWZmTGluZXN9IGZyb20gJy4uL2RpZmYvbGluZSc7XG5cbmV4cG9ydCBmdW5jdGlvbiBzdHJ1Y3R1cmVkUGF0Y2gob2xkRmlsZU5hbWUsIG5ld0ZpbGVOYW1lLCBvbGRTdHIsIG5ld1N0ciwgb2xkSGVhZGVyLCBuZXdIZWFkZXIsIG9wdGlvbnMpIHtcbiAgaWYgKCFvcHRpb25zKSB7XG4gICAgb3B0aW9ucyA9IHt9O1xuICB9XG4gIGlmICh0eXBlb2Ygb3B0aW9ucy5jb250ZXh0ID09PSAndW5kZWZpbmVkJykge1xuICAgIG9wdGlvbnMuY29udGV4dCA9IDQ7XG4gIH1cblxuICBjb25zdCBkaWZmID0gZGlmZkxpbmVzKG9sZFN0ciwgbmV3U3RyLCBvcHRpb25zKTtcbiAgaWYoIWRpZmYpIHtcbiAgICByZXR1cm47XG4gIH1cblxuICBkaWZmLnB1c2goe3ZhbHVlOiAnJywgbGluZXM6IFtdfSk7IC8vIEFwcGVuZCBhbiBlbXB0eSB2YWx1ZSB0byBtYWtlIGNsZWFudXAgZWFzaWVyXG5cbiAgZnVuY3Rpb24gY29udGV4dExpbmVzKGxpbmVzKSB7XG4gICAgcmV0dXJuIGxpbmVzLm1hcChmdW5jdGlvbihlbnRyeSkgeyByZXR1cm4gJyAnICsgZW50cnk7IH0pO1xuICB9XG5cbiAgbGV0IGh1bmtzID0gW107XG4gIGxldCBvbGRSYW5nZVN0YXJ0ID0gMCwgbmV3UmFuZ2VTdGFydCA9IDAsIGN1clJhbmdlID0gW10sXG4gICAgICBvbGRMaW5lID0gMSwgbmV3TGluZSA9IDE7XG4gIGZvciAobGV0IGkgPSAwOyBpIDwgZGlmZi5sZW5ndGg7IGkrKykge1xuICAgIGNvbnN0IGN1cnJlbnQgPSBkaWZmW2ldLFxuICAgICAgICAgIGxpbmVzID0gY3VycmVudC5saW5lcyB8fCBjdXJyZW50LnZhbHVlLnJlcGxhY2UoL1xcbiQvLCAnJykuc3BsaXQoJ1xcbicpO1xuICAgIGN1cnJlbnQubGluZXMgPSBsaW5lcztcblxuICAgIGlmIChjdXJyZW50LmFkZGVkIHx8IGN1cnJlbnQucmVtb3ZlZCkge1xuICAgICAgLy8gSWYgd2UgaGF2ZSBwcmV2aW91cyBjb250ZXh0LCBzdGFydCB3aXRoIHRoYXRcbiAgICAgIGlmICghb2xkUmFuZ2VTdGFydCkge1xuICAgICAgICBjb25zdCBwcmV2ID0gZGlmZltpIC0gMV07XG4gICAgICAgIG9sZFJhbmdlU3RhcnQgPSBvbGRMaW5lO1xuICAgICAgICBuZXdSYW5nZVN0YXJ0ID0gbmV3TGluZTtcblxuICAgICAgICBpZiAocHJldikge1xuICAgICAgICAgIGN1clJhbmdlID0gb3B0aW9ucy5jb250ZXh0ID4gMCA/IGNvbnRleHRMaW5lcyhwcmV2LmxpbmVzLnNsaWNlKC1vcHRpb25zLmNvbnRleHQpKSA6IFtdO1xuICAgICAgICAgIG9sZFJhbmdlU3RhcnQgLT0gY3VyUmFuZ2UubGVuZ3RoO1xuICAgICAgICAgIG5ld1JhbmdlU3RhcnQgLT0gY3VyUmFuZ2UubGVuZ3RoO1xuICAgICAgICB9XG4gICAgICB9XG5cbiAgICAgIC8vIE91dHB1dCBvdXIgY2hhbmdlc1xuICAgICAgY3VyUmFuZ2UucHVzaCguLi4gbGluZXMubWFwKGZ1bmN0aW9uKGVudHJ5KSB7XG4gICAgICAgIHJldHVybiAoY3VycmVudC5hZGRlZCA/ICcrJyA6ICctJykgKyBlbnRyeTtcbiAgICAgIH0pKTtcblxuICAgICAgLy8gVHJhY2sgdGhlIHVwZGF0ZWQgZmlsZSBwb3NpdGlvblxuICAgICAgaWYgKGN1cnJlbnQuYWRkZWQpIHtcbiAgICAgICAgbmV3TGluZSArPSBsaW5lcy5sZW5ndGg7XG4gICAgICB9IGVsc2Uge1xuICAgICAgICBvbGRMaW5lICs9IGxpbmVzLmxlbmd0aDtcbiAgICAgIH1cbiAgICB9IGVsc2Uge1xuICAgICAgLy8gSWRlbnRpY2FsIGNvbnRleHQgbGluZXMuIFRyYWNrIGxpbmUgY2hhbmdlc1xuICAgICAgaWYgKG9sZFJhbmdlU3RhcnQpIHtcbiAgICAgICAgLy8gQ2xvc2Ugb3V0IGFueSBjaGFuZ2VzIHRoYXQgaGF2ZSBiZWVuIG91dHB1dCAob3Igam9pbiBvdmVybGFwcGluZylcbiAgICAgICAgaWYgKGxpbmVzLmxlbmd0aCA8PSBvcHRpb25zLmNvbnRleHQgKiAyICYmIGkgPCBkaWZmLmxlbmd0aCAtIDIpIHtcbiAgICAgICAgICAvLyBPdmVybGFwcGluZ1xuICAgICAgICAgIGN1clJhbmdlLnB1c2goLi4uIGNvbnRleHRMaW5lcyhsaW5lcykpO1xuICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgIC8vIGVuZCB0aGUgcmFuZ2UgYW5kIG91dHB1dFxuICAgICAgICAgIGxldCBjb250ZXh0U2l6ZSA9IE1hdGgubWluKGxpbmVzLmxlbmd0aCwgb3B0aW9ucy5jb250ZXh0KTtcbiAgICAgICAgICBjdXJSYW5nZS5wdXNoKC4uLiBjb250ZXh0TGluZXMobGluZXMuc2xpY2UoMCwgY29udGV4dFNpemUpKSk7XG5cbiAgICAgICAgICBsZXQgaHVuayA9IHtcbiAgICAgICAgICAgIG9sZFN0YXJ0OiBvbGRSYW5nZVN0YXJ0LFxuICAgICAgICAgICAgb2xkTGluZXM6IChvbGRMaW5lIC0gb2xkUmFuZ2VTdGFydCArIGNvbnRleHRTaXplKSxcbiAgICAgICAgICAgIG5ld1N0YXJ0OiBuZXdSYW5nZVN0YXJ0LFxuICAgICAgICAgICAgbmV3TGluZXM6IChuZXdMaW5lIC0gbmV3UmFuZ2VTdGFydCArIGNvbnRleHRTaXplKSxcbiAgICAgICAgICAgIGxpbmVzOiBjdXJSYW5nZVxuICAgICAgICAgIH07XG4gICAgICAgICAgaWYgKGkgPj0gZGlmZi5sZW5ndGggLSAyICYmIGxpbmVzLmxlbmd0aCA8PSBvcHRpb25zLmNvbnRleHQpIHtcbiAgICAgICAgICAgIC8vIEVPRiBpcyBpbnNpZGUgdGhpcyBodW5rXG4gICAgICAgICAgICBsZXQgb2xkRU9GTmV3bGluZSA9ICgoL1xcbiQvKS50ZXN0KG9sZFN0cikpO1xuICAgICAgICAgICAgbGV0IG5ld0VPRk5ld2xpbmUgPSAoKC9cXG4kLykudGVzdChuZXdTdHIpKTtcbiAgICAgICAgICAgIGxldCBub05sQmVmb3JlQWRkcyA9IGxpbmVzLmxlbmd0aCA9PSAwICYmIGN1clJhbmdlLmxlbmd0aCA+IGh1bmsub2xkTGluZXM7XG4gICAgICAgICAgICBpZiAoIW9sZEVPRk5ld2xpbmUgJiYgbm9ObEJlZm9yZUFkZHMgJiYgb2xkU3RyLmxlbmd0aCA+IDApIHtcbiAgICAgICAgICAgICAgLy8gc3BlY2lhbCBjYXNlOiBvbGQgaGFzIG5vIGVvbCBhbmQgbm8gdHJhaWxpbmcgY29udGV4dDsgbm8tbmwgY2FuIGVuZCB1cCBiZWZvcmUgYWRkc1xuICAgICAgICAgICAgICAvLyBob3dldmVyLCBpZiB0aGUgb2xkIGZpbGUgaXMgZW1wdHksIGRvIG5vdCBvdXRwdXQgdGhlIG5vLW5sIGxpbmVcbiAgICAgICAgICAgICAgY3VyUmFuZ2Uuc3BsaWNlKGh1bmsub2xkTGluZXMsIDAsICdcXFxcIE5vIG5ld2xpbmUgYXQgZW5kIG9mIGZpbGUnKTtcbiAgICAgICAgICAgIH1cbiAgICAgICAgICAgIGlmICgoIW9sZEVPRk5ld2xpbmUgJiYgIW5vTmxCZWZvcmVBZGRzKSB8fCAhbmV3RU9GTmV3bGluZSkge1xuICAgICAgICAgICAgICBjdXJSYW5nZS5wdXNoKCdcXFxcIE5vIG5ld2xpbmUgYXQgZW5kIG9mIGZpbGUnKTtcbiAgICAgICAgICAgIH1cbiAgICAgICAgICB9XG4gICAgICAgICAgaHVua3MucHVzaChodW5rKTtcblxuICAgICAgICAgIG9sZFJhbmdlU3RhcnQgPSAwO1xuICAgICAgICAgIG5ld1JhbmdlU3RhcnQgPSAwO1xuICAgICAgICAgIGN1clJhbmdlID0gW107XG4gICAgICAgIH1cbiAgICAgIH1cbiAgICAgIG9sZExpbmUgKz0gbGluZXMubGVuZ3RoO1xuICAgICAgbmV3TGluZSArPSBsaW5lcy5sZW5ndGg7XG4gICAgfVxuICB9XG5cbiAgcmV0dXJuIHtcbiAgICBvbGRGaWxlTmFtZTogb2xkRmlsZU5hbWUsIG5ld0ZpbGVOYW1lOiBuZXdGaWxlTmFtZSxcbiAgICBvbGRIZWFkZXI6IG9sZEhlYWRlciwgbmV3SGVhZGVyOiBuZXdIZWFkZXIsXG4gICAgaHVua3M6IGh1bmtzXG4gIH07XG59XG5cbmV4cG9ydCBmdW5jdGlvbiBmb3JtYXRQYXRjaChkaWZmKSB7XG4gIGlmIChBcnJheS5pc0FycmF5KGRpZmYpKSB7XG4gICAgcmV0dXJuIGRpZmYubWFwKGZvcm1hdFBhdGNoKS5qb2luKCdcXG4nKTtcbiAgfVxuXG4gIGNvbnN0IHJldCA9IFtdO1xuICBpZiAoZGlmZi5vbGRGaWxlTmFtZSA9PSBkaWZmLm5ld0ZpbGVOYW1lKSB7XG4gICAgcmV0LnB1c2goJ0luZGV4OiAnICsgZGlmZi5vbGRGaWxlTmFtZSk7XG4gIH1cbiAgcmV0LnB1c2goJz09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0nKTtcbiAgcmV0LnB1c2goJy0tLSAnICsgZGlmZi5vbGRGaWxlTmFtZSArICh0eXBlb2YgZGlmZi5vbGRIZWFkZXIgPT09ICd1bmRlZmluZWQnID8gJycgOiAnXFx0JyArIGRpZmYub2xkSGVhZGVyKSk7XG4gIHJldC5wdXNoKCcrKysgJyArIGRpZmYubmV3RmlsZU5hbWUgKyAodHlwZW9mIGRpZmYubmV3SGVhZGVyID09PSAndW5kZWZpbmVkJyA/ICcnIDogJ1xcdCcgKyBkaWZmLm5ld0hlYWRlcikpO1xuXG4gIGZvciAobGV0IGkgPSAwOyBpIDwgZGlmZi5odW5rcy5sZW5ndGg7IGkrKykge1xuICAgIGNvbnN0IGh1bmsgPSBkaWZmLmh1bmtzW2ldO1xuICAgIC8vIFVuaWZpZWQgRGlmZiBGb3JtYXQgcXVpcms6IElmIHRoZSBjaHVuayBzaXplIGlzIDAsXG4gICAgLy8gdGhlIGZpcnN0IG51bWJlciBpcyBvbmUgbG93ZXIgdGhhbiBvbmUgd291bGQgZXhwZWN0LlxuICAgIC8vIGh0dHBzOi8vd3d3LmFydGltYS5jb20vd2VibG9ncy92aWV3cG9zdC5qc3A/dGhyZWFkPTE2NDI5M1xuICAgIGlmIChodW5rLm9sZExpbmVzID09PSAwKSB7XG4gICAgICBodW5rLm9sZFN0YXJ0IC09IDE7XG4gICAgfVxuICAgIGlmIChodW5rLm5ld0xpbmVzID09PSAwKSB7XG4gICAgICBodW5rLm5ld1N0YXJ0IC09IDE7XG4gICAgfVxuICAgIHJldC5wdXNoKFxuICAgICAgJ0BAIC0nICsgaHVuay5vbGRTdGFydCArICcsJyArIGh1bmsub2xkTGluZXNcbiAgICAgICsgJyArJyArIGh1bmsubmV3U3RhcnQgKyAnLCcgKyBodW5rLm5ld0xpbmVzXG4gICAgICArICcgQEAnXG4gICAgKTtcbiAgICByZXQucHVzaC5hcHBseShyZXQsIGh1bmsubGluZXMpO1xuICB9XG5cbiAgcmV0dXJuIHJldC5qb2luKCdcXG4nKSArICdcXG4nO1xufVxuXG5leHBvcnQgZnVuY3Rpb24gY3JlYXRlVHdvRmlsZXNQYXRjaChvbGRGaWxlTmFtZSwgbmV3RmlsZU5hbWUsIG9sZFN0ciwgbmV3U3RyLCBvbGRIZWFkZXIsIG5ld0hlYWRlciwgb3B0aW9ucykge1xuICByZXR1cm4gZm9ybWF0UGF0Y2goc3RydWN0dXJlZFBhdGNoKG9sZEZpbGVOYW1lLCBuZXdGaWxlTmFtZSwgb2xkU3RyLCBuZXdTdHIsIG9sZEhlYWRlciwgbmV3SGVhZGVyLCBvcHRpb25zKSk7XG59XG5cbmV4cG9ydCBmdW5jdGlvbiBjcmVhdGVQYXRjaChmaWxlTmFtZSwgb2xkU3RyLCBuZXdTdHIsIG9sZEhlYWRlciwgbmV3SGVhZGVyLCBvcHRpb25zKSB7XG4gIHJldHVybiBjcmVhdGVUd29GaWxlc1BhdGNoKGZpbGVOYW1lLCBmaWxlTmFtZSwgb2xkU3RyLCBuZXdTdHIsIG9sZEhlYWRlciwgbmV3SGVhZGVyLCBvcHRpb25zKTtcbn1cbiJdfQ==
diff --git a/deps/npm/node_modules/diff/lib/patch/reverse.js b/deps/npm/node_modules/diff/lib/patch/reverse.js
new file mode 100644
index 00000000000000..6e4be99af8ac32
--- /dev/null
+++ b/deps/npm/node_modules/diff/lib/patch/reverse.js
@@ -0,0 +1,63 @@
+/*istanbul ignore start*/
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.reversePatch = reversePatch;
+
+function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); if (enumerableOnly) symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; }); keys.push.apply(keys, symbols); } return keys; }
+
+function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i] != null ? arguments[i] : {}; if (i % 2) { ownKeys(Object(source), true).forEach(function (key) { _defineProperty(target, key, source[key]); }); } else if (Object.getOwnPropertyDescriptors) { Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)); } else { ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } } return target; }
+
+function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
+
+/*istanbul ignore end*/
+function reversePatch(structuredPatch) {
+  if (Array.isArray(structuredPatch)) {
+    return structuredPatch.map(reversePatch).reverse();
+  }
+
+  return (
+    /*istanbul ignore start*/
+    _objectSpread(_objectSpread({},
+    /*istanbul ignore end*/
+    structuredPatch), {}, {
+      oldFileName: structuredPatch.newFileName,
+      oldHeader: structuredPatch.newHeader,
+      newFileName: structuredPatch.oldFileName,
+      newHeader: structuredPatch.oldHeader,
+      hunks: structuredPatch.hunks.map(function (hunk) {
+        return {
+          oldLines: hunk.newLines,
+          oldStart: hunk.newStart,
+          newLines: hunk.oldLines,
+          newStart: hunk.oldStart,
+          linedelimiters: hunk.linedelimiters,
+          lines: hunk.lines.map(function (l) {
+            if (l.startsWith('-')) {
+              return (
+                /*istanbul ignore start*/
+                "+".concat(
+                /*istanbul ignore end*/
+                l.slice(1))
+              );
+            }
+
+            if (l.startsWith('+')) {
+              return (
+                /*istanbul ignore start*/
+                "-".concat(
+                /*istanbul ignore end*/
+                l.slice(1))
+              );
+            }
+
+            return l;
+          })
+        };
+      })
+    })
+  );
+}
+//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9wYXRjaC9yZXZlcnNlLmpzIl0sIm5hbWVzIjpbInJldmVyc2VQYXRjaCIsInN0cnVjdHVyZWRQYXRjaCIsIkFycmF5IiwiaXNBcnJheSIsIm1hcCIsInJldmVyc2UiLCJvbGRGaWxlTmFtZSIsIm5ld0ZpbGVOYW1lIiwib2xkSGVhZGVyIiwibmV3SGVhZGVyIiwiaHVua3MiLCJodW5rIiwib2xkTGluZXMiLCJuZXdMaW5lcyIsIm9sZFN0YXJ0IiwibmV3U3RhcnQiLCJsaW5lZGVsaW1pdGVycyIsImxpbmVzIiwibCIsInN0YXJ0c1dpdGgiLCJzbGljZSJdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7O0FBQU8sU0FBU0EsWUFBVCxDQUFzQkMsZUFBdEIsRUFBdUM7QUFDNUMsTUFBSUMsS0FBSyxDQUFDQyxPQUFOLENBQWNGLGVBQWQsQ0FBSixFQUFvQztBQUNsQyxXQUFPQSxlQUFlLENBQUNHLEdBQWhCLENBQW9CSixZQUFwQixFQUFrQ0ssT0FBbEMsRUFBUDtBQUNEOztBQUVEO0FBQUE7QUFBQTtBQUFBO0FBQ0tKLElBQUFBLGVBREw7QUFFRUssTUFBQUEsV0FBVyxFQUFFTCxlQUFlLENBQUNNLFdBRi9CO0FBR0VDLE1BQUFBLFNBQVMsRUFBRVAsZUFBZSxDQUFDUSxTQUg3QjtBQUlFRixNQUFBQSxXQUFXLEVBQUVOLGVBQWUsQ0FBQ0ssV0FKL0I7QUFLRUcsTUFBQUEsU0FBUyxFQUFFUixlQUFlLENBQUNPLFNBTDdCO0FBTUVFLE1BQUFBLEtBQUssRUFBRVQsZUFBZSxDQUFDUyxLQUFoQixDQUFzQk4sR0FBdEIsQ0FBMEIsVUFBQU8sSUFBSSxFQUFJO0FBQ3ZDLGVBQU87QUFDTEMsVUFBQUEsUUFBUSxFQUFFRCxJQUFJLENBQUNFLFFBRFY7QUFFTEMsVUFBQUEsUUFBUSxFQUFFSCxJQUFJLENBQUNJLFFBRlY7QUFHTEYsVUFBQUEsUUFBUSxFQUFFRixJQUFJLENBQUNDLFFBSFY7QUFJTEcsVUFBQUEsUUFBUSxFQUFFSixJQUFJLENBQUNHLFFBSlY7QUFLTEUsVUFBQUEsY0FBYyxFQUFFTCxJQUFJLENBQUNLLGNBTGhCO0FBTUxDLFVBQUFBLEtBQUssRUFBRU4sSUFBSSxDQUFDTSxLQUFMLENBQVdiLEdBQVgsQ0FBZSxVQUFBYyxDQUFDLEVBQUk7QUFDekIsZ0JBQUlBLENBQUMsQ0FBQ0MsVUFBRixDQUFhLEdBQWIsQ0FBSixFQUF1QjtBQUFFO0FBQUE7QUFBQTtBQUFBO0FBQVdELGdCQUFBQSxDQUFDLENBQUNFLEtBQUYsQ0FBUSxDQUFSLENBQVg7QUFBQTtBQUEwQjs7QUFDbkQsZ0JBQUlGLENBQUMsQ0FBQ0MsVUFBRixDQUFhLEdBQWIsQ0FBSixFQUF1QjtBQUFFO0FBQUE7QUFBQTtBQUFBO0FBQVdELGdCQUFBQSxDQUFDLENBQUNFLEtBQUYsQ0FBUSxDQUFSLENBQVg7QUFBQTtBQUEwQjs7QUFDbkQsbUJBQU9GLENBQVA7QUFDRCxXQUpNO0FBTkYsU0FBUDtBQVlELE9BYk07QUFOVDtBQUFBO0FBcUJEIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0IGZ1bmN0aW9uIHJldmVyc2VQYXRjaChzdHJ1Y3R1cmVkUGF0Y2gpIHtcbiAgaWYgKEFycmF5LmlzQXJyYXkoc3RydWN0dXJlZFBhdGNoKSkge1xuICAgIHJldHVybiBzdHJ1Y3R1cmVkUGF0Y2gubWFwKHJldmVyc2VQYXRjaCkucmV2ZXJzZSgpO1xuICB9XG5cbiAgcmV0dXJuIHtcbiAgICAuLi5zdHJ1Y3R1cmVkUGF0Y2gsXG4gICAgb2xkRmlsZU5hbWU6IHN0cnVjdHVyZWRQYXRjaC5uZXdGaWxlTmFtZSxcbiAgICBvbGRIZWFkZXI6IHN0cnVjdHVyZWRQYXRjaC5uZXdIZWFkZXIsXG4gICAgbmV3RmlsZU5hbWU6IHN0cnVjdHVyZWRQYXRjaC5vbGRGaWxlTmFtZSxcbiAgICBuZXdIZWFkZXI6IHN0cnVjdHVyZWRQYXRjaC5vbGRIZWFkZXIsXG4gICAgaHVua3M6IHN0cnVjdHVyZWRQYXRjaC5odW5rcy5tYXAoaHVuayA9PiB7XG4gICAgICByZXR1cm4ge1xuICAgICAgICBvbGRMaW5lczogaHVuay5uZXdMaW5lcyxcbiAgICAgICAgb2xkU3RhcnQ6IGh1bmsubmV3U3RhcnQsXG4gICAgICAgIG5ld0xpbmVzOiBodW5rLm9sZExpbmVzLFxuICAgICAgICBuZXdTdGFydDogaHVuay5vbGRTdGFydCxcbiAgICAgICAgbGluZWRlbGltaXRlcnM6IGh1bmsubGluZWRlbGltaXRlcnMsXG4gICAgICAgIGxpbmVzOiBodW5rLmxpbmVzLm1hcChsID0+IHtcbiAgICAgICAgICBpZiAobC5zdGFydHNXaXRoKCctJykpIHsgcmV0dXJuIGArJHtsLnNsaWNlKDEpfWA7IH1cbiAgICAgICAgICBpZiAobC5zdGFydHNXaXRoKCcrJykpIHsgcmV0dXJuIGAtJHtsLnNsaWNlKDEpfWA7IH1cbiAgICAgICAgICByZXR1cm4gbDtcbiAgICAgICAgfSlcbiAgICAgIH07XG4gICAgfSlcbiAgfTtcbn1cbiJdfQ==
diff --git a/deps/npm/node_modules/diff/package.json b/deps/npm/node_modules/diff/package.json
index a2fc30c581218f..dcffb9474baefc 100644
--- a/deps/npm/node_modules/diff/package.json
+++ b/deps/npm/node_modules/diff/package.json
@@ -1,7 +1,7 @@
 {
   "name": "diff",
-  "version": "5.1.0",
-  "description": "A javascript text diff implementation.",
+  "version": "5.2.0",
+  "description": "A JavaScript text diff implementation.",
   "keywords": [
     "diff",
     "jsdiff",
@@ -13,7 +13,8 @@
     "javascript"
   ],
   "maintainers": [
-    "Kevin Decker  (http://incaseofstairs.com)"
+    "Kevin Decker  (http://incaseofstairs.com)",
+    "Mark Amery "
   ],
   "bugs": {
     "email": "kpdecker@gmail.com",
@@ -37,7 +38,8 @@
       "require": "./lib/index.js"
     },
     "./package.json": "./package.json",
-    "./": "./"
+    "./": "./",
+    "./*": "./*"
   },
   "scripts": {
     "clean": "rm -rf lib/ dist/",
@@ -50,10 +52,10 @@
     "@babel/plugin-transform-modules-commonjs": "^7.2.0",
     "@babel/preset-env": "^7.2.3",
     "@babel/register": "^7.0.0",
+    "@colors/colors": "^1.3.3",
     "babel-eslint": "^10.0.1",
     "babel-loader": "^8.0.5",
     "chai": "^4.2.0",
-    "colors": "^1.3.3",
     "eslint": "^5.12.0",
     "grunt": "^1.0.3",
     "grunt-babel": "^8.0.0",
@@ -69,7 +71,7 @@
     "grunt-mocha-test": "^0.13.3",
     "grunt-webpack": "^3.1.3",
     "istanbul": "github:kpdecker/istanbul",
-    "karma": "^5.1.1",
+    "karma": "^6.3.16",
     "karma-chrome-launcher": "^3.1.0",
     "karma-mocha": "^2.0.1",
     "karma-mocha-reporter": "^2.0.0",
diff --git a/deps/npm/node_modules/diff/release-notes.md b/deps/npm/node_modules/diff/release-notes.md
index b7bc9c803b9022..fe98f22d239e7e 100644
--- a/deps/npm/node_modules/diff/release-notes.md
+++ b/deps/npm/node_modules/diff/release-notes.md
@@ -1,14 +1,22 @@
 # Release Notes
 
-## Development
+## v5.2.0
 
-[Commits](https://github.com/kpdecker/jsdiff/compare/v5.0.0...master)
+[Commits](https://github.com/kpdecker/jsdiff/compare/v5.1.0...master)
+
+- [#411](https://github.com/kpdecker/jsdiff/pull/411) Big performance improvement. Previously an O(n) array-copying operation inside the innermost loop of jsdiff's base diffing code increased the overall worst-case time complexity of computing a diff from O(n²) to O(n³). This is now fixed, bringing the worst-case time complexity down to what it theoretically should be for a Myers diff implementation.
+- [#448](https://github.com/kpdecker/jsdiff/pull/411) Performance improvement. Diagonals whose furthest-reaching D-path would go off the edge of the edit graph are now skipped, rather than being pointlessly considered as called for by the original Myers diff algorithm. This dramatically speeds up computing diffs where the new text just appends or truncates content at the end of the old text.
+- [#351](https://github.com/kpdecker/jsdiff/issues/351) Importing from the lib folder - e.g. `require("diff/lib/diff/word.js")` - will work again now. This had been broken for users on the latest version of Node since Node 17.5.0, which changed how Node interprets the `exports` property in jsdiff's `package.json` file.
+- [#344](https://github.com/kpdecker/jsdiff/issues/344) `diffLines`, `createTwoFilesPatch`, and other patch-creation methods now take an optional `stripTrailingCr: true` option which causes Windows-style `\r\n` line endings to be replaced with Unix-style `\n` line endings before calculating the diff, just like GNU `diff`'s `--strip-trailing-cr` flag.
+- [#451](https://github.com/kpdecker/jsdiff/pull/451) Added `diff.formatPatch`.
+- [#450](https://github.com/kpdecker/jsdiff/pull/450) Added `diff.reversePatch`.
+- [#478](https://github.com/kpdecker/jsdiff/pull/478) Added `timeout` option.
 
 ## v5.1.0
 
 - [#365](https://github.com/kpdecker/jsdiff/issues/365) Allow early termination to limit execution time with degenerate cases
 
-[Commits](https://github.com/kpdecker/jsdiff/compare/v5.0.0...v5.0.1)
+[Commits](https://github.com/kpdecker/jsdiff/compare/v5.0.0...v5.1.0)
 
 ## v5.0.0
 
diff --git a/deps/npm/node_modules/gauge/node_modules/ansi-regex/index.js b/deps/npm/node_modules/gauge/node_modules/ansi-regex/index.js
deleted file mode 100644
index 616ff837d3ff01..00000000000000
--- a/deps/npm/node_modules/gauge/node_modules/ansi-regex/index.js
+++ /dev/null
@@ -1,10 +0,0 @@
-'use strict';
-
-module.exports = ({onlyFirst = false} = {}) => {
-	const pattern = [
-		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
-		'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
-	].join('|');
-
-	return new RegExp(pattern, onlyFirst ? undefined : 'g');
-};
diff --git a/deps/npm/node_modules/gauge/node_modules/ansi-regex/license b/deps/npm/node_modules/gauge/node_modules/ansi-regex/license
deleted file mode 100644
index e7af2f77107d73..00000000000000
--- a/deps/npm/node_modules/gauge/node_modules/ansi-regex/license
+++ /dev/null
@@ -1,9 +0,0 @@
-MIT License
-
-Copyright (c) Sindre Sorhus  (sindresorhus.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/deps/npm/node_modules/gauge/node_modules/strip-ansi/index.js b/deps/npm/node_modules/gauge/node_modules/strip-ansi/index.js
deleted file mode 100644
index 9a593dfcd1fd5c..00000000000000
--- a/deps/npm/node_modules/gauge/node_modules/strip-ansi/index.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-const ansiRegex = require('ansi-regex');
-
-module.exports = string => typeof string === 'string' ? string.replace(ansiRegex(), '') : string;
diff --git a/deps/npm/node_modules/gauge/node_modules/strip-ansi/license b/deps/npm/node_modules/gauge/node_modules/strip-ansi/license
deleted file mode 100644
index e7af2f77107d73..00000000000000
--- a/deps/npm/node_modules/gauge/node_modules/strip-ansi/license
+++ /dev/null
@@ -1,9 +0,0 @@
-MIT License
-
-Copyright (c) Sindre Sorhus  (sindresorhus.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/deps/npm/node_modules/hasown/index.js b/deps/npm/node_modules/hasown/index.js
index 3b91618323842f..34e60591349679 100644
--- a/deps/npm/node_modules/hasown/index.js
+++ b/deps/npm/node_modules/hasown/index.js
@@ -4,5 +4,5 @@ var call = Function.prototype.call;
 var $hasOwn = Object.prototype.hasOwnProperty;
 var bind = require('function-bind');
 
-/** @type {(o: {}, p: PropertyKey) => p is keyof o} */
+/** @type {import('.')} */
 module.exports = bind.call(call, $hasOwn);
diff --git a/deps/npm/node_modules/hasown/package.json b/deps/npm/node_modules/hasown/package.json
index 954500640223c2..1b03e9d3018bde 100644
--- a/deps/npm/node_modules/hasown/package.json
+++ b/deps/npm/node_modules/hasown/package.json
@@ -1,21 +1,21 @@
 {
 	"name": "hasown",
-	"version": "2.0.0",
+	"version": "2.0.1",
 	"description": "A robust, ES3 compatible, \"has own property\" predicate.",
 	"main": "index.js",
 	"exports": {
 		".": "./index.js",
 		"./package.json": "./package.json"
 	},
+	"types": "index.d.ts",
+	"sideEffects": false,
 	"scripts": {
-		"prepack": "npmignore --auto --commentLines=autogenerated && npm run emit-types",
+		"prepack": "npmignore --auto --commentLines=autogenerated",
 		"prepublish": "not-in-publish || npm run prepublishOnly",
 		"prepublishOnly": "safe-publish-latest",
 		"prelint": "evalmd README.md",
 		"lint": "eslint --ext=js,mjs .",
 		"postlint": "npm run tsc",
-		"preemit-types": "rm -f *.ts *.ts.map test/*.ts test/*.ts.map",
-		"emit-types": "npm run tsc -- --noEmit false --emitDeclarationOnly",
 		"pretest": "npm run lint",
 		"tsc": "tsc -p .",
 		"tests-only": "nyc tape 'test/**/*.js'",
@@ -51,20 +51,20 @@
 	},
 	"devDependencies": {
 		"@ljharb/eslint-config": "^21.1.0",
-		"@types/function-bind": "^1.1.9",
-		"@types/mock-property": "^1.0.1",
-		"@types/tape": "^5.6.3",
-		"aud": "^2.0.3",
+		"@types/function-bind": "^1.1.10",
+		"@types/mock-property": "^1.0.2",
+		"@types/tape": "^5.6.4",
+		"aud": "^2.0.4",
 		"auto-changelog": "^2.4.0",
 		"eslint": "=8.8.0",
 		"evalmd": "^0.0.19",
 		"in-publish": "^2.0.1",
-		"mock-property": "^1.0.2",
-		"npmignore": "^0.3.0",
+		"mock-property": "^1.0.3",
+		"npmignore": "^0.3.1",
 		"nyc": "^10.3.2",
 		"safe-publish-latest": "^2.0.0",
-		"tape": "^5.7.1",
-		"typescript": "^5.3.0-dev.20231019"
+		"tape": "^5.7.4",
+		"typescript": "next"
 	},
 	"engines": {
 		"node": ">= 0.4"
@@ -83,9 +83,7 @@
 	"publishConfig": {
 		"ignore": [
 			".github/workflows",
-			"test",
-			"!*.d.ts",
-			"!*.d.ts.map"
+			"test"
 		]
 	}
 }
diff --git a/deps/npm/node_modules/http-proxy-agent/LICENSE b/deps/npm/node_modules/http-proxy-agent/LICENSE
index aad14057fad570..7ddd1e9bdb4507 100644
--- a/deps/npm/node_modules/http-proxy-agent/LICENSE
+++ b/deps/npm/node_modules/http-proxy-agent/LICENSE
@@ -1,9 +1,6 @@
-License
--------
-
 (The MIT License)
 
