From 53487008259b939959692dd798eb7b7a89c6b88f Mon Sep 17 00:00:00 2001 From: David Hafley <8880+dhafley@users.noreply.github.com> Date: Fri, 8 May 2026 13:41:12 -0400 Subject: [PATCH 01/20] redesign: replace docs with new IA from Pixee-Marketing-OS PR #117 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replaces the existing ~9-page docs.pixee.ai with a 76-page redesigned site sourced from Pixee-Marketing-OS PR #117 (merged 2026-04-28), restructured and corrected against the canonical Pixee Enterprise Server install reference. ## Content - 76 markdown pages across 11 sections: api, configuration, enterprise, faq, getting-started, how-it-works, integrations (with scms/ and scanners/ subcategories), languages, open-source, platform. - Welcome doc lives at /. Pre-existing PixeeDocs React landing (src/pages/index.js + HomepageFeatures component) removed. - /integrations/contrast and /integrations/scanners/gitlab-sca are newly authored content (PR #117 dropped Contrast from the IA; SCA coverage was missing entirely). ## Information architecture - Integrations split into two subcategories: Source Control (4 pages — GitHub, GitLab, Azure DevOps, Bitbucket) and Scanning Tools (14 pages — CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy, DefectDojo). Each subcategory has a generated-index landing. - Three consolidated wrapper pages from the original PR (commercial- scanners, oss-aggregator-scanners, scm-platform-reference) split into individual scanner / SCM pages. - Pages /getting-started/ and /integrations/scms/ split by purpose: tutorial vs canonical reference. Permission tables live on the integration page only; install steps live on the getting-started page. - Frontmatter normalized: numeric file prefixes dropped (replaced with sidebar_position), track field lowercased, duplicate keys deduped in 29 files, meta_description renamed to Docusaurus-standard description. ## Canonical-source corrections Sourced from pixee/pixee-enterprise-server (charts/.../docs/src) — used to correct several details that were understated, ahead of the docs, or plain wrong: - GitHub: full 9-permission Repository table (was 6, with Repository contents incorrectly listed as Read-only — Pixee needs Read & Write to create fix branches), plus Organization and Account permissions and the 12 webhook events. GHES section now walks through the full custom GitHub App registration flow. - GitLab: 8 PAT scopes (was 5; added ai_features, read_registry, read_virtual_registry); webhook URL format documented. - Bitbucket: corrected to require username + email + API token (API tokens authenticate by email, Git ops by username — both are required); 6-scope table replaces the previous vague "API token + R/W." Bitbucket Server / Data Center separated as a distinct product. - Azure DevOps: PAT requirement corrected to "custom scope with full Code access (not 'Full access')"; webhook user/password documented as optional. The previous Work-Item Linking section pulled until it can be re-added with a cited source. - AppScan: full webhook setup walkthrough added — Basic Auth (preferred) vs deprecated webhook-secret mode, plus the two AppScan webhook registrations Pixee needs (Scan Execution Completed, New Patch Request) with JSON request bodies. ## Pixee CLI The previous /getting-started/cli described a fictional `pixee fix --sarif` local-fix command. The actual CLI at github.com/pixee/pixee-cli is a thin client for the Pixee REST API. Rewritten: - Install via Homebrew (brew tap pixee/pixee && brew install pixee) or binary download — not pip. - Documents the real subcommands: pixee auth, pixee repo, pixee scan, pixee workflow, pixee api. - Covers credential resolution (PIXEE_TOKEN/PIXEE_SERVER), exit codes (0/1/2/3), output formats (text/json), HAL link traversal. - Mentions the bundled