-Copyright (c) 2013 Nathan Rajlich <nathan@tootallnate.net>
+Copyright (c) 2013 Nathan Rajlich 
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
diff --git a/deps/npm/node_modules/http-proxy-agent/dist/index.js b/deps/npm/node_modules/http-proxy-agent/dist/index.js
index 4a7daf6156f941..fb2751c2264314 100644
--- a/deps/npm/node_modules/http-proxy-agent/dist/index.js
+++ b/deps/npm/node_modules/http-proxy-agent/dist/index.js
@@ -32,6 +32,7 @@ const tls = __importStar(require("tls"));
 const debug_1 = __importDefault(require("debug"));
 const events_1 = require("events");
 const agent_base_1 = require("agent-base");
+const url_1 = require("url");
 const debug = (0, debug_1.default)('http-proxy-agent');
 /**
  * The `HttpProxyAgent` implements an HTTP Agent subclass that connects
@@ -40,7 +41,7 @@ const debug = (0, debug_1.default)('http-proxy-agent');
 class HttpProxyAgent extends agent_base_1.Agent {
     constructor(proxy, opts) {
         super(opts);
-        this.proxy = typeof proxy === 'string' ? new URL(proxy) : proxy;
+        this.proxy = typeof proxy === 'string' ? new url_1.URL(proxy) : proxy;
         this.proxyHeaders = opts?.headers ?? {};
         debug('Creating new HttpProxyAgent instance: %o', this.proxy.href);
         // Trim off the brackets from IPv6 addresses
@@ -67,7 +68,7 @@ class HttpProxyAgent extends agent_base_1.Agent {
         const protocol = opts.secureEndpoint ? 'https:' : 'http:';
         const hostname = req.getHeader('host') || 'localhost';
         const base = `${protocol}//${hostname}`;
-        const url = new URL(req.path, base);
+        const url = new url_1.URL(req.path, base);
         if (opts.port !== 80) {
             url.port = String(opts.port);
         }
diff --git a/deps/npm/node_modules/http-proxy-agent/package.json b/deps/npm/node_modules/http-proxy-agent/package.json
index 08c650cbb22aa4..a53940a3d88a39 100644
--- a/deps/npm/node_modules/http-proxy-agent/package.json
+++ b/deps/npm/node_modules/http-proxy-agent/package.json
@@ -1,6 +1,6 @@
 {
   "name": "http-proxy-agent",
-  "version": "7.0.0",
+  "version": "7.0.2",
   "description": "An HTTP(s) proxy `http.Agent` implementation for HTTP",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
diff --git a/deps/npm/node_modules/https-proxy-agent/LICENSE b/deps/npm/node_modules/https-proxy-agent/LICENSE
new file mode 100644
index 00000000000000..008728cb51847d
--- /dev/null
+++ b/deps/npm/node_modules/https-proxy-agent/LICENSE
@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2013 Nathan Rajlich 
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file
diff --git a/deps/npm/node_modules/https-proxy-agent/dist/index.js b/deps/npm/node_modules/https-proxy-agent/dist/index.js
index 978af031baf3aa..4c420aa7c20533 100644
--- a/deps/npm/node_modules/https-proxy-agent/dist/index.js
+++ b/deps/npm/node_modules/https-proxy-agent/dist/index.js
@@ -32,6 +32,7 @@ const tls = __importStar(require("tls"));
 const assert_1 = __importDefault(require("assert"));
 const debug_1 = __importDefault(require("debug"));
 const agent_base_1 = require("agent-base");
+const url_1 = require("url");
 const parse_proxy_response_1 = require("./parse-proxy-response");
 const debug = (0, debug_1.default)('https-proxy-agent');
 /**
@@ -50,7 +51,7 @@ class HttpsProxyAgent extends agent_base_1.Agent {
     constructor(proxy, opts) {
         super(opts);
         this.options = { path: undefined };
-        this.proxy = typeof proxy === 'string' ? new URL(proxy) : proxy;
+        this.proxy = typeof proxy === 'string' ? new url_1.URL(proxy) : proxy;
         this.proxyHeaders = opts?.headers ?? {};
         debug('Creating new HttpsProxyAgent instance: %o', this.proxy.href);
         // Trim off the brackets from IPv6 addresses
@@ -84,7 +85,7 @@ class HttpsProxyAgent extends agent_base_1.Agent {
             const servername = this.connectOpts.servername || this.connectOpts.host;
             socket = tls.connect({
                 ...this.connectOpts,
-                servername: servername && net.isIP(servername) ? undefined : servername
+                servername: servername && net.isIP(servername) ? undefined : servername,
             });
         }
         else {
diff --git a/deps/npm/node_modules/https-proxy-agent/package.json b/deps/npm/node_modules/https-proxy-agent/package.json
index 07c04f82a9c3ab..f3c67ef3804bbd 100644
--- a/deps/npm/node_modules/https-proxy-agent/package.json
+++ b/deps/npm/node_modules/https-proxy-agent/package.json
@@ -1,6 +1,6 @@
 {
   "name": "https-proxy-agent",
-  "version": "7.0.2",
+  "version": "7.0.4",
   "description": "An HTTP(s) proxy `http.Agent` implementation for HTTPS",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
diff --git a/deps/npm/node_modules/ip-address/LICENSE b/deps/npm/node_modules/ip-address/LICENSE
new file mode 100644
index 00000000000000..ec79adb0c40203
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/LICENSE
@@ -0,0 +1,19 @@
+Copyright (C) 2011 by Beau Gunderson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/deps/npm/node_modules/ip-address/dist/address-error.js b/deps/npm/node_modules/ip-address/dist/address-error.js
new file mode 100644
index 00000000000000..4fcade3ba2486c
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/dist/address-error.js
@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AddressError = void 0;
+class AddressError extends Error {
+    constructor(message, parseMessage) {
+        super(message);
+        this.name = 'AddressError';
+        if (parseMessage !== null) {
+            this.parseMessage = parseMessage;
+        }
+    }
+}
+exports.AddressError = AddressError;
+//# sourceMappingURL=address-error.js.map
\ No newline at end of file
diff --git a/deps/npm/node_modules/ip-address/dist/common.js b/deps/npm/node_modules/ip-address/dist/common.js
new file mode 100644
index 00000000000000..4d10c9a4e82035
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/dist/common.js
@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isCorrect = exports.isInSubnet = void 0;
+function isInSubnet(address) {
+    if (this.subnetMask < address.subnetMask) {
+        return false;
+    }
+    if (this.mask(address.subnetMask) === address.mask()) {
+        return true;
+    }
+    return false;
+}
+exports.isInSubnet = isInSubnet;
+function isCorrect(defaultBits) {
+    return function () {
+        if (this.addressMinusSuffix !== this.correctForm()) {
+            return false;
+        }
+        if (this.subnetMask === defaultBits && !this.parsedSubnet) {
+            return true;
+        }
+        return this.parsedSubnet === String(this.subnetMask);
+    };
+}
+exports.isCorrect = isCorrect;
+//# sourceMappingURL=common.js.map
\ No newline at end of file
diff --git a/deps/npm/node_modules/ip-address/dist/ip-address.js b/deps/npm/node_modules/ip-address/dist/ip-address.js
new file mode 100644
index 00000000000000..553c005a63cb64
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/dist/ip-address.js
@@ -0,0 +1,35 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.v6 = exports.AddressError = exports.Address6 = exports.Address4 = void 0;
+const ipv4_1 = require("./ipv4");
+Object.defineProperty(exports, "Address4", { enumerable: true, get: function () { return ipv4_1.Address4; } });
+const ipv6_1 = require("./ipv6");
+Object.defineProperty(exports, "Address6", { enumerable: true, get: function () { return ipv6_1.Address6; } });
+const address_error_1 = require("./address-error");
+Object.defineProperty(exports, "AddressError", { enumerable: true, get: function () { return address_error_1.AddressError; } });
+const helpers = __importStar(require("./v6/helpers"));
+exports.v6 = { helpers };
+//# sourceMappingURL=ip-address.js.map
\ No newline at end of file
diff --git a/deps/npm/node_modules/ip-address/dist/ipv4.js b/deps/npm/node_modules/ip-address/dist/ipv4.js
new file mode 100644
index 00000000000000..22a81b5047f05a
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/dist/ipv4.js
@@ -0,0 +1,326 @@
+"use strict";
+/* eslint-disable no-param-reassign */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Address4 = void 0;
+const common = __importStar(require("./common"));
+const constants = __importStar(require("./v4/constants"));
+const address_error_1 = require("./address-error");
+const jsbn_1 = require("jsbn");
+const sprintf_js_1 = require("sprintf-js");
+/**
+ * Represents an IPv4 address
+ * @class Address4
+ * @param {string} address - An IPv4 address string
+ */
+class Address4 {
+    constructor(address) {
+        this.groups = constants.GROUPS;
+        this.parsedAddress = [];
+        this.parsedSubnet = '';
+        this.subnet = '/32';
+        this.subnetMask = 32;
+        this.v4 = true;
+        /**
+         * Returns true if the address is correct, false otherwise
+         * @memberof Address4
+         * @instance
+         * @returns {Boolean}
+         */
+        this.isCorrect = common.isCorrect(constants.BITS);
+        /**
+         * Returns true if the given address is in the subnet of the current address
+         * @memberof Address4
+         * @instance
+         * @returns {boolean}
+         */
+        this.isInSubnet = common.isInSubnet;
+        this.address = address;
+        const subnet = constants.RE_SUBNET_STRING.exec(address);
+        if (subnet) {
+            this.parsedSubnet = subnet[0].replace('/', '');
+            this.subnetMask = parseInt(this.parsedSubnet, 10);
+            this.subnet = `/${this.subnetMask}`;
+            if (this.subnetMask < 0 || this.subnetMask > constants.BITS) {
+                throw new address_error_1.AddressError('Invalid subnet mask.');
+            }
+            address = address.replace(constants.RE_SUBNET_STRING, '');
+        }
+        this.addressMinusSuffix = address;
+        this.parsedAddress = this.parse(address);
+    }
+    static isValid(address) {
+        try {
+            // eslint-disable-next-line no-new
+            new Address4(address);
+            return true;
+        }
+        catch (e) {
+            return false;
+        }
+    }
+    /*
+     * Parses a v4 address
+     */
+    parse(address) {
+        const groups = address.split('.');
+        if (!address.match(constants.RE_ADDRESS)) {
+            throw new address_error_1.AddressError('Invalid IPv4 address.');
+        }
+        return groups;
+    }
+    /**
+     * Returns the correct form of an address
+     * @memberof Address4
+     * @instance
+     * @returns {String}
+     */
+    correctForm() {
+        return this.parsedAddress.map((part) => parseInt(part, 10)).join('.');
+    }
+    /**
+     * Converts a hex string to an IPv4 address object
+     * @memberof Address4
+     * @static
+     * @param {string} hex - a hex string to convert
+     * @returns {Address4}
+     */
+    static fromHex(hex) {
+        const padded = hex.replace(/:/g, '').padStart(8, '0');
+        const groups = [];
+        let i;
+        for (i = 0; i < 8; i += 2) {
+            const h = padded.slice(i, i + 2);
+            groups.push(parseInt(h, 16));
+        }
+        return new Address4(groups.join('.'));
+    }
+    /**
+     * Converts an integer into a IPv4 address object
+     * @memberof Address4
+     * @static
+     * @param {integer} integer - a number to convert
+     * @returns {Address4}
+     */
+    static fromInteger(integer) {
+        return Address4.fromHex(integer.toString(16));
+    }
+    /**
+     * Return an address from in-addr.arpa form
+     * @memberof Address4
+     * @static
+     * @param {string} arpaFormAddress - an 'in-addr.arpa' form ipv4 address
+     * @returns {Adress4}
+     * @example
+     * var address = Address4.fromArpa(42.2.0.192.in-addr.arpa.)
+     * address.correctForm(); // '192.0.2.42'
+     */
+    static fromArpa(arpaFormAddress) {
+        // remove ending ".in-addr.arpa." or just "."
+        const leader = arpaFormAddress.replace(/(\.in-addr\.arpa)?\.$/, '');
+        const address = leader.split('.').reverse().join('.');
+        return new Address4(address);
+    }
+    /**
+     * Converts an IPv4 address object to a hex string
+     * @memberof Address4
+     * @instance
+     * @returns {String}
+     */
+    toHex() {
+        return this.parsedAddress.map((part) => (0, sprintf_js_1.sprintf)('%02x', parseInt(part, 10))).join(':');
+    }
+    /**
+     * Converts an IPv4 address object to an array of bytes
+     * @memberof Address4
+     * @instance
+     * @returns {Array}
+     */
+    toArray() {
+        return this.parsedAddress.map((part) => parseInt(part, 10));
+    }
+    /**
+     * Converts an IPv4 address object to an IPv6 address group
+     * @memberof Address4
+     * @instance
+     * @returns {String}
+     */
+    toGroup6() {
+        const output = [];
+        let i;
+        for (i = 0; i < constants.GROUPS; i += 2) {
+            const hex = (0, sprintf_js_1.sprintf)('%02x%02x', parseInt(this.parsedAddress[i], 10), parseInt(this.parsedAddress[i + 1], 10));
+            output.push((0, sprintf_js_1.sprintf)('%x', parseInt(hex, 16)));
+        }
+        return output.join(':');
+    }
+    /**
+     * Returns the address as a BigInteger
+     * @memberof Address4
+     * @instance
+     * @returns {BigInteger}
+     */
+    bigInteger() {
+        return new jsbn_1.BigInteger(this.parsedAddress.map((n) => (0, sprintf_js_1.sprintf)('%02x', parseInt(n, 10))).join(''), 16);
+    }
+    /**
+     * Helper function getting start address.
+     * @memberof Address4
+     * @instance
+     * @returns {BigInteger}
+     */
+    _startAddress() {
+        return new jsbn_1.BigInteger(this.mask() + '0'.repeat(constants.BITS - this.subnetMask), 2);
+    }
+    /**
+     * The first address in the range given by this address' subnet.
+     * Often referred to as the Network Address.
+     * @memberof Address4
+     * @instance
+     * @returns {Address4}
+     */
+    startAddress() {
+        return Address4.fromBigInteger(this._startAddress());
+    }
+    /**
+     * The first host address in the range given by this address's subnet ie
+     * the first address after the Network Address
+     * @memberof Address4
+     * @instance
+     * @returns {Address4}
+     */
+    startAddressExclusive() {
+        const adjust = new jsbn_1.BigInteger('1');
+        return Address4.fromBigInteger(this._startAddress().add(adjust));
+    }
+    /**
+     * Helper function getting end address.
+     * @memberof Address4
+     * @instance
+     * @returns {BigInteger}
+     */
+    _endAddress() {
+        return new jsbn_1.BigInteger(this.mask() + '1'.repeat(constants.BITS - this.subnetMask), 2);
+    }
+    /**
+     * The last address in the range given by this address' subnet
+     * Often referred to as the Broadcast
+     * @memberof Address4
+     * @instance
+     * @returns {Address4}
+     */
+    endAddress() {
+        return Address4.fromBigInteger(this._endAddress());
+    }
+    /**
+     * The last host address in the range given by this address's subnet ie
+     * the last address prior to the Broadcast Address
+     * @memberof Address4
+     * @instance
+     * @returns {Address4}
+     */
+    endAddressExclusive() {
+        const adjust = new jsbn_1.BigInteger('1');
+        return Address4.fromBigInteger(this._endAddress().subtract(adjust));
+    }
+    /**
+     * Converts a BigInteger to a v4 address object
+     * @memberof Address4
+     * @static
+     * @param {BigInteger} bigInteger - a BigInteger to convert
+     * @returns {Address4}
+     */
+    static fromBigInteger(bigInteger) {
+        return Address4.fromInteger(parseInt(bigInteger.toString(), 10));
+    }
+    /**
+     * Returns the first n bits of the address, defaulting to the
+     * subnet mask
+     * @memberof Address4
+     * @instance
+     * @returns {String}
+     */
+    mask(mask) {
+        if (mask === undefined) {
+            mask = this.subnetMask;
+        }
+        return this.getBitsBase2(0, mask);
+    }
+    /**
+     * Returns the bits in the given range as a base-2 string
+     * @memberof Address4
+     * @instance
+     * @returns {string}
+     */
+    getBitsBase2(start, end) {
+        return this.binaryZeroPad().slice(start, end);
+    }
+    /**
+     * Return the reversed ip6.arpa form of the address
+     * @memberof Address4
+     * @param {Object} options
+     * @param {boolean} options.omitSuffix - omit the "in-addr.arpa" suffix
+     * @instance
+     * @returns {String}
+     */
+    reverseForm(options) {
+        if (!options) {
+            options = {};
+        }
+        const reversed = this.correctForm().split('.').reverse().join('.');
+        if (options.omitSuffix) {
+            return reversed;
+        }
+        return (0, sprintf_js_1.sprintf)('%s.in-addr.arpa.', reversed);
+    }
+    /**
+     * Returns true if the given address is a multicast address
+     * @memberof Address4
+     * @instance
+     * @returns {boolean}
+     */
+    isMulticast() {
+        return this.isInSubnet(new Address4('224.0.0.0/4'));
+    }
+    /**
+     * Returns a zero-padded base-2 string representation of the address
+     * @memberof Address4
+     * @instance
+     * @returns {string}
+     */
+    binaryZeroPad() {
+        return this.bigInteger().toString(2).padStart(constants.BITS, '0');
+    }
+    /**
+     * Groups an IPv4 address for inclusion at the end of an IPv6 address
+     * @returns {String}
+     */
+    groupForV6() {
+        const segments = this.parsedAddress;
+        return this.address.replace(constants.RE_ADDRESS, (0, sprintf_js_1.sprintf)('%s.%s', segments.slice(0, 2).join('.'), segments.slice(2, 4).join('.')));
+    }
+}
+exports.Address4 = Address4;
+//# sourceMappingURL=ipv4.js.map
\ No newline at end of file
diff --git a/deps/npm/node_modules/ip-address/dist/ipv6.js b/deps/npm/node_modules/ip-address/dist/ipv6.js
new file mode 100644
index 00000000000000..c88ab84b9ad77a
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/dist/ipv6.js
@@ -0,0 +1,998 @@
+"use strict";
+/* eslint-disable prefer-destructuring */
+/* eslint-disable no-param-reassign */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Address6 = void 0;
+const common = __importStar(require("./common"));
+const constants4 = __importStar(require("./v4/constants"));
+const constants6 = __importStar(require("./v6/constants"));
+const helpers = __importStar(require("./v6/helpers"));
+const ipv4_1 = require("./ipv4");
+const regular_expressions_1 = require("./v6/regular-expressions");
+const address_error_1 = require("./address-error");
+const jsbn_1 = require("jsbn");
+const sprintf_js_1 = require("sprintf-js");
+function assert(condition) {
+    if (!condition) {
+        throw new Error('Assertion failed.');
+    }
+}
+function addCommas(number) {
+    const r = /(\d+)(\d{3})/;
+    while (r.test(number)) {
+        number = number.replace(r, '$1,$2');
+    }
+    return number;
+}
+function spanLeadingZeroes4(n) {
+    n = n.replace(/^(0{1,})([1-9]+)$/, '$1$2');
+    n = n.replace(/^(0{1,})(0)$/, '$1$2');
+    return n;
+}
+/*
+ * A helper function to compact an array
+ */
+function compact(address, slice) {
+    const s1 = [];
+    const s2 = [];
+    let i;
+    for (i = 0; i < address.length; i++) {
+        if (i < slice[0]) {
+            s1.push(address[i]);
+        }
+        else if (i > slice[1]) {
+            s2.push(address[i]);
+        }
+    }
+    return s1.concat(['compact']).concat(s2);
+}
+function paddedHex(octet) {
+    return (0, sprintf_js_1.sprintf)('%04x', parseInt(octet, 16));
+}
+function unsignByte(b) {
+    // eslint-disable-next-line no-bitwise
+    return b & 0xff;
+}
+/**
+ * Represents an IPv6 address
+ * @class Address6
+ * @param {string} address - An IPv6 address string
+ * @param {number} [groups=8] - How many octets to parse
+ * @example
+ * var address = new Address6('2001::/32');
+ */
+class Address6 {
+    constructor(address, optionalGroups) {
+        this.addressMinusSuffix = '';
+        this.parsedSubnet = '';
+        this.subnet = '/128';
+        this.subnetMask = 128;
+        this.v4 = false;
+        this.zone = '';
+        // #region Attributes
+        /**
+         * Returns true if the given address is in the subnet of the current address
+         * @memberof Address6
+         * @instance
+         * @returns {boolean}
+         */
+        this.isInSubnet = common.isInSubnet;
+        /**
+         * Returns true if the address is correct, false otherwise
+         * @memberof Address6
+         * @instance
+         * @returns {boolean}
+         */
+        this.isCorrect = common.isCorrect(constants6.BITS);
+        if (optionalGroups === undefined) {
+            this.groups = constants6.GROUPS;
+        }
+        else {
+            this.groups = optionalGroups;
+        }
+        this.address = address;
+        const subnet = constants6.RE_SUBNET_STRING.exec(address);
+        if (subnet) {
+            this.parsedSubnet = subnet[0].replace('/', '');
+            this.subnetMask = parseInt(this.parsedSubnet, 10);
+            this.subnet = `/${this.subnetMask}`;
+            if (Number.isNaN(this.subnetMask) ||
+                this.subnetMask < 0 ||
+                this.subnetMask > constants6.BITS) {
+                throw new address_error_1.AddressError('Invalid subnet mask.');
+            }
+            address = address.replace(constants6.RE_SUBNET_STRING, '');
+        }
+        else if (/\//.test(address)) {
+            throw new address_error_1.AddressError('Invalid subnet mask.');
+        }
+        const zone = constants6.RE_ZONE_STRING.exec(address);
+        if (zone) {
+            this.zone = zone[0];
+            address = address.replace(constants6.RE_ZONE_STRING, '');
+        }
+        this.addressMinusSuffix = address;
+        this.parsedAddress = this.parse(this.addressMinusSuffix);
+    }
+    static isValid(address) {
+        try {
+            // eslint-disable-next-line no-new
+            new Address6(address);
+            return true;
+        }
+        catch (e) {
+            return false;
+        }
+    }
+    /**
+     * Convert a BigInteger to a v6 address object
+     * @memberof Address6
+     * @static
+     * @param {BigInteger} bigInteger - a BigInteger to convert
+     * @returns {Address6}
+     * @example
+     * var bigInteger = new BigInteger('1000000000000');
+     * var address = Address6.fromBigInteger(bigInteger);
+     * address.correctForm(); // '::e8:d4a5:1000'
+     */
+    static fromBigInteger(bigInteger) {
+        const hex = bigInteger.toString(16).padStart(32, '0');
+        const groups = [];
+        let i;
+        for (i = 0; i < constants6.GROUPS; i++) {
+            groups.push(hex.slice(i * 4, (i + 1) * 4));
+        }
+        return new Address6(groups.join(':'));
+    }
+    /**
+     * Convert a URL (with optional port number) to an address object
+     * @memberof Address6
+     * @static
+     * @param {string} url - a URL with optional port number
+     * @example
+     * var addressAndPort = Address6.fromURL('http://[ffff::]:8080/foo/');
+     * addressAndPort.address.correctForm(); // 'ffff::'
+     * addressAndPort.port; // 8080
+     */
+    static fromURL(url) {
+        let host;
+        let port = null;
+        let result;
+        // If we have brackets parse them and find a port
+        if (url.indexOf('[') !== -1 && url.indexOf(']:') !== -1) {
+            result = constants6.RE_URL_WITH_PORT.exec(url);
+            if (result === null) {
+                return {
+                    error: 'failed to parse address with port',
+                    address: null,
+                    port: null,
+                };
+            }
+            host = result[1];
+            port = result[2];
+            // If there's a URL extract the address
+        }
+        else if (url.indexOf('/') !== -1) {
+            // Remove the protocol prefix
+            url = url.replace(/^[a-z0-9]+:\/\//, '');
+            // Parse the address
+            result = constants6.RE_URL.exec(url);
+            if (result === null) {
+                return {
+                    error: 'failed to parse address from URL',
+                    address: null,
+                    port: null,
+                };
+            }
+            host = result[1];
+            // Otherwise just assign the URL to the host and let the library parse it
+        }
+        else {
+            host = url;
+        }
+        // If there's a port convert it to an integer
+        if (port) {
+            port = parseInt(port, 10);
+            // squelch out of range ports
+            if (port < 0 || port > 65536) {
+                port = null;
+            }
+        }
+        else {
+            // Standardize `undefined` to `null`
+            port = null;
+        }
+        return {
+            address: new Address6(host),
+            port,
+        };
+    }
+    /**
+     * Create an IPv6-mapped address given an IPv4 address
+     * @memberof Address6
+     * @static
+     * @param {string} address - An IPv4 address string
+     * @returns {Address6}
+     * @example
+     * var address = Address6.fromAddress4('192.168.0.1');
+     * address.correctForm(); // '::ffff:c0a8:1'
+     * address.to4in6(); // '::ffff:192.168.0.1'
+     */
+    static fromAddress4(address) {
+        const address4 = new ipv4_1.Address4(address);
+        const mask6 = constants6.BITS - (constants4.BITS - address4.subnetMask);
+        return new Address6(`::ffff:${address4.correctForm()}/${mask6}`);
+    }
+    /**
+     * Return an address from ip6.arpa form
+     * @memberof Address6
+     * @static
+     * @param {string} arpaFormAddress - an 'ip6.arpa' form address
+     * @returns {Adress6}
+     * @example
+     * var address = Address6.fromArpa(e.f.f.f.3.c.2.6.f.f.f.e.6.6.8.e.1.0.6.7.9.4.e.c.0.0.0.0.1.0.0.2.ip6.arpa.)
+     * address.correctForm(); // '2001:0:ce49:7601:e866:efff:62c3:fffe'
+     */
+    static fromArpa(arpaFormAddress) {
+        // remove ending ".ip6.arpa." or just "."
+        let address = arpaFormAddress.replace(/(\.ip6\.arpa)?\.$/, '');
+        const semicolonAmount = 7;
+        // correct ip6.arpa form with ending removed will be 63 characters
+        if (address.length !== 63) {
+            throw new address_error_1.AddressError("Invalid 'ip6.arpa' form.");
+        }
+        const parts = address.split('.').reverse();
+        for (let i = semicolonAmount; i > 0; i--) {
+            const insertIndex = i * 4;
+            parts.splice(insertIndex, 0, ':');
+        }
+        address = parts.join('');
+        return new Address6(address);
+    }
+    /**
+     * Return the Microsoft UNC transcription of the address
+     * @memberof Address6
+     * @instance
+     * @returns {String} the Microsoft UNC transcription of the address
+     */
+    microsoftTranscription() {
+        return (0, sprintf_js_1.sprintf)('%s.ipv6-literal.net', this.correctForm().replace(/:/g, '-'));
+    }
+    /**
+     * Return the first n bits of the address, defaulting to the subnet mask
+     * @memberof Address6
+     * @instance
+     * @param {number} [mask=subnet] - the number of bits to mask
+     * @returns {String} the first n bits of the address as a string
+     */
+    mask(mask = this.subnetMask) {
+        return this.getBitsBase2(0, mask);
+    }
+    /**
+     * Return the number of possible subnets of a given size in the address
+     * @memberof Address6
+     * @instance
+     * @param {number} [size=128] - the subnet size
+     * @returns {String}
+     */
+    // TODO: probably useful to have a numeric version of this too
+    possibleSubnets(subnetSize = 128) {
+        const availableBits = constants6.BITS - this.subnetMask;
+        const subnetBits = Math.abs(subnetSize - constants6.BITS);
+        const subnetPowers = availableBits - subnetBits;
+        if (subnetPowers < 0) {
+            return '0';
+        }
+        return addCommas(new jsbn_1.BigInteger('2', 10).pow(subnetPowers).toString(10));
+    }
+    /**
+     * Helper function getting start address.
+     * @memberof Address6
+     * @instance
+     * @returns {BigInteger}
+     */
+    _startAddress() {
+        return new jsbn_1.BigInteger(this.mask() + '0'.repeat(constants6.BITS - this.subnetMask), 2);
+    }
+    /**
+     * The first address in the range given by this address' subnet
+     * Often referred to as the Network Address.
+     * @memberof Address6
+     * @instance
+     * @returns {Address6}
+     */
+    startAddress() {
+        return Address6.fromBigInteger(this._startAddress());
+    }
+    /**
+     * The first host address in the range given by this address's subnet ie
+     * the first address after the Network Address
+     * @memberof Address6
+     * @instance
+     * @returns {Address6}
+     */
+    startAddressExclusive() {
+        const adjust = new jsbn_1.BigInteger('1');
+        return Address6.fromBigInteger(this._startAddress().add(adjust));
+    }
+    /**
+     * Helper function getting end address.
+     * @memberof Address6
+     * @instance
+     * @returns {BigInteger}
+     */
+    _endAddress() {
+        return new jsbn_1.BigInteger(this.mask() + '1'.repeat(constants6.BITS - this.subnetMask), 2);
+    }
+    /**
+     * The last address in the range given by this address' subnet
+     * Often referred to as the Broadcast
+     * @memberof Address6
+     * @instance
+     * @returns {Address6}
+     */
+    endAddress() {
+        return Address6.fromBigInteger(this._endAddress());
+    }
+    /**
+     * The last host address in the range given by this address's subnet ie
+     * the last address prior to the Broadcast Address
+     * @memberof Address6
+     * @instance
+     * @returns {Address6}
+     */
+    endAddressExclusive() {
+        const adjust = new jsbn_1.BigInteger('1');
+        return Address6.fromBigInteger(this._endAddress().subtract(adjust));
+    }
+    /**
+     * Return the scope of the address
+     * @memberof Address6
+     * @instance
+     * @returns {String}
+     */
+    getScope() {
+        let scope = constants6.SCOPES[this.getBits(12, 16).intValue()];
+        if (this.getType() === 'Global unicast' && scope !== 'Link local') {
+            scope = 'Global';
+        }
+        return scope || 'Unknown';
+    }
+    /**
+     * Return the type of the address
+     * @memberof Address6
+     * @instance
+     * @returns {String}
+     */
+    getType() {
+        for (const subnet of Object.keys(constants6.TYPES)) {
+            if (this.isInSubnet(new Address6(subnet))) {
+                return constants6.TYPES[subnet];
+            }
+        }
+        return 'Global unicast';
+    }
+    /**
+     * Return the bits in the given range as a BigInteger
+     * @memberof Address6
+     * @instance
+     * @returns {BigInteger}
+     */
+    getBits(start, end) {
+        return new jsbn_1.BigInteger(this.getBitsBase2(start, end), 2);
+    }
+    /**
+     * Return the bits in the given range as a base-2 string
+     * @memberof Address6
+     * @instance
+     * @returns {String}
+     */
+    getBitsBase2(start, end) {
+        return this.binaryZeroPad().slice(start, end);
+    }
+    /**
+     * Return the bits in the given range as a base-16 string
+     * @memberof Address6
+     * @instance
+     * @returns {String}
+     */
+    getBitsBase16(start, end) {
+        const length = end - start;
+        if (length % 4 !== 0) {
+            throw new Error('Length of bits to retrieve must be divisible by four');
+        }
+        return this.getBits(start, end)
+            .toString(16)
+            .padStart(length / 4, '0');
+    }
+    /**
+     * Return the bits that are set past the subnet mask length
+     * @memberof Address6
+     * @instance
+     * @returns {String}
+     */
+    getBitsPastSubnet() {
+        return this.getBitsBase2(this.subnetMask, constants6.BITS);
+    }
+    /**
+     * Return the reversed ip6.arpa form of the address
+     * @memberof Address6
+     * @param {Object} options
+     * @param {boolean} options.omitSuffix - omit the "ip6.arpa" suffix
+     * @instance
+     * @returns {String}
+     */
+    reverseForm(options) {
+        if (!options) {
+            options = {};
+        }
+        const characters = Math.floor(this.subnetMask / 4);
+        const reversed = this.canonicalForm()
+            .replace(/:/g, '')
+            .split('')
+            .slice(0, characters)
+            .reverse()
+            .join('.');
+        if (characters > 0) {
+            if (options.omitSuffix) {
+                return reversed;
+            }
+            return (0, sprintf_js_1.sprintf)('%s.ip6.arpa.', reversed);
+        }
+        if (options.omitSuffix) {
+            return '';
+        }
+        return 'ip6.arpa.';
+    }
+    /**
+     * Return the correct form of the address
+     * @memberof Address6
+     * @instance
+     * @returns {String}
+     */
+    correctForm() {
+        let i;
+        let groups = [];
+        let zeroCounter = 0;
+        const zeroes = [];
+        for (i = 0; i < this.parsedAddress.length; i++) {
+            const value = parseInt(this.parsedAddress[i], 16);
+            if (value === 0) {
+                zeroCounter++;
+            }
+            if (value !== 0 && zeroCounter > 0) {
+                if (zeroCounter > 1) {
+                    zeroes.push([i - zeroCounter, i - 1]);
+                }
+                zeroCounter = 0;
+            }
+        }
+        // Do we end with a string of zeroes?
+        if (zeroCounter > 1) {
+            zeroes.push([this.parsedAddress.length - zeroCounter, this.parsedAddress.length - 1]);
+        }
+        const zeroLengths = zeroes.map((n) => n[1] - n[0] + 1);
+        if (zeroes.length > 0) {
+            const index = zeroLengths.indexOf(Math.max(...zeroLengths));
+            groups = compact(this.parsedAddress, zeroes[index]);
+        }
+        else {
+            groups = this.parsedAddress;
+        }
+        for (i = 0; i < groups.length; i++) {
+            if (groups[i] !== 'compact') {
+                groups[i] = parseInt(groups[i], 16).toString(16);
+            }
+        }
+        let correct = groups.join(':');
+        correct = correct.replace(/^compact$/, '::');
+        correct = correct.replace(/^compact|compact$/, ':');
+        correct = correct.replace(/compact/, '');
+        return correct;
+    }
+    /**
+     * Return a zero-padded base-2 string representation of the address
+     * @memberof Address6
+     * @instance
+     * @returns {String}
+     * @example
+     * var address = new Address6('2001:4860:4001:803::1011');
+     * address.binaryZeroPad();
+     * // '0010000000000001010010000110000001000000000000010000100000000011
+     * //  0000000000000000000000000000000000000000000000000001000000010001'
+     */
+    binaryZeroPad() {
+        return this.bigInteger().toString(2).padStart(constants6.BITS, '0');
+    }
+    // TODO: Improve the semantics of this helper function
+    parse4in6(address) {
+        const groups = address.split(':');
+        const lastGroup = groups.slice(-1)[0];
+        const address4 = lastGroup.match(constants4.RE_ADDRESS);
+        if (address4) {
+            this.parsedAddress4 = address4[0];
+            this.address4 = new ipv4_1.Address4(this.parsedAddress4);
+            for (let i = 0; i < this.address4.groups; i++) {
+                if (/^0[0-9]+/.test(this.address4.parsedAddress[i])) {
+                    throw new address_error_1.AddressError("IPv4 addresses can't have leading zeroes.", address.replace(constants4.RE_ADDRESS, this.address4.parsedAddress.map(spanLeadingZeroes4).join('.')));
+                }
+            }
+            this.v4 = true;
+            groups[groups.length - 1] = this.address4.toGroup6();
+            address = groups.join(':');
+        }
+        return address;
+    }
+    // TODO: Make private?
+    parse(address) {
+        address = this.parse4in6(address);
+        const badCharacters = address.match(constants6.RE_BAD_CHARACTERS);
+        if (badCharacters) {
+            throw new address_error_1.AddressError((0, sprintf_js_1.sprintf)('Bad character%s detected in address: %s', badCharacters.length > 1 ? 's' : '', badCharacters.join('')), address.replace(constants6.RE_BAD_CHARACTERS, '$1'));
+        }
+        const badAddress = address.match(constants6.RE_BAD_ADDRESS);
+        if (badAddress) {
+            throw new address_error_1.AddressError((0, sprintf_js_1.sprintf)('Address failed regex: %s', badAddress.join('')), address.replace(constants6.RE_BAD_ADDRESS, '$1'));
+        }
+        let groups = [];
+        const halves = address.split('::');
+        if (halves.length === 2) {
+            let first = halves[0].split(':');
+            let last = halves[1].split(':');
+            if (first.length === 1 && first[0] === '') {
+                first = [];
+            }
+            if (last.length === 1 && last[0] === '') {
+                last = [];
+            }
+            const remaining = this.groups - (first.length + last.length);
+            if (!remaining) {
+                throw new address_error_1.AddressError('Error parsing groups');
+            }
+            this.elidedGroups = remaining;
+            this.elisionBegin = first.length;
+            this.elisionEnd = first.length + this.elidedGroups;
+            groups = groups.concat(first);
+            for (let i = 0; i < remaining; i++) {
+                groups.push('0');
+            }
+            groups = groups.concat(last);
+        }
+        else if (halves.length === 1) {
+            groups = address.split(':');
+            this.elidedGroups = 0;
+        }
+        else {
+            throw new address_error_1.AddressError('Too many :: groups found');
+        }
+        groups = groups.map((group) => (0, sprintf_js_1.sprintf)('%x', parseInt(group, 16)));
+        if (groups.length !== this.groups) {
+            throw new address_error_1.AddressError('Incorrect number of groups found');
+        }
+        return groups;
+    }
+    /**
+     * Return the canonical form of the address
+     * @memberof Address6
+     * @instance
+     * @returns {String}
+     */
+    canonicalForm() {
+        return this.parsedAddress.map(paddedHex).join(':');
+    }
+    /**
+     * Return the decimal form of the address
+     * @memberof Address6
+     * @instance
+     * @returns {String}
+     */
+    decimal() {
+        return this.parsedAddress.map((n) => (0, sprintf_js_1.sprintf)('%05d', parseInt(n, 16))).join(':');
+    }
+    /**
+     * Return the address as a BigInteger
+     * @memberof Address6
+     * @instance
+     * @returns {BigInteger}
+     */
+    bigInteger() {
+        return new jsbn_1.BigInteger(this.parsedAddress.map(paddedHex).join(''), 16);
+    }
+    /**
+     * Return the last two groups of this address as an IPv4 address string
+     * @memberof Address6
+     * @instance
+     * @returns {Address4}
+     * @example
+     * var address = new Address6('2001:4860:4001::1825:bf11');
+     * address.to4().correctForm(); // '24.37.191.17'
+     */
+    to4() {
+        const binary = this.binaryZeroPad().split('');
+        return ipv4_1.Address4.fromHex(new jsbn_1.BigInteger(binary.slice(96, 128).join(''), 2).toString(16));
+    }
+    /**
+     * Return the v4-in-v6 form of the address
+     * @memberof Address6
+     * @instance
+     * @returns {String}
+     */
+    to4in6() {
+        const address4 = this.to4();
+        const address6 = new Address6(this.parsedAddress.slice(0, 6).join(':'), 6);
+        const correct = address6.correctForm();
+        let infix = '';
+        if (!/:$/.test(correct)) {
+            infix = ':';
+        }
+        return correct + infix + address4.address;
+    }
+    /**
+     * Return an object containing the Teredo properties of the address
+     * @memberof Address6
+     * @instance
+     * @returns {Object}
+     */
+    inspectTeredo() {
+        /*
+        - Bits 0 to 31 are set to the Teredo prefix (normally 2001:0000::/32).
+        - Bits 32 to 63 embed the primary IPv4 address of the Teredo server that
+          is used.
+        - Bits 64 to 79 can be used to define some flags. Currently only the
+          higher order bit is used; it is set to 1 if the Teredo client is
+          located behind a cone NAT, 0 otherwise. For Microsoft's Windows Vista
+          and Windows Server 2008 implementations, more bits are used. In those
+          implementations, the format for these 16 bits is "CRAAAAUG AAAAAAAA",
+          where "C" remains the "Cone" flag. The "R" bit is reserved for future
+          use. The "U" bit is for the Universal/Local flag (set to 0). The "G" bit
+          is Individual/Group flag (set to 0). The A bits are set to a 12-bit
+          randomly generated number chosen by the Teredo client to introduce
+          additional protection for the Teredo node against IPv6-based scanning
+          attacks.
+        - Bits 80 to 95 contains the obfuscated UDP port number. This is the
+          port number that is mapped by the NAT to the Teredo client with all
+          bits inverted.
+        - Bits 96 to 127 contains the obfuscated IPv4 address. This is the
+          public IPv4 address of the NAT with all bits inverted.
+        */
+        const prefix = this.getBitsBase16(0, 32);
+        const udpPort = this.getBits(80, 96).xor(new jsbn_1.BigInteger('ffff', 16)).toString();
+        const server4 = ipv4_1.Address4.fromHex(this.getBitsBase16(32, 64));
+        const client4 = ipv4_1.Address4.fromHex(this.getBits(96, 128).xor(new jsbn_1.BigInteger('ffffffff', 16)).toString(16));
+        const flags = this.getBits(64, 80);
+        const flagsBase2 = this.getBitsBase2(64, 80);
+        const coneNat = flags.testBit(15);
+        const reserved = flags.testBit(14);
+        const groupIndividual = flags.testBit(8);
+        const universalLocal = flags.testBit(9);
+        const nonce = new jsbn_1.BigInteger(flagsBase2.slice(2, 6) + flagsBase2.slice(8, 16), 2).toString(10);
+        return {
+            prefix: (0, sprintf_js_1.sprintf)('%s:%s', prefix.slice(0, 4), prefix.slice(4, 8)),
+            server4: server4.address,
+            client4: client4.address,
+            flags: flagsBase2,
+            coneNat,
+            microsoft: {
+                reserved,
+                universalLocal,
+                groupIndividual,
+                nonce,
+            },
+            udpPort,
+        };
+    }
+    /**
+     * Return an object containing the 6to4 properties of the address
+     * @memberof Address6
+     * @instance
+     * @returns {Object}
+     */
+    inspect6to4() {
+        /*
+        - Bits 0 to 15 are set to the 6to4 prefix (2002::/16).
+        - Bits 16 to 48 embed the IPv4 address of the 6to4 gateway that is used.
+        */
+        const prefix = this.getBitsBase16(0, 16);
+        const gateway = ipv4_1.Address4.fromHex(this.getBitsBase16(16, 48));
+        return {
+            prefix: (0, sprintf_js_1.sprintf)('%s', prefix.slice(0, 4)),
+            gateway: gateway.address,
+        };
+    }
+    /**
+     * Return a v6 6to4 address from a v6 v4inv6 address
+     * @memberof Address6
+     * @instance
+     * @returns {Address6}
+     */
+    to6to4() {
+        if (!this.is4()) {
+            return null;
+        }
+        const addr6to4 = [
+            '2002',
+            this.getBitsBase16(96, 112),
+            this.getBitsBase16(112, 128),
+            '',
+            '/16',
+        ].join(':');
+        return new Address6(addr6to4);
+    }
+    /**
+     * Return a byte array
+     * @memberof Address6
+     * @instance
+     * @returns {Array}
+     */
+    toByteArray() {
+        const byteArray = this.bigInteger().toByteArray();
+        // work around issue where `toByteArray` returns a leading 0 element
+        if (byteArray.length === 17 && byteArray[0] === 0) {
+            return byteArray.slice(1);
+        }
+        return byteArray;
+    }
+    /**
+     * Return an unsigned byte array
+     * @memberof Address6
+     * @instance
+     * @returns {Array}
+     */
+    toUnsignedByteArray() {
+        return this.toByteArray().map(unsignByte);
+    }
+    /**
+     * Convert a byte array to an Address6 object
+     * @memberof Address6
+     * @static
+     * @returns {Address6}
+     */
+    static fromByteArray(bytes) {
+        return this.fromUnsignedByteArray(bytes.map(unsignByte));
+    }
+    /**
+     * Convert an unsigned byte array to an Address6 object
+     * @memberof Address6
+     * @static
+     * @returns {Address6}
+     */
+    static fromUnsignedByteArray(bytes) {
+        const BYTE_MAX = new jsbn_1.BigInteger('256', 10);
+        let result = new jsbn_1.BigInteger('0', 10);
+        let multiplier = new jsbn_1.BigInteger('1', 10);
+        for (let i = bytes.length - 1; i >= 0; i--) {
+            result = result.add(multiplier.multiply(new jsbn_1.BigInteger(bytes[i].toString(10), 10)));
+            multiplier = multiplier.multiply(BYTE_MAX);
+        }
+        return Address6.fromBigInteger(result);
+    }
+    /**
+     * Returns true if the address is in the canonical form, false otherwise
+     * @memberof Address6
+     * @instance
+     * @returns {boolean}
+     */
+    isCanonical() {
+        return this.addressMinusSuffix === this.canonicalForm();
+    }
+    /**
+     * Returns true if the address is a link local address, false otherwise
+     * @memberof Address6
+     * @instance
+     * @returns {boolean}
+     */
+    isLinkLocal() {
+        // Zeroes are required, i.e. we can't check isInSubnet with 'fe80::/10'
+        if (this.getBitsBase2(0, 64) ===
+            '1111111010000000000000000000000000000000000000000000000000000000') {
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Returns true if the address is a multicast address, false otherwise
+     * @memberof Address6
+     * @instance
+     * @returns {boolean}
+     */
+    isMulticast() {
+        return this.getType() === 'Multicast';
+    }
+    /**
+     * Returns true if the address is a v4-in-v6 address, false otherwise
+     * @memberof Address6
+     * @instance
+     * @returns {boolean}
+     */
+    is4() {
+        return this.v4;
+    }
+    /**
+     * Returns true if the address is a Teredo address, false otherwise
+     * @memberof Address6
+     * @instance
+     * @returns {boolean}
+     */
+    isTeredo() {
+        return this.isInSubnet(new Address6('2001::/32'));
+    }
+    /**
+     * Returns true if the address is a 6to4 address, false otherwise
+     * @memberof Address6
+     * @instance
+     * @returns {boolean}
+     */
+    is6to4() {
+        return this.isInSubnet(new Address6('2002::/16'));
+    }
+    /**
+     * Returns true if the address is a loopback address, false otherwise
+     * @memberof Address6
+     * @instance
+     * @returns {boolean}
+     */
+    isLoopback() {
+        return this.getType() === 'Loopback';
+    }
+    // #endregion
+    // #region HTML
+    /**
+     * @returns {String} the address in link form with a default port of 80
+     */
+    href(optionalPort) {
+        if (optionalPort === undefined) {
+            optionalPort = '';
+        }
+        else {
+            optionalPort = (0, sprintf_js_1.sprintf)(':%s', optionalPort);
+        }
+        return (0, sprintf_js_1.sprintf)('http://[%s]%s/', this.correctForm(), optionalPort);
+    }
+    /**
+     * @returns {String} a link suitable for conveying the address via a URL hash
+     */
+    link(options) {
+        if (!options) {
+            options = {};
+        }
+        if (options.className === undefined) {
+            options.className = '';
+        }
+        if (options.prefix === undefined) {
+            options.prefix = '/#address=';
+        }
+        if (options.v4 === undefined) {
+            options.v4 = false;
+        }
+        let formFunction = this.correctForm;
+        if (options.v4) {
+            formFunction = this.to4in6;
+        }
+        if (options.className) {
+            return (0, sprintf_js_1.sprintf)('%2$s', options.prefix, formFunction.call(this), options.className);
+        }
+        return (0, sprintf_js_1.sprintf)('%2$s', options.prefix, formFunction.call(this));
+    }
+    /**
+     * Groups an address
+     * @returns {String}
+     */
+    group() {
+        if (this.elidedGroups === 0) {
+            // The simple case
+            return helpers.simpleGroup(this.address).join(':');
+        }
+        assert(typeof this.elidedGroups === 'number');
+        assert(typeof this.elisionBegin === 'number');
+        // The elided case
+        const output = [];
+        const [left, right] = this.address.split('::');
+        if (left.length) {
+            output.push(...helpers.simpleGroup(left));
+        }
+        else {
+            output.push('');
+        }
+        const classes = ['hover-group'];
+        for (let i = this.elisionBegin; i < this.elisionBegin + this.elidedGroups; i++) {
+            classes.push((0, sprintf_js_1.sprintf)('group-%d', i));
+        }
+        output.push((0, sprintf_js_1.sprintf)('', classes.join(' ')));
+        if (right.length) {
+            output.push(...helpers.simpleGroup(right, this.elisionEnd));
+        }
+        else {
+            output.push('');
+        }
+        if (this.is4()) {
+            assert(this.address4 instanceof ipv4_1.Address4);
+            output.pop();
+            output.push(this.address4.groupForV6());
+        }
+        return output.join(':');
+    }
+    // #endregion
+    // #region Regular expressions
+    /**
+     * Generate a regular expression string that can be used to find or validate
+     * all variations of this address