skills.sh skills for Claude Code / Codex. - /getting-started/ci-cd correspondingly rewritten: removed every `pixee fix --sarif` and `pixee/pixee-action@v1` reference (both fictional). Replaced with the correct flow — scanners write to the SCM's code-scanning surface; Pixee ingests through the SCM integration; no separate "Pixee step" needed in pipelines. - Welcome page table dropped the "CLI: ~5 min" row (CLI is not a platform setup option) and added a one-line pointer below. ## Public-repo onboarding Added a "Public Repositories Without an Existing Scanner" section to /getting-started/github covering the legacy /running_on_public_github_repos content (enable Issues for the dashboard, pick a free-tier scanner, install Pixeebot). Retargeted the legacy redirect to /getting-started/github. ## Sidebar Autogen sidebar with per-section _category_.json files providing curated ordering and clean labels (no track badges — tried [DEV]/[LEADER]/[BOTH] labels initially, dropped after eyeballing in dev). Each section's overview page is the category landing via link.id; how-it-works and the two integrations subcategories use generated-index landings. ## Redirects (~25 rules in docusaurus.config.js) Every old URL maps to its closest new equivalent — covers /intro, /installing, /faqs, /languages, /open-pixee, /supported-scms, /using-pixeebot, /running_on_public_github_repos, the entire /code-scanning-tools/* tree, the flat /integrations/ URLs from the mid-PR restructure, the removed consolidated wrappers, and the deleted /configuration/scheduling page. Pre-existing /integrations/* aliases flipped direction to point at the new IA. ## SEO additions (config-only, no React components) - Site-wide Organization JSON-LD via headTags in docusaurus.config.js. - docusaurus-plugin-llms generates llms.txt and llms-full.txt at build. - static/robots.txt explicitly allows GPTBot, ClaudeBot, PerplexityBot, Google-Extended, Applebot-Extended, CCBot, OAI-SearchBot. - Sitemap and canonical URLs verified on the new tree (default Docusaurus behavior). Deferred to v2: AudienceBadge / SchemaOrg / FeedbackWidget React components, per-page FAQPage / HowTo JSON-LD, .md alternates for AI agents, Algolia DocSearch, HubSpot lead capture, GA4 custom events. ## Migration archive migration/ at the repo root contains migrate.py, fixup_links.py, integrations_restructure.py, ASSESSMENT.md, and README.md — historical record only. The README has a clear DO-NOT-RE-RUN warning explaining why the scripts are now destructive (manually-authored Contrast and GitLab SCA pages, slug change on the welcome doc, layout changes). ## Dedup pass A whole-page Jaccard / paragraph-level overlap audit found two redundancies that were collapsed: configuration/scheduling.md was a 90-line subset of operations-config.md (deleted, redirect added), and three near-identical paragraphs about the independent fix evaluator were duplicated between platform/remediation.md and how-it-works/ fix-safety.md (kept fix-safety as canonical, summarized in remediation). ## Verification - yarn build clean (76 docs processed, zero broken links/anchors). - yarn serve verified all page slugs return 200, all category landings render, redirects emit correct meta-refresh + canonical, JSON-LD on every page, sitemap and robots.txt present in build output. - yarn check-format clean. Co-Authored-By: Claude Opus 4.7 (1M context) --- docs/api/_category_.json | 10 + docs/api/api-overview.md | 194 +++++++++++ docs/api/changelog.md | 165 +++++++++ docs/api/codetf.md | 261 ++++++++++++++ docs/api/sarif.md | 207 +++++++++++ docs/api/webhooks.md | 320 ++++++++++++++++++ docs/code-scanning-tools/_category_.json | 8 - docs/code-scanning-tools/codeql.md | 12 - docs/code-scanning-tools/contrast.md | 10 - docs/code-scanning-tools/overview.md | 54 --- .../semgrep-issue-dashlist.png | Bin 122318 -> 0 bytes docs/code-scanning-tools/semgrep.md | 68 ---- docs/code-scanning-tools/snyk.md | 16 - docs/code-scanning-tools/sonar.md | 29 -- docs/code-scanning-tools/sonarqube.md | 24 -- docs/configuration/_category_.json | 10 + docs/configuration/ai-settings.md | 105 ++++++ docs/configuration/config-overview.md | 84 +++++ docs/configuration/operations-config.md | 249 ++++++++++++++ docs/configuration/pixee-yaml.md | 273 +++++++++++++++ docs/configuration/repositories.md | 113 +++++++ docs/configuration/users.md | 85 +++++ docs/enterprise/_category_.json | 10 + docs/enterprise/air-gap.md | 109 ++++++ docs/enterprise/byom.md | 103 ++++++ docs/enterprise/compliance.md | 109 ++++++ docs/enterprise/deployment.md | 160 +++++++++ docs/enterprise/embedded-cluster.md | 117 +++++++ docs/enterprise/enterprise-overview.md | 96 ++++++ docs/enterprise/helm.md | 115 +++++++ docs/enterprise/observability.md | 82 +++++ docs/enterprise/phased-rollout.md | 189 +++++++++++ docs/enterprise/security-architecture.md | 189 +++++++++++ docs/enterprise/troubleshooting.md | 103 ++++++ docs/faq/_category_.json | 10 + docs/faq/faq-enterprise.md | 99 ++++++ docs/faq/faq-general.md | 107 ++++++ docs/faq/faq-troubleshooting.md | 132 ++++++++ docs/faqs.md | 204 ----------- docs/getting-started/_category_.json | 10 + docs/getting-started/azure-devops.md | 84 +++++ docs/getting-started/bitbucket.md | 89 +++++ docs/getting-started/ci-cd.md | 239 +++++++++++++ docs/getting-started/cli.md | 173 ++++++++++ docs/getting-started/first-fix.md | 122 +++++++ docs/getting-started/getting-started.md | 104 ++++++ docs/getting-started/github.md | 133 ++++++++ docs/getting-started/gitlab.md | 87 +++++ docs/how-it-works/_category_.json | 9 + docs/how-it-works/context-intelligence.md | 111 ++++++ docs/how-it-works/fix-generation.md | 157 +++++++++ docs/how-it-works/fix-safety.md | 129 +++++++ docs/how-it-works/sca-pipeline.md | 116 +++++++ docs/how-it-works/scanner-integration.md | 129 +++++++ docs/how-it-works/triage-engine.md | 145 ++++++++ docs/installing.md | 48 --- docs/integrations/_category_.json | 10 + docs/integrations/integrations-overview.md | 104 ++++++ docs/integrations/sarif-universal.md | 133 ++++++++ docs/integrations/scanners/_category_.json | 9 + docs/integrations/scanners/appscan.md | 141 ++++++++ docs/integrations/scanners/checkmarx.md | 105 ++++++ docs/integrations/scanners/codeql.md | 92 +++++ docs/integrations/scanners/contrast.md | 97 ++++++ docs/integrations/scanners/defectdojo.md | 66 ++++ docs/integrations/scanners/fortify.md | 72 ++++ docs/integrations/scanners/gitlab-sast.md | 75 ++++ docs/integrations/scanners/gitlab-sca.md | 91 +++++ docs/integrations/scanners/polaris.md | 76 +++++ docs/integrations/scanners/semgrep.md | 99 ++++++ docs/integrations/scanners/snyk-code.md | 86 +++++ docs/integrations/scanners/sonarqube.md | 137 ++++++++ docs/integrations/scanners/trivy.md | 70 ++++ docs/integrations/scanners/veracode.md | 85 +++++ docs/integrations/scms/_category_.json | 9 + docs/integrations/scms/azure-devops.md | 73 ++++ docs/integrations/scms/bitbucket.md | 87 +++++ docs/integrations/scms/github.md | 158 +++++++++ docs/integrations/scms/gitlab.md | 105 ++++++ docs/intro.md | 47 --- docs/languages.md | 43 --- docs/languages/_category_.json | 10 + docs/languages/dotnet.md | 146 ++++++++ docs/languages/go.md | 139 ++++++++ docs/languages/java.md | 180 ++++++++++ docs/languages/javascript.md | 161 +++++++++ docs/languages/languages-overview.md | 134 ++++++++ docs/languages/php.md | 110 ++++++ docs/languages/python.md | 193 +++++++++++ docs/open-pixee.md | 25 -- docs/open-source/_category_.json | 10 + docs/open-source/codemodder.md | 157 +++++++++ docs/open-source/contributing.md | 146 ++++++++ docs/open-source/custom-codemods.md | 242 +++++++++++++ docs/open-source/oss-overview.md | 105 ++++++ docs/platform/_category_.json | 10 + docs/platform/architecture.md | 138 ++++++++ docs/platform/remediation.md | 99 ++++++ docs/platform/sca.md | 94 +++++ docs/platform/security.md | 160 +++++++++ docs/platform/triage.md | 107 ++++++ .../what-is-agentic-security-engineering.md | 92 +++++ docs/running_on_public_github_repos.md | 49 --- docs/supported-scms.md | 49 --- docs/using-pixeebot.md | 51 --- docusaurus.config.js | 123 ++++++- migration/ASSESSMENT.md | 284 ++++++++++++++++ migration/README.md | 31 ++ migration/fixup_links.py | 74 ++++ migration/integrations_restructure.py | 184 ++++++++++ migration/migrate.py | 191 +++++++++++ package.json | 1 + src/components/HomepageFeatures/index.js | 74 ---- .../HomepageFeatures/styles.module.css | 98 ------ src/pages/index.js | 30 -- src/pages/index.module.css | 61 ---- src/pages/markdown-page.md | 7 - static/robots.txt | 40 +++ yarn.lock | 28 ++ 119 files changed, 11006 insertions(+), 1013 deletions(-) create mode 100644 docs/api/_category_.json create mode 100644 docs/api/api-overview.md create mode 100644 docs/api/changelog.md create mode 100644 docs/api/codetf.md create mode 100644 docs/api/sarif.md create mode 100644 docs/api/webhooks.md delete mode 100644 docs/code-scanning-tools/_category_.json delete mode 100644 docs/code-scanning-tools/codeql.md delete mode 100644 docs/code-scanning-tools/contrast.md delete mode 100644 docs/code-scanning-tools/overview.md delete mode 100644 docs/code-scanning-tools/semgrep-issue-dashlist.png delete mode 100644 docs/code-scanning-tools/semgrep.md delete mode 100644 docs/code-scanning-tools/snyk.md delete mode 100644 docs/code-scanning-tools/sonar.md delete mode 100644 docs/code-scanning-tools/sonarqube.md create mode 100644 docs/configuration/_category_.json create mode 100644 docs/configuration/ai-settings.md create mode 100644 docs/configuration/config-overview.md create mode 100644 docs/configuration/operations-config.md create mode 100644 docs/configuration/pixee-yaml.md create mode 100644 docs/configuration/repositories.md create mode 100644 docs/configuration/users.md create mode 100644 docs/enterprise/_category_.json create mode 100644 docs/enterprise/air-gap.md create mode 100644 docs/enterprise/byom.md create mode 100644 docs/enterprise/compliance.md create mode 100644 docs/enterprise/deployment.md create mode 100644 docs/enterprise/embedded-cluster.md create mode 100644 docs/enterprise/enterprise-overview.md create mode 100644 docs/enterprise/helm.md create mode 100644 docs/enterprise/observability.md create mode 100644 docs/enterprise/phased-rollout.md create mode 100644 docs/enterprise/security-architecture.md create mode 100644 docs/enterprise/troubleshooting.md create mode 100644 docs/faq/_category_.json create mode 100644 docs/faq/faq-enterprise.md create mode 100644 docs/faq/faq-general.md create mode 100644 docs/faq/faq-troubleshooting.md delete mode 100644 docs/faqs.md create mode 100644 docs/getting-started/_category_.json create mode 100644 docs/getting-started/azure-devops.md create mode 100644 docs/getting-started/bitbucket.md create mode 100644 docs/getting-started/ci-cd.md create mode 100644 docs/getting-started/cli.md create mode 100644 docs/getting-started/first-fix.md create mode 100644 docs/getting-started/getting-started.md create mode 100644 docs/getting-started/github.md create mode 100644 docs/getting-started/gitlab.md create mode 100644 docs/how-it-works/_category_.json create mode 100644 docs/how-it-works/context-intelligence.md create mode 100644 docs/how-it-works/fix-generation.md create mode 100644 docs/how-it-works/fix-safety.md create mode 100644 docs/how-it-works/sca-pipeline.md create mode 100644 docs/how-it-works/scanner-integration.md create mode 