+     * @memberof Address6
+     * @instance
+     * @param {boolean} substringSearch
+     * @returns {string}
+     */
+    regularExpressionString(substringSearch = false) {
+        let output = [];
+        // TODO: revisit why this is necessary
+        const address6 = new Address6(this.correctForm());
+        if (address6.elidedGroups === 0) {
+            // The simple case
+            output.push((0, regular_expressions_1.simpleRegularExpression)(address6.parsedAddress));
+        }
+        else if (address6.elidedGroups === constants6.GROUPS) {
+            // A completely elided address
+            output.push((0, regular_expressions_1.possibleElisions)(constants6.GROUPS));
+        }
+        else {
+            // A partially elided address
+            const halves = address6.address.split('::');
+            if (halves[0].length) {
+                output.push((0, regular_expressions_1.simpleRegularExpression)(halves[0].split(':')));
+            }
+            assert(typeof address6.elidedGroups === 'number');
+            output.push((0, regular_expressions_1.possibleElisions)(address6.elidedGroups, halves[0].length !== 0, halves[1].length !== 0));
+            if (halves[1].length) {
+                output.push((0, regular_expressions_1.simpleRegularExpression)(halves[1].split(':')));
+            }
+            output = [output.join(':')];
+        }
+        if (!substringSearch) {
+            output = [
+                '(?=^|',
+                regular_expressions_1.ADDRESS_BOUNDARY,
+                '|[^\\w\\:])(',
+                ...output,
+                ')(?=[^\\w\\:]|',
+                regular_expressions_1.ADDRESS_BOUNDARY,
+                '|$)',
+            ];
+        }
+        return output.join('');
+    }
+    /**
+     * Generate a regular expression that can be used to find or validate all
+     * variations of this address.
+     * @memberof Address6
+     * @instance
+     * @param {boolean} substringSearch
+     * @returns {RegExp}
+     */
+    regularExpression(substringSearch = false) {
+        return new RegExp(this.regularExpressionString(substringSearch), 'i');
+    }
+}
+exports.Address6 = Address6;
+//# sourceMappingURL=ipv6.js.map
\ No newline at end of file
diff --git a/deps/npm/node_modules/ip-address/dist/v4/constants.js b/deps/npm/node_modules/ip-address/dist/v4/constants.js
new file mode 100644
index 00000000000000..6fa2518f964912
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/dist/v4/constants.js
@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RE_SUBNET_STRING = exports.RE_ADDRESS = exports.GROUPS = exports.BITS = void 0;
+exports.BITS = 32;
+exports.GROUPS = 4;
+exports.RE_ADDRESS = /^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/g;
+exports.RE_SUBNET_STRING = /\/\d{1,2}$/;
+//# sourceMappingURL=constants.js.map
\ No newline at end of file
diff --git a/deps/npm/node_modules/ip-address/dist/v6/constants.js b/deps/npm/node_modules/ip-address/dist/v6/constants.js
new file mode 100644
index 00000000000000..e316bb0d0c2cd5
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/dist/v6/constants.js
@@ -0,0 +1,76 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RE_URL_WITH_PORT = exports.RE_URL = exports.RE_ZONE_STRING = exports.RE_SUBNET_STRING = exports.RE_BAD_ADDRESS = exports.RE_BAD_CHARACTERS = exports.TYPES = exports.SCOPES = exports.GROUPS = exports.BITS = void 0;
+exports.BITS = 128;
+exports.GROUPS = 8;
+/**
+ * Represents IPv6 address scopes
+ * @memberof Address6
+ * @static
+ */
+exports.SCOPES = {
+    0: 'Reserved',
+    1: 'Interface local',
+    2: 'Link local',
+    4: 'Admin local',
+    5: 'Site local',
+    8: 'Organization local',
+    14: 'Global',
+    15: 'Reserved',
+};
+/**
+ * Represents IPv6 address types
+ * @memberof Address6
+ * @static
+ */
+exports.TYPES = {
+    'ff01::1/128': 'Multicast (All nodes on this interface)',
+    'ff01::2/128': 'Multicast (All routers on this interface)',
+    'ff02::1/128': 'Multicast (All nodes on this link)',
+    'ff02::2/128': 'Multicast (All routers on this link)',
+    'ff05::2/128': 'Multicast (All routers in this site)',
+    'ff02::5/128': 'Multicast (OSPFv3 AllSPF routers)',
+    'ff02::6/128': 'Multicast (OSPFv3 AllDR routers)',
+    'ff02::9/128': 'Multicast (RIP routers)',
+    'ff02::a/128': 'Multicast (EIGRP routers)',
+    'ff02::d/128': 'Multicast (PIM routers)',
+    'ff02::16/128': 'Multicast (MLDv2 reports)',
+    'ff01::fb/128': 'Multicast (mDNSv6)',
+    'ff02::fb/128': 'Multicast (mDNSv6)',
+    'ff05::fb/128': 'Multicast (mDNSv6)',
+    'ff02::1:2/128': 'Multicast (All DHCP servers and relay agents on this link)',
+    'ff05::1:2/128': 'Multicast (All DHCP servers and relay agents in this site)',
+    'ff02::1:3/128': 'Multicast (All DHCP servers on this link)',
+    'ff05::1:3/128': 'Multicast (All DHCP servers in this site)',
+    '::/128': 'Unspecified',
+    '::1/128': 'Loopback',
+    'ff00::/8': 'Multicast',
+    'fe80::/10': 'Link-local unicast',
+};
+/**
+ * A regular expression that matches bad characters in an IPv6 address
+ * @memberof Address6
+ * @static
+ */
+exports.RE_BAD_CHARACTERS = /([^0-9a-f:/%])/gi;
+/**
+ * A regular expression that matches an incorrect IPv6 address
+ * @memberof Address6
+ * @static
+ */
+exports.RE_BAD_ADDRESS = /([0-9a-f]{5,}|:{3,}|[^:]:$|^:[^:]|\/$)/gi;
+/**
+ * A regular expression that matches an IPv6 subnet
+ * @memberof Address6
+ * @static
+ */
+exports.RE_SUBNET_STRING = /\/\d{1,3}(?=%|$)/;
+/**
+ * A regular expression that matches an IPv6 zone
+ * @memberof Address6
+ * @static
+ */
+exports.RE_ZONE_STRING = /%.*$/;
+exports.RE_URL = new RegExp(/^\[{0,1}([0-9a-f:]+)\]{0,1}/);
+exports.RE_URL_WITH_PORT = new RegExp(/\[([0-9a-f:]+)\]:([0-9]{1,5})/);
+//# sourceMappingURL=constants.js.map
\ No newline at end of file
diff --git a/deps/npm/node_modules/ip-address/dist/v6/helpers.js b/deps/npm/node_modules/ip-address/dist/v6/helpers.js
new file mode 100644
index 00000000000000..918aaa58c85d79
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/dist/v6/helpers.js
@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.simpleGroup = exports.spanLeadingZeroes = exports.spanAll = exports.spanAllZeroes = void 0;
+const sprintf_js_1 = require("sprintf-js");
+/**
+ * @returns {String} the string with all zeroes contained in a 
+ */
+function spanAllZeroes(s) {
+    return s.replace(/(0+)/g, '$1');
+}
+exports.spanAllZeroes = spanAllZeroes;
+/**
+ * @returns {String} the string with each character contained in a 
+ */
+function spanAll(s, offset = 0) {
+    const letters = s.split('');
+    return letters
+        .map((n, i) => (0, sprintf_js_1.sprintf)('%s', n, i + offset, spanAllZeroes(n)) // XXX Use #base-2 .value-0 instead?
+    )
+        .join('');
+}
+exports.spanAll = spanAll;
+function spanLeadingZeroesSimple(group) {
+    return group.replace(/^(0+)/, '$1');
+}
+/**
+ * @returns {String} the string with leading zeroes contained in a 
+ */
+function spanLeadingZeroes(address) {
+    const groups = address.split(':');
+    return groups.map((g) => spanLeadingZeroesSimple(g)).join(':');
+}
+exports.spanLeadingZeroes = spanLeadingZeroes;
+/**
+ * Groups an address
+ * @returns {String} a grouped address
+ */
+function simpleGroup(addressString, offset = 0) {
+    const groups = addressString.split(':');
+    return groups.map((g, i) => {
+        if (/group-v4/.test(g)) {
+            return g;
+        }
+        return (0, sprintf_js_1.sprintf)('%s', i + offset, spanLeadingZeroesSimple(g));
+    });
+}
+exports.simpleGroup = simpleGroup;
+//# sourceMappingURL=helpers.js.map
\ No newline at end of file
diff --git a/deps/npm/node_modules/ip-address/dist/v6/regular-expressions.js b/deps/npm/node_modules/ip-address/dist/v6/regular-expressions.js
new file mode 100644
index 00000000000000..616550a864509f
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/dist/v6/regular-expressions.js
@@ -0,0 +1,96 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.possibleElisions = exports.simpleRegularExpression = exports.ADDRESS_BOUNDARY = exports.padGroup = exports.groupPossibilities = void 0;
+const v6 = __importStar(require("./constants"));
+const sprintf_js_1 = require("sprintf-js");
+function groupPossibilities(possibilities) {
+    return (0, sprintf_js_1.sprintf)('(%s)', possibilities.join('|'));
+}
+exports.groupPossibilities = groupPossibilities;
+function padGroup(group) {
+    if (group.length < 4) {
+        return (0, sprintf_js_1.sprintf)('0{0,%d}%s', 4 - group.length, group);
+    }
+    return group;
+}
+exports.padGroup = padGroup;
+exports.ADDRESS_BOUNDARY = '[^A-Fa-f0-9:]';
+function simpleRegularExpression(groups) {
+    const zeroIndexes = [];
+    groups.forEach((group, i) => {
+        const groupInteger = parseInt(group, 16);
+        if (groupInteger === 0) {
+            zeroIndexes.push(i);
+        }
+    });
+    // You can technically elide a single 0, this creates the regular expressions
+    // to match that eventuality
+    const possibilities = zeroIndexes.map((zeroIndex) => groups
+        .map((group, i) => {
+        if (i === zeroIndex) {
+            const elision = i === 0 || i === v6.GROUPS - 1 ? ':' : '';
+            return groupPossibilities([padGroup(group), elision]);
+        }
+        return padGroup(group);
+    })
+        .join(':'));
+    // The simplest case
+    possibilities.push(groups.map(padGroup).join(':'));
+    return groupPossibilities(possibilities);
+}
+exports.simpleRegularExpression = simpleRegularExpression;
+function possibleElisions(elidedGroups, moreLeft, moreRight) {
+    const left = moreLeft ? '' : ':';
+    const right = moreRight ? '' : ':';
+    const possibilities = [];
+    // 1. elision of everything (::)
+    if (!moreLeft && !moreRight) {
+        possibilities.push('::');
+    }
+    // 2. complete elision of the middle
+    if (moreLeft && moreRight) {
+        possibilities.push('');
+    }
+    if ((moreRight && !moreLeft) || (!moreRight && moreLeft)) {
+        // 3. complete elision of one side
+        possibilities.push(':');
+    }
+    // 4. elision from the left side
+    possibilities.push((0, sprintf_js_1.sprintf)('%s(:0{1,4}){1,%d}', left, elidedGroups - 1));
+    // 5. elision from the right side
+    possibilities.push((0, sprintf_js_1.sprintf)('(0{1,4}:){1,%d}%s', elidedGroups - 1, right));
+    // 6. no elision
+    possibilities.push((0, sprintf_js_1.sprintf)('(0{1,4}:){%d}0{1,4}', elidedGroups - 1));
+    // 7. elision (including sloppy elision) from the middle
+    for (let groups = 1; groups < elidedGroups - 1; groups++) {
+        for (let position = 1; position < elidedGroups - groups; position++) {
+            possibilities.push((0, sprintf_js_1.sprintf)('(0{1,4}:){%d}:(0{1,4}:){%d}0{1,4}', position, elidedGroups - position - groups - 1));
+        }
+    }
+    return groupPossibilities(possibilities);
+}
+exports.possibleElisions = possibleElisions;
+//# sourceMappingURL=regular-expressions.js.map
\ No newline at end of file
diff --git a/deps/npm/node_modules/ip-address/node_modules/sprintf-js/CONTRIBUTORS.md b/deps/npm/node_modules/ip-address/node_modules/sprintf-js/CONTRIBUTORS.md
new file mode 100644
index 00000000000000..a16608e936a72c
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/node_modules/sprintf-js/CONTRIBUTORS.md
@@ -0,0 +1,26 @@
+Alexander Rose [@arose](https://github.com/arose)
+Alexandru Mărășteanu [@alexei](https://github.com/alexei)
+Andras [@andrasq](https://github.com/andrasq)
+Benoit Giannangeli [@giann](https://github.com/giann)
+Branden Visser [@mrvisser](https://github.com/mrvisser)
+David Baird
+daurnimator [@daurnimator](https://github.com/daurnimator)
+Doug Beck [@beck](https://github.com/beck)
+Dzmitry Litskalau [@litmit](https://github.com/litmit)
+Fred Ludlow [@fredludlow](https://github.com/fredludlow)
+Hans Pufal
+Henry [@alograg](https://github.com/alograg)
+Johnny Shields [@johnnyshields](https://github.com/johnnyshields)
+Kamal Abdali
+Matt Simerson [@msimerson](https://github.com/msimerson)
+Maxime Robert [@marob](https://github.com/marob)
+MeriemKhelifi [@MeriemKhelifi](https://github.com/MeriemKhelifi)
+Michael Schramm [@wodka](https://github.com/wodka)
+Nazar Mokrynskyi [@nazar-pc](https://github.com/nazar-pc)
+Oliver Salzburg [@oliversalzburg](https://github.com/oliversalzburg)
+Pablo [@ppollono](https://github.com/ppollono)
+Rabehaja Stevens [@RABEHAJA-STEVENS](https://github.com/RABEHAJA-STEVENS)
+Raphael Pigulla [@pigulla](https://github.com/pigulla)
+rebeccapeltz [@rebeccapeltz](https://github.com/rebeccapeltz)
+Stefan Tingström [@stingstrom](https://github.com/stingstrom)
+Tim Gates [@timgates42](https://github.com/timgates42)
diff --git a/deps/npm/node_modules/ip-address/node_modules/sprintf-js/LICENSE b/deps/npm/node_modules/ip-address/node_modules/sprintf-js/LICENSE
new file mode 100644
index 00000000000000..83f832a2ee2829
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/node_modules/sprintf-js/LICENSE
@@ -0,0 +1,24 @@
+Copyright (c) 2007-present, Alexandru Mărășteanu 
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+* Redistributions of source code must retain the above copyright
+  notice, this list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright
+  notice, this list of conditions and the following disclaimer in the
+  documentation and/or other materials provided with the distribution.
+* Neither the name of this software nor the names of its contributors may be
+  used to endorse or promote products derived from this software without
+  specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/deps/npm/node_modules/ip-address/node_modules/sprintf-js/dist/.gitattributes b/deps/npm/node_modules/ip-address/node_modules/sprintf-js/dist/.gitattributes
new file mode 100644
index 00000000000000..a837fd3849f783
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/node_modules/sprintf-js/dist/.gitattributes
@@ -0,0 +1,4 @@
+#ignore all generated files from diff
+#also skip line ending check
+*.js -diff -text
+*.map -diff -text
diff --git a/deps/npm/node_modules/ip-address/node_modules/sprintf-js/dist/angular-sprintf.min.js b/deps/npm/node_modules/ip-address/node_modules/sprintf-js/dist/angular-sprintf.min.js
new file mode 100644
index 00000000000000..5dff8c54337dbd
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/node_modules/sprintf-js/dist/angular-sprintf.min.js
@@ -0,0 +1,3 @@
+/*! sprintf-js v1.1.3 | Copyright (c) 2007-present, Alexandru Mărășteanu  | BSD-3-Clause */
+!function(){"use strict";angular.module("sprintf",[]).filter("sprintf",function(){return function(){return sprintf.apply(null,arguments)}}).filter("fmt",["$filter",function(t){return t("sprintf")}]).filter("vsprintf",function(){return function(t,n){return vsprintf(t,n)}}).filter("vfmt",["$filter",function(t){return t("vsprintf")}])}();
+//# sourceMappingURL=angular-sprintf.min.js.map
diff --git a/deps/npm/node_modules/ip-address/node_modules/sprintf-js/dist/sprintf.min.js b/deps/npm/node_modules/ip-address/node_modules/sprintf-js/dist/sprintf.min.js
new file mode 100644
index 00000000000000..ed09637ea39052
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/node_modules/sprintf-js/dist/sprintf.min.js
@@ -0,0 +1,3 @@
+/*! sprintf-js v1.1.3 | Copyright (c) 2007-present, Alexandru Mărășteanu  | BSD-3-Clause */
+!function(){"use strict";var g={not_string:/[^s]/,not_bool:/[^t]/,not_type:/[^T]/,not_primitive:/[^v]/,number:/[diefg]/,numeric_arg:/[bcdiefguxX]/,json:/[j]/,not_json:/[^j]/,text:/^[^\x25]+/,modulo:/^\x25{2}/,placeholder:/^\x25(?:([1-9]\d*)\$|\(([^)]+)\))?(\+)?(0|'[^$])?(-)?(\d+)?(?:\.(\d+))?([b-gijostTuvxX])/,key:/^([a-z_][a-z_\d]*)/i,key_access:/^\.([a-z_][a-z_\d]*)/i,index_access:/^\[(\d+)\]/,sign:/^[+-]/};function y(e){return function(e,t){var r,n,i,s,a,o,p,c,l,u=1,f=e.length,d="";for(n=0;n>>0).toString(8);break;case"s":r=String(r),r=s.precision?r.substring(0,s.precision):r;break;case"t":r=String(!!r),r=s.precision?r.substring(0,s.precision):r;break;case"T":r=Object.prototype.toString.call(r).slice(8,-1).toLowerCase(),r=s.precision?r.substring(0,s.precision):r;break;case"u":r=parseInt(r,10)>>>0;break;case"v":r=r.valueOf(),r=s.precision?r.substring(0,s.precision):r;break;case"x":r=(parseInt(r,10)>>>0).toString(16);break;case"X":r=(parseInt(r,10)>>>0).toString(16).toUpperCase()}g.json.test(s.type)?d+=r:(!g.number.test(s.type)||c&&!s.sign?l="":(l=c?"+":"-",r=r.toString().replace(g.sign,"")),o=s.pad_char?"0"===s.pad_char?"0":s.pad_char.charAt(1):" ",p=s.width-(l+r).length,a=s.width&&0",
+  "main": "src/sprintf.js",
+  "scripts": {
+    "test": "mocha test/*.js",
+    "pretest": "npm run lint",
+    "lint": "eslint .",
+    "lint:fix": "eslint --fix ."
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/alexei/sprintf.js.git"
+  },
+  "license": "BSD-3-Clause",
+  "readmeFilename": "README.md",
+  "devDependencies": {
+    "benchmark": "^2.1.4",
+    "eslint": "^5.10.0",
+    "gulp": "^3.9.1",
+    "gulp-benchmark": "^1.1.1",
+    "gulp-eslint": "^5.0.0",
+    "gulp-header": "^2.0.5",
+    "gulp-mocha": "^6.0.0",
+    "gulp-rename": "^1.4.0",
+    "gulp-sourcemaps": "^2.6.4",
+    "gulp-uglify": "^3.0.1",
+    "mocha": "^5.2.0"
+  },
+  "overrides": {
+    "graceful-fs": "^4.2.11"
+  }
+}
diff --git a/deps/npm/node_modules/ip-address/node_modules/sprintf-js/src/angular-sprintf.js b/deps/npm/node_modules/ip-address/node_modules/sprintf-js/src/angular-sprintf.js
new file mode 100644
index 00000000000000..dbfdd65ab25083
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/node_modules/sprintf-js/src/angular-sprintf.js
@@ -0,0 +1,24 @@
+/* global angular, sprintf, vsprintf */
+
+!function() {
+    'use strict'
+
+    angular.
+        module('sprintf', []).
+        filter('sprintf', function() {
+            return function() {
+                return sprintf.apply(null, arguments)
+            }
+        }).
+        filter('fmt', ['$filter', function($filter) {
+            return $filter('sprintf')
+        }]).
+        filter('vsprintf', function() {
+            return function(format, argv) {
+                return vsprintf(format, argv)
+            }
+        }).
+        filter('vfmt', ['$filter', function($filter) {
+            return $filter('vsprintf')
+        }])
+}(); // eslint-disable-line
diff --git a/deps/npm/node_modules/ip-address/node_modules/sprintf-js/src/sprintf.js b/deps/npm/node_modules/ip-address/node_modules/sprintf-js/src/sprintf.js
new file mode 100644
index 00000000000000..65d6324645ef1d
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/node_modules/sprintf-js/src/sprintf.js
@@ -0,0 +1,231 @@
+/* global window, exports, define */
+
+!function() {
+    'use strict'
+
+    var re = {
+        not_string: /[^s]/,
+        not_bool: /[^t]/,
+        not_type: /[^T]/,
+        not_primitive: /[^v]/,
+        number: /[diefg]/,
+        numeric_arg: /[bcdiefguxX]/,
+        json: /[j]/,
+        not_json: /[^j]/,
+        text: /^[^\x25]+/,
+        modulo: /^\x25{2}/,
+        placeholder: /^\x25(?:([1-9]\d*)\$|\(([^)]+)\))?(\+)?(0|'[^$])?(-)?(\d+)?(?:\.(\d+))?([b-gijostTuvxX])/,
+        key: /^([a-z_][a-z_\d]*)/i,
+        key_access: /^\.([a-z_][a-z_\d]*)/i,
+        index_access: /^\[(\d+)\]/,
+        sign: /^[+-]/
+    }
+
+    function sprintf(key) {
+        // `arguments` is not an array, but should be fine for this call
+        return sprintf_format(sprintf_parse(key), arguments)
+    }
+
+    function vsprintf(fmt, argv) {
+        return sprintf.apply(null, [fmt].concat(argv || []))
+    }
+
+    function sprintf_format(parse_tree, argv) {
+        var cursor = 1, tree_length = parse_tree.length, arg, output = '', i, k, ph, pad, pad_character, pad_length, is_positive, sign
+        for (i = 0; i < tree_length; i++) {
+            if (typeof parse_tree[i] === 'string') {
+                output += parse_tree[i]
+            }
+            else if (typeof parse_tree[i] === 'object') {
+                ph = parse_tree[i] // convenience purposes only
+                if (ph.keys) { // keyword argument
+                    arg = argv[cursor]
+                    for (k = 0; k < ph.keys.length; k++) {
+                        if (arg == undefined) {
+                            throw new Error(sprintf('[sprintf] Cannot access property "%s" of undefined value "%s"', ph.keys[k], ph.keys[k-1]))
+                        }
+                        arg = arg[ph.keys[k]]
+                    }
+                }
+                else if (ph.param_no) { // positional argument (explicit)
+                    arg = argv[ph.param_no]
+                }
+                else { // positional argument (implicit)
+                    arg = argv[cursor++]
+                }
+
+                if (re.not_type.test(ph.type) && re.not_primitive.test(ph.type) && arg instanceof Function) {
+                    arg = arg()
+                }
+
+                if (re.numeric_arg.test(ph.type) && (typeof arg !== 'number' && isNaN(arg))) {
+                    throw new TypeError(sprintf('[sprintf] expecting number but found %T', arg))
+                }
+
+                if (re.number.test(ph.type)) {
+                    is_positive = arg >= 0
+                }
+
+                switch (ph.type) {
+                    case 'b':
+                        arg = parseInt(arg, 10).toString(2)
+                        break
+                    case 'c':
+                        arg = String.fromCharCode(parseInt(arg, 10))
+                        break
+                    case 'd':
+                    case 'i':
+                        arg = parseInt(arg, 10)
+                        break
+                    case 'j':
+                        arg = JSON.stringify(arg, null, ph.width ? parseInt(ph.width) : 0)
+                        break
+                    case 'e':
+                        arg = ph.precision ? parseFloat(arg).toExponential(ph.precision) : parseFloat(arg).toExponential()
+                        break
+                    case 'f':
+                        arg = ph.precision ? parseFloat(arg).toFixed(ph.precision) : parseFloat(arg)
+                        break
+                    case 'g':
+                        arg = ph.precision ? String(Number(arg.toPrecision(ph.precision))) : parseFloat(arg)
+                        break
+                    case 'o':
+                        arg = (parseInt(arg, 10) >>> 0).toString(8)
+                        break
+                    case 's':
+                        arg = String(arg)
+                        arg = (ph.precision ? arg.substring(0, ph.precision) : arg)
+                        break
+                    case 't':
+                        arg = String(!!arg)
+                        arg = (ph.precision ? arg.substring(0, ph.precision) : arg)
+                        break
+                    case 'T':
+                        arg = Object.prototype.toString.call(arg).slice(8, -1).toLowerCase()
+                        arg = (ph.precision ? arg.substring(0, ph.precision) : arg)
+                        break
+                    case 'u':
+                        arg = parseInt(arg, 10) >>> 0
+                        break
+                    case 'v':
+                        arg = arg.valueOf()
+                        arg = (ph.precision ? arg.substring(0, ph.precision) : arg)
+                        break
+                    case 'x':
+                        arg = (parseInt(arg, 10) >>> 0).toString(16)
+                        break
+                    case 'X':
+                        arg = (parseInt(arg, 10) >>> 0).toString(16).toUpperCase()
+                        break
+                }
+                if (re.json.test(ph.type)) {
+                    output += arg
+                }
+                else {
+                    if (re.number.test(ph.type) && (!is_positive || ph.sign)) {
+                        sign = is_positive ? '+' : '-'
+                        arg = arg.toString().replace(re.sign, '')
+                    }
+                    else {
+                        sign = ''
+                    }
+                    pad_character = ph.pad_char ? ph.pad_char === '0' ? '0' : ph.pad_char.charAt(1) : ' '
+                    pad_length = ph.width - (sign + arg).length
+                    pad = ph.width ? (pad_length > 0 ? pad_character.repeat(pad_length) : '') : ''
+                    output += ph.align ? sign + arg + pad : (pad_character === '0' ? sign + pad + arg : pad + sign + arg)
+                }
+            }
+        }
+        return output
+    }
+
+    var sprintf_cache = Object.create(null)
+
+    function sprintf_parse(fmt) {
+        if (sprintf_cache[fmt]) {
+            return sprintf_cache[fmt]
+        }
+
+        var _fmt = fmt, match, parse_tree = [], arg_names = 0
+        while (_fmt) {
+            if ((match = re.text.exec(_fmt)) !== null) {
+                parse_tree.push(match[0])
+            }
+            else if ((match = re.modulo.exec(_fmt)) !== null) {
+                parse_tree.push('%')
+            }
+            else if ((match = re.placeholder.exec(_fmt)) !== null) {
+                if (match[2]) {
+                    arg_names |= 1
+                    var field_list = [], replacement_field = match[2], field_match = []
+                    if ((field_match = re.key.exec(replacement_field)) !== null) {
+                        field_list.push(field_match[1])
+                        while ((replacement_field = replacement_field.substring(field_match[0].length)) !== '') {
+                            if ((field_match = re.key_access.exec(replacement_field)) !== null) {
+                                field_list.push(field_match[1])
+                            }
+                            else if ((field_match = re.index_access.exec(replacement_field)) !== null) {
+                                field_list.push(field_match[1])
+                            }
+                            else {
+                                throw new SyntaxError('[sprintf] failed to parse named argument key')
+                            }
+                        }
+                    }
+                    else {
+                        throw new SyntaxError('[sprintf] failed to parse named argument key')
+                    }
+                    match[2] = field_list
+                }
+                else {
+                    arg_names |= 2
+                }
+                if (arg_names === 3) {
+                    throw new Error('[sprintf] mixing positional and named placeholders is not (yet) supported')
+                }
+
+                parse_tree.push(
+                    {
+                        placeholder: match[0],
+                        param_no:    match[1],
+                        keys:        match[2],
+                        sign:        match[3],
+                        pad_char:    match[4],
+                        align:       match[5],
+                        width:       match[6],
+                        precision:   match[7],
+                        type:        match[8]
+                    }
+                )
+            }
+            else {
+                throw new SyntaxError('[sprintf] unexpected placeholder')
+            }
+            _fmt = _fmt.substring(match[0].length)
+        }
+        return sprintf_cache[fmt] = parse_tree
+    }
+
+    /**
+     * export to either browser or node.js
+     */
+    /* eslint-disable quote-props */
+    if (typeof exports !== 'undefined') {
+        exports['sprintf'] = sprintf
+        exports['vsprintf'] = vsprintf
+    }
+    if (typeof window !== 'undefined') {
+        window['sprintf'] = sprintf
+        window['vsprintf'] = vsprintf
+
+        if (typeof define === 'function' && define['amd']) {
+            define(function() {
+                return {
+                    'sprintf': sprintf,
+                    'vsprintf': vsprintf
+                }
+            })
+        }
+    }
+    /* eslint-enable quote-props */
+}(); // eslint-disable-line
diff --git a/deps/npm/node_modules/ip-address/package.json b/deps/npm/node_modules/ip-address/package.json
new file mode 100644
index 00000000000000..0543fc41a13061
--- /dev/null
+++ b/deps/npm/node_modules/ip-address/package.json
@@ -0,0 +1,87 @@
+{
+  "name": "ip-address",
+  "description": "A library for parsing IPv4 and IPv6 IP addresses in node and the browser.",
+  "keywords": [
+    "ipv6",
+    "ipv4",
+    "browser",
+    "validation"
+  ],
+  "version": "9.0.5",
+  "author": "Beau Gunderson  (https://beaugunderson.com/)",
+  "license": "MIT",
+  "main": "dist/ip-address.js",
+  "types": "dist/ip-address.d.ts",
+  "scripts": {
+    "docs": "documentation build --github --output docs --format html ./ip-address.js",
+    "build": "rm -rf dist; mkdir dist; tsc",
+    "prepack": "npm run build",
+    "release": "release-it",
+    "test-ci": "nyc mocha",
+    "test": "mocha",
+    "watch": "mocha --watch"
+  },
+  "nyc": {
+    "extension": [
+      ".ts"
+    ],
+    "exclude": [
+      "**/*.d.ts",
+      ".eslintrc.js",
+      "coverage/",
+      "dist/",
+      "test/",
+      "tmp/"
+    ],
+    "reporter": [
+      "html",
+      "lcov",
+      "text"
+    ],
+    "all": true
+  },
+  "engines": {
+    "node": ">= 12"
+  },
+  "files": [
+    "src",
+    "dist"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/beaugunderson/ip-address.git"
+  },
+  "dependencies": {
+    "jsbn": "1.1.0",
+    "sprintf-js": "^1.1.3"
+  },
+  "devDependencies": {
+    "@types/chai": "^4.2.18",
+    "@types/jsbn": "^1.2.31",
+    "@types/mocha": "^10.0.1",
+    "@types/sprintf-js": "^1.1.2",
+    "@typescript-eslint/eslint-plugin": "^6.7.2",
+    "@typescript-eslint/parser": "^6.7.2",
+    "browserify": "^17.0.0",
+    "chai": "^4.3.4",
+    "codecov": "^3.8.2",
+    "documentation": "^14.0.2",
+    "eslint": "^8.50.0",
+    "eslint-config-airbnb": "^19.0.4",
+    "eslint-config-prettier": "^9.0.0",
+    "eslint-plugin-filenames": "^1.3.2",
+    "eslint-plugin-import": "^2.23.4",
+    "eslint-plugin-jsx-a11y": "^6.4.1",
+    "eslint-plugin-prettier": "^5.0.0",
+    "eslint-plugin-react": "^7.24.0",
+    "eslint-plugin-react-hooks": "^4.2.0",
+    "eslint-plugin-sort-imports-es6-autofix": "^0.6.0",
+    "mocha": "^10.2.0",
+    "nyc": "^15.1.0",
+    "prettier": "^3.0.3",
+    "release-it": "^16.2.0",
+    "source-map-support": "^0.5.19",
+    "ts-node": "^10.0.0",
+    "typescript": "^5.2.2"
+  }
+}
diff --git a/deps/npm/node_modules/ip/lib/ip.js b/deps/npm/node_modules/ip/lib/ip.js
deleted file mode 100644
index 4b2adb5addd96b..00000000000000
--- a/deps/npm/node_modules/ip/lib/ip.js
+++ /dev/null
@@ -1,422 +0,0 @@
-const ip = exports;
-const { Buffer } = require('buffer');
-const os = require('os');
-
-ip.toBuffer = function (ip, buff, offset) {
-  offset = ~~offset;
-
-  let result;
-
-  if (this.isV4Format(ip)) {
-    result = buff || Buffer.alloc(offset + 4);
-    ip.split(/\./g).map((byte) => {
-      result[offset++] = parseInt(byte, 10) & 0xff;
-    });
-  } else if (this.isV6Format(ip)) {
-    const sections = ip.split(':', 8);
-
-    let i;
-    for (i = 0; i < sections.length; i++) {
-      const isv4 = this.isV4Format(sections[i]);
-      let v4Buffer;
-
-      if (isv4) {
-        v4Buffer = this.toBuffer(sections[i]);
-        sections[i] = v4Buffer.slice(0, 2).toString('hex');
-      }
-
-      if (v4Buffer && ++i < 8) {
-        sections.splice(i, 0, v4Buffer.slice(2, 4).toString('hex'));
-      }
-    }
-
-    if (sections[0] === '') {
-      while (sections.length < 8) sections.unshift('0');
-    } else if (sections[sections.length - 1] === '') {
-      while (sections.length < 8) sections.push('0');
-    } else if (sections.length < 8) {
-      for (i = 0; i < sections.length && sections[i] !== ''; i++);
-      const argv = [i, 1];
-      for (i = 9 - sections.length; i > 0; i--) {
-        argv.push('0');
-      }
-      sections.splice(...argv);
-    }
-
-    result = buff || Buffer.alloc(offset + 16);
-    for (i = 0; i < sections.length; i++) {
-      const word = parseInt(sections[i], 16);
-      result[offset++] = (word >> 8) & 0xff;
-      result[offset++] = word & 0xff;
-    }
-  }
-
-  if (!result) {
-    throw Error(`Invalid ip address: ${ip}`);
-  }
-
-  return result;
-};
-
-ip.toString = function (buff, offset, length) {
-  offset = ~~offset;
-  length = length || (buff.length - offset);
-
-  let result = [];
-  if (length === 4) {
-    // IPv4
-    for (let i = 0; i < length; i++) {
-      result.push(buff[offset + i]);
-    }
-    result = result.join('.');
-  } else if (length === 16) {
-    // IPv6
-    for (let i = 0; i < length; i += 2) {
-      result.push(buff.readUInt16BE(offset + i).toString(16));
-    }
-    result = result.join(':');
-    result = result.replace(/(^|:)0(:0)*:0(:|$)/, '$1::$3');
-    result = result.replace(/:{3,4}/, '::');
-  }
-
-  return result;
-};
-
-const ipv4Regex = /^(\d{1,3}\.){3,3}\d{1,3}$/;
-const ipv6Regex = /^(::)?(((\d{1,3}\.){3}(\d{1,3}){1})?([0-9a-f]){0,4}:{0,2}){1,8}(::)?$/i;
-
-ip.isV4Format = function (ip) {
-  return ipv4Regex.test(ip);
-};
-
-ip.isV6Format = function (ip) {
-  return ipv6Regex.test(ip);
-};
-
-function _normalizeFamily(family) {
-  if (family === 4) {
-    return 'ipv4';
-  }
-  if (family === 6) {
-    return 'ipv6';
-  }
-  return family ? family.toLowerCase() : 'ipv4';
-}
-
-ip.fromPrefixLen = function (prefixlen, family) {
-  if (prefixlen > 32) {
-    family = 'ipv6';
-  } else {
-    family = _normalizeFamily(family);
-  }
-
-  let len = 4;
-  if (family === 'ipv6') {
-    len = 16;
-  }
-  const buff = Buffer.alloc(len);
-
-  for (let i = 0, n = buff.length; i < n; ++i) {
-    let bits = 8;
-    if (prefixlen < 8) {
-      bits = prefixlen;
-    }
-    prefixlen -= bits;
-
-    buff[i] = ~(0xff >> bits) & 0xff;
-  }
-
-  return ip.toString(buff);
-};
-
-ip.mask = function (addr, mask) {
-  addr = ip.toBuffer(addr);
-  mask = ip.toBuffer(mask);
-
-  const result = Buffer.alloc(Math.max(addr.length, mask.length));
-
-  // Same protocol - do bitwise and
-  let i;
-  if (addr.length === mask.length) {
-    for (i = 0; i < addr.length; i++) {
-      result[i] = addr[i] & mask[i];
-    }
-  } else if (mask.length === 4) {
-    // IPv6 address and IPv4 mask
-    // (Mask low bits)
-    for (i = 0; i < mask.length; i++) {
-      result[i] = addr[addr.length - 4 + i] & mask[i];
-    }
-  } else {
-    // IPv6 mask and IPv4 addr
-    for (i = 0; i < result.length - 6; i++) {
-      result[i] = 0;
-    }
-
-    // ::ffff:ipv4
-    result[10] = 0xff;
-    result[11] = 0xff;
-    for (i = 0; i < addr.length; i++) {
-      result[i + 12] = addr[i] & mask[i + 12];
-    }
-    i += 12;
-  }
-  for (; i < result.length; i++) {
-    result[i] = 0;
-  }
-
-  return ip.toString(result);
-};
-
-ip.cidr = function (cidrString) {
-  const cidrParts = cidrString.split('/');
-
-  const addr = cidrParts[0];
-  if (cidrParts.length !== 2) {
-    throw new Error(`invalid CIDR subnet: ${addr}`);
-  }
-
-  const mask = ip.fromPrefixLen(parseInt(cidrParts[1], 10));
-
-  return ip.mask(addr, mask);
-};
-
-ip.subnet = function (addr, mask) {
-  const networkAddress = ip.toLong(ip.mask(addr, mask));
-
-  // Calculate the mask's length.
-  const maskBuffer = ip.toBuffer(mask);
-  let maskLength = 0;
-
-  for (let i = 0; i < maskBuffer.length; i++) {
-    if (maskBuffer[i] === 0xff) {
-      maskLength += 8;
-    } else {
-      let octet = maskBuffer[i] & 0xff;
-      while (octet) {
-        octet = (octet << 1) & 0xff;
-        maskLength++;
-      }
-    }
-  }
-
-  const numberOfAddresses = 2 ** (32 - maskLength);
-
-  return {
-    networkAddress: ip.fromLong(networkAddress),
-    firstAddress: numberOfAddresses <= 2
-      ? ip.fromLong(networkAddress)
-      : ip.fromLong(networkAddress + 1),
-    lastAddress: numberOfAddresses <= 2
-      ? ip.fromLong(networkAddress + numberOfAddresses - 1)
-      : ip.fromLong(networkAddress + numberOfAddresses - 2),
-    broadcastAddress: ip.fromLong(networkAddress + numberOfAddresses - 1),
-    subnetMask: mask,
-    subnetMaskLength: maskLength,
-    numHosts: numberOfAddresses <= 2
-      ? numberOfAddresses : numberOfAddresses - 2,
-    length: numberOfAddresses,
-    contains(other) {
-      return networkAddress === ip.toLong(ip.mask(other, mask));
-    },
-  };
-};
-
-ip.cidrSubnet = function (cidrString) {
-  const cidrParts = cidrString.split('/');
-
-  const addr = cidrParts[0];
-  if (cidrParts.length !== 2) {
-    throw new Error(`invalid CIDR subnet: ${addr}`);
-  }
-
-  const mask = ip.fromPrefixLen(parseInt(cidrParts[1], 10));
-
-  return ip.subnet(addr, mask);
-};
-
-ip.not = function (addr) {
-  const buff = ip.toBuffer(addr);
-  for (let i = 0; i < buff.length; i++) {
-    buff[i] = 0xff ^ buff[i];
-  }
-  return ip.toString(buff);
-};
-
-ip.or = function (a, b) {
-  a = ip.toBuffer(a);
-  b = ip.toBuffer(b);
-
-  // same protocol
-  if (a.length === b.length) {
-    for (let i = 0; i < a.length; ++i) {
-      a[i] |= b[i];
-    }
-    return ip.toString(a);
-
-  // mixed protocols
-  }
-  let buff = a;
-  let other = b;
-  if (b.length > a.length) {
-    buff = b;
-    other = a;
-  }
-
-  const offset = buff.length - other.length;
-  for (let i = offset; i < buff.length; ++i) {
-    buff[i] |= other[i - offset];
-  }
-
-  return ip.toString(buff);
-};
-
-ip.isEqual = function (a, b) {
-  a = ip.toBuffer(a);
-  b = ip.toBuffer(b);
-
-  // Same protocol
-  if (a.length === b.length) {
-    for (let i = 0; i < a.length; i++) {
-      if (a[i] !== b[i]) return false;
-    }
-    return true;
-  }
-
-  // Swap
-  if (b.length === 4) {
-    const t = b;
-    b = a;
-    a = t;
-  }
-
-  // a - IPv4, b - IPv6
-  for (let i = 0; i < 10; i++) {
-    if (b[i] !== 0) return false;
-  }
-
-  const word = b.readUInt16BE(10);
-  if (word !== 0 && word !== 0xffff) return false;
-
-  for (let i = 0; i < 4; i++) {
-    if (a[i] !== b[i + 12]) return false;
-  }
-
-  return true;
-};
-
-ip.isPrivate = function (addr) {
-  return /^(::f{4}:)?10\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/i
-    .test(addr)
-    || /^(::f{4}:)?192\.168\.([0-9]{1,3})\.([0-9]{1,3})$/i.test(addr)
-    || /^(::f{4}:)?172\.(1[6-9]|2\d|30|31)\.([0-9]{1,3})\.([0-9]{1,3})$/i
-      .test(addr)
-    || /^(::f{4}:)?127\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/i.test(addr)
-    || /^(::f{4}:)?169\.254\.([0-9]{1,3})\.([0-9]{1,3})$/i.test(addr)
-    || /^f[cd][0-9a-f]{2}:/i.test(addr)
-    || /^fe80:/i.test(addr)
-    || /^::1$/.test(addr)
-    || /^::$/.test(addr);
-};
-
-ip.isPublic = function (addr) {
-  return !ip.isPrivate(addr);
-};
-
-ip.isLoopback = function (addr) {
-  return /^(::f{4}:)?127\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/
-    .test(addr)
-    || /^fe80::1$/.test(addr)
-    || /^::1$/.test(addr)
-    || /^::$/.test(addr);
-};
-
-ip.loopback = function (family) {
-  //
-  // Default to `ipv4`
-  //
-  family = _normalizeFamily(family);
-
-  if (family !== 'ipv4' && family !== 'ipv6') {
-    throw new Error('family must be ipv4 or ipv6');
-  }
-
-  return family === 'ipv4' ? '127.0.0.1' : 'fe80::1';
-};
-
-//
-// ### function address (name, family)
-// #### @name {string|'public'|'private'} **Optional** Name or security
-//      of the network interface.
-// #### @family {ipv4|ipv6} **Optional** IP family of the address (defaults
-//      to ipv4).
-//
-// Returns the address for the network interface on the current system with
-// the specified `name`:
-//   * String: First `family` address of the interface.
-//             If not found see `undefined`.
-//   * 'public': the first public ip address of family.
-//   * 'private': the first private ip address of family.
-//   * undefined: First address with `ipv4` or loopback address `127.0.0.1`.
-//
-ip.address = function (name, family) {
-  const interfaces = os.networkInterfaces();
-
-  //
-  // Default to `ipv4`
-  //
-  family = _normalizeFamily(family);
-
-  //
-  // If a specific network interface has been named,
-  // return the address.
-  //
-  if (name && name !== 'private' && name !== 'public') {
-    const res = interfaces[name].filter((details) => {
-      const itemFamily = _normalizeFamily(details.family);
-      return itemFamily === family;
-    });
-    if (res.length === 0) {
-      return undefined;
-    }
-    return res[0].address;
-  }
-
-  const all = Object.keys(interfaces).map((nic) => {
-    //
-    // Note: name will only be `public` or `private`
-    // when this is called.
-    //
-    const addresses = interfaces[nic].filter((details) => {
-      details.family = _normalizeFamily(details.family);
-      if (details.family !== family || ip.isLoopback(details.address)) {
-        return false;
-      } if (!name) {
-        return true;
-      }
-
-      return name === 'public' ? ip.isPrivate(details.address)
-        : ip.isPublic(details.address);
-    });
-
-    return addresses.length ? addresses[0].address : undefined;
-  }).filter(Boolean);
-
-  return !all.length ? ip.loopback(family) : all[0];
-};
-
-ip.toLong = function (ip) {
-  let ipl = 0;
-  ip.split('.').forEach((octet) => {
-    ipl <<= 8;
-    ipl += parseInt(octet);
-  });
-  return (ipl >>> 0);
-};
-
-ip.fromLong = function (ipl) {
-  return (`${ipl >>> 24}.${
-    ipl >> 16 & 255}.${
-    ipl >> 8 & 255}.${
-    ipl & 255}`);
-};
diff --git a/deps/npm/node_modules/ip/package.json b/deps/npm/node_modules/ip/package.json
deleted file mode 100644
index f0d95e9b789a6d..00000000000000
--- a/deps/npm/node_modules/ip/package.json
+++ /dev/null
@@ -1,25 +0,0 @@
-{
-  "name": "ip",
-  "version": "2.0.0",
-  "author": "Fedor Indutny ",
-  "homepage": "https://github.com/indutny/node-ip",
-  "repository": {
-    "type": "git",
-    "url": "http://github.com/indutny/node-ip.git"
-  },
-  "files": [
-    "lib",
-    "README.md"
-  ],
-  "main": "lib/ip",
-  "devDependencies": {
-    "eslint": "^8.15.0",
-    "mocha": "^10.0.0"
-  },
-  "scripts": {
-    "lint": "eslint lib/*.js test/*.js",
-    "test": "npm run lint && mocha --reporter spec test/*-test.js",
-    "fix": "npm run lint -- --fix"
-  },
-  "license": "MIT"
-}
diff --git a/deps/npm/node_modules/jsbn/LICENSE b/deps/npm/node_modules/jsbn/LICENSE
new file mode 100644
index 00000000000000..c769b38beabae1
--- /dev/null
+++ b/deps/npm/node_modules/jsbn/LICENSE
@@ -0,0 +1,40 @@
+Licensing
+---------
+
+This software is covered under the following copyright:
+
+/*
+ * Copyright (c) 2003-2005  Tom Wu
+ * All Rights Reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
+ * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
+ * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
+ * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
+ * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
+ * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * In addition, the following condition applies:
+ *
+ * All redistributions must retain an intact copy of this copyright notice
+ * and disclaimer.
+ */
+
+Address all questions regarding this license to:
+
+  Tom Wu
+  tjw@cs.Stanford.EDU
diff --git a/deps/npm/node_modules/jsbn/example.html b/deps/npm/node_modules/jsbn/example.html
new file mode 100644
index 00000000000000..1c0489b1376352
--- /dev/null
+++ b/deps/npm/node_modules/jsbn/example.html
@@ -0,0 +1,11 @@
+
+
+    
+        
+        
+    
+    
+      
+      
+    
+
diff --git a/deps/npm/node_modules/jsbn/example.js b/deps/npm/node_modules/jsbn/example.js
new file mode 100644
index 00000000000000..85979909d7b1d8
--- /dev/null
+++ b/deps/npm/node_modules/jsbn/example.js
@@ -0,0 +1,5 @@
+(function () {
+  var BigInteger = jsbn.BigInteger;
+  var a = new BigInteger('91823918239182398123');
+  console.log(a.bitLength());
+}());
diff --git a/deps/npm/node_modules/jsbn/index.js b/deps/npm/node_modules/jsbn/index.js
new file mode 100644
index 00000000000000..e9eb697b07a891
--- /dev/null
+++ b/deps/npm/node_modules/jsbn/index.js
@@ -0,0 +1,1361 @@
+(function(){
+
+    // Copyright (c) 2005  Tom Wu
+    // All Rights Reserved.
+    // See "LICENSE" for details.
+
+    // Basic JavaScript BN library - subset useful for RSA encryption.
+
+    // Bits per digit
+    var dbits;
+
+    // JavaScript engine analysis
+    var canary = 0xdeadbeefcafe;
+    var j_lm = ((canary&0xffffff)==0xefcafe);
+
+    // (public) Constructor
+    function BigInteger(a,b,c) {
+      if(a != null)
+        if("number" == typeof a) this.fromNumber(a,b,c);
+        else if(b == null && "string" != typeof a) this.fromString(a,256);
+        else this.fromString(a,b);
+    }
+
+    // return new, unset BigInteger
+    function nbi() { return new BigInteger(null); }
+
+    // am: Compute w_j += (x*this_i), propagate carries,
+    // c is initial carry, returns final carry.
+    // c < 3*dvalue, x < 2*dvalue, this_i < dvalue
+    // We need to select the fastest one that works in this environment.
+
+    // am1: use a single mult and divide to get the high bits,
+    // max digit bits should be 26 because
+    // max internal value = 2*dvalue^2-2*dvalue (< 2^53)
+    function am1(i,x,w,j,c,n) {
+      while(--n >= 0) {
+        var v = x*this[i++]+w[j]+c;
+        c = Math.floor(v/0x4000000);
+        w[j++] = v&0x3ffffff;
+      }
+      return c;
+    }
+    // am2 avoids a big mult-and-extract completely.
+    // Max digit bits should be <= 30 because we do bitwise ops
+    // on values up to 2*hdvalue^2-hdvalue-1 (< 2^31)
+    function am2(i,x,w,j,c,n) {
+      var xl = x&0x7fff, xh = x>>15;
+      while(--n >= 0) {
+        var l = this[i]&0x7fff;
+        var h = this[i++]>>15;
+        var m = xh*l+h*xl;
+        l = xl*l+((m&0x7fff)<<15)+w[j]+(c&0x3fffffff);
+        c = (l>>>30)+(m>>>15)+xh*h+(c>>>30);
+        w[j++] = l&0x3fffffff;
+      }
+      return c;
+    }
+    // Alternately, set max digit bits to 28 since some
+    // browsers slow down when dealing with 32-bit numbers.
+    function am3(i,x,w,j,c,n) {
+      var xl = x&0x3fff, xh = x>>14;
+      while(--n >= 0) {
+        var l = this[i]&0x3fff;
+        var h = this[i++]>>14;
+        var m = xh*l+h*xl;
+        l = xl*l+((m&0x3fff)<<14)+w[j]+c;
+        c = (l>>28)+(m>>14)+xh*h;
+        w[j++] = l&0xfffffff;
+      }
+      return c;
+    }
+    var inBrowser = typeof navigator !== "undefined";
+    if(inBrowser && j_lm && (navigator.appName == "Microsoft Internet Explorer")) {
+      BigInteger.prototype.am = am2;
+      dbits = 30;
+    }
+    else if(inBrowser && j_lm && (navigator.appName != "Netscape")) {
+      BigInteger.prototype.am = am1;
+      dbits = 26;
+    }
+    else { // Mozilla/Netscape seems to prefer am3
+      BigInteger.prototype.am = am3;
+      dbits = 28;
+    }
+
+    BigInteger.prototype.DB = dbits;
+    BigInteger.prototype.DM = ((1<= 0; --i) r[i] = this[i];
+      r.t = this.t;
+      r.s = this.s;
+    }
+
+    // (protected) set from integer value x, -DV <= x < DV
+    function bnpFromInt(x) {
+      this.t = 1;
+      this.s = (x<0)?-1:0;
+      if(x > 0) this[0] = x;
+      else if(x < -1) this[0] = x+this.DV;
+      else this.t = 0;
+    }
+
+    // return bigint initialized to value
+    function nbv(i) { var r = nbi(); r.fromInt(i); return r; }
+
+    // (protected) set from string and radix
+    function bnpFromString(s,b) {
+      var k;
+      if(b == 16) k = 4;
+      else if(b == 8) k = 3;
+      else if(b == 256) k = 8; // byte array
+      else if(b == 2) k = 1;
+      else if(b == 32) k = 5;
+      else if(b == 4) k = 2;
+      else { this.fromRadix(s,b); return; }
+      this.t = 0;
+      this.s = 0;
+      var i = s.length, mi = false, sh = 0;
+      while(--i >= 0) {
+        var x = (k==8)?s[i]&0xff:intAt(s,i);
+        if(x < 0) {
+          if(s.charAt(i) == "-") mi = true;
+          continue;
+        }
+        mi = false;
+        if(sh == 0)
+          this[this.t++] = x;
+        else if(sh+k > this.DB) {
+          this[this.t-1] |= (x&((1<<(this.DB-sh))-1))<>(this.DB-sh));
+        }
+        else
+          this[this.t-1] |= x<= this.DB) sh -= this.DB;
+      }
+      if(k == 8 && (s[0]&0x80) != 0) {
+        this.s = -1;
+        if(sh > 0) this[this.t-1] |= ((1<<(this.DB-sh))-1)< 0 && this[this.t-1] == c) --this.t;
+    }
+
+    // (public) return string representation in given radix
+    function bnToString(b) {
+      if(this.s < 0) return "-"+this.negate().toString(b);
+      var k;
+      if(b == 16) k = 4;
+      else if(b == 8) k = 3;
+      else if(b == 2) k = 1;
+      else if(b == 32) k = 5;
+      else if(b == 4) k = 2;
+      else return this.toRadix(b);
+      var km = (1< 0) {
+        if(p < this.DB && (d = this[i]>>p) > 0) { m = true; r = int2char(d); }
+        while(i >= 0) {
+          if(p < k) {
+            d = (this[i]&((1<>(p+=this.DB-k);
+          }
+          else {
+            d = (this[i]>>(p-=k))&km;
+            if(p <= 0) { p += this.DB; --i; }
+          }
+          if(d > 0) m = true;
+          if(m) r += int2char(d);
+        }
+      }
+      return m?r:"0";
+    }
+
+    // (public) -this
+    function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; }
+
+    // (public) |this|
+    function bnAbs() { return (this.s<0)?this.negate():this; }
+
+    // (public) return + if this > a, - if this < a, 0 if equal
+    function bnCompareTo(a) {
+      var r = this.s-a.s;
+      if(r != 0) return r;
+      var i = this.t;
+      r = i-a.t;
+      if(r != 0) return (this.s<0)?-r:r;
+      while(--i >= 0) if((r=this[i]-a[i]) != 0) return r;
+      return 0;
+    }
+
+    // returns bit length of the integer x
+    function nbits(x) {
+      var r = 1, t;
+      if((t=x>>>16) != 0) { x = t; r += 16; }
+      if((t=x>>8) != 0) { x = t; r += 8; }
+      if((t=x>>4) != 0) { x = t; r += 4; }
+      if((t=x>>2) != 0) { x = t; r += 2; }
+      if((t=x>>1) != 0) { x = t; r += 1; }
+      return r;
+    }
+
+    // (public) return the number of bits in "this"
+    function bnBitLength() {
+      if(this.t <= 0) return 0;
+      return this.DB*(this.t-1)+nbits(this[this.t-1]^(this.s&this.DM));
+    }
+
+    // (protected) r = this << n*DB
+    function bnpDLShiftTo(n,r) {
+      var i;
+      for(i = this.t-1; i >= 0; --i) r[i+n] = this[i];
+      for(i = n-1; i >= 0; --i) r[i] = 0;
+      r.t = this.t+n;
+      r.s = this.s;
+    }
+
+    // (protected) r = this >> n*DB
+    function bnpDRShiftTo(n,r) {
+      for(var i = n; i < this.t; ++i) r[i-n] = this[i];
+      r.t = Math.max(this.t-n,0);
+      r.s = this.s;
+    }
+
+    // (protected) r = this << n
+    function bnpLShiftTo(n,r) {
+      var bs = n%this.DB;
+      var cbs = this.DB-bs;
+      var bm = (1<= 0; --i) {
+        r[i+ds+1] = (this[i]>>cbs)|c;
+        c = (this[i]&bm)<= 0; --i) r[i] = 0;
+      r[ds] = c;
+      r.t = this.t+ds+1;
+      r.s = this.s;
+      r.clamp();
+    }
+
+    // (protected) r = this >> n
+    function bnpRShiftTo(n,r) {
+      r.s = this.s;
+      var ds = Math.floor(n/this.DB);
+      if(ds >= this.t) { r.t = 0; return; }
+      var bs = n%this.DB;
+      var cbs = this.DB-bs;
+      var bm = (1<>bs;
+      for(var i = ds+1; i < this.t; ++i) {
+        r[i-ds-1] |= (this[i]&bm)<>bs;
+      }
+      if(bs > 0) r[this.t-ds-1] |= (this.s&bm)<>= this.DB;
+      }
+      if(a.t < this.t) {
+        c -= a.s;
+        while(i < this.t) {
+          c += this[i];
+          r[i++] = c&this.DM;
+          c >>= this.DB;
+        }
+        c += this.s;
+      }
+      else {
+        c += this.s;
+        while(i < a.t) {
+          c -= a[i];
+          r[i++] = c&this.DM;
+          c >>= this.DB;
+        }
+        c -= a.s;
+      }
+      r.s = (c<0)?-1:0;
+      if(c < -1) r[i++] = this.DV+c;
+      else if(c > 0) r[i++] = c;
+      r.t = i;
+      r.clamp();
+    }
+
+    // (protected) r = this * a, r != this,a (HAC 14.12)
+    // "this" should be the larger one if appropriate.
+    function bnpMultiplyTo(a,r) {
+      var x = this.abs(), y = a.abs();
+      var i = x.t;
+      r.t = i+y.t;
+      while(--i >= 0) r[i] = 0;
+      for(i = 0; i < y.t; ++i) r[i+x.t] = x.am(0,y[i],r,i,0,x.t);
+      r.s = 0;
+      r.clamp();
+      if(this.s != a.s) BigInteger.ZERO.subTo(r,r);
+    }
+
+    // (protected) r = this^2, r != this (HAC 14.16)
+    function bnpSquareTo(r) {
+      var x = this.abs();
+      var i = r.t = 2*x.t;
+      while(--i >= 0) r[i] = 0;
+      for(i = 0; i < x.t-1; ++i) {
+        var c = x.am(i,x[i],r,2*i,0,1);
+        if((r[i+x.t]+=x.am(i+1,2*x[i],r,2*i+1,c,x.t-i-1)) >= x.DV) {
+          r[i+x.t] -= x.DV;
+          r[i+x.t+1] = 1;
+        }
+      }
+      if(r.t > 0) r[r.t-1] += x.am(i,x[i],r,2*i,0,1);
+      r.s = 0;
+      r.clamp();
+    }
+
+    // (protected) divide this by m, quotient and remainder to q, r (HAC 14.20)
+    // r != q, this != m.  q or r may be null.
+    function bnpDivRemTo(m,q,r) {
+      var pm = m.abs();
+      if(pm.t <= 0) return;
+      var pt = this.abs();
+      if(pt.t < pm.t) {
+        if(q != null) q.fromInt(0);
+        if(r != null) this.copyTo(r);
+        return;
+      }
+      if(r == null) r = nbi();
+      var y = nbi(), ts = this.s, ms = m.s;
+      var nsh = this.DB-nbits(pm[pm.t-1]);   // normalize modulus
+      if(nsh > 0) { pm.lShiftTo(nsh,y); pt.lShiftTo(nsh,r); }
+      else { pm.copyTo(y); pt.copyTo(r); }
+      var ys = y.t;
+      var y0 = y[ys-1];
+      if(y0 == 0) return;
+      var yt = y0*(1<1)?y[ys-2]>>this.F2:0);
+      var d1 = this.FV/yt, d2 = (1<= 0) {
+        r[r.t++] = 1;
+        r.subTo(t,r);
+      }
+      BigInteger.ONE.dlShiftTo(ys,t);
+      t.subTo(y,y);  // "negative" y so we can replace sub with am later
+      while(y.t < ys) y[y.t++] = 0;
+      while(--j >= 0) {
+        // Estimate quotient digit
+        var qd = (r[--i]==y0)?this.DM:Math.floor(r[i]*d1+(r[i-1]+e)*d2);
+        if((r[i]+=y.am(0,qd,r,j,0,ys)) < qd) {   // Try it out
+          y.dlShiftTo(j,t);
+          r.subTo(t,r);
+          while(r[i] < --qd) r.subTo(t,r);
+        }
+      }
+      if(q != null) {
+        r.drShiftTo(ys,q);
+        if(ts != ms) BigInteger.ZERO.subTo(q,q);
+      }
+      r.t = ys;
+      r.clamp();
+      if(nsh > 0) r.rShiftTo(nsh,r); // Denormalize remainder
+      if(ts < 0) BigInteger.ZERO.subTo(r,r);
+    }
+
+    // (public) this mod a
+    function bnMod(a) {
+      var r = nbi();
+      this.abs().divRemTo(a,null,r);
+      if(this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r,r);
+      return r;
+    }
+
+    // Modular reduction using "classic" algorithm
+    function Classic(m) { this.m = m; }
+    function cConvert(x) {
+      if(x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m);
+      else return x;
+    }
+    function cRevert(x) { return x; }
+    function cReduce(x) { x.divRemTo(this.m,null,x); }
+    function cMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
+    function cSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
+
+    Classic.prototype.convert = cConvert;
+    Classic.prototype.revert = cRevert;
+    Classic.prototype.reduce = cReduce;
+    Classic.prototype.mulTo = cMulTo;
+    Classic.prototype.sqrTo = cSqrTo;
+
+    // (protected) return "-1/this % 2^DB"; useful for Mont. reduction
+    // justification:
+    //         xy == 1 (mod m)
+    //         xy =  1+km
+    //   xy(2-xy) = (1+km)(1-km)
+    // x[y(2-xy)] = 1-k^2m^2
+    // x[y(2-xy)] == 1 (mod m^2)
+    // if y is 1/x mod m, then y(2-xy) is 1/x mod m^2
+    // should reduce x and y(2-xy) by m^2 at each step to keep size bounded.
+    // JS multiply "overflows" differently from C/C++, so care is needed here.
+    function bnpInvDigit() {
+      if(this.t < 1) return 0;
+      var x = this[0];
+      if((x&1) == 0) return 0;
+      var y = x&3;       // y == 1/x mod 2^2
+      y = (y*(2-(x&0xf)*y))&0xf; // y == 1/x mod 2^4
+      y = (y*(2-(x&0xff)*y))&0xff;   // y == 1/x mod 2^8
+      y = (y*(2-(((x&0xffff)*y)&0xffff)))&0xffff;    // y == 1/x mod 2^16
+      // last step - calculate inverse mod DV directly;
+      // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints
+      y = (y*(2-x*y%this.DV))%this.DV;       // y == 1/x mod 2^dbits
+      // we really want the negative inverse, and -DV < y < DV
+      return (y>0)?this.DV-y:-y;
+    }
+
+    // Montgomery reduction
+    function Montgomery(m) {
+      this.m = m;
+      this.mp = m.invDigit();
+      this.mpl = this.mp&0x7fff;
+      this.mph = this.mp>>15;
+      this.um = (1<<(m.DB-15))-1;
+      this.mt2 = 2*m.t;
+    }
+
+    // xR mod m
+    function montConvert(x) {
+      var r = nbi();
+      x.abs().dlShiftTo(this.m.t,r);
+      r.divRemTo(this.m,null,r);
+      if(x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r,r);
+      return r;
+    }
+
+    // x/R mod m
+    function montRevert(x) {
+      var r = nbi();
+      x.copyTo(r);
+      this.reduce(r);
+      return r;
+    }
+
+    // x = x/R mod m (HAC 14.32)
+    function montReduce(x) {
+      while(x.t <= this.mt2) // pad x so am has enough room later
+        x[x.t++] = 0;
+      for(var i = 0; i < this.m.t; ++i) {
+        // faster way of calculating u0 = x[i]*mp mod DV
+        var j = x[i]&0x7fff;
+        var u0 = (j*this.mpl+(((j*this.mph+(x[i]>>15)*this.mpl)&this.um)<<15))&x.DM;
+        // use am to combine the multiply-shift-add into one call
+        j = i+this.m.t;
+        x[j] += this.m.am(0,u0,x,i,0,this.m.t);
+        // propagate carry
+        while(x[j] >= x.DV) { x[j] -= x.DV; x[++j]++; }
+      }
+      x.clamp();
+      x.drShiftTo(this.m.t,x);
+      if(x.compareTo(this.m) >= 0) x.subTo(this.m,x);
+    }
+
+    // r = "x^2/R mod m"; x != r
+    function montSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
+
+    // r = "xy/R mod m"; x,y != r
+    function montMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
+
+    Montgomery.prototype.convert = montConvert;
+    Montgomery.prototype.revert = montRevert;
+    Montgomery.prototype.reduce = montReduce;
+    Montgomery.prototype.mulTo = montMulTo;
+    Montgomery.prototype.sqrTo = montSqrTo;
+
+    // (protected) true iff this is even
+    function bnpIsEven() { return ((this.t>0)?(this[0]&1):this.s) == 0; }
+
+    // (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79)
+    function bnpExp(e,z) {
+      if(e > 0xffffffff || e < 1) return BigInteger.ONE;
+      var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e)-1;
+      g.copyTo(r);
+      while(--i >= 0) {
+        z.sqrTo(r,r2);
+        if((e&(1< 0) z.mulTo(r2,g,r);
+        else { var t = r; r = r2; r2 = t; }
+      }
+      return z.revert(r);
+    }
+
+    // (public) this^e % m, 0 <= e < 2^32
+    function bnModPowInt(e,m) {
+      var z;
+      if(e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m);
+      return this.exp(e,z);
+    }
+
+    // protected
+    BigInteger.prototype.copyTo = bnpCopyTo;
+    BigInteger.prototype.fromInt = bnpFromInt;
+    BigInteger.prototype.fromString = bnpFromString;
+    BigInteger.prototype.clamp = bnpClamp;
+    BigInteger.prototype.dlShiftTo = bnpDLShiftTo;
+    BigInteger.prototype.drShiftTo = bnpDRShiftTo;
+    BigInteger.prototype.lShiftTo = bnpLShiftTo;
+    BigInteger.prototype.rShiftTo = bnpRShiftTo;
+    BigInteger.prototype.subTo = bnpSubTo;
+    BigInteger.prototype.multiplyTo = bnpMultiplyTo;
+    BigInteger.prototype.squareTo = bnpSquareTo;
+    BigInteger.prototype.divRemTo = bnpDivRemTo;
+    BigInteger.prototype.invDigit = bnpInvDigit;
+    BigInteger.prototype.isEven = bnpIsEven;
+    BigInteger.prototype.exp = bnpExp;
+
+    // public
+    BigInteger.prototype.toString = bnToString;
+    BigInteger.prototype.negate = bnNegate;
+    BigInteger.prototype.abs = bnAbs;
+    BigInteger.prototype.compareTo = bnCompareTo;
+    BigInteger.prototype.bitLength = bnBitLength;
+    BigInteger.prototype.mod = bnMod;
+    BigInteger.prototype.modPowInt = bnModPowInt;
+
+    // "constants"
+    BigInteger.ZERO = nbv(0);
+    BigInteger.ONE = nbv(1);
+
+    // Copyright (c) 2005-2009  Tom Wu
+    // All Rights Reserved.
+    // See "LICENSE" for details.
+
+    // Extended JavaScript BN functions, required for RSA private ops.
+
+    // Version 1.1: new BigInteger("0", 10) returns "proper" zero
+    // Version 1.2: square() API, isProbablePrime fix
+
+    // (public)
+    function bnClone() { var r = nbi(); this.copyTo(r); return r; }
+
+    // (public) return value as integer
+    function bnIntValue() {
+      if(this.s < 0) {
+        if(this.t == 1) return this[0]-this.DV;
+        else if(this.t == 0) return -1;
+      }
+      else if(this.t == 1) return this[0];
+      else if(this.t == 0) return 0;
+      // assumes 16 < DB < 32
+      return ((this[1]&((1<<(32-this.DB))-1))<>24; }
+
+    // (public) return value as short (assumes DB>=16)
+    function bnShortValue() { return (this.t==0)?this.s:(this[0]<<16)>>16; }
+
+    // (protected) return x s.t. r^x < DV
+    function bnpChunkSize(r) { return Math.floor(Math.LN2*this.DB/Math.log(r)); }
+
+    // (public) 0 if this == 0, 1 if this > 0
+    function bnSigNum() {
+      if(this.s < 0) return -1;
+      else if(this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0;
+      else return 1;
+    }
+
+    // (protected) convert to radix string
+    function bnpToRadix(b) {
+      if(b == null) b = 10;
+      if(this.signum() == 0 || b < 2 || b > 36) return "0";
+      var cs = this.chunkSize(b);
+      var a = Math.pow(b,cs);
+      var d = nbv(a), y = nbi(), z = nbi(), r = "";
+      this.divRemTo(d,y,z);
+      while(y.signum() > 0) {
+        r = (a+z.intValue()).toString(b).substr(1) + r;
+        y.divRemTo(d,y,z);
+      }
+      return z.intValue().toString(b) + r;
+    }
+
+    // (protected) convert from radix string
+    function bnpFromRadix(s,b) {
+      this.fromInt(0);
+      if(b == null) b = 10;
+      var cs = this.chunkSize(b);
+      var d = Math.pow(b,cs), mi = false, j = 0, w = 0;
+      for(var i = 0; i < s.length; ++i) {
+        var x = intAt(s,i);
+        if(x < 0) {
+          if(s.charAt(i) == "-" && this.signum() == 0) mi = true;
+          continue;
+        }
+        w = b*w+x;
+        if(++j >= cs) {
+          this.dMultiply(d);
+          this.dAddOffset(w,0);
+          j = 0;
+          w = 0;
+        }
+      }
+      if(j > 0) {
+        this.dMultiply(Math.pow(b,j));
+        this.dAddOffset(w,0);
+      }
+      if(mi) BigInteger.ZERO.subTo(this,this);
+    }
+
+    // (protected) alternate constructor
+    function bnpFromNumber(a,b,c) {
+      if("number" == typeof b) {
+        // new BigInteger(int,int,RNG)
+        if(a < 2) this.fromInt(1);
+        else {
+          this.fromNumber(a,c);
+          if(!this.testBit(a-1))    // force MSB set
+            this.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,this);
+          if(this.isEven()) this.dAddOffset(1,0); // force odd
+          while(!this.isProbablePrime(b)) {
+            this.dAddOffset(2,0);
+            if(this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a-1),this);
+          }
+        }
+      }
+      else {
+        // new BigInteger(int,RNG)
+        var x = new Array(), t = a&7;
+        x.length = (a>>3)+1;
+        b.nextBytes(x);
+        if(t > 0) x[0] &= ((1< 0) {
+        if(p < this.DB && (d = this[i]>>p) != (this.s&this.DM)>>p)
+          r[k++] = d|(this.s<<(this.DB-p));
+        while(i >= 0) {
+          if(p < 8) {
+            d = (this[i]&((1<>(p+=this.DB-8);
+          }
+          else {
+            d = (this[i]>>(p-=8))&0xff;
+            if(p <= 0) { p += this.DB; --i; }
+          }
+          if((d&0x80) != 0) d |= -256;
+          if(k == 0 && (this.s&0x80) != (d&0x80)) ++k;
+          if(k > 0 || d != this.s) r[k++] = d;
+        }
+      }
+      return r;
+    }
+
+    function bnEquals(a) { return(this.compareTo(a)==0); }
+    function bnMin(a) { return(this.compareTo(a)<0)?this:a; }
+    function bnMax(a) { return(this.compareTo(a)>0)?this:a; }
+
+    // (protected) r = this op a (bitwise)
+    function bnpBitwiseTo(a,op,r) {
+      var i, f, m = Math.min(a.t,this.t);
+      for(i = 0; i < m; ++i) r[i] = op(this[i],a[i]);
+      if(a.t < this.t) {
+        f = a.s&this.DM;
+        for(i = m; i < this.t; ++i) r[i] = op(this[i],f);
+        r.t = this.t;
+      }
+      else {
+        f = this.s&this.DM;
+        for(i = m; i < a.t; ++i) r[i] = op(f,a[i]);
+        r.t = a.t;
+      }
+      r.s = op(this.s,a.s);
+      r.clamp();
+    }
+
+    // (public) this & a
+    function op_and(x,y) { return x&y; }
+    function bnAnd(a) { var r = nbi(); this.bitwiseTo(a,op_and,r); return r; }
+
+    // (public) this | a
+    function op_or(x,y) { return x|y; }
+    function bnOr(a) { var r = nbi(); this.bitwiseTo(a,op_or,r); return r; }
+
+    // (public) this ^ a
+    function op_xor(x,y) { return x^y; }
+    function bnXor(a) { var r = nbi(); this.bitwiseTo(a,op_xor,r); return r; }
+
+    // (public) this & ~a
+    function op_andnot(x,y) { return x&~y; }
+    function bnAndNot(a) { var r = nbi(); this.bitwiseTo(a,op_andnot,r); return r; }
+
+    // (public) ~this
+    function bnNot() {
+      var r = nbi();
+      for(var i = 0; i < this.t; ++i) r[i] = this.DM&~this[i];
+      r.t = this.t;
+      r.s = ~this.s;
+      return r;
+    }
+
+    // (public) this << n
+    function bnShiftLeft(n) {
+      var r = nbi();
+      if(n < 0) this.rShiftTo(-n,r); else this.lShiftTo(n,r);
+      return r;
+    }
+
+    // (public) this >> n
+    function bnShiftRight(n) {
+      var r = nbi();
+      if(n < 0) this.lShiftTo(-n,r); else this.rShiftTo(n,r);
+      return r;
+    }
+
+    // return index of lowest 1-bit in x, x < 2^31
+    function lbit(x) {
+      if(x == 0) return -1;
+      var r = 0;
+      if((x&0xffff) == 0) { x >>= 16; r += 16; }
+      if((x&0xff) == 0) { x >>= 8; r += 8; }
+      if((x&0xf) == 0) { x >>= 4; r += 4; }
+      if((x&3) == 0) { x >>= 2; r += 2; }
+      if((x&1) == 0) ++r;
+      return r;
+    }
+
+    // (public) returns index of lowest 1-bit (or -1 if none)
+    function bnGetLowestSetBit() {
+      for(var i = 0; i < this.t; ++i)
+        if(this[i] != 0) return i*this.DB+lbit(this[i]);
+      if(this.s < 0) return this.t*this.DB;
+      return -1;
+    }
+
+    // return number of 1 bits in x
+    function cbit(x) {
+      var r = 0;
+      while(x != 0) { x &= x-1; ++r; }
+      return r;
+    }
+
+    // (public) return number of set bits
+    function bnBitCount() {
+      var r = 0, x = this.s&this.DM;
+      for(var i = 0; i < this.t; ++i) r += cbit(this[i]^x);
+      return r;
+    }
+
+    // (public) true iff nth bit is set
+    function bnTestBit(n) {
+      var j = Math.floor(n/this.DB);
+      if(j >= this.t) return(this.s!=0);
+      return((this[j]&(1<<(n%this.DB)))!=0);
+    }
+
+    // (protected) this op (1<>= this.DB;
+      }
+      if(a.t < this.t) {
+        c += a.s;
+        while(i < this.t) {
+          c += this[i];
+          r[i++] = c&this.DM;
+          c >>= this.DB;
+        }
+        c += this.s;
+      }
+      else {
+        c += this.s;
+        while(i < a.t) {
+          c += a[i];
+          r[i++] = c&this.DM;
+          c >>= this.DB;
+        }
+        c += a.s;
+      }
+      r.s = (c<0)?-1:0;
+      if(c > 0) r[i++] = c;
+      else if(c < -1) r[i++] = this.DV+c;
+      r.t = i;
+      r.clamp();
+    }
+
+    // (public) this + a
+    function bnAdd(a) { var r = nbi(); this.addTo(a,r); return r; }
+
+    // (public) this - a
+    function bnSubtract(a) { var r = nbi(); this.subTo(a,r); return r; }
+
+    // (public) this * a
+    function bnMultiply(a) { var r = nbi(); this.multiplyTo(a,r); return r; }
+
+    // (public) this^2
+    function bnSquare() { var r = nbi(); this.squareTo(r); return r; }
+
+    // (public) this / a
+    function bnDivide(a) { var r = nbi(); this.divRemTo(a,r,null); return r; }
+
+    // (public) this % a
+    function bnRemainder(a) { var r = nbi(); this.divRemTo(a,null,r); return r; }
+
+    // (public) [this/a,this%a]
+    function bnDivideAndRemainder(a) {
+      var q = nbi(), r = nbi();
+      this.divRemTo(a,q,r);
+      return new Array(q,r);
+    }
+
+    // (protected) this *= n, this >= 0, 1 < n < DV
+    function bnpDMultiply(n) {
+      this[this.t] = this.am(0,n-1,this,0,0,this.t);
+      ++this.t;
+      this.clamp();
+    }
+
+    // (protected) this += n << w words, this >= 0
+    function bnpDAddOffset(n,w) {
+      if(n == 0) return;
+      while(this.t <= w) this[this.t++] = 0;
+      this[w] += n;
+      while(this[w] >= this.DV) {
+        this[w] -= this.DV;
+        if(++w >= this.t) this[this.t++] = 0;
+        ++this[w];
+      }
+    }
+
+    // A "null" reducer
+    function NullExp() {}
+    function nNop(x) { return x; }
+    function nMulTo(x,y,r) { x.multiplyTo(y,r); }
+    function nSqrTo(x,r) { x.squareTo(r); }
+
+    NullExp.prototype.convert = nNop;
+    NullExp.prototype.revert = nNop;
+    NullExp.prototype.mulTo = nMulTo;
+    NullExp.prototype.sqrTo = nSqrTo;
+
+    // (public) this^e
+    function bnPow(e) { return this.exp(e,new NullExp()); }
+
+    // (protected) r = lower n words of "this * a", a.t <= n
+    // "this" should be the larger one if appropriate.
+    function bnpMultiplyLowerTo(a,n,r) {
+      var i = Math.min(this.t+a.t,n);
+      r.s = 0; // assumes a,this >= 0
+      r.t = i;
+      while(i > 0) r[--i] = 0;
+      var j;
+      for(j = r.t-this.t; i < j; ++i) r[i+this.t] = this.am(0,a[i],r,i,0,this.t);
+      for(j = Math.min(a.t,n); i < j; ++i) this.am(0,a[i],r,i,0,n-i);
+      r.clamp();
+    }
+
+    // (protected) r = "this * a" without lower n words, n > 0
+    // "this" should be the larger one if appropriate.
+    function bnpMultiplyUpperTo(a,n,r) {
+      --n;
+      var i = r.t = this.t+a.t-n;
+      r.s = 0; // assumes a,this >= 0
+      while(--i >= 0) r[i] = 0;
+      for(i = Math.max(n-this.t,0); i < a.t; ++i)
+        r[this.t+i-n] = this.am(n-i,a[i],r,0,0,this.t+i-n);
+      r.clamp();
+      r.drShiftTo(1,r);
+    }
+
+    // Barrett modular reduction
+    function Barrett(m) {
+      // setup Barrett
+      this.r2 = nbi();
+      this.q3 = nbi();
+      BigInteger.ONE.dlShiftTo(2*m.t,this.r2);
+      this.mu = this.r2.divide(m);
+      this.m = m;
+    }
+
+    function barrettConvert(x) {
+      if(x.s < 0 || x.t > 2*this.m.t) return x.mod(this.m);
+      else if(x.compareTo(this.m) < 0) return x;
+      else { var r = nbi(); x.copyTo(r); this.reduce(r); return r; }
+    }
+
+    function barrettRevert(x) { return x; }
+
+    // x = x mod m (HAC 14.42)
+    function barrettReduce(x) {
+      x.drShiftTo(this.m.t-1,this.r2);
+      if(x.t > this.m.t+1) { x.t = this.m.t+1; x.clamp(); }
+      this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3);
+      this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);
+      while(x.compareTo(this.r2) < 0) x.dAddOffset(1,this.m.t+1);
+      x.subTo(this.r2,x);
+      while(x.compareTo(this.m) >= 0) x.subTo(this.m,x);
+    }
+
+    // r = x^2 mod m; x != r
+    function barrettSqrTo(x,r) { x.squareTo(r); this.reduce(r); }
+
+    // r = x*y mod m; x,y != r
+    function barrettMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }
+
+    Barrett.prototype.convert = barrettConvert;
+    Barrett.prototype.revert = barrettRevert;
+    Barrett.prototype.reduce = barrettReduce;
+    Barrett.prototype.mulTo = barrettMulTo;
+    Barrett.prototype.sqrTo = barrettSqrTo;
+
+    // (public) this^e % m (HAC 14.85)
+    function bnModPow(e,m) {
+      var i = e.bitLength(), k, r = nbv(1), z;
+      if(i <= 0) return r;
+      else if(i < 18) k = 1;
+      else if(i < 48) k = 3;
+      else if(i < 144) k = 4;
+      else if(i < 768) k = 5;
+      else k = 6;
+      if(i < 8)
+        z = new Classic(m);
+      else if(m.isEven())
+        z = new Barrett(m);
+      else
+        z = new Montgomery(m);
+
+      // precomputation
+      var g = new Array(), n = 3, k1 = k-1, km = (1< 1) {
+        var g2 = nbi();
+        z.sqrTo(g[1],g2);
+        while(n <= km) {
+          g[n] = nbi();
+          z.mulTo(g2,g[n-2],g[n]);
+          n += 2;
+        }
+      }
+
+      var j = e.t-1, w, is1 = true, r2 = nbi(), t;
+      i = nbits(e[j])-1;
+      while(j >= 0) {
+        if(i >= k1) w = (e[j]>>(i-k1))&km;
+        else {
+          w = (e[j]&((1<<(i+1))-1))<<(k1-i);
+          if(j > 0) w |= e[j-1]>>(this.DB+i-k1);
+        }
+
+        n = k;
+        while((w&1) == 0) { w >>= 1; --n; }
+        if((i -= n) < 0) { i += this.DB; --j; }
+        if(is1) {    // ret == 1, don't bother squaring or multiplying it
+          g[w].copyTo(r);
+          is1 = false;
+        }
+        else {
+          while(n > 1) { z.sqrTo(r,r2); z.sqrTo(r2,r); n -= 2; }
+          if(n > 0) z.sqrTo(r,r2); else { t = r; r = r2; r2 = t; }
+          z.mulTo(r2,g[w],r);
+        }
+
+        while(j >= 0 && (e[j]&(1< 0) {
+        x.rShiftTo(g,x);
+        y.rShiftTo(g,y);
+      }
+      while(x.signum() > 0) {
+        if((i = x.getLowestSetBit()) > 0) x.rShiftTo(i,x);
+        if((i = y.getLowestSetBit()) > 0) y.rShiftTo(i,y);
+        if(x.compareTo(y) >= 0) {
+          x.subTo(y,x);
+          x.rShiftTo(1,x);
+        }
+        else {
+          y.subTo(x,y);
+          y.rShiftTo(1,y);
+        }
+      }
+      if(g > 0) y.lShiftTo(g,y);
+      return y;
+    }
+
+    // (protected) this % n, n < 2^26
+    function bnpModInt(n) {
+      if(n <= 0) return 0;
+      var d = this.DV%n, r = (this.s<0)?n-1:0;
+      if(this.t > 0)
+        if(d == 0) r = this[0]%n;
+        else for(var i = this.t-1; i >= 0; --i) r = (d*r+this[i])%n;
+      return r;
+    }
+
+    // (public) 1/this % m (HAC 14.61)
+    function bnModInverse(m) {
+      var ac = m.isEven();
+      if((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO;
+      var u = m.clone(), v = this.clone();
+      var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1);
+      while(u.signum() != 0) {
+        while(u.isEven()) {
+          u.rShiftTo(1,u);
+          if(ac) {
+            if(!a.isEven() || !b.isEven()) { a.addTo(this,a); b.subTo(m,b); }
+            a.rShiftTo(1,a);
+          }
+          else if(!b.isEven()) b.subTo(m,b);
+          b.rShiftTo(1,b);
+        }
+        while(v.isEven()) {
+          v.rShiftTo(1,v);
+          if(ac) {
+            if(!c.isEven() || !d.isEven()) { c.addTo(this,c); d.subTo(m,d); }
+            c.rShiftTo(1,c);
+          }
+          else if(!d.isEven()) d.subTo(m,d);
+          d.rShiftTo(1,d);
+        }
+        if(u.compareTo(v) >= 0) {
+          u.subTo(v,u);
+          if(ac) a.subTo(c,a);
+          b.subTo(d,b);
+        }
+        else {
+          v.subTo(u,v);
+          if(ac) c.subTo(a,c);
+          d.subTo(b,d);
+        }
+      }
+      if(v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO;
+      if(d.compareTo(m) >= 0) return d.subtract(m);
+      if(d.signum() < 0) d.addTo(m,d); else return d;
+      if(d.signum() < 0) return d.add(m); else return d;
+    }
+
+    var lowprimes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997];
+    var lplim = (1<<26)/lowprimes[lowprimes.length-1];
+
+    // (public) test primality with certainty >= 1-.5^t
+    function bnIsProbablePrime(t) {
+      var i, x = this.abs();
+      if(x.t == 1 && x[0] <= lowprimes[lowprimes.length-1]) {
+        for(i = 0; i < lowprimes.length; ++i)
+          if(x[0] == lowprimes[i]) return true;
+        return false;
+      }
+      if(x.isEven()) return false;
+      i = 1;
+      while(i < lowprimes.length) {
+        var m = lowprimes[i], j = i+1;
+        while(j < lowprimes.length && m < lplim) m *= lowprimes[j++];
+        m = x.modInt(m);
+        while(i < j) if(m%lowprimes[i++] == 0) return false;
+      }
+      return x.millerRabin(t);
+    }
+
+    // (protected) true if probably prime (HAC 4.24, Miller-Rabin)
+    function bnpMillerRabin(t) {
+      var n1 = this.subtract(BigInteger.ONE);
+      var k = n1.getLowestSetBit();
+      if(k <= 0) return false;
+      var r = n1.shiftRight(k);
+      t = (t+1)>>1;
+      if(t > lowprimes.length) t = lowprimes.length;
+      var a = nbi();
+      for(var i = 0; i < t; ++i) {
+        //Pick bases at random, instead of starting at 2
+        a.fromInt(lowprimes[Math.floor(Math.random()*lowprimes.length)]);
+        var y = a.modPow(r,this);
+        if(y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) {
+          var j = 1;
+          while(j++ < k && y.compareTo(n1) != 0) {
+            y = y.modPowInt(2,this);
+            if(y.compareTo(BigInteger.ONE) == 0) return false;
+          }
+          if(y.compareTo(n1) != 0) return false;
+        }
+      }
+      return true;
+    }
+
+    // protected
+    BigInteger.prototype.chunkSize = bnpChunkSize;
+    BigInteger.prototype.toRadix = bnpToRadix;
+    BigInteger.prototype.fromRadix = bnpFromRadix;
+    BigInteger.prototype.fromNumber = bnpFromNumber;
+    BigInteger.prototype.bitwiseTo = bnpBitwiseTo;
+    BigInteger.prototype.changeBit = bnpChangeBit;
+    BigInteger.prototype.addTo = bnpAddTo;
+    BigInteger.prototype.dMultiply = bnpDMultiply;
+    BigInteger.prototype.dAddOffset = bnpDAddOffset;
+    BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo;
+    BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo;
+    BigInteger.prototype.modInt = bnpModInt;
+    BigInteger.prototype.millerRabin = bnpMillerRabin;
+
+    // public
+    BigInteger.prototype.clone = bnClone;
+    BigInteger.prototype.intValue = bnIntValue;
+    BigInteger.prototype.byteValue = bnByteValue;
+    BigInteger.prototype.shortValue = bnShortValue;
+    BigInteger.prototype.signum = bnSigNum;
+    BigInteger.prototype.toByteArray = bnToByteArray;
+    BigInteger.prototype.equals = bnEquals;
+    BigInteger.prototype.min = bnMin;
+    BigInteger.prototype.max = bnMax;
+    BigInteger.prototype.and = bnAnd;
+    BigInteger.prototype.or = bnOr;
+    BigInteger.prototype.xor = bnXor;
+    BigInteger.prototype.andNot = bnAndNot;
+    BigInteger.prototype.not = bnNot;
+    BigInteger.prototype.shiftLeft = bnShiftLeft;
+    BigInteger.prototype.shiftRight = bnShiftRight;
+    BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit;
+    BigInteger.prototype.bitCount = bnBitCount;
+    BigInteger.prototype.testBit = bnTestBit;
+    BigInteger.prototype.setBit = bnSetBit;
+    BigInteger.prototype.clearBit = bnClearBit;
+    BigInteger.prototype.flipBit = bnFlipBit;
+    BigInteger.prototype.add = bnAdd;
+    BigInteger.prototype.subtract = bnSubtract;
+    BigInteger.prototype.multiply = bnMultiply;
+    BigInteger.prototype.divide = bnDivide;
+    BigInteger.prototype.remainder = bnRemainder;
+    BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder;
+    BigInteger.prototype.modPow = bnModPow;
+    BigInteger.prototype.modInverse = bnModInverse;
+    BigInteger.prototype.pow = bnPow;
+    BigInteger.prototype.gcd = bnGCD;
+    BigInteger.prototype.isProbablePrime = bnIsProbablePrime;
+
+    // JSBN-specific extension
+    BigInteger.prototype.square = bnSquare;
+
+    // Expose the Barrett function
+    BigInteger.prototype.Barrett = Barrett
+
+    // BigInteger interfaces not implemented in jsbn:
+
+    // BigInteger(int signum, byte[] magnitude)
+    // double doubleValue()
+    // float floatValue()
+    // int hashCode()
+    // long longValue()
+    // static BigInteger valueOf(long val)
+
+    // Random number generator - requires a PRNG backend, e.g. prng4.js
+
+    // For best results, put code like
+    // 
+    // in your main HTML document.
+
+    var rng_state;
+    var rng_pool;
+    var rng_pptr;
+
+    // Mix in a 32-bit integer into the pool
+    function rng_seed_int(x) {
+      rng_pool[rng_pptr++] ^= x & 255;
+      rng_pool[rng_pptr++] ^= (x >> 8) & 255;
+      rng_pool[rng_pptr++] ^= (x >> 16) & 255;
+      rng_pool[rng_pptr++] ^= (x >> 24) & 255;
+      if(rng_pptr >= rng_psize) rng_pptr -= rng_psize;
+    }
+
+    // Mix in the current time (w/milliseconds) into the pool
+    function rng_seed_time() {
+      rng_seed_int(new Date().getTime());
+    }
+
+    // Initialize the pool with junk if needed.
+    if(rng_pool == null) {
+      rng_pool = new Array();
+      rng_pptr = 0;
+      var t;
+      if(typeof window !== "undefined" && window.crypto) {
+        if (window.crypto.getRandomValues) {
+          // Use webcrypto if available
+          var ua = new Uint8Array(32);
+          window.crypto.getRandomValues(ua);
+          for(t = 0; t < 32; ++t)
+            rng_pool[rng_pptr++] = ua[t];
+        }
+        else if(navigator.appName == "Netscape" && navigator.appVersion < "5") {
+          // Extract entropy (256 bits) from NS4 RNG if available
+          var z = window.crypto.random(32);
+          for(t = 0; t < z.length; ++t)
+            rng_pool[rng_pptr++] = z.charCodeAt(t) & 255;
+        }
+      }
+      while(rng_pptr < rng_psize) {  // extract some randomness from Math.random()
+        t = Math.floor(65536 * Math.random());
+        rng_pool[rng_pptr++] = t >>> 8;
+        rng_pool[rng_pptr++] = t & 255;
+      }
+      rng_pptr = 0;
+      rng_seed_time();
+      //rng_seed_int(window.screenX);
+      //rng_seed_int(window.screenY);
+    }
+
+    function rng_get_byte() {
+      if(rng_state == null) {
+        rng_seed_time();
+        rng_state = prng_newstate();
+        rng_state.init(rng_pool);
+        for(rng_pptr = 0; rng_pptr < rng_pool.length; ++rng_pptr)
+          rng_pool[rng_pptr] = 0;
+        rng_pptr = 0;
+        //rng_pool = null;
+      }
+      // TODO: allow reseeding after first request
+      return rng_state.next();
+    }
+
+    function rng_get_bytes(ba) {
+      var i;
+      for(i = 0; i < ba.length; ++i) ba[i] = rng_get_byte();
+    }
+
+    function SecureRandom() {}
+
+    SecureRandom.prototype.nextBytes = rng_get_bytes;
+
+    // prng4.js - uses Arcfour as a PRNG
+
+    function Arcfour() {
+      this.i = 0;
+      this.j = 0;
+      this.S = new Array();
+    }
+
+    // Initialize arcfour context from key, an array of ints, each from [0..255]
+    function ARC4init(key) {
+      var i, j, t;
+      for(i = 0; i < 256; ++i)
+        this.S[i] = i;
+      j = 0;
+      for(i = 0; i < 256; ++i) {
+        j = (j + this.S[i] + key[i % key.length]) & 255;
+        t = this.S[i];
+        this.S[i] = this.S[j];
+        this.S[j] = t;
+      }
+      this.i = 0;
+      this.j = 0;
+    }
+
+    function ARC4next() {
+      var t;
+      this.i = (this.i + 1) & 255;
+      this.j = (this.j + this.S[this.i]) & 255;
+      t = this.S[this.i];
+      this.S[this.i] = this.S[this.j];
+      this.S[this.j] = t;
+      return this.S[(t + this.S[this.i]) & 255];
+    }
+
+    Arcfour.prototype.init = ARC4init;
+    Arcfour.prototype.next = ARC4next;
+
+    // Plug in your RNG constructor here
+    function prng_newstate() {
+      return new Arcfour();
+    }
+
+    // Pool size must be a multiple of 4 and greater than 32.
+    // An array of bytes the size of the pool will be passed to init()
+    var rng_psize = 256;
+
+    if (typeof exports !== 'undefined') {
+        exports = module.exports = {
+            default: BigInteger,
+            BigInteger: BigInteger,
+            SecureRandom: SecureRandom,
+        };
+    } else {
+        this.jsbn = {
+          BigInteger: BigInteger,
+          SecureRandom: SecureRandom
+        };
+    }
+
+}).call(this);
diff --git a/deps/npm/node_modules/jsbn/package.json b/deps/npm/node_modules/jsbn/package.json
new file mode 100644
index 00000000000000..97b137c2e2db9b
--- /dev/null
+++ b/deps/npm/node_modules/jsbn/package.json
@@ -0,0 +1,21 @@
+{
+  "name": "jsbn",
+  "version": "1.1.0",
+  "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.",
+  "main": "index.js",
+  "scripts": {
+    "test": "mocha test.js"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/andyperlitch/jsbn.git"
+  },
+  "keywords": [
+    "biginteger",
+    "bignumber",
+    "big",
+    "integer"
+  ],
+  "author": "Tom Wu",
+  "license": "MIT"
+}
diff --git a/deps/npm/node_modules/jsbn/test/es6-import.js b/deps/npm/node_modules/jsbn/test/es6-import.js
new file mode 100644
index 00000000000000..668cbdfdc5bef3
--- /dev/null
+++ b/deps/npm/node_modules/jsbn/test/es6-import.js
@@ -0,0 +1,3 @@
+import {BigInteger} from '../';
+
+console.log(typeof BigInteger)
diff --git a/deps/npm/node_modules/libnpmdiff/package.json b/deps/npm/node_modules/libnpmdiff/package.json
index 99f92bd242c219..b130b128cf7372 100644
--- a/deps/npm/node_modules/libnpmdiff/package.json
+++ b/deps/npm/node_modules/libnpmdiff/package.json
@@ -1,6 +1,6 @@
 {
   "name": "libnpmdiff",
-  "version": "6.0.5",
+  "version": "6.0.7",
   "description": "The registry diff",
   "repository": {
     "type": "git",
diff --git a/deps/npm/node_modules/libnpmexec/package.json b/deps/npm/node_modules/libnpmexec/package.json
index bef7d0eda9820a..2b4fb559ba4a2e 100644
--- a/deps/npm/node_modules/libnpmexec/package.json
+++ b/deps/npm/node_modules/libnpmexec/package.json
@@ -1,6 +1,6 @@
 {
   "name": "libnpmexec",
-  "version": "7.0.6",
+  "version": "7.0.8",
   "files": [
     "bin/",
     "lib/"
diff --git a/deps/npm/node_modules/libnpmfund/package.json b/deps/npm/node_modules/libnpmfund/package.json
index 4a8bcb034c1bda..66889c1fa6d5b5 100644
--- a/deps/npm/node_modules/libnpmfund/package.json
+++ b/deps/npm/node_modules/libnpmfund/package.json
@@ -1,6 +1,6 @@
 {
   "name": "libnpmfund",
-  "version": "5.0.3",
+  "version": "5.0.5",
   "main": "lib/index.js",
   "files": [
     "bin/",
diff --git a/deps/npm/node_modules/libnpmpack/package.json b/deps/npm/node_modules/libnpmpack/package.json
index 89986434a1cb2e..1d504fca4ec9b6 100644
--- a/deps/npm/node_modules/libnpmpack/package.json
+++ b/deps/npm/node_modules/libnpmpack/package.json
@@ -1,6 +1,6 @@
 {
   "name": "libnpmpack",
-  "version": "6.0.5",
+  "version": "6.0.7",
   "description": "Programmatic API for the bits behind npm pack",
   "author": "GitHub Inc.",
   "main": "lib/index.js",
diff --git a/deps/npm/node_modules/libnpmpublish/package.json b/deps/npm/node_modules/libnpmpublish/package.json
index ce2982450249c2..67f63816d90d59 100644
--- a/deps/npm/node_modules/libnpmpublish/package.json
+++ b/deps/npm/node_modules/libnpmpublish/package.json
@@ -1,6 +1,6 @@
 {
   "name": "libnpmpublish",
-  "version": "9.0.3",
+  "version": "9.0.4",
   "description": "Programmatic API for the bits behind npm publish and unpublish",
   "author": "GitHub Inc.",
   "main": "lib/index.js",
@@ -44,7 +44,7 @@
     "npm-registry-fetch": "^16.0.0",
     "proc-log": "^3.0.0",
     "semver": "^7.3.7",
-    "sigstore": "^2.1.0",
+    "sigstore": "^2.2.0",
     "ssri": "^10.0.5"
   },
   "engines": {
diff --git a/deps/npm/node_modules/lru-cache/dist/commonjs/index.js b/deps/npm/node_modules/lru-cache/dist/commonjs/index.js
index 3e8efcdde5e76b..e1ef9dbf7b80a4 100644
--- a/deps/npm/node_modules/lru-cache/dist/commonjs/index.js
+++ b/deps/npm/node_modules/lru-cache/dist/commonjs/index.js
@@ -673,6 +673,11 @@ class LRUCache {
     [Symbol.iterator]() {
         return this.entries();
     }
+    /**
+     * A String value that is used in the creation of the default string description of an object.
+     * Called by the built-in method Object.prototype.toString.
+     */
+    [Symbol.toStringTag] = 'LRUCache';
     /**
      * Find a value for which the supplied fn method returns a truthy value,
      * similar to Array.find().  fn is called as fn(value, key, cache).
diff --git a/deps/npm/node_modules/lru-cache/dist/esm/index.js b/deps/npm/node_modules/lru-cache/dist/esm/index.js
index 3f8c178a3af524..bf8f7e816babe2 100644
--- a/deps/npm/node_modules/lru-cache/dist/esm/index.js
+++ b/deps/npm/node_modules/lru-cache/dist/esm/index.js
@@ -670,6 +670,11 @@ export class LRUCache {
     [Symbol.iterator]() {
         return this.entries();
     }
+    /**
+     * A String value that is used in the creation of the default string description of an object.
+     * Called by the built-in method Object.prototype.toString.
+     */
+    [Symbol.toStringTag] = 'LRUCache';
     /**
      * Find a value for which the supplied fn method returns a truthy value,
      * similar to Array.find().  fn is called as fn(value, key, cache).
diff --git a/deps/npm/node_modules/lru-cache/package.json b/deps/npm/node_modules/lru-cache/package.json
index 3702e6ef425bca..348e2118a7c25c 100644
--- a/deps/npm/node_modules/lru-cache/package.json
+++ b/deps/npm/node_modules/lru-cache/package.json
@@ -1,7 +1,7 @@
 {
   "name": "lru-cache",
   "description": "A cache object that deletes the least-recently-used items.",
-  "version": "10.1.0",
+  "version": "10.2.0",
   "author": "Isaac Z. Schlueter ",
   "keywords": [
     "mru",
diff --git a/deps/npm/node_modules/pacote/lib/registry.js b/deps/npm/node_modules/pacote/lib/registry.js
index 0e83edf17519a8..de25a11af46672 100644
--- a/deps/npm/node_modules/pacote/lib/registry.js
+++ b/deps/npm/node_modules/pacote/lib/registry.js
@@ -321,6 +321,7 @@ class RegistryFetcher extends Fetcher {
               // specify a public key from the keys endpoint: `registry-host.tld/-/npm/v1/keys`
               const options = {
                 tufCachePath: this.tufCache,
+                tufForceCache: true,
                 keySelector: publicKey ? () => publicKey.pemkey : undefined,
               }
               await sigstore.verify(bundle, options)
diff --git a/deps/npm/node_modules/pacote/package.json b/deps/npm/node_modules/pacote/package.json
index 88d479d182f5dc..8fc0bb707f1e52 100644
--- a/deps/npm/node_modules/pacote/package.json
+++ b/deps/npm/node_modules/pacote/package.json
@@ -1,6 +1,6 @@
 {
   "name": "pacote",
-  "version": "17.0.5",
+  "version": "17.0.6",
   "description": "JavaScript package downloader",
   "author": "GitHub Inc.",
   "bin": {
@@ -11,7 +11,7 @@
   "scripts": {
     "test": "tap",
     "snap": "tap",
-    "lint": "eslint \"**/*.js\"",
+    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
     "postlint": "template-oss-check",
     "lintfix": "npm run lint -- --fix",
     "posttest": "npm run lint",
@@ -27,7 +27,7 @@
   "devDependencies": {
     "@npmcli/arborist": "^7.1.0",
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.19.0",
+    "@npmcli/template-oss": "4.21.3",
     "hosted-git-info": "^7.0.0",
     "mutate-fs": "^2.1.1",
     "nock": "^13.2.4",
@@ -59,7 +59,7 @@
     "promise-retry": "^2.0.1",
     "read-package-json": "^7.0.0",
     "read-package-json-fast": "^3.0.0",
-    "sigstore": "^2.0.0",
+    "sigstore": "^2.2.0",
     "ssri": "^10.0.0",
     "tar": "^6.1.11"
   },
@@ -72,7 +72,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.19.0",
+    "version": "4.21.3",
     "windowsCI": false,
     "publish": "true"
   }
diff --git a/deps/npm/node_modules/promise-call-limit/dist/commonjs/index.js b/deps/npm/node_modules/promise-call-limit/dist/commonjs/index.js
new file mode 100644
index 00000000000000..6ce5cfcef9559e
--- /dev/null
+++ b/deps/npm/node_modules/promise-call-limit/dist/commonjs/index.js
@@ -0,0 +1,87 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.callLimit = void 0;
+const os = __importStar(require("node:os"));
+// availableParallelism available only since node v19, for older versions use
+// cpus() cpus() can return an empty list if /proc is not mounted, use 1 in
+// this case
+/* c8 ignore start */
+const defLimit = 'availableParallelism' in os
+    ? Math.max(1, os.availableParallelism() - 1)
+    : Math.max(1, os.cpus().length - 1);
+const callLimit = (queue, { limit = defLimit, rejectLate } = {}) => new Promise((res, rej) => {
+    let active = 0;
+    let current = 0;
+    const results = [];
+    // Whether or not we rejected, distinct from the rejection just in case the rejection itself is falsey
+    let rejected = false;
+    let rejection;
+    const reject = (er) => {
+        if (rejected)
+            return;
+        rejected = true;
+        rejection ??= er;
+        if (!rejectLate)
+            rej(rejection);
+    };
+    let resolved = false;
+    const resolve = () => {
+        if (resolved || active > 0)
+            return;
+        resolved = true;
+        res(results);
+    };
+    const run = () => {
+        const c = current++;
+        if (c >= queue.length)
+            return rejected ? reject() : resolve();
+        active++;
+        const step = queue[c];
+        /* c8 ignore start */
+        if (!step)
+            throw new Error('walked off queue');
+        /* c8 ignore stop */
+        results[c] = step()
+            .then(result => {
+            active--;
+            results[c] = result;
+            return result;
+        }, er => {
+            active--;
+            reject(er);
+        })
+            .then(result => {
+            if (rejected && active === 0)
+                return rej(rejection);
+            run();
+            return result;
+        });
+    };
+    for (let i = 0; i < limit; i++)
+        run();
+});
+exports.callLimit = callLimit;
+//# sourceMappingURL=index.js.map
\ No newline at end of file
diff --git a/deps/npm/node_modules/promise-call-limit/dist/commonjs/package.json b/deps/npm/node_modules/promise-call-limit/dist/commonjs/package.json
new file mode 100644
index 00000000000000..5bbefffbabee39
--- /dev/null
+++ b/deps/npm/node_modules/promise-call-limit/dist/commonjs/package.json
@@ -0,0 +1,3 @@
+{
+  "type": "commonjs"
+}
diff --git a/deps/npm/node_modules/promise-call-limit/dist/esm/index.js b/deps/npm/node_modules/promise-call-limit/dist/esm/index.js
new file mode 100644
index 00000000000000..030099929b3483
--- /dev/null
+++ b/deps/npm/node_modules/promise-call-limit/dist/esm/index.js
@@ -0,0 +1,60 @@
+import * as os from 'node:os';
+// availableParallelism available only since node v19, for older versions use
+// cpus() cpus() can return an empty list if /proc is not mounted, use 1 in
+// this case
+/* c8 ignore start */
+const defLimit = 'availableParallelism' in os
+    ? Math.max(1, os.availableParallelism() - 1)
+    : Math.max(1, os.cpus().length - 1);
+export const callLimit = (queue, { limit = defLimit, rejectLate } = {}) => new Promise((res, rej) => {
+    let active = 0;
+    let current = 0;
+    const results = [];
+    // Whether or not we rejected, distinct from the rejection just in case the rejection itself is falsey
+    let rejected = false;
+    let rejection;
+    const reject = (er) => {
+        if (rejected)
+            return;
+        rejected = true;
+        rejection ??= er;
+        if (!rejectLate)
+            rej(rejection);
+    };
+    let resolved = false;
+    const resolve = () => {
+        if (resolved || active > 0)
+            return;
+        resolved = true;
+        res(results);
+    };
+    const run = () => {
+        const c = current++;
+        if (c >= queue.length)
+            return rejected ? reject() : resolve();
+        active++;
+        const step = queue[c];
+        /* c8 ignore start */
+        if (!step)
+            throw new Error('walked off queue');
+        /* c8 ignore stop */
+        results[c] = step()
+            .then(result => {
+            active--;
+            results[c] = result;
+            return result;
+        }, er => {
+            active--;
+            reject(er);
+        })
+            .then(result => {
+            if (rejected && active === 0)
+                return rej(rejection);
+            run();
+            return result;
+        });
+    };
+    for (let i = 0; i < limit; i++)
+        run();
+});
+//# sourceMappingURL=index.js.map
\ No newline at end of file
diff --git a/deps/npm/node_modules/promise-call-limit/dist/esm/package.json b/deps/npm/node_modules/promise-call-limit/dist/esm/package.json
new file mode 100644
index 00000000000000..3dbc1ca591c055
--- /dev/null
+++ b/deps/npm/node_modules/promise-call-limit/dist/esm/package.json
@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}
diff --git a/deps/npm/node_modules/promise-call-limit/index.js b/deps/npm/node_modules/promise-call-limit/index.js
deleted file mode 100644
index 85ba319ea54d22..00000000000000
--- a/deps/npm/node_modules/promise-call-limit/index.js
+++ /dev/null
@@ -1,52 +0,0 @@
-const os = require('os')
-// availableParallelism available only since node v19, for older versions use
-// cpus() cpus() can return an empty list if /proc is not mounted, use 1 in
-// this case
-
-/* istanbul ignore next - version-specific workaround */
-const defLimit = 'availableParallelism' in os
-  ? os.availableParallelism()
-  : Math.max(1, os.cpus().length)
-
-const callLimit = (queue, limit = defLimit) => new Promise((res, rej) => {
-  let active = 0
-  let current = 0
-  const results = []
-
-  let rejected = false
-  const reject = er => {
-    if (rejected)
-      return
-    rejected = true
-    rej(er)
-  }
-
-  let resolved = false
-  const resolve = () => {
-    if (resolved || active > 0)
-      return
-    resolved = true
-    res(results)
-  }
-
-  const run = () => {
-    const c = current++
-    if (c >= queue.length) {
-      return resolve()
-    }
-
-    active ++
-    results[c] = queue[c]().then(result => {
-      active --
-      results[c] = result
-      run()
-      return result
-    }, reject)
-  }
-
-  for (let i = 0; i < limit; i++) {
-    run()
-  }
-})
-
-module.exports = callLimit
diff --git a/deps/npm/node_modules/promise-call-limit/package.json b/deps/npm/node_modules/promise-call-limit/package.json
index 412c6db1777150..a3aa548d6538ac 100644
--- a/deps/npm/node_modules/promise-call-limit/package.json
+++ b/deps/npm/node_modules/promise-call-limit/package.json
@@ -1,8 +1,8 @@
 {
   "name": "promise-call-limit",
-  "version": "1.0.2",
+  "version": "3.0.1",
   "files": [
-    "index.js"
+    "dist"
   ],
   "description": "Call an array of promise-returning functions, restricting concurrency to a specified limit.",
   "repository": {
@@ -12,18 +12,55 @@
   "author": "Isaac Z. Schlueter  (https://izs.me)",
   "license": "ISC",
   "scripts": {
+    "prepare": "tshy",
+    "pretest": "npm run prepare",
+    "snap": "tap",
     "test": "tap",
     "preversion": "npm test",
     "postversion": "npm publish",
     "prepublishOnly": "git push origin --follow-tags"
   },
-  "tap": {
-    "check-coverage": true
-  },
   "devDependencies": {
-    "tap": "^16.0.0"
+    "prettier": "^3.2.1",
+    "tap": "^18.6.1",
+    "tshy": "^1.8.2",
+    "format": "prettier --write . --loglevel warn --ignore-path ../../.prettierignore --cache",
+    "typedoc": "typedoc"
+  },
+  "prettier": {
+    "semi": false,
+    "printWidth": 70,
+    "tabWidth": 2,
+    "useTabs": false,
+    "singleQuote": true,
+    "jsxSingleQuote": false,
+    "bracketSameLine": true,
+    "arrowParens": "avoid",
+    "endOfLine": "lf"
   },
   "funding": {
     "url": "https://github.com/sponsors/isaacs"
-  }
+  },
+  "tshy": {
+    "exports": {
+      "./package.json": "./package.json",
+      ".": "./src/index.ts"
+    }
+  },
+  "exports": {
+    "./package.json": "./package.json",
+    ".": {
+      "import": {
+        "types": "./dist/esm/index.d.ts",
+        "default": "./dist/esm/index.js"
+      },
+      "require": {
+        "types": "./dist/commonjs/index.d.ts",
+        "default": "./dist/commonjs/index.js"
+      }
+    }
+  },
+  "main": "./dist/commonjs/index.js",
+  "types": "./dist/commonjs/index.d.ts",
+  "type": "module"
 }
diff --git a/deps/npm/node_modules/semver/README.md b/deps/npm/node_modules/semver/README.md
index 043bdaed6b5fc3..d0daebe2e280af 100644
--- a/deps/npm/node_modules/semver/README.md
+++ b/deps/npm/node_modules/semver/README.md
@@ -529,6 +529,10 @@ tuple.  For example, `1.2.3.4` will return `2.3.4` in rtl mode, not
 `4.0.0`.  `1.2.3/4` will return `4.0.0`, because the `4` is not a part of
 any other overlapping SemVer tuple.
 