100644 docs/how-it-works/triage-engine.md delete mode 100644 docs/installing.md create mode 100644 docs/integrations/_category_.json create mode 100644 docs/integrations/integrations-overview.md create mode 100644 docs/integrations/sarif-universal.md create mode 100644 docs/integrations/scanners/_category_.json create mode 100644 docs/integrations/scanners/appscan.md create mode 100644 docs/integrations/scanners/checkmarx.md create mode 100644 docs/integrations/scanners/codeql.md create mode 100644 docs/integrations/scanners/contrast.md create mode 100644 docs/integrations/scanners/defectdojo.md create mode 100644 docs/integrations/scanners/fortify.md create mode 100644 docs/integrations/scanners/gitlab-sast.md create mode 100644 docs/integrations/scanners/gitlab-sca.md create mode 100644 docs/integrations/scanners/polaris.md create mode 100644 docs/integrations/scanners/semgrep.md create mode 100644 docs/integrations/scanners/snyk-code.md create mode 100644 docs/integrations/scanners/sonarqube.md create mode 100644 docs/integrations/scanners/trivy.md create mode 100644 docs/integrations/scanners/veracode.md create mode 100644 docs/integrations/scms/_category_.json create mode 100644 docs/integrations/scms/azure-devops.md create mode 100644 docs/integrations/scms/bitbucket.md create mode 100644 docs/integrations/scms/github.md create mode 100644 docs/integrations/scms/gitlab.md delete mode 100644 docs/intro.md delete mode 100644 docs/languages.md create mode 100644 docs/languages/_category_.json create mode 100644 docs/languages/dotnet.md create mode 100644 docs/languages/go.md create mode 100644 docs/languages/java.md create mode 100644 docs/languages/javascript.md create mode 100644 docs/languages/languages-overview.md create mode 100644 docs/languages/php.md create mode 100644 docs/languages/python.md delete mode 100644 docs/open-pixee.md create mode 100644 docs/open-source/_category_.json create mode 100644 docs/open-source/codemodder.md create mode 100644 docs/open-source/contributing.md create mode 100644 docs/open-source/custom-codemods.md create mode 100644 docs/open-source/oss-overview.md create mode 100644 docs/platform/_category_.json create mode 100644 docs/platform/architecture.md create mode 100644 docs/platform/remediation.md create mode 100644 docs/platform/sca.md create mode 100644 docs/platform/security.md create mode 100644 docs/platform/triage.md create mode 100644 docs/platform/what-is-agentic-security-engineering.md delete mode 100644 docs/running_on_public_github_repos.md delete mode 100644 docs/supported-scms.md delete mode 100644 docs/using-pixeebot.md create mode 100644 migration/ASSESSMENT.md create mode 100644 migration/README.md create mode 100644 migration/fixup_links.py create mode 100644 migration/integrations_restructure.py create mode 100644 migration/migrate.py delete mode 100644 src/components/HomepageFeatures/index.js delete mode 100644 src/components/HomepageFeatures/styles.module.css delete mode 100644 src/pages/index.js delete mode 100644 src/pages/index.module.css delete mode 100644 src/pages/markdown-page.md create mode 100644 static/robots.txt diff --git a/docs/api/_category_.json b/docs/api/_category_.json new file mode 100644 index 00000000..f376ffa3 --- /dev/null +++ b/docs/api/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "API & Reference", + "position": 8, + "collapsible": true, + "collapsed": false, + "link": { + "type": "doc", + "id": "api/api-overview" + } +} diff --git a/docs/api/api-overview.md b/docs/api/api-overview.md new file mode 100644 index 00000000..e1934aca --- /dev/null +++ b/docs/api/api-overview.md @@ -0,0 +1,194 @@ +--- +title: API Overview +slug: /api/overview +track: dev +content_type: reference +seo_title: API Overview -- Pixee Docs +description: "Pixee REST API reference: authentication, endpoints, rate limits, and CodeTF/SARIF output formats." +sidebar_position: 1 +--- + +# API Overview + +Pixee provides a REST API for programmatic access to vulnerability triage and remediation workflows. The API enables querying fix status, managing repository configurations, consuming webhook events for CI/CD integration, and working with CodeTF and SARIF output formats. Authentication uses organization-scoped API tokens. This page covers available endpoints, authentication, rate limits, and links to detailed specifications. + +## API architecture + +The Pixee API follows standard REST conventions: + +- **Protocol:** HTTPS only. All requests must use TLS. +- **Format:** JSON request and response bodies. Responses include standard HTTP status codes. +- **Base URL:** `https://app.pixee.ai/api/v1` +- **Versioning:** Path-based (`/v1/`). Breaking changes ship under a new version prefix. + +## Authentication + +Pixee uses bearer tokens for API authentication. Tokens are scoped to your organization and generated from the Pixee dashboard. + +**Generate a token:** + +1. Navigate to **Settings > API Tokens** in the Pixee dashboard. +2. Click **Create Token**. +3. Name the token and select the scope (organization-wide or repository-specific). +4. Copy the token immediately. It is displayed only once. + +**Include the token in every request:** + +```bash +curl -H "Authorization: Bearer YOUR_API_TOKEN" \ + https://app.pixee.ai/api/v1/repositories +``` + +```python +import requests + +headers = {"Authorization": "Bearer YOUR_API_TOKEN"} +response = requests.get( + "https://app.pixee.ai/api/v1/repositories", + headers=headers +) +repositories = response.json() +``` + +**Token best practices:** + +- Rotate tokens every 90 days. +- Use repository-scoped tokens for CI/CD pipelines that operate on a single repository. +- Store tokens in your secrets manager (Vault, AWS Secrets Manager, GitHub Actions secrets). Never commit tokens to source control. + +## Rate limits + +| Tier | Requests per minute | Burst | +| ---------- | ------------------- | ----- | +| Standard | 60 | 10 | +| Enterprise | 300 | 50 | + +Rate-limited responses return `429 Too Many Requests` with a `Retry-After` header indicating seconds until the next available request window. + +## Available endpoints + +| Category | Method | Endpoint | Description | +| ------------ | -------- | ----------------------------- | ------------------------------------------------ | +| Repositories | `GET` | `/repositories` | List repositories connected to your organization | +| Repositories | `GET` | `/repositories/{id}` | Get repository configuration and status | +| Repositories | `PATCH` | `/repositories/{id}` | Update repository settings | +| Fixes | `GET` | `/repositories/{id}/fixes` | List fix results for a repository | +| Fixes | `GET` | `/fixes/{id}` | Get fix details including CodeTF output | +| Scans | `GET` | `/repositories/{id}/scans` | List scan history | +| Scans | `POST` | `/repositories/{id}/scans` | Trigger a new scan | +| Triage | `GET` | `/repositories/{id}/findings` | List triaged findings | +| Triage | `GET` | `/findings/{id}` | Get finding details and triage classification | +| Webhooks | `POST` | `/webhooks` | Register a webhook endpoint | +| Webhooks | `GET` | `/webhooks` | List registered webhooks | +| Webhooks | `DELETE` | `/webhooks/{id}` | Remove a webhook | + +For webhook event types and payload schemas, see [Webhooks](/api/webhooks). + +## Error handling + +All error responses use a consistent JSON structure: + +```json +{ + "error": { + "code": "not_found", + "message": "Repository with ID 'abc123' not found.", + "request_id": "req_7f8a9b2c" + } +} +``` + +| Status code | Meaning | +| ----------- | --------------------------------------------------------------------------------------------------- | +| `400` | Bad