+If the `options.includePrerelease` flag is set, then the `coerce` result will contain
+prerelease and build parts of a version.  For example, `1.2.3.4-rc.1+rev.2`
+will preserve prerelease `rc.1` and build `rev.2` in the result.
+
 ### Clean
 
 * `clean(version)`: Clean a string to be a valid semver if possible
@@ -543,7 +547,7 @@ ex.
 * `s.clean(' = v 2.1.5-foo')`: `null`
 * `s.clean(' = v 2.1.5-foo', { loose: true })`: `'2.1.5-foo'`
 * `s.clean('=v2.1.5')`: `'2.1.5'`
-* `s.clean('  =v2.1.5')`: `2.1.5`
+* `s.clean('  =v2.1.5')`: `'2.1.5'`
 * `s.clean('      2.1.5   ')`: `'2.1.5'`
 * `s.clean('~1.0.0')`: `null`
 
diff --git a/deps/npm/node_modules/semver/functions/coerce.js b/deps/npm/node_modules/semver/functions/coerce.js
index febbff9c273ce5..b378dcea4e5a74 100644
--- a/deps/npm/node_modules/semver/functions/coerce.js
+++ b/deps/npm/node_modules/semver/functions/coerce.js
@@ -19,34 +19,42 @@ const coerce = (version, options) => {
 
   let match = null
   if (!options.rtl) {
-    match = version.match(re[t.COERCE])
+    match = version.match(options.includePrerelease ? re[t.COERCEFULL] : re[t.COERCE])
   } else {
     // Find the right-most coercible string that does not share
     // a terminus with a more left-ward coercible string.
     // Eg, '1.2.3.4' wants to coerce '2.3.4', not '3.4' or '4'
+    // With includePrerelease option set, '1.2.3.4-rc' wants to coerce '2.3.4-rc', not '2.3.4'
     //
     // Walk through the string checking with a /g regexp
     // Manually set the index so as to pick up overlapping matches.
     // Stop when we get a match that ends at the string end, since no
     // coercible string can be more right-ward without the same terminus.
+    const coerceRtlRegex = options.includePrerelease ? re[t.COERCERTLFULL] : re[t.COERCERTL]
     let next
-    while ((next = re[t.COERCERTL].exec(version)) &&
+    while ((next = coerceRtlRegex.exec(version)) &&
         (!match || match.index + match[0].length !== version.length)
     ) {
       if (!match ||
             next.index + next[0].length !== match.index + match[0].length) {
         match = next
       }
-      re[t.COERCERTL].lastIndex = next.index + next[1].length + next[2].length
+      coerceRtlRegex.lastIndex = next.index + next[1].length + next[2].length
     }
     // leave it in a clean state
-    re[t.COERCERTL].lastIndex = -1
+    coerceRtlRegex.lastIndex = -1
   }
 
   if (match === null) {
     return null
   }
 
-  return parse(`${match[2]}.${match[3] || '0'}.${match[4] || '0'}`, options)
+  const major = match[2]
+  const minor = match[3] || '0'
+  const patch = match[4] || '0'
+  const prerelease = options.includePrerelease && match[5] ? `-${match[5]}` : ''
+  const build = options.includePrerelease && match[6] ? `+${match[6]}` : ''
+
+  return parse(`${major}.${minor}.${patch}${prerelease}${build}`, options)
 }
 module.exports = coerce
diff --git a/deps/npm/node_modules/semver/internal/re.js b/deps/npm/node_modules/semver/internal/re.js
index 21150b3ec53b7d..fd8920e7baa717 100644
--- a/deps/npm/node_modules/semver/internal/re.js
+++ b/deps/npm/node_modules/semver/internal/re.js
@@ -154,12 +154,17 @@ createToken('XRANGELOOSE', `^${src[t.GTLT]}\\s*${src[t.XRANGEPLAINLOOSE]}$`)
 
 // Coercion.
 // Extract anything that could conceivably be a part of a valid semver
-createToken('COERCE', `${'(^|[^\\d])' +
+createToken('COERCEPLAIN', `${'(^|[^\\d])' +
               '(\\d{1,'}${MAX_SAFE_COMPONENT_LENGTH}})` +
               `(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?` +
-              `(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?` +
+              `(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?`)
+createToken('COERCE', `${src[t.COERCEPLAIN]}(?:$|[^\\d])`)
+createToken('COERCEFULL', src[t.COERCEPLAIN] +
+              `(?:${src[t.PRERELEASE]})?` +
+              `(?:${src[t.BUILD]})?` +
               `(?:$|[^\\d])`)
 createToken('COERCERTL', src[t.COERCE], true)
+createToken('COERCERTLFULL', src[t.COERCEFULL], true)
 
 // Tilde ranges.
 // Meaning is "reasonably at or greater than"
diff --git a/deps/npm/node_modules/semver/package.json b/deps/npm/node_modules/semver/package.json
index c145eca2f6d125..f00c6bddaebd92 100644
--- a/deps/npm/node_modules/semver/package.json
+++ b/deps/npm/node_modules/semver/package.json
@@ -1,12 +1,12 @@
 {
   "name": "semver",
-  "version": "7.5.4",
+  "version": "7.6.0",
   "description": "The semantic version parser used by npm.",
   "main": "index.js",
   "scripts": {
     "test": "tap",
     "snap": "tap",
-    "lint": "eslint \"**/*.js\"",
+    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
     "postlint": "template-oss-check",
     "lintfix": "npm run lint -- --fix",
     "posttest": "npm run lint",
@@ -14,7 +14,7 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.17.0",
+    "@npmcli/template-oss": "4.21.3",
     "tap": "^16.0.0"
   },
   "license": "ISC",
@@ -53,17 +53,8 @@
   "author": "GitHub Inc.",
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.17.0",
+    "version": "4.21.3",
     "engines": ">=10",
-    "ciVersions": [
-      "10.0.0",
-      "10.x",
-      "12.x",
-      "14.x",
-      "16.x",
-      "18.x"
-    ],
-    "npmSpec": "8",
     "distPaths": [
       "classes/",
       "functions/",
diff --git a/deps/npm/node_modules/sigstore/dist/ca/verify/chain.js b/deps/npm/node_modules/sigstore/dist/ca/verify/chain.js
deleted file mode 100644
index 3246c7a154e2d9..00000000000000
--- a/deps/npm/node_modules/sigstore/dist/ca/verify/chain.js
+++ /dev/null
@@ -1,63 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyChain = void 0;
-/*
-Copyright 2022 The Sigstore Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-const error_1 = require("../../error");
-const cert_1 = require("../../x509/cert");
-const verify_1 = require("../../x509/verify");
-function verifyChain(certificate, certificateAuthorities) {
-    const untrustedCert = cert_1.x509Certificate.parse(certificate.rawBytes);
-    // Filter the list of certificate authorities to those which are valid for the
-    // signing certificate's notBefore date.
-    const validCAs = filterCertificateAuthorities(certificateAuthorities, untrustedCert.notBefore);
-    if (validCAs.length === 0) {
-        throw new error_1.VerificationError('No valid certificate authorities');
-    }
-    let trustedChain = [];
-    // Loop through all valid CAs and attempt to verify the certificate chain
-    const verified = validCAs.find((ca) => {
-        const trustedCerts = parseCerts(ca.certChain?.certificates || []);
-        try {
-            trustedChain = (0, verify_1.verifyCertificateChain)({
-                untrustedCert,
-                trustedCerts,
-                validAt: untrustedCert.notBefore,
-            });
-            return true;
-        }
-        catch (e) {
-            return false;
-        }
-    });
-    if (!verified) {
-        throw new error_1.VerificationError('No valid certificate chain');
-    }
-    return trustedChain;
-}
-exports.verifyChain = verifyChain;
-// Filter the list of certificate authorities to those which are valid for the
-// given date.
-function filterCertificateAuthorities(certificateAuthorities, validAt) {
-    return certificateAuthorities.filter((ca) => ca.validFor &&
-        ca.validFor.start &&
-        ca.validFor.start <= validAt &&
-        (!ca.validFor.end || validAt <= ca.validFor.end));
-}
-// Parse the raw bytes of a certificate into an x509Certificate object.
-function parseCerts(certs) {
-    return certs.map((cert) => cert_1.x509Certificate.parse(cert.rawBytes));
-}
diff --git a/deps/npm/node_modules/sigstore/dist/ca/verify/index.js b/deps/npm/node_modules/sigstore/dist/ca/verify/index.js
deleted file mode 100644
index 32f85c828fe5a4..00000000000000
--- a/deps/npm/node_modules/sigstore/dist/ca/verify/index.js
+++ /dev/null
@@ -1,22 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifySigningCertificate = void 0;
-const chain_1 = require("./chain");
-const sct_1 = require("./sct");
-const signer_1 = require("./signer");
-function verifySigningCertificate(bundle, trustedRoot, options) {
-    // Check that a trusted certificate chain can be found for the signing
-    // certificate in the bundle. Only the first certificate in the bundle's
-    // chain is used -- everything else must come from the trusted root.
-    const trustedChain = (0, chain_1.verifyChain)(bundle.verificationMaterial.content.x509CertificateChain.certificates[0], trustedRoot.certificateAuthorities);
-    // Unless disabled, verify the SCTs in the signing certificate
-    if (options.ctlogOptions.disable === false) {
-        (0, sct_1.verifySCTs)(trustedChain, trustedRoot.ctlogs, options.ctlogOptions);
-    }
-    // Verify the signing certificate against the provided identities
-    // if provided
-    if (options.signers) {
-        (0, signer_1.verifySignerIdentity)(trustedChain[0], options.signers.certificateIdentities);
-    }
-}
-exports.verifySigningCertificate = verifySigningCertificate;
diff --git a/deps/npm/node_modules/sigstore/dist/ca/verify/sct.js b/deps/npm/node_modules/sigstore/dist/ca/verify/sct.js
deleted file mode 100644
index 771c6dd4c0a7f1..00000000000000
--- a/deps/npm/node_modules/sigstore/dist/ca/verify/sct.js
+++ /dev/null
@@ -1,30 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifySCTs = void 0;
-/*
-Copyright 2022 The Sigstore Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-const error_1 = require("../../error");
-function verifySCTs(certificateChain, ctLogs, options) {
-    const signingCert = certificateChain[0];
-    const issuerCert = certificateChain[1];
-    const sctResults = signingCert.verifySCTs(issuerCert, ctLogs);
-    // Count the number of verified SCTs which were found
-    const verifiedSCTCount = sctResults.filter((sct) => sct.verified).length;
-    if (verifiedSCTCount < options.threshold) {
-        throw new error_1.VerificationError(`Not enough SCTs verified (found ${verifiedSCTCount}, need ${options.threshold})`);
-    }
-}
-exports.verifySCTs = verifySCTs;
diff --git a/deps/npm/node_modules/sigstore/dist/ca/verify/signer.js b/deps/npm/node_modules/sigstore/dist/ca/verify/signer.js
deleted file mode 100644
index 6f47651b944c94..00000000000000
--- a/deps/npm/node_modules/sigstore/dist/ca/verify/signer.js
+++ /dev/null
@@ -1,146 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifySignerIdentity = void 0;
-/*
-Copyright 2023 The Sigstore Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-const error_1 = require("../../error");
-const sigstore = __importStar(require("../../types/sigstore"));
-// https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md#1361415726411--issuer
-const OID_FULCIO_ISSUER = '1.3.6.1.4.1.57264.1.1';
-// https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md#1361415726417--othername-san
-const OID_FULCIO_USERNAME_SUBJECT = '1.3.6.1.4.1.57264.1.7';
-// Verifies the identity embedded in a Fulcio-issued signing certificate against
-// the list of trusted identities. Returns without error if at least one of the
-// identities matches the signing certificate; otherwise, throws a
-// VerificationError.
-function verifySignerIdentity(signingCert, identities) {
-    // Check that the signing certificate was issued to at least one of the
-    // specified identities
-    const signerVerified = identities.identities.some((identity) => verifyIdentity(signingCert, identity));
-    if (!signerVerified) {
-        throw new error_1.PolicyError({
-            code: 'UNTRUSTED_SIGNER_ERROR',
-            message: 'Certificate issued to untrusted signer',
-        });
-    }
-}
-exports.verifySignerIdentity = verifySignerIdentity;
-// Checks that the specified certificate was issued to the specified identity.
-// The certificate must match the issuer, subject alternative name, and an
-// optional list of certificate extensions. Returns true if the certificate was
-// issued to the identity; otherwise, returns false.
-function verifyIdentity(cert, identity) {
-    return (verifyIssuer(cert, identity.issuer) &&
-        verifySAN(cert, identity.san) &&
-        verifyOIDs(cert, identity.oids));
-}
-// Checks the Fulcio issuer extension against the expected issuer. Returns true
-// if the issuer matches; otherwise, returns false.
-function verifyIssuer(cert, issuer) {
-    const issuerExtension = cert.extension(OID_FULCIO_ISSUER);
-    return issuerExtension?.value.toString('ascii') === issuer;
-}
-// Checks the certificate against the expected subject alternative name. Returns
-// true if the SAN matches; otherwise, returns false.
-function verifySAN(cert, expectedSAN) {
-    // Fail if the SAN is not specified or is not a supported type
-    if (expectedSAN === undefined ||
-        expectedSAN.identity === undefined ||
-        expectedSAN.type ===
-            sigstore.SubjectAlternativeNameType
-                .SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED) {
-        return false;
-    }
-    const sanExtension = cert.extSubjectAltName;
-    // Fail if the certificate does not have a SAN extension
-    if (!sanExtension) {
-        return false;
-    }
-    let sanValue;
-    switch (expectedSAN.type) {
-        case sigstore.SubjectAlternativeNameType.EMAIL:
-            sanValue = sanExtension.rfc822Name;
-            break;
-        case sigstore.SubjectAlternativeNameType.URI:
-            sanValue = sanExtension.uri;
-            break;
-        case sigstore.SubjectAlternativeNameType.OTHER_NAME:
-            sanValue = sanExtension.otherName(OID_FULCIO_USERNAME_SUBJECT);
-            break;
-    }
-    // Missing SAN value is an automatic failure
-    if (sanValue === undefined) {
-        return false;
-    }
-    let match;
-    switch (expectedSAN.identity.$case) {
-        case 'value':
-            match = expectedSAN.identity.value;
-            break;
-        case 'regexp':
-            // TODO support regex
-            break;
-    }
-    return sanValue === match;
-}
-// Checks that the certificate contains the specified extensions. Returns true
-// if all extensions are present and match the expected values; otherwise,
-// returns false.
-function verifyOIDs(cert, oids) {
-    return oids.every((expectedExtension) => {
-        if (!expectedExtension.oid) {
-            return false;
-        }
-        const oid = expectedExtension.oid.id.join('.');
-        const extension = cert.extension(oid);
-        // If the extension is not present, or there is no value, return false
-        const valueObj = extension?.valueObj;
-        if (!valueObj) {
-            return false;
-        }
-        // Check to see if this is a newer style extension with an embedded
-        // UTF8String, or an older style extension with a raw string
-        if (valueObj.subs.length > 0) {
-            return valueObj.subs[0].value.equals(expectedExtension.value);
-        }
-        else {
-            return valueObj.value.equals(expectedExtension.value);
-        }
-    });
-}
diff --git a/deps/npm/node_modules/sigstore/dist/config.js b/deps/npm/node_modules/sigstore/dist/config.js
index 43c236f0eebd07..b4f0eea74fa4b4 100644
--- a/deps/npm/node_modules/sigstore/dist/config.js
+++ b/deps/npm/node_modules/sigstore/dist/config.js
@@ -1,29 +1,6 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.artifactVerificationOptions = exports.createBundleBuilder = exports.DEFAULT_TIMEOUT = exports.DEFAULT_RETRY = void 0;
+exports.createVerificationPolicy = exports.createKeyFinder = exports.createBundleBuilder = exports.DEFAULT_TIMEOUT = exports.DEFAULT_RETRY = void 0;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -39,8 +16,9 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
+const core_1 = require("@sigstore/core");
 const sign_1 = require("@sigstore/sign");
-const sigstore = __importStar(require("./types/sigstore"));
+const verify_1 = require("@sigstore/verify");
 exports.DEFAULT_RETRY = { retries: 2 };
 exports.DEFAULT_TIMEOUT = 5000;
 function createBundleBuilder(bundleType, options) {
@@ -56,6 +34,36 @@ function createBundleBuilder(bundleType, options) {
     }
 }
 exports.createBundleBuilder = createBundleBuilder;
+// Translates the public KeySelector type into the KeyFinderFunc type needed by
+// the verifier.
+function createKeyFinder(keySelector) {
+    return (hint) => {
+        const key = keySelector(hint);
+        if (!key) {
+            throw new verify_1.VerificationError({
+                code: 'PUBLIC_KEY_ERROR',
+                message: `key not found: ${hint}`,
+            });
+        }
+        return {
+            publicKey: core_1.crypto.createPublicKey(key),
+            validFor: () => true,
+        };
+    };
+}
+exports.createKeyFinder = createKeyFinder;
+function createVerificationPolicy(options) {
+    const policy = {};
+    const san = options.certificateIdentityEmail || options.certificateIdentityURI;
+    if (san) {
+        policy.subjectAlternativeName = san;
+    }
+    if (options.certificateIssuer) {
+        policy.extensions = { issuer: options.certificateIssuer };
+    }
+    return policy;
+}
+exports.createVerificationPolicy = createVerificationPolicy;
 // Instantiate the FulcioSigner based on the supplied options.
 function initSigner(options) {
     return new sign_1.FulcioSigner({
@@ -71,6 +79,7 @@ function initSigner(options) {
 function initIdentityProvider(options) {
     const token = options.identityToken;
     if (token) {
+        /* istanbul ignore next */
         return { getToken: () => Promise.resolve(token) };
     }
     else {
@@ -105,61 +114,3 @@ function isRekorEnabled(options) {
 function isTSAEnabled(options) {
     return options.tsaServerURL !== undefined;
 }
-// Assembles the AtifactVerificationOptions from the supplied VerifyOptions.
-function artifactVerificationOptions(options) {
-    // The trusted signers are only used if the options contain a certificate
-    // issuer
-    let signers;
-    if (options.certificateIssuer) {
-        let san = undefined;
-        if (options.certificateIdentityEmail) {
-            san = {
-                type: sigstore.SubjectAlternativeNameType.EMAIL,
-                identity: {
-                    $case: 'value',
-                    value: options.certificateIdentityEmail,
-                },
-            };
-        }
-        else if (options.certificateIdentityURI) {
-            san = {
-                type: sigstore.SubjectAlternativeNameType.URI,
-                identity: {
-                    $case: 'value',
-                    value: options.certificateIdentityURI,
-                },
-            };
-        }
-        const oids = Object.entries(options.certificateOIDs || /* istanbul ignore next */ {}).map(([oid, value]) => ({
-            oid: { id: oid.split('.').map((s) => parseInt(s, 10)) },
-            value: Buffer.from(value),
-        }));
-        signers = {
-            $case: 'certificateIdentities',
-            certificateIdentities: {
-                identities: [
-                    {
-                        issuer: options.certificateIssuer,
-                        san: san,
-                        oids: oids,
-                    },
-                ],
-            },
-        };
-    }
-    // Construct the artifact verification options w/ defaults
-    return {
-        ctlogOptions: {
-            disable: options.ctLogThreshold === 0,
-            threshold: options.ctLogThreshold ?? 1,
-            detachedSct: false,
-        },
-        tlogOptions: {
-            disable: options.tlogThreshold === 0,
-            threshold: options.tlogThreshold ?? 1,
-            performOnlineVerification: false,
-        },
-        signers,
-    };
-}
-exports.artifactVerificationOptions = artifactVerificationOptions;
diff --git a/deps/npm/node_modules/sigstore/dist/index.js b/deps/npm/node_modules/sigstore/dist/index.js
index 341c1fa504d1e8..7f6a5cf86bbfcb 100644
--- a/deps/npm/node_modules/sigstore/dist/index.js
+++ b/deps/npm/node_modules/sigstore/dist/index.js
@@ -24,9 +24,9 @@ Object.defineProperty(exports, "DEFAULT_REKOR_URL", { enumerable: true, get: fun
 Object.defineProperty(exports, "InternalError", { enumerable: true, get: function () { return sign_1.InternalError; } });
 var tuf_1 = require("@sigstore/tuf");
 Object.defineProperty(exports, "TUFError", { enumerable: true, get: function () { return tuf_1.TUFError; } });
-var error_1 = require("./error");
-Object.defineProperty(exports, "PolicyError", { enumerable: true, get: function () { return error_1.PolicyError; } });
-Object.defineProperty(exports, "VerificationError", { enumerable: true, get: function () { return error_1.VerificationError; } });
+var verify_1 = require("@sigstore/verify");
+Object.defineProperty(exports, "PolicyError", { enumerable: true, get: function () { return verify_1.PolicyError; } });
+Object.defineProperty(exports, "VerificationError", { enumerable: true, get: function () { return verify_1.VerificationError; } });
 var sigstore_1 = require("./sigstore");
 Object.defineProperty(exports, "attest", { enumerable: true, get: function () { return sigstore_1.attest; } });
 Object.defineProperty(exports, "createVerifier", { enumerable: true, get: function () { return sigstore_1.createVerifier; } });
diff --git a/deps/npm/node_modules/sigstore/dist/sigstore.js b/deps/npm/node_modules/sigstore/dist/sigstore.js
index 24fff291ab2b7e..79d3440670cd50 100644
--- a/deps/npm/node_modules/sigstore/dist/sigstore.js
+++ b/deps/npm/node_modules/sigstore/dist/sigstore.js
@@ -41,8 +41,8 @@ limitations under the License.
 */
 const bundle_1 = require("@sigstore/bundle");
 const tuf = __importStar(require("@sigstore/tuf"));
+const verify_1 = require("@sigstore/verify");
 const config = __importStar(require("./config"));
-const verify_1 = require("./verify");
 async function sign(payload,
 /* istanbul ignore next */
 options = {}) {
@@ -77,15 +77,26 @@ options = {}) {
         mirrorURL: options.tufMirrorURL,
         rootPath: options.tufRootPath,
         cachePath: options.tufCachePath,
+        forceCache: options.tufForceCache,
         retry: options.retry ?? config.DEFAULT_RETRY,
         timeout: options.timeout ?? config.DEFAULT_TIMEOUT,
     });
-    const verifier = new verify_1.Verifier(trustedRoot, options.keySelector);
-    const verifyOpts = config.artifactVerificationOptions(options);
+    const keyFinder = options.keySelector
+        ? config.createKeyFinder(options.keySelector)
+        : undefined;
+    const trustMaterial = (0, verify_1.toTrustMaterial)(trustedRoot, keyFinder);
+    const verifierOptions = {
+        ctlogThreshold: options.ctLogThreshold,
+        tlogThreshold: options.tlogThreshold,
+    };
+    const verifier = new verify_1.Verifier(trustMaterial, verifierOptions);
+    const policy = config.createVerificationPolicy(options);
     return {
         verify: (bundle, payload) => {
             const deserializedBundle = (0, bundle_1.bundleFromJSON)(bundle);
-            return verifier.verify(deserializedBundle, verifyOpts, payload);
+            const signedEntity = (0, verify_1.toSignedEntity)(deserializedBundle, payload);
+            verifier.verify(signedEntity, policy);
+            return;
         },
     };
 }
diff --git a/deps/npm/node_modules/sigstore/dist/tlog/verify/body.js b/deps/npm/node_modules/sigstore/dist/tlog/verify/body.js
deleted file mode 100644
index 5a265e5190c125..00000000000000
--- a/deps/npm/node_modules/sigstore/dist/tlog/verify/body.js
+++ /dev/null
@@ -1,152 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyTLogBody = void 0;
-/*
-Copyright 2023 The Sigstore Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-const error_1 = require("../../error");
-const util_1 = require("../../util");
-const TLOG_MISMATCH_ERROR_MSG = 'bundle content and tlog entry do not match';
-// Compare the given tlog entry to the given bundle
-function verifyTLogBody(entry, bundleContent) {
-    const { kind, version } = entry.kindVersion;
-    const body = JSON.parse(entry.canonicalizedBody.toString('utf8'));
-    try {
-        if (kind !== body.kind || version !== body.apiVersion) {
-            throw new error_1.VerificationError(TLOG_MISMATCH_ERROR_MSG);
-        }
-        switch (body.kind) {
-            case 'dsse':
-                verifyDSSETLogBody(body, bundleContent);
-                break;
-            case 'intoto':
-                verifyIntotoTLogBody(body, bundleContent);
-                break;
-            case 'hashedrekord':
-                verifyHashedRekordTLogBody(body, bundleContent);
-                break;
-            default:
-                throw new error_1.VerificationError(`unsupported kind in tlog entry: ${kind}`);
-        }
-        return true;
-    }
-    catch (e) {
-        return false;
-    }
-}
-exports.verifyTLogBody = verifyTLogBody;
-// Compare the given intoto tlog entry to the given bundle
-function verifyDSSETLogBody(tlogEntry, content) {
-    if (content?.$case !== 'dsseEnvelope') {
-        throw new error_1.VerificationError(`unsupported bundle content: ${content?.$case || 'unknown'}`);
-    }
-    const dsse = content.dsseEnvelope;
-    switch (tlogEntry.apiVersion) {
-        case '0.0.1':
-            verifyDSSE001TLogBody(tlogEntry, dsse);
-            break;
-        default:
-            throw new error_1.VerificationError(`unsupported dsse version: ${tlogEntry.apiVersion}`);
-    }
-}
-// Compare the given intoto tlog entry to the given bundle
-function verifyIntotoTLogBody(tlogEntry, content) {
-    if (content?.$case !== 'dsseEnvelope') {
-        throw new error_1.VerificationError(`unsupported bundle content: ${content?.$case || 'unknown'}`);
-    }
-    const dsse = content.dsseEnvelope;
-    switch (tlogEntry.apiVersion) {
-        case '0.0.2':
-            verifyIntoto002TLogBody(tlogEntry, dsse);
-            break;
-        default:
-            throw new error_1.VerificationError(`unsupported intoto version: ${tlogEntry.apiVersion}`);
-    }
-}
-// Compare the given hashedrekord tlog entry to the given bundle
-function verifyHashedRekordTLogBody(tlogEntry, content) {
-    if (content?.$case !== 'messageSignature') {
-        throw new error_1.VerificationError(`unsupported bundle content: ${content?.$case || 'unknown'}`);
-    }
-    const messageSignature = content.messageSignature;
-    switch (tlogEntry.apiVersion) {
-        case '0.0.1':
-            verifyHashedrekor001TLogBody(tlogEntry, messageSignature);
-            break;
-        default:
-            throw new error_1.VerificationError(`unsupported hashedrekord version: ${tlogEntry.apiVersion}`);
-    }
-}
-// Compare the given dsse v0.0.1 tlog entry to the given DSSE envelope.
-function verifyDSSE001TLogBody(tlogEntry, dsse) {
-    // Collect all of the signatures from the DSSE envelope
-    // Turns them into base64-encoded strings for comparison
-    const dsseSigs = dsse.signatures.map((signature) => signature.sig.toString('base64'));
-    // Collect all of the signatures from the tlog entry
-    const tlogSigs = tlogEntry.spec.signatures?.map((signature) => signature.signature);
-    // Ensure the bundle's DSSE and the tlog entry contain the same number of signatures
-    if (dsseSigs.length !== tlogSigs?.length) {
-        throw new error_1.VerificationError(TLOG_MISMATCH_ERROR_MSG);
-    }
-    // Ensure that every signature in the bundle's DSSE is present in the tlog entry
-    if (!dsseSigs.every((dsseSig) => tlogSigs.includes(dsseSig))) {
-        throw new error_1.VerificationError(TLOG_MISMATCH_ERROR_MSG);
-    }
-    // Ensure the digest of the bundle's DSSE payload matches the digest in the
-    // tlog entry
-    const dssePayloadHash = util_1.crypto.hash(dsse.payload).toString('hex');
-    if (dssePayloadHash !== tlogEntry.spec.payloadHash?.value) {
-        throw new error_1.VerificationError(TLOG_MISMATCH_ERROR_MSG);
-    }
-}
-// Compare the given intoto v0.0.2 tlog entry to the given DSSE envelope.
-function verifyIntoto002TLogBody(tlogEntry, dsse) {
-    // Collect all of the signatures from the DSSE envelope
-    // Turns them into base64-encoded strings for comparison
-    const dsseSigs = dsse.signatures.map((signature) => signature.sig.toString('base64'));
-    // Collect all of the signatures from the tlog entry
-    // Remember that tlog signastures are double base64-encoded
-    const tlogSigs = tlogEntry.spec.content.envelope?.signatures.map((signature) => (signature.sig ? util_1.encoding.base64Decode(signature.sig) : ''));
-    // Ensure the bundle's DSSE and the tlog entry contain the same number of signatures
-    if (dsseSigs.length !== tlogSigs?.length) {
-        throw new error_1.VerificationError(TLOG_MISMATCH_ERROR_MSG);
-    }
-    // Ensure that every signature in the bundle's DSSE is present in the tlog entry
-    if (!dsseSigs.every((dsseSig) => tlogSigs.includes(dsseSig))) {
-        throw new error_1.VerificationError(TLOG_MISMATCH_ERROR_MSG);
-    }
-    // Ensure the digest of the bundle's DSSE payload matches the digest in the
-    // tlog entry
-    const dssePayloadHash = util_1.crypto.hash(dsse.payload).toString('hex');
-    if (dssePayloadHash !== tlogEntry.spec.content.payloadHash?.value) {
-        throw new error_1.VerificationError(TLOG_MISMATCH_ERROR_MSG);
-    }
-}
-// Compare the given hashedrekord v0.0.1 tlog entry to the given message
-// signature
-function verifyHashedrekor001TLogBody(tlogEntry, messageSignature) {
-    // Ensure that the bundles message signature matches the tlog entry
-    const msgSig = messageSignature.signature.toString('base64');
-    const tlogSig = tlogEntry.spec.signature.content;
-    if (msgSig !== tlogSig) {
-        throw new error_1.VerificationError(TLOG_MISMATCH_ERROR_MSG);
-    }
-    // Ensure that the bundle's message digest matches the tlog entry
-    const msgDigest = messageSignature.messageDigest?.digest.toString('hex');
-    const tlogDigest = tlogEntry.spec.data.hash?.value;
-    if (msgDigest !== tlogDigest) {
-        throw new error_1.VerificationError(TLOG_MISMATCH_ERROR_MSG);
-    }
-}
diff --git a/deps/npm/node_modules/sigstore/dist/tlog/verify/index.js b/deps/npm/node_modules/sigstore/dist/tlog/verify/index.js
deleted file mode 100644
index 9224feffde00b0..00000000000000
--- a/deps/npm/node_modules/sigstore/dist/tlog/verify/index.js
+++ /dev/null
@@ -1,92 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyTLogEntries = void 0;
-/*
-Copyright 2023 The Sigstore Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-const bundle_1 = require("@sigstore/bundle");
-const error_1 = require("../../error");
-const cert_1 = require("../../x509/cert");
-const body_1 = require("./body");
-const checkpoint_1 = require("./checkpoint");
-const merkle_1 = require("./merkle");
-const set_1 = require("./set");
-// Verifies that the number of tlog entries that pass offline verification
-// is greater than or equal to the threshold specified in the options.
-function verifyTLogEntries(bundle, trustedRoot, options) {
-    if (bundle.mediaType === bundle_1.BUNDLE_V01_MEDIA_TYPE) {
-        (0, bundle_1.assertBundleV01)(bundle);
-        verifyTLogEntriesForBundleV01(bundle, trustedRoot, options);
-    }
-    else {
-        (0, bundle_1.assertBundleLatest)(bundle);
-        verifyTLogEntriesForBundleLatest(bundle, trustedRoot, options);
-    }
-}
-exports.verifyTLogEntries = verifyTLogEntries;
-function verifyTLogEntriesForBundleV01(bundle, trustedRoot, options) {
-    if (options.performOnlineVerification) {
-        throw new error_1.VerificationError('Online verification not implemented');
-    }
-    // Extract the signing cert, if available
-    const signingCert = signingCertificate(bundle);
-    // Iterate over the tlog entries and verify each one
-    const verifiedEntries = bundle.verificationMaterial.tlogEntries.filter((entry) => verifyTLogEntryWithInclusionPromise(entry, bundle.content, trustedRoot.tlogs, signingCert));
-    if (verifiedEntries.length < options.threshold) {
-        throw new error_1.VerificationError('tlog verification failed');
-    }
-}
-function verifyTLogEntriesForBundleLatest(bundle, trustedRoot, options) {
-    if (options.performOnlineVerification) {
-        throw new error_1.VerificationError('Online verification not implemented');
-    }
-    // Extract the signing cert, if available
-    const signingCert = signingCertificate(bundle);
-    // Iterate over the tlog entries and verify each one
-    const verifiedEntries = bundle.verificationMaterial.tlogEntries.filter((entry) => verifyTLogEntryWithInclusionProof(entry, bundle.content, trustedRoot.tlogs, signingCert));
-    if (verifiedEntries.length < options.threshold) {
-        throw new error_1.VerificationError('tlog verification failed');
-    }
-}
-function verifyTLogEntryWithInclusionPromise(entry, bundleContent, tlogs, signingCert) {
-    // If there is a signing certificate availble, check that the tlog integrated
-    // time is within the certificate's validity period; otherwise, skip this
-    // check.
-    const verifyTLogIntegrationTime = signingCert
-        ? () => signingCert.validForDate(new Date(Number(entry.integratedTime) * 1000))
-        : () => true;
-    return ((0, body_1.verifyTLogBody)(entry, bundleContent) &&
-        (0, set_1.verifyTLogSET)(entry, tlogs) &&
-        verifyTLogIntegrationTime());
-}
-function verifyTLogEntryWithInclusionProof(entry, bundleContent, tlogs, signingCert) {
-    // If there is a signing certificate availble, check that the tlog integrated
-    // time is within the certificate's validity period; otherwise, skip this
-    // check.
-    const verifyTLogIntegrationTime = signingCert
-        ? () => signingCert.validForDate(new Date(Number(entry.integratedTime) * 1000))
-        : () => true;
-    return ((0, body_1.verifyTLogBody)(entry, bundleContent) &&
-        (0, merkle_1.verifyMerkleInclusion)(entry) &&
-        (0, checkpoint_1.verifyCheckpoint)(entry, tlogs) &&
-        verifyTLogIntegrationTime());
-}
-function signingCertificate(bundle) {
-    if (!(0, bundle_1.isBundleWithCertificateChain)(bundle)) {
-        return undefined;
-    }
-    const signingCert = bundle.verificationMaterial.content.x509CertificateChain.certificates[0];
-    return cert_1.x509Certificate.parse(signingCert.rawBytes);
-}
diff --git a/deps/npm/node_modules/sigstore/dist/tlog/verify/set.js b/deps/npm/node_modules/sigstore/dist/tlog/verify/set.js
deleted file mode 100644
index 959cd5883f1cad..00000000000000
--- a/deps/npm/node_modules/sigstore/dist/tlog/verify/set.js
+++ /dev/null
@@ -1,64 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyTLogSET = void 0;
-const util_1 = require("../../util");
-// Verifies the SET for the given entry against the list of trusted
-// transparency logs. Returns true if the SET can be verified against at least
-// one of the trusted logs; otherwise, returns false.
-function verifyTLogSET(entry, tlogs) {
-    // Filter the list of tlog instances to only those which might be able to
-    // verify the SET
-    const validTLogs = filterTLogInstances(tlogs, entry.logId.keyId, entry.integratedTime);
-    // Check to see if we can verify the SET against any of the valid tlogs
-    return validTLogs.some((tlog) => {
-        const publicKey = util_1.crypto.createPublicKey(tlog.publicKey.rawBytes);
-        // Re-create the original Rekor verification payload
-        const payload = toVerificationPayload(entry);
-        // Canonicalize the payload and turn into a buffer for verification
-        const data = Buffer.from(util_1.json.canonicalize(payload), 'utf8');
-        // Extract the SET from the tlog entry
-        const signature = entry.inclusionPromise.signedEntryTimestamp;
-        return util_1.crypto.verifyBlob(data, publicKey, signature);
-    });
-}
-exports.verifyTLogSET = verifyTLogSET;
-// Returns a properly formatted "VerificationPayload" for one of the
-// transaction log entires in the given bundle which can be used for SET
-// verification.
-function toVerificationPayload(entry) {
-    const { integratedTime, logIndex, logId, canonicalizedBody } = entry;
-    return {
-        body: canonicalizedBody.toString('base64'),
-        integratedTime: Number(integratedTime),
-        logIndex: Number(logIndex),
-        logID: logId.keyId.toString('hex'),
-    };
-}
-// Filter the list of tlog instances to only those which match the given log
-// ID and have public keys which are valid for the given integrated time.
-function filterTLogInstances(tlogInstances, logID, integratedTime) {
-    const targetDate = new Date(Number(integratedTime) * 1000);
-    return tlogInstances.filter((tlog) => {
-        // If the log IDs don't match, we can't use this tlog
-        if (!tlog.logId?.keyId.equals(logID)) {
-            return false;
-        }
-        // If the tlog doesn't have a public key, we can't use it
-        const publicKey = tlog.publicKey;
-        if (publicKey === undefined) {
-            return false;
-        }
-        // If the tlog doesn't have a rawBytes field, we can't use it
-        if (publicKey.rawBytes === undefined) {
-            return false;
-        }
-        // If the tlog doesn't have a validFor field, we don't need to check it
-        if (publicKey.validFor === undefined) {
-            return true;
-        }
-        // Check that the integrated time is within the validFor range
-        return (publicKey.validFor.start !== undefined &&
-            publicKey.validFor.start <= targetDate &&
-            (!publicKey.validFor.end || targetDate <= publicKey.validFor.end));
-    });
-}
diff --git a/deps/npm/node_modules/sigstore/dist/types/sigstore.js b/deps/npm/node_modules/sigstore/dist/types/sigstore.js
deleted file mode 100644
index 36efb67e38a5eb..00000000000000
--- a/deps/npm/node_modules/sigstore/dist/types/sigstore.js
+++ /dev/null
@@ -1,27 +0,0 @@
-"use strict";
-/*
-Copyright 2023 The Sigstore Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.isCAVerificationOptions = exports.SubjectAlternativeNameType = void 0;
-// Enums from protobuf-specs
-var protobuf_specs_1 = require("@sigstore/protobuf-specs");
-Object.defineProperty(exports, "SubjectAlternativeNameType", { enumerable: true, get: function () { return protobuf_specs_1.SubjectAlternativeNameType; } });
-function isCAVerificationOptions(options) {
-    return (options.ctlogOptions !== undefined &&
-        (options.signers === undefined ||
-            options.signers.$case === 'certificateIdentities'));
-}
-exports.isCAVerificationOptions = isCAVerificationOptions;
diff --git a/deps/npm/node_modules/sigstore/dist/util/asn1/dump.js b/deps/npm/node_modules/sigstore/dist/util/asn1/dump.js
deleted file mode 100644
index b44605455ba00f..00000000000000
--- a/deps/npm/node_modules/sigstore/dist/util/asn1/dump.js
+++ /dev/null
@@ -1,97 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.dump = void 0;
-const tag_1 = require("./tag");
-// Utility function to dump the contents of an ASN1Obj to the console.
-function dump(obj, indent = 0) {
-    let str = ' '.repeat(indent);
-    str += tagToString(obj.tag) + ' ';
-    if (obj.tag.isUniversal()) {
-        switch (obj.tag.number) {
-            case tag_1.UNIVERSAL_TAG.BOOLEAN:
-                str += obj.toBoolean();
-                break;
-            case tag_1.UNIVERSAL_TAG.INTEGER:
-                str += `(${obj.value.length} byte) `;
-                str += obj.toInteger();
-                break;
-            case tag_1.UNIVERSAL_TAG.BIT_STRING: {
-                const bits = obj.toBitString();
-                str += `(${bits.length} bit) `;
-                str += truncate(bits.map((bit) => bit.toString()).join(''));
-                break;
-            }
-            case tag_1.UNIVERSAL_TAG.OBJECT_IDENTIFIER:
-                str += obj.toOID();
-                break;
-            case tag_1.UNIVERSAL_TAG.SEQUENCE:
-            case tag_1.UNIVERSAL_TAG.SET:
-                str += `(${obj.subs.length} elem) `;
-                break;
-            case tag_1.UNIVERSAL_TAG.PRINTABLE_STRING:
-                str += obj.value.toString('ascii');
-                break;
-            case tag_1.UNIVERSAL_TAG.UTC_TIME:
-            case tag_1.UNIVERSAL_TAG.GENERALIZED_TIME:
-                str += obj.toDate().toUTCString();
-                break;
-            default:
-                str += `(${obj.value.length} byte) `;
-                str += isASCII(obj.value)
-                    ? obj.value.toString('ascii')
-                    : truncate(obj.value.toString('hex').toUpperCase());
-        }
-    }
-    else {
-        if (obj.tag.constructed) {
-            str += `(${obj.subs.length} elem) `;
-        }
-        else {
-            str += `(${obj.value.length} byte) `;
-            str += isASCII(obj.value)
-                ? obj.value.toString('ascii')
-                : obj.value.toString('hex').toUpperCase();
-        }
-    }
-    console.log(str);
-    // Recursive call for children
-    obj.subs.forEach((sub) => dump(sub, indent + 2));
-}
-exports.dump = dump;
-function tagToString(tag) {
-    if (tag.isContextSpecific()) {
-        return `[${tag.number.toString(16)}]`;
-    }
-    else {
-        switch (tag.number) {
-            case tag_1.UNIVERSAL_TAG.BOOLEAN:
-                return 'BOOLEAN';
-            case tag_1.UNIVERSAL_TAG.INTEGER:
-                return 'INTEGER';
-            case tag_1.UNIVERSAL_TAG.BIT_STRING:
-                return 'BIT STRING';
-            case tag_1.UNIVERSAL_TAG.OCTET_STRING:
-                return 'OCTET STRING';
-            case tag_1.UNIVERSAL_TAG.OBJECT_IDENTIFIER:
-                return 'OBJECT IDENTIFIER';
-            case tag_1.UNIVERSAL_TAG.SEQUENCE:
-                return 'SEQUENCE';
-            case tag_1.UNIVERSAL_TAG.SET:
-                return 'SET';
-            case tag_1.UNIVERSAL_TAG.PRINTABLE_STRING:
-                return 'PrintableString';
-            case tag_1.UNIVERSAL_TAG.UTC_TIME:
-                return 'UTCTime';
-            case tag_1.UNIVERSAL_TAG.GENERALIZED_TIME:
-                return 'GeneralizedTime';
-            default:
-                return tag.number.toString(16);
-        }
-    }
-}
-function isASCII(buf) {
-    return buf.every((b) => b >= 32 && b <= 126);
-}
-function truncate(str) {
-    return str.length > 70 ? str.substring(0, 69) + '...' : str;
-}
diff --git a/deps/npm/node_modules/sigstore/dist/util/dsse.js b/deps/npm/node_modules/sigstore/dist/util/dsse.js
deleted file mode 100644
index bba7baa6bbfb89..00000000000000
--- a/deps/npm/node_modules/sigstore/dist/util/dsse.js
+++ /dev/null
@@ -1,25 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.preAuthEncoding = void 0;
-/*
-Copyright 2022 The Sigstore Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-const PAE_PREFIX = 'DSSEv1';
-// DSSE Pre-Authentication Encoding
-function preAuthEncoding(payloadType, payload) {
-    const prefix = Buffer.from(`${PAE_PREFIX} ${payloadType.length} ${payloadType} ${payload.length} `, 'ascii');
-    return Buffer.concat([prefix, payload]);
-}
-exports.preAuthEncoding = preAuthEncoding;
diff --git a/deps/npm/node_modules/sigstore/dist/util/encoding.js b/deps/npm/node_modules/sigstore/dist/util/encoding.js
deleted file mode 100644
index 8674d779b61f98..00000000000000
--- a/deps/npm/node_modules/sigstore/dist/util/encoding.js
+++ /dev/null
@@ -1,46 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.base64URLUnescape = exports.base64URLEscape = exports.base64URLDecode = exports.base64URLEncode = exports.base64Decode = exports.base64Encode = void 0;
-/*
-Copyright 2022 The Sigstore Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-const BASE64_ENCODING = 'base64';
-const UTF8_ENCODING = 'utf-8';
-function base64Encode(str) {
-    return Buffer.from(str, UTF8_ENCODING).toString(BASE64_ENCODING);
-}
-exports.base64Encode = base64Encode;
-function base64Decode(str) {
-    return Buffer.from(str, BASE64_ENCODING).toString(UTF8_ENCODING);
-}
-exports.base64Decode = base64Decode;
-function base64URLEncode(str) {
-    return base64URLEscape(base64Encode(str));
-}
-exports.base64URLEncode = base64URLEncode;
-function base64URLDecode(str) {
-    return base64Decode(base64URLUnescape(str));
-}
-exports.base64URLDecode = base64URLDecode;
-function base64URLEscape(str) {
-    return str.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-}
-exports.base64URLEscape = base64URLEscape;
-function base64URLUnescape(str) {
-    // Repad the base64 string if necessary
-    str += '='.repeat((4 - (str.length % 4)) % 4);
-    return str.replace(/-/g, '+').replace(/_/g, '/');
-}
-exports.base64URLUnescape = base64URLUnescape;
diff --git a/deps/npm/node_modules/sigstore/dist/verify.js b/deps/npm/node_modules/sigstore/dist/verify.js
deleted file mode 100644
index a3dc4b307e4953..00000000000000
--- a/deps/npm/node_modules/sigstore/dist/verify.js
+++ /dev/null
@@ -1,160 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Verifier = void 0;
-/*
-Copyright 2023 The Sigstore Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-const bundle_1 = require("@sigstore/bundle");
-const ca = __importStar(require("./ca/verify"));
-const error_1 = require("./error");
-const tlog = __importStar(require("./tlog/verify"));
-const sigstore = __importStar(require("./types/sigstore"));
-const util_1 = require("./util");
-class Verifier {
-    constructor(trustedRoot, keySelector) {
-        this.trustedRoot = trustedRoot;
-        this.keySelector = keySelector || (() => undefined);
-    }
-    // Verifies the bundle signature, the bundle's certificate chain (if present)
-    // and the bundle's transparency log entries.
-    verify(bundle, options, data) {
-        this.verifyArtifactSignature(bundle, data);
-        if ((0, bundle_1.isBundleWithCertificateChain)(bundle)) {
-            this.verifySigningCertificate(bundle, options);
-        }
-        if (options.tlogOptions.disable === false) {
-            this.verifyTLogEntries(bundle, options);
-        }
-    }
-    // Performs bundle signature verification. Determines the type of the bundle
-    // content and delegates to the appropriate signature verification function.
-    verifyArtifactSignature(bundle, data) {
-        const publicKey = this.getPublicKey(bundle);
-        switch (bundle.content?.$case) {
-            case 'messageSignature':
-                if (!data) {
-                    throw new error_1.VerificationError('no data provided for message signature verification');
-                }
-                verifyMessageSignature(data, bundle.content.messageSignature, publicKey);
-                break;
-            case 'dsseEnvelope':
-                verifyDSSESignature(bundle.content.dsseEnvelope, publicKey);
-                break;
-        }
-    }
-    // Performs verification of the bundle's certificate chain. The bundle must
-    // contain a certificate chain and the options must contain the required
-    // options for CA verification.
-    // TODO: We've temporarily removed the requirement that the options contain
-    // the list of trusted signer identities. This will be added back in a future
-    // release.
-    verifySigningCertificate(bundle, options) {
-        if (!sigstore.isCAVerificationOptions(options)) {
-            throw new error_1.VerificationError('no trusted certificates provided for verification');
-        }
-        ca.verifySigningCertificate(bundle, this.trustedRoot, options);
-    }
-    // Performs verification of the bundle's transparency log entries. The bundle
-    // must contain a list of transparency log entries.
-    verifyTLogEntries(bundle, options) {
-        tlog.verifyTLogEntries(bundle, this.trustedRoot, options.tlogOptions);
-    }
-    // Returns the public key which will be used to verify the bundle signature.
-    // The public key is selected based on the verification material in the bundle
-    // and the options provided.
-    getPublicKey(bundle) {
-        // Select the key which will be used to verify the signature
-        switch (bundle.verificationMaterial?.content?.$case) {
-            // If the bundle contains a certificate chain, the public key is the
-            // first certificate in the chain (the signing certificate)
-            case 'x509CertificateChain':
-                return getPublicKeyFromCertificateChain(bundle.verificationMaterial.content.x509CertificateChain);
-            // If the bundle contains a public key hint, the public key is selected
-            // from the list of trusted keys in the options
-            case 'publicKey':
-                return getPublicKeyFromHint(bundle.verificationMaterial.content.publicKey, this.keySelector);
-        }
-    }
-}
-exports.Verifier = Verifier;
-// Retrieves the public key from the first certificate in the certificate chain
-function getPublicKeyFromCertificateChain(certificateChain) {
-    const cert = util_1.pem.fromDER(certificateChain.certificates[0].rawBytes);
-    return util_1.crypto.createPublicKey(cert);
-}
-// Retrieves the public key through the key selector callback, passing the
-// public key hint from the bundle
-function getPublicKeyFromHint(publicKeyID, keySelector) {
-    const key = keySelector(publicKeyID.hint);
-    if (!key) {
-        throw new error_1.VerificationError('no public key found for signature verification');
-    }
-    try {
-        return util_1.crypto.createPublicKey(key);
-    }
-    catch (e) {
-        throw new error_1.VerificationError('invalid public key');
-    }
-}
-// Performs signature verification for bundle containing a message signature.
-// Verifies that the digest and signature found in the bundle match the
-// provided data.
-function verifyMessageSignature(data, messageSignature, publicKey) {
-    // Extract signature for message
-    const { signature, messageDigest } = messageSignature;
-    const calculatedDigest = util_1.crypto.hash(data);
-    if (!calculatedDigest.equals(messageDigest.digest)) {
-        throw new error_1.VerificationError('message digest verification failed');
-    }
-    if (!util_1.crypto.verifyBlob(data, publicKey, signature)) {
-        throw new error_1.VerificationError('artifact signature verification failed');
-    }
-}
-// Performs signature verification for bundle containing a DSSE envelope.
-// Calculates the PAE for the DSSE envelope and verifies it against the
-// signature in the envelope.
-function verifyDSSESignature(envelope, publicKey) {
-    // Construct payload over which the signature was originally created
-    const { payloadType, payload } = envelope;
-    const data = util_1.dsse.preAuthEncoding(payloadType, payload);
-    // Only support a single signature in DSSE
-    const signature = envelope.signatures[0].sig;
-    if (!util_1.crypto.verifyBlob(data, publicKey, signature)) {
-        throw new error_1.VerificationError('artifact signature verification failed');
-    }
-}
diff --git a/deps/npm/node_modules/sigstore/package.json b/deps/npm/node_modules/sigstore/package.json
index daf50ba601884c..3dca00636b8d9d 100644
--- a/deps/npm/node_modules/sigstore/package.json
+++ b/deps/npm/node_modules/sigstore/package.json
@@ -1,6 +1,6 @@
 {
   "name": "sigstore",
-  "version": "2.1.0",
+  "version": "2.2.2",
   "description": "code-signing for npm packages",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -29,15 +29,17 @@
   "devDependencies": {
     "@sigstore/rekor-types": "^2.0.0",
     "@sigstore/jest": "^0.0.0",
-    "@sigstore/mock": "^0.4.0",
+    "@sigstore/mock": "^0.6.5",
     "@tufjs/repo-mock": "^2.0.0",
-    "@types/make-fetch-happen": "^10.0.0"
+    "@types/make-fetch-happen": "^10.0.4"
   },
   "dependencies": {
-    "@sigstore/bundle": "^2.1.0",
-    "@sigstore/protobuf-specs": "^0.2.1",
-    "@sigstore/sign": "^2.1.0",
-    "@sigstore/tuf": "^2.1.0"
+    "@sigstore/bundle": "^2.2.0",
+    "@sigstore/core": "^1.0.0",
+    "@sigstore/protobuf-specs": "^0.3.0",
+    "@sigstore/sign": "^2.2.3",
+    "@sigstore/tuf": "^2.3.1",
+    "@sigstore/verify": "^1.1.0"
   },
   "engines": {
     "node": "^16.14.0 || >=18.0.0"
diff --git a/deps/npm/node_modules/socks/build/client/socksclient.js b/deps/npm/node_modules/socks/build/client/socksclient.js
index c3439169e3ad8b..09b1f55767aa72 100644
--- a/deps/npm/node_modules/socks/build/client/socksclient.js
+++ b/deps/npm/node_modules/socks/build/client/socksclient.js
@@ -12,13 +12,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.SocksClientError = exports.SocksClient = void 0;
 const events_1 = require("events");
 const net = require("net");
-const ip = require("ip");
 const smart_buffer_1 = require("smart-buffer");
 const constants_1 = require("../common/constants");
 const helpers_1 = require("../common/helpers");
 const receivebuffer_1 = require("../common/receivebuffer");
 const util_1 = require("../common/util");
 Object.defineProperty(exports, "SocksClientError", { enumerable: true, get: function () { return util_1.SocksClientError; } });
+const ip_address_1 = require("ip-address");
 class SocksClient extends events_1.EventEmitter {
     constructor(options) {
         super();
@@ -161,11 +161,11 @@ class SocksClient extends events_1.EventEmitter {
         // IPv4/IPv6/Hostname
         if (net.isIPv4(options.remoteHost.host)) {
             buff.writeUInt8(constants_1.Socks5HostType.IPv4);
-            buff.writeUInt32BE(ip.toLong(options.remoteHost.host));
+            buff.writeUInt32BE((0, helpers_1.ipv4ToInt32)(options.remoteHost.host));
         }
         else if (net.isIPv6(options.remoteHost.host)) {
             buff.writeUInt8(constants_1.Socks5HostType.IPv6);
-            buff.writeBuffer(ip.toBuffer(options.remoteHost.host));
+            buff.writeBuffer((0, helpers_1.ipToBuffer)(options.remoteHost.host));
         }
         else {
             buff.writeUInt8(constants_1.Socks5HostType.Hostname);
@@ -189,10 +189,10 @@ class SocksClient extends events_1.EventEmitter {
         const hostType = buff.readUInt8();
         let remoteHost;
         if (hostType === constants_1.Socks5HostType.IPv4) {
-            remoteHost = ip.fromLong(buff.readUInt32BE());
+            remoteHost = (0, helpers_1.int32ToIpv4)(buff.readUInt32BE());
         }
         else if (hostType === constants_1.Socks5HostType.IPv6) {
-            remoteHost = ip.toString(buff.readBuffer(16));
+            remoteHost = ip_address_1.Address6.fromByteArray(Array.from(buff.readBuffer(16))).canonicalForm();
         }
         else {
             remoteHost = buff.readString(buff.readUInt8());
@@ -401,7 +401,7 @@ class SocksClient extends events_1.EventEmitter {
         buff.writeUInt16BE(this.options.destination.port);
         // Socks 4 (IPv4)
         if (net.isIPv4(this.options.destination.host)) {
-            buff.writeBuffer(ip.toBuffer(this.options.destination.host));
+            buff.writeBuffer((0, helpers_1.ipToBuffer)(this.options.destination.host));
             buff.writeStringNT(userId);
             // Socks 4a (hostname)
         }
@@ -433,7 +433,7 @@ class SocksClient extends events_1.EventEmitter {
                 buff.readOffset = 2;
                 const remoteHost = {
                     port: buff.readUInt16BE(),
-                    host: ip.fromLong(buff.readUInt32BE()),
+                    host: (0, helpers_1.int32ToIpv4)(buff.readUInt32BE()),
                 };
                 // If host is 0.0.0.0, set to proxy host.
                 if (remoteHost.host === '0.0.0.0') {
@@ -464,7 +464,7 @@ class SocksClient extends events_1.EventEmitter {
             buff.readOffset = 2;
             const remoteHost = {
                 port: buff.readUInt16BE(),
-                host: ip.fromLong(buff.readUInt32BE()),
+                host: (0, helpers_1.int32ToIpv4)(buff.readUInt32BE()),
             };
             this.setState(constants_1.SocksClientState.Established);
             this.removeInternalSocketHandlers();
@@ -610,11 +610,11 @@ class SocksClient extends events_1.EventEmitter {
         // ipv4, ipv6, domain?
         if (net.isIPv4(this.options.destination.host)) {
             buff.writeUInt8(constants_1.Socks5HostType.IPv4);
-            buff.writeBuffer(ip.toBuffer(this.options.destination.host));
+            buff.writeBuffer((0, helpers_1.ipToBuffer)(this.options.destination.host));
         }
         else if (net.isIPv6(this.options.destination.host)) {
             buff.writeUInt8(constants_1.Socks5HostType.IPv6);
-            buff.writeBuffer(ip.toBuffer(this.options.destination.host));
+            buff.writeBuffer((0, helpers_1.ipToBuffer)(this.options.destination.host));
         }
         else {
             buff.writeUInt8(constants_1.Socks5HostType.Hostname);
@@ -652,7 +652,7 @@ class SocksClient extends events_1.EventEmitter {
                 }
                 buff = smart_buffer_1.SmartBuffer.fromBuffer(this.receiveBuffer.get(dataNeeded).slice(4));
                 remoteHost = {
-                    host: ip.fromLong(buff.readUInt32BE()),
+                    host: (0, helpers_1.int32ToIpv4)(buff.readUInt32BE()),
                     port: buff.readUInt16BE(),
                 };
                 // If given host is 0.0.0.0, assume remote proxy ip instead.
@@ -685,7 +685,7 @@ class SocksClient extends events_1.EventEmitter {
                 }
                 buff = smart_buffer_1.SmartBuffer.fromBuffer(this.receiveBuffer.get(dataNeeded).slice(4));
                 remoteHost = {
-                    host: ip.toString(buff.readBuffer(16)),
+                    host: ip_address_1.Address6.fromByteArray(Array.from(buff.readBuffer(16))).canonicalForm(),
                     port: buff.readUInt16BE(),
                 };
             }
@@ -743,7 +743,7 @@ class SocksClient extends events_1.EventEmitter {
                 }
                 buff = smart_buffer_1.SmartBuffer.fromBuffer(this.receiveBuffer.get(dataNeeded).slice(4));
                 remoteHost = {
-                    host: ip.fromLong(buff.readUInt32BE()),
+                    host: (0, helpers_1.int32ToIpv4)(buff.readUInt32BE()),
                     port: buff.readUInt16BE(),
                 };
                 // If given host is 0.0.0.0, assume remote proxy ip instead.
@@ -776,7 +776,7 @@ class SocksClient extends events_1.EventEmitter {
                 }
                 buff = smart_buffer_1.SmartBuffer.fromBuffer(this.receiveBuffer.get(dataNeeded).slice(4));
                 remoteHost = {
-                    host: ip.toString(buff.readBuffer(16)),
+                    host: ip_address_1.Address6.fromByteArray(Array.from(buff.readBuffer(16))).canonicalForm(),
                     port: buff.readUInt16BE(),
                 };
             }
diff --git a/deps/npm/node_modules/socks/build/common/constants.js b/deps/npm/node_modules/socks/build/common/constants.js
index 3c9ff90ac9feb4..aaf16418fe941b 100644
--- a/deps/npm/node_modules/socks/build/common/constants.js
+++ b/deps/npm/node_modules/socks/build/common/constants.js
@@ -38,10 +38,10 @@ const SOCKS_INCOMING_PACKET_SIZES = {
     Socks5InitialHandshakeResponse: 2,
     Socks5UserPassAuthenticationResponse: 2,
     // Command response + incoming connection (bind)
-    Socks5ResponseHeader: 5,
-    Socks5ResponseIPv4: 10,
-    Socks5ResponseIPv6: 22,
-    Socks5ResponseHostname: (hostNameLength) => hostNameLength + 7,
+    Socks5ResponseHeader: 5, // We need at least 5 to read the hostname length, then we wait for the address+port information.
+    Socks5ResponseIPv4: 10, // 4 header + 4 ip + 2 port
+    Socks5ResponseIPv6: 22, // 4 header + 16 ip + 2 port
+    Socks5ResponseHostname: (hostNameLength) => hostNameLength + 7, // 4 header + 1 host length + host + 2 port
     // Command response + incoming connection (bind)
     Socks4Response: 8, // 2 header + 2 port + 4 ip
 };
@@ -51,23 +51,20 @@ var SocksCommand;
     SocksCommand[SocksCommand["connect"] = 1] = "connect";
     SocksCommand[SocksCommand["bind"] = 2] = "bind";
     SocksCommand[SocksCommand["associate"] = 3] = "associate";
-})(SocksCommand || (SocksCommand = {}));
-exports.SocksCommand = SocksCommand;
+})(SocksCommand || (exports.SocksCommand = SocksCommand = {}));
 var Socks4Response;
 (function (Socks4Response) {
     Socks4Response[Socks4Response["Granted"] = 90] = "Granted";
     Socks4Response[Socks4Response["Failed"] = 91] = "Failed";
     Socks4Response[Socks4Response["Rejected"] = 92] = "Rejected";
     Socks4Response[Socks4Response["RejectedIdent"] = 93] = "RejectedIdent";
-})(Socks4Response || (Socks4Response = {}));
-exports.Socks4Response = Socks4Response;
+})(Socks4Response || (exports.Socks4Response = Socks4Response = {}));
 var Socks5Auth;
 (function (Socks5Auth) {
     Socks5Auth[Socks5Auth["NoAuth"] = 0] = "NoAuth";
     Socks5Auth[Socks5Auth["GSSApi"] = 1] = "GSSApi";
     Socks5Auth[Socks5Auth["UserPass"] = 2] = "UserPass";
-})(Socks5Auth || (Socks5Auth = {}));
-exports.Socks5Auth = Socks5Auth;
+})(Socks5Auth || (exports.Socks5Auth = Socks5Auth = {}));
 const SOCKS5_CUSTOM_AUTH_START = 0x80;
 exports.SOCKS5_CUSTOM_AUTH_START = SOCKS5_CUSTOM_AUTH_START;
 const SOCKS5_CUSTOM_AUTH_END = 0xfe;
@@ -85,15 +82,13 @@ var Socks5Response;
     Socks5Response[Socks5Response["TTLExpired"] = 6] = "TTLExpired";
     Socks5Response[Socks5Response["CommandNotSupported"] = 7] = "CommandNotSupported";
     Socks5Response[Socks5Response["AddressNotSupported"] = 8] = "AddressNotSupported";
-})(Socks5Response || (Socks5Response = {}));
-exports.Socks5Response = Socks5Response;
+})(Socks5Response || (exports.Socks5Response = Socks5Response = {}));
 var Socks5HostType;
 (function (Socks5HostType) {
     Socks5HostType[Socks5HostType["IPv4"] = 1] = "IPv4";
     Socks5HostType[Socks5HostType["Hostname"] = 3] = "Hostname";
     Socks5HostType[Socks5HostType["IPv6"] = 4] = "IPv6";
-})(Socks5HostType || (Socks5HostType = {}));
-exports.Socks5HostType = Socks5HostType;
+})(Socks5HostType || (exports.Socks5HostType = Socks5HostType = {}));
 var SocksClientState;
 (function (SocksClientState) {
     SocksClientState[SocksClientState["Created"] = 0] = "Created";
@@ -109,6 +104,5 @@ var SocksClientState;
     SocksClientState[SocksClientState["Established"] = 10] = "Established";
     SocksClientState[SocksClientState["Disconnected"] = 11] = "Disconnected";
     SocksClientState[SocksClientState["Error"] = 99] = "Error";
-})(SocksClientState || (SocksClientState = {}));
-exports.SocksClientState = SocksClientState;
+})(SocksClientState || (exports.SocksClientState = SocksClientState = {}));
 //# sourceMappingURL=constants.js.map
\ No newline at end of file
diff --git a/deps/npm/node_modules/socks/build/common/helpers.js b/deps/npm/node_modules/socks/build/common/helpers.js
index f84db8f6729d6c..65bd95bdc62215 100644
--- a/deps/npm/node_modules/socks/build/common/helpers.js
+++ b/deps/npm/node_modules/socks/build/common/helpers.js
@@ -1,9 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.validateSocksClientChainOptions = exports.validateSocksClientOptions = void 0;
+exports.ipToBuffer = exports.int32ToIpv4 = exports.ipv4ToInt32 = exports.validateSocksClientChainOptions = exports.validateSocksClientOptions = void 0;
 const util_1 = require("./util");
 const constants_1 = require("./constants");
 const stream = require("stream");
+const ip_address_1 = require("ip-address");
+const net = require("net");
 /**
  * Validates the provided SocksClientOptions
  * @param options { SocksClientOptions }
@@ -125,4 +127,36 @@ function isValidSocksProxy(proxy) {
 function isValidTimeoutValue(value) {
     return typeof value === 'number' && value > 0;
 }
+function ipv4ToInt32(ip) {
+    const address = new ip_address_1.Address4(ip);
+    // Convert the IPv4 address parts to an integer
+    return address.toArray().reduce((acc, part) => (acc << 8) + part, 0);
+}
+exports.ipv4ToInt32 = ipv4ToInt32;
+function int32ToIpv4(int32) {
+    // Extract each byte (octet) from the 32-bit integer
+    const octet1 = (int32 >>> 24) & 0xff;
+    const octet2 = (int32 >>> 16) & 0xff;
+    const octet3 = (int32 >>> 8) & 0xff;
+    const octet4 = int32 & 0xff;
+    // Combine the octets into a string in IPv4 format
+    return [octet1, octet2, octet3, octet4].join('.');
+}
+exports.int32ToIpv4 = int32ToIpv4;
+function ipToBuffer(ip) {
+    if (net.isIPv4(ip)) {
+        // Handle IPv4 addresses
+        const address = new ip_address_1.Address4(ip);
+        return Buffer.from(address.toArray());
+    }
+    else if (net.isIPv6(ip)) {
+        // Handle IPv6 addresses
+        const address = new ip_address_1.Address6(ip);
+        return Buffer.from(address.toByteArray());
+    }
+    else {
+        throw new Error('Invalid IP address format');
+    }
+}
+exports.ipToBuffer = ipToBuffer;
 //# sourceMappingURL=helpers.js.map
\ No newline at end of file
diff --git a/deps/npm/node_modules/socks/package.json b/deps/npm/node_modules/socks/package.json
index 0f5054b91ee039..dbda909fd0787c 100644
--- a/deps/npm/node_modules/socks/package.json
+++ b/deps/npm/node_modules/socks/package.json
@@ -1,7 +1,7 @@
 {
   "name": "socks",
   "private": false,
-  "version": "2.7.1",
+  "version": "2.8.0",
   "description": "Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.",
   "main": "build/index.js",
   "typings": "typings/index.d.ts",
@@ -23,7 +23,7 @@
     "socks5"
   ],
   "engines": {
-    "node": ">= 10.13.0",
+    "node": ">= 16.0.0",
     "npm": ">= 3.0.0"
   },
   "author": "Josh Glazebrook",
@@ -33,19 +33,18 @@
   "license": "MIT",
   "readmeFilename": "README.md",
   "devDependencies": {
-    "@types/ip": "1.1.0",
-    "@types/mocha": "^9.1.1",
-    "@types/node": "^18.0.6",
-    "@typescript-eslint/eslint-plugin": "^5.30.6",
-    "@typescript-eslint/parser": "^5.30.6",
+    "@types/mocha": "^10.0.6",
+    "@types/node": "^20.11.17",
+    "@typescript-eslint/eslint-plugin": "^6.21.0",
+    "@typescript-eslint/parser": "^6.21.0",
     "eslint": "^8.20.0",
     "mocha": "^10.0.0",
-    "prettier": "^2.7.1",
+    "prettier": "^3.2.5",
     "ts-node": "^10.9.1",
-    "typescript": "^4.7.4"
+    "typescript": "^5.3.3"
   },
   "dependencies": {
-    "ip": "^2.0.0",
+    "ip-address": "^9.0.5",
     "smart-buffer": "^4.2.0"
   },
   "scripts": {
diff --git a/deps/npm/node_modules/spdx-exceptions/deprecated.json b/deps/npm/node_modules/spdx-exceptions/deprecated.json
new file mode 100644
index 00000000000000..cba7e2badb14e6
--- /dev/null
+++ b/deps/npm/node_modules/spdx-exceptions/deprecated.json
@@ -0,0 +1,3 @@
+[
+  "Nokia-Qt-exception-1.1"
+]
diff --git a/deps/npm/node_modules/spdx-exceptions/index.json b/deps/npm/node_modules/spdx-exceptions/index.json
index f88f088ab2fa16..d9549d3e40e4e6 100644
--- a/deps/npm/node_modules/spdx-exceptions/index.json
+++ b/deps/npm/node_modules/spdx-exceptions/index.json
@@ -1,40 +1,68 @@
 [
   "389-exception",
+  "Asterisk-exception",
   "Autoconf-exception-2.0",
   "Autoconf-exception-3.0",
+  "Autoconf-exception-generic",
+  "Autoconf-exception-generic-3.0",
+  "Autoconf-exception-macro",
+  "Bison-exception-1.24",
   "Bison-exception-2.2",
   "Bootloader-exception",
   "Classpath-exception-2.0",
   "CLISP-exception-2.0",
+  "cryptsetup-OpenSSL-exception",
   "DigiRule-FOSS-exception",
   "eCos-exception-2.0",
   "Fawkes-Runtime-exception",
   "FLTK-exception",
+  "fmt-exception",
   "Font-exception-2.0",
   "freertos-exception-2.0",
   "GCC-exception-2.0",
+  "GCC-exception-2.0-note",
   "GCC-exception-3.1",
+  "Gmsh-exception",
+  "GNAT-exception",
+  "GNOME-examples-exception",
+  "GNU-compiler-exception",
   "gnu-javamail-exception",
+  "GPL-3.0-interface-exception",
   "GPL-3.0-linking-exception",
   "GPL-3.0-linking-source-exception",
   "GPL-CC-1.0",
+  "GStreamer-exception-2005",
+  "GStreamer-exception-2008",
   "i2p-gpl-java-exception",
+  "KiCad-libraries-exception",
+  "LGPL-3.0-linking-exception",
+  "libpri-OpenH323-exception",
   "Libtool-exception",
   "Linux-syscall-note",
+  "LLGPL",
   "LLVM-exception",
   "LZMA-exception",
   "mif-exception",
-  "Nokia-Qt-exception-1.1",
   "OCaml-LGPL-linking-exception",
   "OCCT-exception-1.0",
   "OpenJDK-assembly-exception-1.0",
   "openvpn-openssl-exception",
   "PS-or-PDF-font-exception-20170817",
+  "QPL-1.0-INRIA-2004-exception",
   "Qt-GPL-exception-1.0",
   "Qt-LGPL-exception-1.1",
   "Qwt-exception-1.0",
+  "SANE-exception",
+  "SHL-2.0",
+  "SHL-2.1",
+  "stunnel-exception",
+  "SWI-exception",
   "Swift-exception",
+  "Texinfo-exception",
   "u-boot-exception-2.0",
+  "UBDL-exception",
   "Universal-FOSS-exception-1.0",
-  "WxWindows-exception-3.1"
+  "vsftpd-openssl-exception",
+  "WxWindows-exception-3.1",
+  "x11vnc-openssl-exception"
 ]
diff --git a/deps/npm/node_modules/spdx-exceptions/package.json b/deps/npm/node_modules/spdx-exceptions/package.json
index 2bafc6a38b2431..2f9a9504b2cac8 100644
--- a/deps/npm/node_modules/spdx-exceptions/package.json
+++ b/deps/npm/node_modules/spdx-exceptions/package.json
@@ -1,7 +1,7 @@
 {
   "name": "spdx-exceptions",
   "description": "list of SPDX standard license exceptions",
-  "version": "2.3.0",
+  "version": "2.5.0",
   "author": "The Linux Foundation",
   "contributors": [
     "Kyle E. Mitchell  (https://kemitchell.com/)"
@@ -9,9 +9,11 @@
   "license": "CC-BY-3.0",
   "repository": "kemitchell/spdx-exceptions.json",
   "files": [
-    "index.json"
+    "index.json",
+    "deprecated.json"
   ],
   "scripts": {
-    "build": "node build.js"
+    "build": "node build.js",
+    "latest": "node latest.js"
   }
 }
diff --git a/deps/npm/node_modules/spdx-license-ids/index.json b/deps/npm/node_modules/spdx-license-ids/index.json
index a7b98b24b6273e..7cc52df7dac860 100644
--- a/deps/npm/node_modules/spdx-license-ids/index.json
+++ b/deps/npm/node_modules/spdx-license-ids/index.json
@@ -13,6 +13,7 @@
 	"AGPL-3.0-or-later",
 	"AMDPLPA",
 	"AML",
+	"AML-glslang",
 	"AMPAS",
 	"ANTLR-PD",
 	"ANTLR-PD-fallback",
@@ -27,6 +28,7 @@
 	"Abstyles",
 	"AdaCore-doc",
 	"Adobe-2006",
+	"Adobe-Display-PostScript",
 	"Adobe-Glyph",
 	"Adobe-Utopia",
 	"Afmparse",
@@ -42,6 +44,7 @@
 	"Artistic-2.0",
 	"BSD-1-Clause",
 	"BSD-2-Clause",
+	"BSD-2-Clause-Darwin",
 	"BSD-2-Clause-Patent",
 	"BSD-2-Clause-Views",
 	"BSD-3-Clause",
@@ -56,6 +59,7 @@
 	"BSD-3-Clause-No-Nuclear-Warranty",
 	"BSD-3-Clause-Open-MPI",
 	"BSD-3-Clause-Sun",
+	"BSD-3-Clause-acpica",
 	"BSD-3-Clause-flex",
 	"BSD-4-Clause",
 	"BSD-4-Clause-Shortened",
@@ -67,7 +71,9 @@
 	"BSD-Inferno-Nettverk",
 	"BSD-Protection",
 	"BSD-Source-Code",
+	"BSD-Source-beginning-file",
 	"BSD-Systemics",
+	"BSD-Systemics-W3Works",
 	"BSL-1.0",
 	"BUSL-1.1",
 	"Baekmuk",
@@ -81,6 +87,7 @@
 	"BlueOak-1.0.0",
 	"Boehm-GC",
 	"Borceux",
+	"Brian-Gladman-2-Clause",
 	"Brian-Gladman-3-Clause",
 	"C-UDA-1.0",
 	"CAL-1.0",
@@ -92,6 +99,7 @@
 	"CC-BY-2.5-AU",
 	"CC-BY-3.0",
 	"CC-BY-3.0-AT",
+	"CC-BY-3.0-AU",
 	"CC-BY-3.0-DE",
 	"CC-BY-3.0-IGO",
 	"CC-BY-3.0-NL",
@@ -157,6 +165,7 @@
 	"CERN-OHL-W-2.0",
 	"CFITSIO",
 	"CMU-Mach",
+	"CMU-Mach-nodoc",
 	"CNRI-Jython",
 	"CNRI-Python",
 	"CNRI-Python-GPL-Compatible",
@@ -166,6 +175,7 @@
 	"CPOL-1.02",
 	"CUA-OPL-1.0",
 	"Caldera",
+	"Caldera-no-preamble",
 	"ClArtistic",
 	"Clips",
 	"Community-Spec-1.0",
@@ -176,10 +186,12 @@
 	"CrystalStacker",
 	"Cube",
 	"D-FSL-1.0",
+	"DEC-3-Clause",
 	"DL-DE-BY-2.0",
 	"DL-DE-ZERO-2.0",
 	"DOC",
 	"DRL-1.0",
+	"DRL-1.1",
 	"DSDP",
 	"Dotseqn",
 	"ECL-1.0",
@@ -200,6 +212,7 @@
 	"FBM",
 	"FDK-AAC",
 	"FSFAP",
+	"FSFAP-no-warranty-disclaimer",
 	"FSFUL",
 	"FSFULLR",
 	"FSFULLRWD",
@@ -210,6 +223,7 @@
 	"FreeBSD-DOC",
 	"FreeImage",
 	"Furuseth",
+	"GCR-docs",
 	"GD",
 	"GFDL-1.1-invariants-only",
 	"GFDL-1.1-invariants-or-later",
@@ -245,6 +259,10 @@
 	"HP-1989",
 	"HPND",
 	"HPND-DEC",
+	"HPND-Fenneberg-Livingston",
+	"HPND-INRIA-IMAG",
+	"HPND-Kevlin-Henney",
+	"HPND-MIT-disclaimer",
 	"HPND-Markus-Kuhn",
 	"HPND-Pbmplus",
 	"HPND-UC",
@@ -252,6 +270,7 @@
 	"HPND-doc-sell",
 	"HPND-export-US",
 	"HPND-export-US-modify",
+	"HPND-sell-MIT-disclaimer-xserver",
 	"HPND-sell-regexpr",
 	"HPND-sell-variant",
 	"HPND-sell-variant-MIT-disclaimer",
@@ -266,6 +285,7 @@
 	"IPA",
 	"IPL-1.0",
 	"ISC",
+	"ISC-Veillard",
 	"ImageMagick",
 	"Imlib2",
 	"Info-ZIP",
@@ -291,6 +311,7 @@
 	"LGPL-3.0-or-later",
 	"LGPLLR",
 	"LOOP",
+	"LPD-document",
 	"LPL-1.0",
 	"LPL-1.02",
 	"LPPL-1.0",
@@ -335,6 +356,8 @@
 	"MS-PL",
 	"MS-RL",
 	"MTLL",
+	"Mackerras-3-Clause",
+	"Mackerras-3-Clause-acknowledgment",
 	"MakeIndex",
 	"Martin-Birgmeier",
 	"McPhee-slideshow",
@@ -419,6 +442,8 @@
 	"OSL-3.0",
 	"OpenPBS-2.3",
 	"OpenSSL",
+	"OpenSSL-standalone",
+	"OpenVision",
 	"PADL",
 	"PDDL-1.0",
 	"PHP-3.0",
@@ -426,6 +451,7 @@
 	"PSF-2.0",
 	"Parity-6.0.0",
 	"Parity-7.0.0",
+	"Pixar",
 	"Plexus",
 	"PolyForm-Noncommercial-1.0.0",
 	"PolyForm-Small-Business-1.0.0",
@@ -444,6 +470,7 @@
 	"Rdisc",
 	"Ruby",
 	"SAX-PD",
+	"SAX-PD-2.0",
 	"SCEA",
 	"SGI-B-1.0",
 	"SGI-B-1.1",
@@ -461,6 +488,7 @@
 	"SPL-1.0",
 	"SSH-OpenSSH",
 	"SSH-short",
+	"SSLeay-standalone",
 	"SSPL-1.0",
 	"SWL",
 	"Saxpath",
@@ -474,11 +502,13 @@
 	"Spencer-94",
 	"Spencer-99",
 	"SugarCRM-1.1.3",
+	"Sun-PPP",
 	"SunPro",
 	"Symlinks",
 	"TAPR-OHL-1.0",
 	"TCL",
 	"TCP-wrappers",
+	"TGPPL-1.0",
 	"TMate",
 	"TORQUE-1.1",
 	"TOSL",
@@ -491,8 +521,10 @@
 	"TermReadKey",
 	"UCAR",
 	"UCL-1.0",
+	"UMich-Merit",
 	"UPL-1.0",
 	"URT-RLE",
+	"Unicode-3.0",
 	"Unicode-DFS-2015",
 	"Unicode-DFS-2016",
 	"Unicode-TOU",
@@ -527,6 +559,7 @@
 	"Zimbra-1.3",
 	"Zimbra-1.4",
 	"Zlib",
+	"bcrypt-Solar-Designer",
 	"blessing",
 	"bzip2-1.0.6",
 	"check-cvs",
@@ -542,6 +575,8 @@
 	"fwlw",
 	"gSOAP-1.3b",
 	"gnuplot",
+	"gtkbook",
+	"hdparm",
 	"iMatix",
 	"libpng-2.0",
 	"libselinux-1.0",
@@ -549,6 +584,7 @@
 	"libutil-David-Nugent",
 	"lsof",
 	"magaz",
+	"mailprio",
 	"metamail",
 	"mpi-permissive",
 	"mpich2",
@@ -557,12 +593,15 @@
 	"psfrag",
 	"psutils",
 	"python-ldap",
+	"radvd",
 	"snprintf",
+	"softSurfer",
 	"ssh-keyscan",
 	"swrule",
 	"ulem",
 	"w3m",
 	"xinetd",
+	"xkeyboard-config-Zinoviev",
 	"xlock",
 	"xpp",
 	"zlib-acknowledgement"
diff --git a/deps/npm/node_modules/spdx-license-ids/package.json b/deps/npm/node_modules/spdx-license-ids/package.json
index 196b02705769a9..441f6ea38236c2 100644
--- a/deps/npm/node_modules/spdx-license-ids/package.json
+++ b/deps/npm/node_modules/spdx-license-ids/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "spdx-license-ids",
-	"version": "3.0.16",
+	"version": "3.0.17",
 	"description": "A list of SPDX license identifiers",
 	"repository": "jslicense/spdx-license-ids",
 	"author": "Shinnosuke Watanabe (https://github.com/shinnn)",
diff --git a/deps/npm/node_modules/string-width-cjs/node_modules/ansi-regex/index.js b/deps/npm/node_modules/string-width-cjs/node_modules/ansi-regex/index.js
deleted file mode 100644
index 616ff837d3ff01..00000000000000
--- a/deps/npm/node_modules/string-width-cjs/node_modules/ansi-regex/index.js
+++ /dev/null
@@ -1,10 +0,0 @@
-'use strict';
-
-module.exports = ({onlyFirst = false} = {}) => {
-	const pattern = [
-		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
-		'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
-	].join('|');
-
-	return new RegExp(pattern, onlyFirst ? undefined : 'g');
-};
diff --git a/deps/npm/node_modules/string-width-cjs/node_modules/ansi-regex/license b/deps/npm/node_modules/string-width-cjs/node_modules/ansi-regex/license
deleted file mode 100644
index e7af2f77107d73..00000000000000
--- a/deps/npm/node_modules/string-width-cjs/node_modules/ansi-regex/license
+++ /dev/null
@@ -1,9 +0,0 @@
-MIT License
-
-Copyright (c) Sindre Sorhus  (sindresorhus.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/deps/npm/node_modules/string-width-cjs/node_modules/ansi-regex/package.json b/deps/npm/node_modules/string-width-cjs/node_modules/ansi-regex/package.json
deleted file mode 100644
index 017f53116a9e28..00000000000000
--- a/deps/npm/node_modules/string-width-cjs/node_modules/ansi-regex/package.json
+++ /dev/null
@@ -1,55 +0,0 @@
-{
-	"name": "ansi-regex",
-	"version": "5.0.1",
-	"description": "Regular expression for matching ANSI escape codes",
-	"license": "MIT",
-	"repository": "chalk/ansi-regex",
-	"author": {
-		"name": "Sindre Sorhus",
-		"email": "sindresorhus@gmail.com",
-		"url": "sindresorhus.com"
-	},
-	"engines": {
-		"node": ">=8"
-	},
-	"scripts": {
-		"test": "xo && ava && tsd",
-		"view-supported": "node fixtures/view-codes.js"
-	},
-	"files": [
-		"index.js",
-		"index.d.ts"
-	],
-	"keywords": [
-		"ansi",
-		"styles",
-		"color",
-		"colour",
-		"colors",
-		"terminal",
-		"console",
-		"cli",
-		"string",
-		"tty",
-		"escape",
-		"formatting",
-		"rgb",
-		"256",
-		"shell",
-		"xterm",
-		"command-line",
-		"text",
-		"regex",
-		"regexp",
-		"re",
-		"match",
-		"test",
-		"find",
-		"pattern"
-	],
-	"devDependencies": {
-		"ava": "^2.4.0",
-		"tsd": "^0.9.0",
-		"xo": "^0.25.3"
-	}
-}
diff --git a/deps/npm/node_modules/string-width-cjs/node_modules/strip-ansi/index.js b/deps/npm/node_modules/string-width-cjs/node_modules/strip-ansi/index.js
deleted file mode 100644
index 9a593dfcd1fd5c..00000000000000
--- a/deps/npm/node_modules/string-width-cjs/node_modules/strip-ansi/index.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-const ansiRegex = require('ansi-regex');
-
-module.exports = string => typeof string === 'string' ? string.replace(ansiRegex(), '') : string;
diff --git a/deps/npm/node_modules/string-width-cjs/node_modules/strip-ansi/license b/deps/npm/node_modules/string-width-cjs/node_modules/strip-ansi/license
deleted file mode 100644
index e7af2f77107d73..00000000000000
--- a/deps/npm/node_modules/string-width-cjs/node_modules/strip-ansi/license
+++ /dev/null
@@ -1,9 +0,0 @@
-MIT License
-
-Copyright (c) Sindre Sorhus  (sindresorhus.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/deps/npm/node_modules/string-width-cjs/node_modules/strip-ansi/package.json b/deps/npm/node_modules/string-width-cjs/node_modules/strip-ansi/package.json
deleted file mode 100644
index 1a41108d42831c..00000000000000
--- a/deps/npm/node_modules/string-width-cjs/node_modules/strip-ansi/package.json
+++ /dev/null
@@ -1,54 +0,0 @@
-{
-	"name": "strip-ansi",
-	"version": "6.0.1",
-	"description": "Strip ANSI escape codes from a string",
-	"license": "MIT",
-	"repository": "chalk/strip-ansi",
-	"author": {
-		"name": "Sindre Sorhus",
-		"email": "sindresorhus@gmail.com",
-		"url": "sindresorhus.com"
-	},
-	"engines": {
-		"node": ">=8"
-	},
-	"scripts": {
-		"test": "xo && ava && tsd"
-	},
-	"files": [
-		"index.js",
-		"index.d.ts"
-	],
-	"keywords": [
-		"strip",
-		"trim",
-		"remove",
-		"ansi",
-		"styles",
-		"color",
-		"colour",
-		"colors",
-		"terminal",
-		"console",
-		"string",
-		"tty",
-		"escape",
-		"formatting",
-		"rgb",
-		"256",
-		"shell",
-		"xterm",
-		"log",
-		"logging",
-		"command-line",
-		"text"
-	],
-	"dependencies": {
-		"ansi-regex": "^5.0.1"
-	},
-	"devDependencies": {
-		"ava": "^2.4.0",
-		"tsd": "^0.10.0",
-		"xo": "^0.25.3"
-	}
-}
diff --git a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
deleted file mode 100644
index 616ff837d3ff01..00000000000000
--- a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js
+++ /dev/null
@@ -1,10 +0,0 @@
-'use strict';
-
-module.exports = ({onlyFirst = false} = {}) => {
-	const pattern = [
-		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
-		'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
-	].join('|');
-
-	return new RegExp(pattern, onlyFirst ? undefined : 'g');
-};
diff --git a/deps/npm/node_modules/string-width/node_modules/ansi-regex/license b/deps/npm/node_modules/string-width/node_modules/ansi-regex/license
deleted file mode 100644
index e7af2f77107d73..00000000000000
--- a/deps/npm/node_modules/string-width/node_modules/ansi-regex/license
+++ /dev/null
@@ -1,9 +0,0 @@
-MIT License
-
-Copyright (c) Sindre Sorhus  (sindresorhus.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/deps/npm/node_modules/string-width/node_modules/ansi-regex/package.json b/deps/npm/node_modules/string-width/node_modules/ansi-regex/package.json
deleted file mode 100644
index 017f53116a9e28..00000000000000
--- a/deps/npm/node_modules/string-width/node_modules/ansi-regex/package.json
+++ /dev/null
@@ -1,55 +0,0 @@
-{
-	"name": "ansi-regex",
-	"version": "5.0.1",
-	"description": "Regular expression for matching ANSI escape codes",
-	"license": "MIT",
-	"repository": "chalk/ansi-regex",
-	"author": {
-		"name": "Sindre Sorhus",
-		"email": "sindresorhus@gmail.com",
-		"url": "sindresorhus.com"
-	},
-	"engines": {
-		"node": ">=8"
-	},
-	"scripts": {
-		"test": "xo && ava && tsd",
-		"view-supported": "node fixtures/view-codes.js"
-	},
-	"files": [
-		"index.js",
-		"index.d.ts"
-	],
-	"keywords": [
-		"ansi",
-		"styles",
-		"color",
-		"colour",
-		"colors",
-		"terminal",
-		"console",
-		"cli",
-		"string",
-		"tty",
-		"escape",
-		"formatting",
-		"rgb",
-		"256",
-		"shell",
-		"xterm",
-		"command-line",
-		"text",
-		"regex",
-		"regexp",
-		"re",
-		"match",
-		"test",
-		"find",
-		"pattern"
-	],
-	"devDependencies": {
-		"ava": "^2.4.0",
-		"tsd": "^0.9.0",
-		"xo": "^0.25.3"
-	}
-}
diff --git a/deps/npm/node_modules/string-width/node_modules/strip-ansi/index.js b/deps/npm/node_modules/string-width/node_modules/strip-ansi/index.js
deleted file mode 100644
index 9a593dfcd1fd5c..00000000000000
--- a/deps/npm/node_modules/string-width/node_modules/strip-ansi/index.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-const ansiRegex = require('ansi-regex');
-
-module.exports = string => typeof string === 'string' ? string.replace(ansiRegex(), '') : string;
diff --git a/deps/npm/node_modules/string-width/node_modules/strip-ansi/license b/deps/npm/node_modules/string-width/node_modules/strip-ansi/license
deleted file mode 100644
index e7af2f77107d73..00000000000000
--- a/deps/npm/node_modules/string-width/node_modules/strip-ansi/license
+++ /dev/null
@@ -1,9 +0,0 @@
-MIT License
-
-Copyright (c) Sindre Sorhus  (sindresorhus.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/deps/npm/node_modules/string-width/node_modules/strip-ansi/package.json b/deps/npm/node_modules/string-width/node_modules/strip-ansi/package.json
deleted file mode 100644
index 1a41108d42831c..00000000000000
--- a/deps/npm/node_modules/string-width/node_modules/strip-ansi/package.json
+++ /dev/null
@@ -1,54 +0,0 @@
-{
-	"name": "strip-ansi",
-	"version": "6.0.1",
-	"description": "Strip ANSI escape codes from a string",
-	"license": "MIT",
-	"repository": "chalk/strip-ansi",
-	"author": {
-		"name": "Sindre Sorhus",
-		"email": "sindresorhus@gmail.com",
-		"url": "sindresorhus.com"
-	},
-	"engines": {
-		"node": ">=8"
-	},
-	"scripts": {
-		"test": "xo && ava && tsd"
-	},
-	"files": [
-		"index.js",
-		"index.d.ts"
-	],
-	"keywords": [
-		"strip",
-		"trim",
-		"remove",
-		"ansi",
-		"styles",
-		"color",
-		"colour",
-		"colors",
-		"terminal",
-		"console",
-		"string",
-		"tty",
-		"escape",
-		"formatting",
-		"rgb",
-		"256",
-		"shell",
-		"xterm",
-		"log",
-		"logging",
-		"command-line",
-		"text"
-	],
-	"dependencies": {
-		"ansi-regex": "^5.0.1"
-	},
-	"devDependencies": {
-		"ava": "^2.4.0",
-		"tsd": "^0.10.0",
-		"xo": "^0.25.3"
-	}
-}
diff --git a/deps/npm/node_modules/strip-ansi-cjs/node_modules/ansi-regex/index.js b/deps/npm/node_modules/strip-ansi-cjs/node_modules/ansi-regex/index.js
deleted file mode 100644
index 616ff837d3ff01..00000000000000
--- a/deps/npm/node_modules/strip-ansi-cjs/node_modules/ansi-regex/index.js
+++ /dev/null
@@ -1,10 +0,0 @@
-'use strict';
-
-module.exports = ({onlyFirst = false} = {}) => {
-	const pattern = [
-		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
-		'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
-	].join('|');
-
-	return new RegExp(pattern, onlyFirst ? undefined : 'g');
-};
diff --git a/deps/npm/node_modules/strip-ansi-cjs/node_modules/ansi-regex/license b/deps/npm/node_modules/strip-ansi-cjs/node_modules/ansi-regex/license
deleted file mode 100644
index e7af2f77107d73..00000000000000
--- a/deps/npm/node_modules/strip-ansi-cjs/node_modules/ansi-regex/license
+++ /dev/null
@@ -1,9 +0,0 @@
-MIT License
-
-Copyright (c) Sindre Sorhus  (sindresorhus.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/deps/npm/node_modules/strip-ansi-cjs/node_modules/ansi-regex/package.json b/deps/npm/node_modules/strip-ansi-cjs/node_modules/ansi-regex/package.json
deleted file mode 100644
index 017f53116a9e28..00000000000000
--- a/deps/npm/node_modules/strip-ansi-cjs/node_modules/ansi-regex/package.json
+++ /dev/null
@@ -1,55 +0,0 @@
-{
-	"name": "ansi-regex",
-	"version": "5.0.1",
-	"description": "Regular expression for matching ANSI escape codes",
-	"license": "MIT",
-	"repository": "chalk/ansi-regex",
-	"author": {
-		"name": "Sindre Sorhus",
-		"email": "sindresorhus@gmail.com",
-		"url": "sindresorhus.com"
-	},
-	"engines": {
-		"node": ">=8"
-	},
-	"scripts": {
-		"test": "xo && ava && tsd",
-		"view-supported": "node fixtures/view-codes.js"
-	},
-	"files": [
-		"index.js",
-		"index.d.ts"
-	],
-	"keywords": [
-		"ansi",
-		"styles",
-		"color",
-		"colour",
-		"colors",
-		"terminal",
-		"console",
-		"cli",
-		"string",
-		"tty",
-		"escape",
-		"formatting",
-		"rgb",
-		"256",
-		"shell",
-		"xterm",
-		"command-line",
-		"text",
-		"regex",
-		"regexp",
-		"re",
-		"match",
-		"test",
-		"find",
-		"pattern"
-	],
-	"devDependencies": {
-		"ava": "^2.4.0",
-		"tsd": "^0.9.0",
-		"xo": "^0.25.3"
-	}
-}
diff --git a/deps/npm/node_modules/strip-ansi/index.js b/deps/npm/node_modules/strip-ansi/index.js
index ba19750e64e061..9a593dfcd1fd5c 100644
--- a/deps/npm/node_modules/strip-ansi/index.js
+++ b/deps/npm/node_modules/strip-ansi/index.js
@@ -1,14 +1,4 @@
-import ansiRegex from 'ansi-regex';
+'use strict';
+const ansiRegex = require('ansi-regex');
 
-const regex = ansiRegex();
-
-export default function stripAnsi(string) {
-	if (typeof string !== 'string') {
-		throw new TypeError(`Expected a \`string\`, got \`${typeof string}\``);
-	}
-
-	// Even though the regex is global, we don't need to reset the `.lastIndex`
-	// because unlike `.exec()` and `.test()`, `.replace()` does it automatically
-	// and doing it manually has a performance penalty.
-	return string.replace(regex, '');
-}
+module.exports = string => typeof string === 'string' ? string.replace(ansiRegex(), '') : string;
diff --git a/deps/npm/node_modules/strip-ansi/license b/deps/npm/node_modules/strip-ansi/license
index fa7ceba3eb4a96..e7af2f77107d73 100644
--- a/deps/npm/node_modules/strip-ansi/license
+++ b/deps/npm/node_modules/strip-ansi/license
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) Sindre Sorhus  (https://sindresorhus.com)
+Copyright (c) Sindre Sorhus  (sindresorhus.com)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
diff --git a/deps/npm/node_modules/strip-ansi/package.json b/deps/npm/node_modules/strip-ansi/package.json
index e1f455c325b007..1a41108d42831c 100644
--- a/deps/npm/node_modules/strip-ansi/package.json
+++ b/deps/npm/node_modules/strip-ansi/package.json
@@ -1,19 +1,16 @@
 {
 	"name": "strip-ansi",
-	"version": "7.1.0",
+	"version": "6.0.1",
 	"description": "Strip ANSI escape codes from a string",
 	"license": "MIT",
 	"repository": "chalk/strip-ansi",
-	"funding": "https://github.com/chalk/strip-ansi?sponsor=1",
 	"author": {
 		"name": "Sindre Sorhus",
 		"email": "sindresorhus@gmail.com",
-		"url": "https://sindresorhus.com"
+		"url": "sindresorhus.com"
 	},
-	"type": "module",
-	"exports": "./index.js",
 	"engines": {
-		"node": ">=12"
+		"node": ">=8"
 	},
 	"scripts": {
 		"test": "xo && ava && tsd"
@@ -47,11 +44,11 @@
 		"text"
 	],
 	"dependencies": {
-		"ansi-regex": "^6.0.1"
+		"ansi-regex": "^5.0.1"
 	},
 	"devDependencies": {
-		"ava": "^3.15.0",
-		"tsd": "^0.17.0",
-		"xo": "^0.44.0"
+		"ava": "^2.4.0",
+		"tsd": "^0.10.0",
+		"xo": "^0.25.3"
 	}
 }
diff --git a/deps/npm/node_modules/tuf-js/dist/config.js b/deps/npm/node_modules/tuf-js/dist/config.js
index bafb33a8a1bf7c..6845679942fec5 100644
--- a/deps/npm/node_modules/tuf-js/dist/config.js
+++ b/deps/npm/node_modules/tuf-js/dist/config.js
@@ -4,12 +4,12 @@ exports.defaultConfig = void 0;
 exports.defaultConfig = {
     maxRootRotations: 32,
     maxDelegations: 32,
-    rootMaxLength: 512000,
-    timestampMaxLength: 16384,
-    snapshotMaxLength: 2000000,
-    targetsMaxLength: 5000000,
+    rootMaxLength: 512000, //bytes
+    timestampMaxLength: 16384, // bytes
+    snapshotMaxLength: 2000000, // bytes
+    targetsMaxLength: 5000000, // bytes
     prefixTargetsWithHash: true,
-    fetchTimeout: 100000,
+    fetchTimeout: 100000, // milliseconds
     fetchRetries: undefined,
     fetchRetry: 2,
 };
diff --git a/deps/npm/node_modules/tuf-js/dist/updater.js b/deps/npm/node_modules/tuf-js/dist/updater.js
index 2d0c769c7af647..5317f7e14659ac 100644
--- a/deps/npm/node_modules/tuf-js/dist/updater.js
+++ b/deps/npm/node_modules/tuf-js/dist/updater.js
@@ -44,6 +44,7 @@ class Updater {
         this.metadataBaseUrl = metadataBaseUrl;
         this.targetDir = targetDir;
         this.targetBaseUrl = targetBaseUrl;
+        this.forceCache = options.forceCache ?? false;
         const data = this.loadLocalMetadata(models_1.MetadataKind.Root);
         this.trustedSet = new store_1.TrustedMetadataStore(data);
         this.config = { ...config_1.defaultConfig, ...config };
@@ -57,8 +58,25 @@ class Updater {
     // refresh and load the metadata before downloading the target
     // refresh should be called once after the client is initialized
     async refresh() {
-        await this.loadRoot();
-        await this.loadTimestamp();
+        // If forceCache is true, try to load the timestamp from local storage
+        // without fetching it from the remote. Otherwise, load the root and
+        // timestamp from the remote per the TUF spec.
+        if (this.forceCache) {
+            // If anything fails, load the root and timestamp from the remote. This
+            // should cover any situation where the local metadata is corrupted or
+            // expired.
+            try {
+                await this.loadTimestamp({ checkRemote: false });
+            }
+            catch (error) {
+                await this.loadRoot();
+                await this.loadTimestamp();
+            }
+        }
+        else {
+            await this.loadRoot();
+            await this.loadTimestamp();
+        }
         await this.loadSnapshot();
         await this.loadTargets(models_1.MetadataKind.Targets, models_1.MetadataKind.Root);
     }
@@ -143,11 +161,16 @@ class Updater {
     }
     // Load local and remote timestamp metadata.
     // Client workflow 5.4: update timestamp role
-    async loadTimestamp() {
+    async loadTimestamp({ checkRemote } = { checkRemote: true }) {
         // Load local and remote timestamp metadata
         try {
             const data = this.loadLocalMetadata(models_1.MetadataKind.Timestamp);
             this.trustedSet.updateTimestamp(data);
+            // If checkRemote is disabled, return here to avoid fetching the remote
+            // timestamp metadata.
+            if (!checkRemote) {
+                return;
+            }
         }
         catch (error) {
             // continue
diff --git a/deps/npm/node_modules/tuf-js/package.json b/deps/npm/node_modules/tuf-js/package.json
index c757d6a00d7008..f6b2943f8195d6 100644
--- a/deps/npm/node_modules/tuf-js/package.json
+++ b/deps/npm/node_modules/tuf-js/package.json
@@ -1,6 +1,6 @@
 {
   "name": "tuf-js",
-  "version": "2.1.0",
+  "version": "2.2.0",
   "description": "JavaScript implementation of The Update Framework (TUF)",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -29,8 +29,8 @@
   "homepage": "https://github.com/theupdateframework/tuf-js/tree/main/packages/client#readme",
   "devDependencies": {
     "@tufjs/repo-mock": "2.0.0",
-    "@types/debug": "^4.1.8",
-    "@types/make-fetch-happen": "^10.0.1"
+    "@types/debug": "^4.1.12",
+    "@types/make-fetch-happen": "^10.0.4"
   },
   "dependencies": {
     "@tufjs/models": "2.0.0",
diff --git a/deps/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/index.js b/deps/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/index.js
deleted file mode 100644
index 616ff837d3ff01..00000000000000
--- a/deps/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/index.js
+++ /dev/null
@@ -1,10 +0,0 @@
-'use strict';
-
-module.exports = ({onlyFirst = false} = {}) => {
-	const pattern = [
-		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
-		'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
-	].join('|');
-
-	return new RegExp(pattern, onlyFirst ? undefined : 'g');
-};
diff --git a/deps/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/license b/deps/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/license
deleted file mode 100644
index e7af2f77107d73..00000000000000
--- a/deps/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/license
+++ /dev/null
@@ -1,9 +0,0 @@
-MIT License
-
-Copyright (c) Sindre Sorhus  (sindresorhus.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/deps/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/package.json b/deps/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/package.json
deleted file mode 100644
index 017f53116a9e28..00000000000000
--- a/deps/npm/node_modules/wrap-ansi-cjs/node_modules/ansi-regex/package.json
+++ /dev/null
@@ -1,55 +0,0 @@
-{
-	"name": "ansi-regex",
-	"version": "5.0.1",
-	"description": "Regular expression for matching ANSI escape codes",
-	"license": "MIT",
-	"repository": "chalk/ansi-regex",
-	"author": {
-		"name": "Sindre Sorhus",
-		"email": "sindresorhus@gmail.com",
-		"url": "sindresorhus.com"
-	},
-	"engines": {
-		"node": ">=8"
-	},
-	"scripts": {
-		"test": "xo && ava && tsd",
-		"view-supported": "node fixtures/view-codes.js"
-	},
-	"files": [
-		"index.js",
-		"index.d.ts"
-	],
-	"keywords": [
-		"ansi",
-		"styles",
-		"color",
-		"colour",
-		"colors",
-		"terminal",
-		"console",
-		"cli",
-		"string",
-		"tty",
-		"escape",
-		"formatting",
-		"rgb",
-		"256",
-		"shell",
-		"xterm",
-		"command-line",
-		"text",
-		"regex",
-		"regexp",
-		"re",
-		"match",
-		"test",
-		"find",
-		"pattern"
-	],
-	"devDependencies": {
-		"ava": "^2.4.0",
-		"tsd": "^0.9.0",
-		"xo": "^0.25.3"
-	}
-}
diff --git a/deps/npm/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/index.js b/deps/npm/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/index.js
deleted file mode 100644
index 9a593dfcd1fd5c..00000000000000
--- a/deps/npm/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/index.js
+++ /dev/null
@@ -1,4 +0,0 @@
-'use strict';
-const ansiRegex = require('ansi-regex');
-
-module.exports = string => typeof string === 'string' ? string.replace(ansiRegex(), '') : string;
diff --git a/deps/npm/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/license b/deps/npm/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/license
deleted file mode 100644
index e7af2f77107d73..00000000000000
--- a/deps/npm/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/license
+++ /dev/null
@@ -1,9 +0,0 @@
-MIT License
-
-Copyright (c) Sindre Sorhus  (sindresorhus.com)
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/deps/npm/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/package.json b/deps/npm/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/package.json
deleted file mode 100644
index 1a41108d42831c..00000000000000
--- a/deps/npm/node_modules/wrap-ansi-cjs/node_modules/strip-ansi/package.json
+++ /dev/null
@@ -1,54 +0,0 @@
-{
-	"name": "strip-ansi",
-	"version": "6.0.1",
-	"description": "Strip ANSI escape codes from a string",
-	"license": "MIT",
-	"repository": "chalk/strip-ansi",
-	"author": {
-		"name": "Sindre Sorhus",
-		"email": "sindresorhus@gmail.com",
-		"url": "sindresorhus.com"
-	},
-	"engines": {
-		"node": ">=8"
-	},
-	"scripts": {
-		"test": "xo && ava && tsd"
-	},
-	"files": [
-		"index.js",
-		"index.d.ts"
-	],
-	"keywords": [
-		"strip",
-		"trim",
-		"remove",
-		"ansi",
-		"styles",
-		"color",
-		"colour",
-		"colors",
-		"terminal",
-		"console",
-		"string",
-		"tty",
-		"escape",
-		"formatting",
-		"rgb",
-		"256",
-		"shell",
-		"xterm",
-		"log",
-		"logging",
-		"command-line",
-		"text"
-	],
-	"dependencies": {
-		"ansi-regex": "^5.0.1"
-	},
-	"devDependencies": {
-		"ava": "^2.4.0",
-		"tsd": "^0.10.0",
-		"xo": "^0.25.3"
-	}
-}
diff --git a/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js b/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js
new file mode 100644
index 00000000000000..130a0929b8ce8c
--- /dev/null
+++ b/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/index.js
@@ -0,0 +1,8 @@
+export default function ansiRegex({onlyFirst = false} = {}) {
+	const pattern = [
+	    '[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',
+		'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'
+	].join('|');
+
+	return new RegExp(pattern, onlyFirst ? undefined : 'g');
+}
diff --git a/deps/npm/node_modules/columnify/node_modules/ansi-regex/license b/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/license
similarity index 92%
rename from deps/npm/node_modules/columnify/node_modules/ansi-regex/license
rename to deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/license
index e7af2f77107d73..fa7ceba3eb4a96 100644
--- a/deps/npm/node_modules/columnify/node_modules/ansi-regex/license
+++ b/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/license
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) Sindre Sorhus  (sindresorhus.com)
+Copyright (c) Sindre Sorhus  (https://sindresorhus.com)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
diff --git a/deps/npm/node_modules/gauge/node_modules/ansi-regex/package.json b/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/package.json
similarity index 75%
rename from deps/npm/node_modules/gauge/node_modules/ansi-regex/package.json
rename to deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/package.json
index 017f53116a9e28..7bbb563bf2a70a 100644
--- a/deps/npm/node_modules/gauge/node_modules/ansi-regex/package.json
+++ b/deps/npm/node_modules/wrap-ansi/node_modules/ansi-regex/package.json
@@ -1,16 +1,19 @@
 {
 	"name": "ansi-regex",
-	"version": "5.0.1",
+	"version": "6.0.1",
 	"description": "Regular expression for matching ANSI escape codes",
 	"license": "MIT",
 	"repository": "chalk/ansi-regex",
+	"funding": "https://github.com/chalk/ansi-regex?sponsor=1",
 	"author": {
 		"name": "Sindre Sorhus",
 		"email": "sindresorhus@gmail.com",
-		"url": "sindresorhus.com"
+		"url": "https://sindresorhus.com"
 	},
+	"type": "module",
+	"exports": "./index.js",
 	"engines": {
-		"node": ">=8"
+		"node": ">=12"
 	},
 	"scripts": {
 		"test": "xo && ava && tsd",
@@ -48,8 +51,8 @@
 		"pattern"
 	],
 	"devDependencies": {
-		"ava": "^2.4.0",
-		"tsd": "^0.9.0",
-		"xo": "^0.25.3"
+		"ava": "^3.15.0",
+		"tsd": "^0.14.0",
+		"xo": "^0.38.2"
 	}
 }
diff --git a/deps/npm/node_modules/wrap-ansi/node_modules/strip-ansi/index.js b/deps/npm/node_modules/wrap-ansi/node_modules/strip-ansi/index.js
new file mode 100644
index 00000000000000..ba19750e64e061
--- /dev/null
+++ b/deps/npm/node_modules/wrap-ansi/node_modules/strip-ansi/index.js
@@ -0,0 +1,14 @@
+import ansiRegex from 'ansi-regex';
+
+const regex = ansiRegex();
+
+export default function stripAnsi(string) {
+	if (typeof string !== 'string') {
+		throw new TypeError(`Expected a \`string\`, got \`${typeof string}\``);
+	}
+
+	// Even though the regex is global, we don't need to reset the `.lastIndex`
+	// because unlike `.exec()` and `.test()`, `.replace()` does it automatically
+	// and doing it manually has a performance penalty.
+	return string.replace(regex, '');
+}
diff --git a/deps/npm/node_modules/columnify/node_modules/strip-ansi/license b/deps/npm/node_modules/wrap-ansi/node_modules/strip-ansi/license
similarity index 92%
rename from deps/npm/node_modules/columnify/node_modules/strip-ansi/license
rename to deps/npm/node_modules/wrap-ansi/node_modules/strip-ansi/license
index e7af2f77107d73..fa7ceba3eb4a96 100644
--- a/deps/npm/node_modules/columnify/node_modules/strip-ansi/license
+++ b/deps/npm/node_modules/wrap-ansi/node_modules/strip-ansi/license
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) Sindre Sorhus  (sindresorhus.com)
+Copyright (c) Sindre Sorhus  (https://sindresorhus.com)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
diff --git a/deps/npm/node_modules/cli-columns/node_modules/strip-ansi/package.json b/deps/npm/node_modules/wrap-ansi/node_modules/strip-ansi/package.json
similarity index 71%
rename from deps/npm/node_modules/cli-columns/node_modules/strip-ansi/package.json
rename to deps/npm/node_modules/wrap-ansi/node_modules/strip-ansi/package.json
index 1a41108d42831c..e1f455c325b007 100644
--- a/deps/npm/node_modules/cli-columns/node_modules/strip-ansi/package.json
+++ b/deps/npm/node_modules/wrap-ansi/node_modules/strip-ansi/package.json
@@ -1,16 +1,19 @@
 {
 	"name": "strip-ansi",
-	"version": "6.0.1",
+	"version": "7.1.0",
 	"description": "Strip ANSI escape codes from a string",
 	"license": "MIT",
 	"repository": "chalk/strip-ansi",
+	"funding": "https://github.com/chalk/strip-ansi?sponsor=1",
 	"author": {
 		"name": "Sindre Sorhus",
 		"email": "sindresorhus@gmail.com",
-		"url": "sindresorhus.com"
+		"url": "https://sindresorhus.com"
 	},
+	"type": "module",
+	"exports": "./index.js",
 	"engines": {
-		"node": ">=8"
+		"node": ">=12"
 	},
 	"scripts": {
 		"test": "xo && ava && tsd"
@@ -44,11 +47,11 @@
 		"text"
 	],
 	"dependencies": {
-		"ansi-regex": "^5.0.1"
+		"ansi-regex": "^6.0.1"
 	},
 	"devDependencies": {
-		"ava": "^2.4.0",
-		"tsd": "^0.10.0",
-		"xo": "^0.25.3"
+		"ava": "^3.15.0",
+		"tsd": "^0.17.0",
+		"xo": "^0.44.0"
 	}
 }
diff --git a/deps/npm/package.json b/deps/npm/package.json
index 7f222796a8a2f8..d892a7fff8180b 100644
--- a/deps/npm/package.json
+++ b/deps/npm/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "10.3.0",
+  "version": "10.5.0",
   "name": "npm",
   "description": "a package manager for JavaScript",
   "workspaces": [
@@ -58,8 +58,8 @@
     "@npmcli/map-workspaces": "^3.0.4",
     "@npmcli/package-json": "^5.0.0",
     "@npmcli/promise-spawn": "^7.0.1",
-    "@npmcli/run-script": "^7.0.3",
-    "@sigstore/tuf": "^2.2.0",
+    "@npmcli/run-script": "^7.0.4",
+    "@sigstore/tuf": "^2.3.1",
     "abbrev": "^2.0.0",
     "archy": "~1.0.0",
     "cacache": "^18.0.2",
@@ -105,15 +105,14 @@
     "npm-user-validate": "^2.0.0",
     "npmlog": "^7.0.1",
     "p-map": "^4.0.0",
-    "pacote": "^17.0.5",
+    "pacote": "^17.0.6",
     "parse-conflict-json": "^3.0.1",
     "proc-log": "^3.0.0",
     "qrcode-terminal": "^0.12.0",
     "read": "^2.1.0",
-    "semver": "^7.5.4",
+    "semver": "^7.6.0",
     "spdx-expression-parse": "^3.0.1",
     "ssri": "^10.0.5",
-    "strip-ansi": "^7.1.0",
     "supports-color": "^9.4.0",
     "tar": "^6.2.0",
     "text-table": "~0.2.0",
@@ -186,7 +185,6 @@
     "semver",
     "spdx-expression-parse",
     "ssri",
-    "strip-ansi",
     "supports-color",
     "tar",
     "text-table",
@@ -207,7 +205,7 @@
     "ajv": "^8.12.0",
     "ajv-formats": "^2.1.1",
     "ajv-formats-draft2019": "^1.6.1",
-    "diff": "^5.1.0",
+    "diff": "^5.2.0",
     "licensee": "^10.0.0",
     "nock": "^13.4.0",
     "npm-packlist": "^8.0.2",
diff --git a/deps/npm/tap-snapshots/test/lib/commands/config.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/config.js.test.cjs
index 593de43c2f0193..79518c2b8c8670 100644
--- a/deps/npm/tap-snapshots/test/lib/commands/config.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/commands/config.js.test.cjs
@@ -50,6 +50,8 @@ exports[`test/lib/commands/config.js TAP config list --json > output matches sna
   "dry-run": false,
   "editor": "{EDITOR}",
   "engine-strict": false,
+  "expect-results": null,
+  "expect-result-count": null,
   "fetch-retries": 2,
   "fetch-retry-factor": 10,
   "fetch-retry-maxtimeout": 60000,
@@ -207,6 +209,8 @@ diff-unified = 3
 dry-run = false
 editor = "{EDITOR}"
 engine-strict = false
+expect-result-count = null
+expect-results = null
 fetch-retries = 2
 fetch-retry-factor = 10
 fetch-retry-maxtimeout = 60000
diff --git a/deps/npm/tap-snapshots/test/lib/commands/pack.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/pack.js.test.cjs
index 74b472a7e4bb64..5cdcdd9a8d08a5 100644
--- a/deps/npm/tap-snapshots/test/lib/commands/pack.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/commands/pack.js.test.cjs
@@ -26,6 +26,48 @@ Array [
 ]
 `
 
+exports[`test/lib/commands/pack.js TAP foreground-scripts can still be set to false > logs pack contents 1`] = `
+Array [
+  undefined,
+  "package: test-fg-scripts@0.0.0",
+  undefined,
+  "110B package.json",
+  undefined,
+  String(
+    name:          test-fg-scripts
+    version:       0.0.0
+    filename:      test-fg-scripts-0.0.0.tgz
+    package size:  {size}
+    unpacked size: 110 B
+    shasum:        {sha}
+    integrity:     {integrity}
+    total files:   1
+  ),
+  "",
+]
+`
+
+exports[`test/lib/commands/pack.js TAP foreground-scripts defaults to true > logs pack contents 1`] = `
+Array [
+  undefined,
+  "package: test-fg-scripts@0.0.0",
+  undefined,
+  "110B package.json",
+  undefined,
+  String(
+    name:          test-fg-scripts
+    version:       0.0.0
+    filename:      test-fg-scripts-0.0.0.tgz
+    package size:  {size}
+    unpacked size: 110 B
+    shasum:        {sha}
+    integrity:     {integrity}
+    total files:   1
+  ),
+  "",
+]
+`
+
 exports[`test/lib/commands/pack.js TAP should log output as valid json > logs pack contents 1`] = `
 Array []
 `
diff --git a/deps/npm/tap-snapshots/test/lib/commands/publish.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/publish.js.test.cjs
index 597bf236f46b21..45406c994002aa 100644
--- a/deps/npm/tap-snapshots/test/lib/commands/publish.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/commands/publish.js.test.cjs
@@ -56,6 +56,92 @@ Array [
 ]
 `
 
+exports[`test/lib/commands/publish.js TAP foreground-scripts can still be set to false > must match snapshot 1`] = `
+Array [
+  Array [
+    "",
+  ],
+  Array [
+    "",
+    "package: test-fg-scripts@0.0.0",
+  ],
+  Array [
+    "=== Tarball Contents ===",
+  ],
+  Array [
+    "",
+    "110B package.json",
+  ],
+  Array [
+    "=== Tarball Details ===",
+  ],
+  Array [
+    "",
+    String(
+      name:          test-fg-scripts
+      version:       0.0.0
+      filename:      test-fg-scripts-0.0.0.tgz
+      package size:  {size}
+      unpacked size: 110 B
+      shasum:        {sha}
+      integrity:     {integrity}
+      total files:   1
+    ),
+  ],
+  Array [
+    "",
+    "",
+  ],
+  Array [
+    "",
+    "Publishing to https://registry.npmjs.org/ with tag latest and default access (dry-run)",
+  ],
+]
+`
+
+exports[`test/lib/commands/publish.js TAP foreground-scripts defaults to true > must match snapshot 1`] = `
+Array [
+  Array [
+    "",
+  ],
+  Array [
+    "",
+    "package: test-fg-scripts@0.0.0",
+  ],
+  Array [
+    "=== Tarball Contents ===",
+  ],
+  Array [
+    "",
+    "110B package.json",
+  ],
+  Array [
+    "=== Tarball Details ===",
+  ],
+  Array [
+    "",
+    String(
+      name:          test-fg-scripts
+      version:       0.0.0
+      filename:      test-fg-scripts-0.0.0.tgz
+      package size:  {size}
+      unpacked size: 110 B
+      shasum:        {sha}
+      integrity:     {integrity}
+      total files:   1
+    ),
+  ],
+  Array [
+    "",
+    "",
+  ],
+  Array [
+    "",
+    "Publishing to https://registry.npmjs.org/ with tag latest and default access (dry-run)",
+  ],
+]
+`
+
 exports[`test/lib/commands/publish.js TAP has mTLS auth for scope configured registry > new package version 1`] = `
 + @npm/test-package@1.0.0
 `
diff --git a/deps/npm/tap-snapshots/test/lib/commands/view.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/view.js.test.cjs
index 1c37e26db7f824..3bda4e7de28531 100644
--- a/deps/npm/tap-snapshots/test/lib/commands/view.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/commands/view.js.test.cjs
@@ -190,6 +190,10 @@ dist-tags:
 latest: 1.0.0
 `
 
+exports[`test/lib/commands/view.js TAP package with invalid version > must match snapshot 1`] = `
+[ '1.0.0', '1.0.1' ]
+`
+
 exports[`test/lib/commands/view.js TAP package with maintainers info as object > must match snapshot 1`] = `
 
 pink@1.0.0 | Proprietary | deps: none | versions: 2
diff --git a/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs b/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs
index ba1fe703d39d5c..faa8309dfad781 100644
--- a/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/docs.js.test.cjs
@@ -537,6 +537,25 @@ This can be overridden by setting the \`--force\` flag.
 
 
 
+#### \`expect-result-count\`
+
+* Default: null
+* Type: null or Number
+
+Tells to expect a specific number of results from the command.
+
+This config can not be used with: \`expect-results\`
+
+#### \`expect-results\`
+
+* Default: null
+* Type: null or Boolean
+
+Tells npm whether or not to expect results from the command. Can be either
+true (expect some results) or false (expect no results).
+
+This config can not be used with: \`expect-result-count\`
+
 #### \`fetch-retries\`
 
 * Default: 2
@@ -618,7 +637,8 @@ recommended that you do not use this option!
 
 #### \`foreground-scripts\`
 
-* Default: false
+* Default: \`false\` unless when using \`npm pack\` or \`npm publish\` where it
+  defaults to \`true\`
 * Type: Boolean
 
 Run all build scripts (ie, \`preinstall\`, \`install\`, and \`postinstall\`)
@@ -2074,6 +2094,8 @@ Array [
   "dry-run",
   "editor",
   "engine-strict",
+  "expect-results",
+  "expect-result-count",
   "fetch-retries",
   "fetch-retry-factor",
   "fetch-retry-maxtimeout",
@@ -2325,6 +2347,8 @@ Array [
 
 exports[`test/lib/docs.js TAP config > keys that are not flattened 1`] = `
 Array [
+  "expect-results",
+  "expect-result-count",
   "init-author-email",
   "init-author-name",
   "init-author-url",
@@ -3869,6 +3893,7 @@ Options:
 [-g|--global]
 [-w|--workspace  [-w|--workspace  ...]]
 [-ws|--workspaces] [--include-workspace-root] [--package-lock-only]
+[--expect-results|--expect-result-count ]
 
 Run "npm help query" for more info
 
@@ -3881,6 +3906,8 @@ npm query 
 #### \`workspaces\`
 #### \`include-workspace-root\`
 #### \`package-lock-only\`
+#### \`expect-results\`
+#### \`expect-result-count\`
 `
 
 exports[`test/lib/docs.js TAP usage rebuild > must match snapshot 1`] = `
diff --git a/deps/npm/tap-snapshots/test/lib/utils/reify-output.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/reify-output.js.test.cjs
index 3fb3fa2611c231..3e3df9039efb91 100644
--- a/deps/npm/tap-snapshots/test/lib/utils/reify-output.js.test.cjs
+++ b/deps/npm/tap-snapshots/test/lib/utils/reify-output.js.test.cjs
@@ -1632,3 +1632,21 @@ exports[`test/lib/utils/reify-output.js TAP packages changed message  > {"added"
   }
 }
 `
+
+exports[`test/lib/utils/reify-output.js TAP prints dedupe difference on dry-run > diff table 1`] = `
+
+change  bar  1.0.0 -> 2.1.0
+remove  bar  1.0.0
+add     foo  1.0.0
+
+removed 1 package, and changed 1 package in {TIME}
+`
+
+exports[`test/lib/utils/reify-output.js TAP prints dedupe difference on long > diff table 1`] = `
+
+change  bar  1.0.0 -> 2.1.0
+remove  bar  1.0.0
+add     foo  1.0.0
+
+removed 1 package, and changed 1 package in {TIME}
+`
diff --git a/deps/npm/test/lib/commands/audit.js b/deps/npm/test/lib/commands/audit.js
index 623c7b6485159f..9a57a02184ea18 100644
--- a/deps/npm/test/lib/commands/audit.js
+++ b/deps/npm/test/lib/commands/audit.js
@@ -939,7 +939,7 @@ t.test('audit signatures', async t => {
     const opts = {
       baseURL: 'https://tuf-repo-cdn.sigstore.dev',
       metadataPathPrefix: '',
-      cachePath: path.join(npm.cache, '_tuf'),
+      cachePath: path.join(npm.cache, '_tuf', 'tuf-repo-cdn.sigstore.dev'),
     }
     return tufmock(target, opts)
   }
diff --git a/deps/npm/test/lib/commands/dist-tag.js b/deps/npm/test/lib/commands/dist-tag.js
index 1c63ce497d3fb2..918f658c6462aa 100644
--- a/deps/npm/test/lib/commands/dist-tag.js
+++ b/deps/npm/test/lib/commands/dist-tag.js
@@ -318,6 +318,15 @@ t.test('add missing pkg name', async t => {
   )
 })
 
+t.test('add invalid tag', async t => {
+  const { distTag } = await mockDist(t)
+  await t.rejects(
+    distTag.exec(['add', '@tag']),
+    { code: 'EINVALIDTAGNAME' },
+    'should exit with invalid tag name error'
+  )
+})
+
 t.test('set existing version', async t => {
   const { distTag, logs } = await mockDist(t)
   await distTag.exec(['set', '@scoped/another@0.6.0', 'b'])
diff --git a/deps/npm/test/lib/commands/exec.js b/deps/npm/test/lib/commands/exec.js
index 3cb4e90e855fe4..094cb7113d07a3 100644
--- a/deps/npm/test/lib/commands/exec.js
+++ b/deps/npm/test/lib/commands/exec.js
@@ -41,6 +41,7 @@ t.test('registry package', async t => {
   })
 
   await registry.package({
+    times: 2,
     manifest,
     tarballs: {
       '1.0.0': path.join(npm.prefix, 'npm-exec-test'),
diff --git a/deps/npm/test/lib/commands/hook.js b/deps/npm/test/lib/commands/hook.js
index 448045cdd69162..382bc177e7001a 100644
--- a/deps/npm/test/lib/commands/hook.js
+++ b/deps/npm/test/lib/commands/hook.js
@@ -1,5 +1,6 @@
 const t = require('tap')
 const mockNpm = require('../../fixtures/mock-npm')
+const { stripVTControlCharacters } = require('node:util')
 
 const mockHook = async (t, { hookResponse, ...npmOpts } = {}) => {
   const now = Date.now()
@@ -243,8 +244,7 @@ t.test('npm hook ls', async t => {
     'received the correct arguments'
   )
   t.equal(outputs[0][0], 'You have 3 hooks configured.', 'prints the correct header')
-  const { default: stripAnsi } = await import('strip-ansi')
-  const out = stripAnsi(outputs[1][0])
+  const out = stripVTControlCharacters(outputs[1][0])
   t.match(out, /semver.*https:\/\/google.com.*\n.*\n.*never triggered/, 'prints package hook')
   t.match(out, /@npmcli.*https:\/\/google.com.*\n.*\n.*triggered just now/, 'prints scope hook')
   t.match(out, /~npm.*https:\/\/google.com.*\n.*\n.*never triggered/, 'prints owner hook')
@@ -293,8 +293,7 @@ t.test('npm hook ls, single result', async t => {
     'received the correct arguments'
   )
   t.equal(outputs[0][0], 'You have one hook configured.', 'prints the correct header')
-  const { default: stripAnsi } = await import('strip-ansi')
-  const out = stripAnsi(outputs[1][0])
+  const out = stripVTControlCharacters(outputs[1][0])
   t.match(out, /semver.*https:\/\/google.com.*\n.*\n.*never triggered/, 'prints package hook')
 })
 
diff --git a/deps/npm/test/lib/commands/org.js b/deps/npm/test/lib/commands/org.js
index ed8fb238c4b0d8..0c343f028d6dcf 100644
--- a/deps/npm/test/lib/commands/org.js
+++ b/deps/npm/test/lib/commands/org.js
@@ -1,5 +1,6 @@
 const t = require('tap')
 const mockNpm = require('../../fixtures/mock-npm')
+const { stripVTControlCharacters } = require('node:util')
 
 const mockOrg = async (t, { orgSize = 1, orgList = {}, ...npmOpts } = {}) => {
   let setArgs = null
@@ -426,8 +427,7 @@ t.test('npm org ls', async t => {
     },
     'receieved the correct args'
   )
-  const { default: stripAnsi } = await import('strip-ansi')
-  const out = stripAnsi(outputs[0][0])
+  const out = stripVTControlCharacters(outputs[0][0])
   t.match(out, /one.*developer/, 'contains the developer member')
   t.match(out, /two.*admin/, 'contains the admin member')
   t.match(out, /three.*owner/, 'contains the owner member')
@@ -452,8 +452,7 @@ t.test('npm org ls - user filter', async t => {
     },
     'receieved the correct args'
   )
-  const { default: stripAnsi } = await import('strip-ansi')
-  const out = stripAnsi(outputs[0][0])
+  const out = stripVTControlCharacters(outputs[0][0])
   t.match(out, /username.*admin/, 'contains the filtered member')
   t.notMatch(out, /missing.*admin/, 'does not contain other members')
 })
@@ -476,8 +475,7 @@ t.test('npm org ls - user filter, missing user', async t => {
     },
     'receieved the correct args'
   )
-  const { default: stripAnsi } = await import('strip-ansi')
-  const out = stripAnsi(outputs[0][0])
+  const out = stripVTControlCharacters(outputs[0][0])
   t.notMatch(out, /username/, 'does not contain the requested member')
   t.notMatch(out, /missing.*admin/, 'does not contain other members')
 })
diff --git a/deps/npm/test/lib/commands/pack.js b/deps/npm/test/lib/commands/pack.js
index 658fd3489abea1..baec163c7b34d0 100644
--- a/deps/npm/test/lib/commands/pack.js
+++ b/deps/npm/test/lib/commands/pack.js
@@ -105,6 +105,87 @@ t.test('dry run', async t => {
   t.throws(() => fs.statSync(path.resolve(npm.prefix, filename)))
 })
 
+t.test('foreground-scripts defaults to true', async t => {
+  const { npm, outputs, logs } = await loadMockNpm(t, {
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: 'test-fg-scripts',
+        version: '0.0.0',
+        scripts: {
+          prepack: 'echo prepack!',
+          postpack: 'echo postpack!',
+        },
+      }
+      ),
+    },
+    config: { 'dry-run': true },
+  })
+
+  /* eslint no-console: 0 */
+  // TODO: replace this with `const results = t.intercept(console, 'log')`
+  const log = console.log
+  t.teardown(() => {
+    console.log = log
+  })
+  const caughtLogs = []
+  console.log = (...args) => {
+    caughtLogs.push(args)
+  }
+  // end TODO
+
+  await npm.exec('pack', [])
+  const filename = 'test-fg-scripts-0.0.0.tgz'
+  t.same(
+    caughtLogs,
+    [
+      ['\n> test-fg-scripts@0.0.0 prepack\n> echo prepack!\n'],
+      ['\n> test-fg-scripts@0.0.0 postpack\n> echo postpack!\n'],
+    ],
+    'prepack and postpack log to stdout')
+  t.strictSame(outputs, [[filename]])
+  t.matchSnapshot(logs.notice.map(([, m]) => m), 'logs pack contents')
+  t.throws(() => fs.statSync(path.resolve(npm.prefix, filename)))
+})
+
+t.test('foreground-scripts can still be set to false', async t => {
+  const { npm, outputs, logs } = await loadMockNpm(t, {
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: 'test-fg-scripts',
+        version: '0.0.0',
+        scripts: {
+          prepack: 'echo prepack!',
+          postpack: 'echo postpack!',
+        },
+      }
+      ),
+    },
+    config: { 'dry-run': true, 'foreground-scripts': false },
+  })
+
+  /* eslint no-console: 0 */
+  // TODO: replace this with `const results = t.intercept(console, 'log')`
+  const log = console.log
+  t.teardown(() => {
+    console.log = log
+  })
+  const caughtLogs = []
+  console.log = (...args) => {
+    caughtLogs.push(args)
+  }
+  // end TODO
+
+  await npm.exec('pack', [])
+  const filename = 'test-fg-scripts-0.0.0.tgz'
+  t.same(
+    caughtLogs,
+    [],
+    'prepack and postpack do not log to stdout')
+  t.strictSame(outputs, [[filename]])
+  t.matchSnapshot(logs.notice.map(([, m]) => m), 'logs pack contents')
+  t.throws(() => fs.statSync(path.resolve(npm.prefix, filename)))
+})
+
 t.test('invalid packument', async t => {
   const { npm, outputs } = await loadMockNpm(t, {
     prefixDir: {
diff --git a/deps/npm/test/lib/commands/publish.js b/deps/npm/test/lib/commands/publish.js
index a5644ce224d670..ec7299e9eec530 100644
--- a/deps/npm/test/lib/commands/publish.js
+++ b/deps/npm/test/lib/commands/publish.js
@@ -167,6 +167,92 @@ t.test('dry-run', async t => {
   t.matchSnapshot(logs.notice)
 })
 
+t.test('foreground-scripts defaults to true', async t => {
+  const { joinedOutput, npm, logs } = await loadMockNpm(t, {
+    config: {
+      'dry-run': true,
+      ...auth,
+    },
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: 'test-fg-scripts',
+        version: '0.0.0',
+        scripts: {
+          prepack: 'echo prepack!',
+          postpack: 'echo postpack!',
+        },
+      }
+      ),
+    },
+  })
+
+  /* eslint no-console: 0 */
+  // TODO: replace this with `const results = t.intercept(console, 'log')`
+  const log = console.log
+  t.teardown(() => {
+    console.log = log
+  })
+  const caughtLogs = []
+  console.log = (...args) => {
+    caughtLogs.push(args)
+  }
+  // end TODO
+
+  await npm.exec('publish', [])
+  t.equal(joinedOutput(), `+ test-fg-scripts@0.0.0`)
+  t.matchSnapshot(logs.notice)
+
+  t.same(
+    caughtLogs,
+    [
+      ['\n> test-fg-scripts@0.0.0 prepack\n> echo prepack!\n'],
+      ['\n> test-fg-scripts@0.0.0 postpack\n> echo postpack!\n'],
+    ],
+    'prepack and postpack log to stdout')
+})
+
+t.test('foreground-scripts can still be set to false', async t => {
+  const { joinedOutput, npm, logs } = await loadMockNpm(t, {
+    config: {
+      'dry-run': true,
+      'foreground-scripts': false,
+      ...auth,
+    },
+    prefixDir: {
+      'package.json': JSON.stringify({
+        name: 'test-fg-scripts',
+        version: '0.0.0',
+        scripts: {
+          prepack: 'echo prepack!',
+          postpack: 'echo postpack!',
+        },
+      }
+      ),
+    },
+  })
+
+  /* eslint no-console: 0 */
+  // TODO: replace this with `const results = t.intercept(console, 'log')`
+  const log = console.log
+  t.teardown(() => {
+    console.log = log
+  })
+  const caughtLogs = []
+  console.log = (...args) => {
+    caughtLogs.push(args)
+  }
+  // end TODO
+
+  await npm.exec('publish', [])
+  t.equal(joinedOutput(), `+ test-fg-scripts@0.0.0`)
+  t.matchSnapshot(logs.notice)
+
+  t.same(
+    caughtLogs,
+    [],
+    'prepack and postpack do not log to stdout')
+})
+
 t.test('shows usage with wrong set of arguments', async t => {
   const { publish } = await loadMockNpm(t, { command: 'publish' })
   await t.rejects(publish.exec(['a', 'b', 'c']), publish.usage)
diff --git a/deps/npm/test/lib/commands/query.js b/deps/npm/test/lib/commands/query.js
index adf617316772e5..ebe89ed0da2789 100644
--- a/deps/npm/test/lib/commands/query.js
+++ b/deps/npm/test/lib/commands/query.js
@@ -61,6 +61,7 @@ t.test('recursive tree', async t => {
   await npm.exec('query', ['*'])
   t.matchSnapshot(joinedOutput(), 'should return everything in the tree, accounting for recursion')
 })
+
 t.test('workspace query', async t => {
   const { npm, joinedOutput } = await loadMockNpm(t, {
     config: {
@@ -237,3 +238,85 @@ t.test('package-lock-only', t => {
   })
   t.end()
 })
+
+t.test('expect entries', t => {
+  const { exitCode } = process
+  t.afterEach(() => process.exitCode = exitCode)
+  const prefixDir = {
+    node_modules: {
+      a: { name: 'a', version: '1.0.0' },
+    },
+    'package.json': JSON.stringify({
+      name: 'project',
+      dependencies: { a: '^1.0.0' },
+    }),
+  }
+  t.test('false, has entries', async t => {
+    const { logs, npm, joinedOutput } = await loadMockNpm(t, {
+      prefixDir,
+    })
+    npm.config.set('expect-results', false)
+    await npm.exec('query', ['#a'])
+    t.not(joinedOutput(), '[]', 'has entries')
+    t.same(logs.warn, [['query', 'Expected no results, got 1']])
+    t.ok(process.exitCode, 'exits with code')
+  })
+  t.test('false, no entries', async t => {
+    const { npm, joinedOutput } = await loadMockNpm(t, {
+      prefixDir,
+    })
+    npm.config.set('expect-results', false)
+    await npm.exec('query', ['#b'])
+    t.equal(joinedOutput(), '[]', 'does not have entries')
+    t.notOk(process.exitCode, 'exits without code')
+  })
+  t.test('true, has entries', async t => {
+    const { npm, joinedOutput } = await loadMockNpm(t, {
+      prefixDir,
+    })
+    npm.config.set('expect-results', true)
+    await npm.exec('query', ['#a'])
+    t.not(joinedOutput(), '[]', 'has entries')
+    t.notOk(process.exitCode, 'exits without code')
+  })
+  t.test('true, no entries', async t => {
+    const { logs, npm, joinedOutput } = await loadMockNpm(t, {
+      prefixDir,
+    })
+    npm.config.set('expect-results', true)
+    await npm.exec('query', ['#b'])
+    t.equal(joinedOutput(), '[]', 'does not have entries')
+    t.same(logs.warn, [['query', 'Expected results, got 0']])
+    t.ok(process.exitCode, 'exits with code')
+  })
+  t.test('count, matches', async t => {
+    const { npm, joinedOutput } = await loadMockNpm(t, {
+      prefixDir,
+    })
+    npm.config.set('expect-result-count', 1)
+    await npm.exec('query', ['#a'])
+    t.not(joinedOutput(), '[]', 'has entries')
+    t.notOk(process.exitCode, 'exits without code')
+  })
+  t.test('count 1, does not match', async t => {
+    const { logs, npm, joinedOutput } = await loadMockNpm(t, {
+      prefixDir,
+    })
+    npm.config.set('expect-result-count', 1)
+    await npm.exec('query', ['#b'])
+    t.equal(joinedOutput(), '[]', 'does not have entries')
+    t.same(logs.warn, [['query', 'Expected 1 result, got 0']])
+    t.ok(process.exitCode, 'exits with code')
+  })
+  t.test('count 3, does not match', async t => {
+    const { logs, npm, joinedOutput } = await loadMockNpm(t, {
+      prefixDir,
+    })
+    npm.config.set('expect-result-count', 3)
+    await npm.exec('query', ['#b'])
+    t.equal(joinedOutput(), '[]', 'does not have entries')
+    t.same(logs.warn, [['query', 'Expected 3 results, got 0']])
+    t.ok(process.exitCode, 'exits with code')
+  })
+  t.end()
+})
diff --git a/deps/npm/test/lib/commands/view.js b/deps/npm/test/lib/commands/view.js
index a99c8d6242212c..92c7fe47bda062 100644
--- a/deps/npm/test/lib/commands/view.js
+++ b/deps/npm/test/lib/commands/view.js
@@ -250,6 +250,8 @@ const packument = (nv, opts) => {
           },
         },
         '1.0.1': {},
+        '100000000000000000.0.0': {
+        },
       },
     },
   }
@@ -315,6 +317,12 @@ t.test('package with homepage', async t => {
   t.matchSnapshot(outputs.join('\n'))
 })
 
+t.test('package with invalid version', async t => {
+  const { view, outputs } = await loadMockNpm(t, { config: { unicode: false } })
+  await view.exec(['orange', 'versions'])
+  t.matchSnapshot(outputs.join('\n'))
+})
+
 t.test('package with no versions', async t => {
   const { view, outputs } = await loadMockNpm(t, { config: { unicode: false } })
   await view.exec(['brown'])
diff --git a/deps/npm/test/lib/utils/reify-output.js b/deps/npm/test/lib/utils/reify-output.js
index 1c6215ab33bef0..fd15e25a749842 100644
--- a/deps/npm/test/lib/utils/reify-output.js
+++ b/deps/npm/test/lib/utils/reify-output.js
@@ -380,3 +380,59 @@ t.test('added packages should be looked up within returned tree', async t => {
     t.matchSnapshot(out)
   })
 })
+
+t.test('prints dedupe difference on dry-run', async t => {
+  const mock = {
+    actualTree: {
+      name: 'foo',
+      inventory: {
+        has: () => false,
+      },
+    },
+    diff: {
+      children: [
+        { action: 'ADD', ideal: { name: 'foo', package: { version: '1.0.0' } } },
+        { action: 'REMOVE', actual: { name: 'bar', package: { version: '1.0.0' } } },
+        {
+          action: 'CHANGE',
+          actual: { name: 'bar', package: { version: '1.0.0' } },
+          ideal: { package: { version: '2.1.0' } },
+        },
+      ],
+    },
+  }
+
+  const out = await mockReify(t, mock, {
+    'dry-run': true,
+  })
+
+  t.matchSnapshot(out, 'diff table')
+})
+
+t.test('prints dedupe difference on long', async t => {
+  const mock = {
+    actualTree: {
+      name: 'foo',
+      inventory: {
+        has: () => false,
+      },
+    },
+    diff: {
+      children: [
+        { action: 'ADD', ideal: { name: 'foo', package: { version: '1.0.0' } } },
+        { action: 'REMOVE', actual: { name: 'bar', package: { version: '1.0.0' } } },
+        {
+          action: 'CHANGE',
+          actual: { name: 'bar', package: { version: '1.0.0' } },
+          ideal: { package: { version: '2.1.0' } },
+        },
+      ],
+    },
+  }
+
+  const out = await mockReify(t, mock, {
+    long: true,
+  })
+
+  t.matchSnapshot(out, 'diff table')
+})
diff --git a/deps/npm/test/lib/utils/update-notifier.js b/deps/npm/test/lib/utils/update-notifier.js
index cc5348a440e0a7..052367c60dadb1 100644
--- a/deps/npm/test/lib/utils/update-notifier.js
+++ b/deps/npm/test/lib/utils/update-notifier.js
@@ -23,6 +23,7 @@ const runUpdateNotifier = async (t, {
   prefixDir,
   version = CURRENT_VERSION,
   argv = [],
+  wroteFile = false,
   ...config
 } = {}) => {
   const mockFs = {
@@ -37,6 +38,7 @@ const runUpdateNotifier = async (t, {
       return { mtime: new Date(STAT_MTIME) }
     },
     writeFile: async (path, content) => {
+      wroteFile = true
       if (content !== '') {
         t.fail('no write file content allowed')
       }
@@ -86,88 +88,108 @@ const runUpdateNotifier = async (t, {
   const result = await updateNotifier(mock.npm)
 
   return {
+    wroteFile,
     result,
     MANIFEST_REQUEST,
   }
 }
 
-t.test('does not notify by default', async t => {
-  const { result, MANIFEST_REQUEST } = await runUpdateNotifier(t)
+t.test('duration has elapsed, no updates', async t => {
+  const { wroteFile, result, MANIFEST_REQUEST } = await runUpdateNotifier(t)
+  t.equal(wroteFile, true)
   t.not(result)
   t.equal(MANIFEST_REQUEST.length, 1)
 })
 
 t.test('situations in which we do not notify', t => {
   t.test('nothing to do if notifier disabled', async t => {
-    const { result, MANIFEST_REQUEST } = await runUpdateNotifier(t, {
+    const { wroteFile, result, MANIFEST_REQUEST } = await runUpdateNotifier(t, {
       'update-notifier': false,
     })
+    t.equal(wroteFile, false)
     t.equal(result, null)
     t.strictSame(MANIFEST_REQUEST, [], 'no requests for manifests')
   })
 
   t.test('do not suggest update if already updating', async t => {
-    const { result, MANIFEST_REQUEST } = await runUpdateNotifier(t, {
+    const { wroteFile, result, MANIFEST_REQUEST } = await runUpdateNotifier(t, {
       command: 'install',
       prefixDir: { 'package.json': `{"name":"${t.testName}"}` },
       argv: ['npm'],
       global: true,
     })
+    t.equal(wroteFile, false)
     t.equal(result, null)
     t.strictSame(MANIFEST_REQUEST, [], 'no requests for manifests')
   })
 
   t.test('do not suggest update if already updating with spec', async t => {
-    const { result, MANIFEST_REQUEST } = await runUpdateNotifier(t, {
+    const { wroteFile, result, MANIFEST_REQUEST } = await runUpdateNotifier(t, {
       command: 'install',
       prefixDir: { 'package.json': `{"name":"${t.testName}"}` },
       argv: ['npm@latest'],
       global: true,
     })
+    t.equal(wroteFile, false)
     t.equal(result, null)
     t.strictSame(MANIFEST_REQUEST, [], 'no requests for manifests')
   })
 
   t.test('do not update if same as latest', async t => {
-    const { result, MANIFEST_REQUEST } = await runUpdateNotifier(t)
+    const { wroteFile, result, MANIFEST_REQUEST } = await runUpdateNotifier(t)
+    t.equal(wroteFile, true)
     t.equal(result, null)
     t.strictSame(MANIFEST_REQUEST, ['npm@latest'], 'requested latest version')
   })
   t.test('check if stat errors (here for coverage)', async t => {
     const STAT_ERROR = new Error('blorg')
-    const { result, MANIFEST_REQUEST } = await runUpdateNotifier(t, { STAT_ERROR })
+    const { wroteFile, result, MANIFEST_REQUEST } = await runUpdateNotifier(t, { STAT_ERROR })
+    t.equal(wroteFile, true)
     t.equal(result, null)
     t.strictSame(MANIFEST_REQUEST, ['npm@latest'], 'requested latest version')
   })
   t.test('ok if write errors (here for coverage)', async t => {
     const WRITE_ERROR = new Error('grolb')
-    const { result, MANIFEST_REQUEST } = await runUpdateNotifier(t, { WRITE_ERROR })
+    const { wroteFile, result, MANIFEST_REQUEST } = await runUpdateNotifier(t, { WRITE_ERROR })
+    t.equal(wroteFile, true)
     t.equal(result, null)
     t.strictSame(MANIFEST_REQUEST, ['npm@latest'], 'requested latest version')
   })
   t.test('ignore pacote failures (here for coverage)', async t => {
     const PACOTE_ERROR = new Error('pah-KO-tchay')
-    const { result, MANIFEST_REQUEST } = await runUpdateNotifier(t, { PACOTE_ERROR })
+    const { wroteFile, result, MANIFEST_REQUEST } = await runUpdateNotifier(t, { PACOTE_ERROR })
     t.equal(result, null)
+    t.equal(wroteFile, true)
     t.strictSame(MANIFEST_REQUEST, ['npm@latest'], 'requested latest version')
   })
   t.test('do not update if newer than latest, but same as next', async t => {
-    const { result, MANIFEST_REQUEST } = await runUpdateNotifier(t, { version: NEXT_VERSION })
+    const {
+      wroteFile,
+      result,
+      MANIFEST_REQUEST,
+    } = await runUpdateNotifier(t, { version: NEXT_VERSION })
     t.equal(result, null)
+    t.equal(wroteFile, true)
     const reqs = ['npm@latest', `npm@^${NEXT_VERSION}`]
     t.strictSame(MANIFEST_REQUEST, reqs, 'requested latest and next versions')
   })
   t.test('do not update if on the latest beta', async t => {
-    const { result, MANIFEST_REQUEST } = await runUpdateNotifier(t, { version: CURRENT_BETA })
+    const {
+      wroteFile,
+      result,
+      MANIFEST_REQUEST,
+    } = await runUpdateNotifier(t, { version: CURRENT_BETA })
     t.equal(result, null)
+    t.equal(wroteFile, true)
     const reqs = [`npm@^${CURRENT_BETA}`]
     t.strictSame(MANIFEST_REQUEST, reqs, 'requested latest and next versions')
   })
 
   t.test('do not update in CI', async t => {
-    const { result, MANIFEST_REQUEST } = await runUpdateNotifier(t, { mocks: {
+    const { wroteFile, result, MANIFEST_REQUEST } = await runUpdateNotifier(t, { mocks: {
       'ci-info': { isCI: true, name: 'something' },
     } })
+    t.equal(wroteFile, false)
     t.equal(result, null)
     t.strictSame(MANIFEST_REQUEST, [], 'no requests for manifests')
   })
@@ -175,7 +197,8 @@ t.test('situations in which we do not notify', t => {
   t.test('only check weekly for GA releases', async t => {
     // One week (plus five minutes to account for test environment fuzziness)
     const STAT_MTIME = Date.now() - 1000 * 60 * 60 * 24 * 7 + 1000 * 60 * 5
-    const { result, MANIFEST_REQUEST } = await runUpdateNotifier(t, { STAT_MTIME })
+    const { wroteFile, result, MANIFEST_REQUEST } = await runUpdateNotifier(t, { STAT_MTIME })
+    t.equal(wroteFile, false, 'duration was not reset')
     t.equal(result, null)
     t.strictSame(MANIFEST_REQUEST, [], 'no requests for manifests')
   })
@@ -183,9 +206,14 @@ t.test('situations in which we do not notify', t => {
   t.test('only check daily for betas', async t => {
     // One day (plus five minutes to account for test environment fuzziness)
     const STAT_MTIME = Date.now() - 1000 * 60 * 60 * 24 + 1000 * 60 * 5
-    const res = await runUpdateNotifier(t, { STAT_MTIME, version: HAVE_BETA })
-    t.equal(res.result, null)
-    t.strictSame(res.MANIFEST_REQUEST, [], 'no requests for manifests')
+    const {
+      wroteFile,
+      result,
+      MANIFEST_REQUEST,
+    } = await runUpdateNotifier(t, { STAT_MTIME, version: HAVE_BETA })
+    t.equal(wroteFile, false, 'duration was not reset')
+    t.equal(result, null)
+    t.strictSame(MANIFEST_REQUEST, [], 'no requests for manifests')
   })
 
   t.end()
@@ -204,8 +232,13 @@ t.test('notification situations', async t => {
   for (const [version, reqs] of Object.entries(cases)) {
     for (const color of [false, 'always']) {
       await t.test(`${version} - color=${color}`, async t => {
-        const { result, MANIFEST_REQUEST } = await runUpdateNotifier(t, { version, color })
+        const {
+          wroteFile,
+          result,
+          MANIFEST_REQUEST,
+        } = await runUpdateNotifier(t, { version, color })
         t.matchSnapshot(result)
+        t.equal(wroteFile, true)
         t.strictSame(MANIFEST_REQUEST, reqs.map(r => `npm@${r.replace('{V}', version)}`))
       })
     }