request. Check request body and parameters. | +| `401` | Invalid or missing API token. | +| `403` | Token does not have permission for this resource. | +| `404` | Resource not found. | +| `429` | Rate limit exceeded. Retry after the interval in the `Retry-After` header. | +| `500` | Internal server error. Retry with exponential backoff. Include the `request_id` in support tickets. | + +## Quick start + +List your repositories and retrieve recent fix results in two calls: + +```bash +# 1. List repositories +curl -s -H "Authorization: Bearer $PIXEE_TOKEN" \ + https://app.pixee.ai/api/v1/repositories | jq '.data[].name' + +# 2. Get fixes for a repository +curl -s -H "Authorization: Bearer $PIXEE_TOKEN" \ + https://app.pixee.ai/api/v1/repositories/REPO_ID/fixes | jq '.data[:3]' +``` + +```python +import requests + +TOKEN = "YOUR_API_TOKEN" +BASE = "https://app.pixee.ai/api/v1" +headers = {"Authorization": f"Bearer {TOKEN}"} + +# List repositories +repos = requests.get(f"{BASE}/repositories", headers=headers).json() +repo_id = repos["data"][0]["id"] + +# Get recent fixes +fixes = requests.get( + f"{BASE}/repositories/{repo_id}/fixes", + headers=headers, + params={"limit": 5} +).json() + +for fix in fixes["data"]: + print(f"{fix['codemod']} - {fix['status']} - {fix['pr_url']}") +``` + +## Output formats + +The API returns fix results in two structured formats: + +- **CodeTF** -- Pixee's open specification for describing code transformations. Fix detail endpoints return CodeTF documents that capture what changed, why, and how the change was validated. See the [CodeTF Specification](/api/codetf). +- **SARIF** -- The OASIS standard for static analysis results. Pixee consumes SARIF as input from 12 native scanner integrations and any SARIF-producing tool. See the [SARIF Reference](/api/sarif). + +## SDKs and OpenAPI specification + +An OpenAPI 3.0 specification is available for generating client libraries in any language: + +```bash +curl -o pixee-openapi.json \ + https://app.pixee.ai/api/v1/openapi.json +``` + +Use the specification with standard code generators: + +```bash +# Python client +openapi-python-client generate --path pixee-openapi.json + +# TypeScript client +npx @openapitools/openapi-generator-cli generate \ + -i pixee-openapi.json -g typescript-fetch +``` + +## Related pages + +- [CodeTF Specification](/api/codetf) -- Pixee's open format for code transformations +- [SARIF Reference](/api/sarif) -- How Pixee consumes SARIF from scanners +- [Webhooks](/api/webhooks) -- Event-driven integration for CI/CD and automation +- [Changelog](/api/changelog) -- API version history and release notes +- [CI/CD Integration](/getting-started/ci-cd) -- Common API consumer patterns +- [Configuration Overview](/configuration/overview) -- Repository management + +## FAQ + +### Does Pixee have a REST API? + +Yes. Pixee provides a REST API for programmatic access to triage and remediation workflows, fix status, repository management, and webhook configuration. Authenticate with an organization-scoped API token and use standard HTTPS requests. + +### How do I authenticate with the Pixee API? + +Generate an API token in your Pixee dashboard under **Settings > API Tokens**. Pass it as a bearer token in the `Authorization` header: `Authorization: Bearer YOUR_API_TOKEN`. + +### What output formats does the Pixee API support? + +The API supports CodeTF (Pixee's open code transformation format) for describing fixes and SARIF (the OASIS standard) for ingesting security findings. Fix detail endpoints return CodeTF documents; scan ingestion accepts SARIF input. diff --git a/docs/api/changelog.md b/docs/api/changelog.md new file mode 100644 index 00000000..df0a3548 --- /dev/null +++ b/docs/api/changelog.md @@ -0,0 +1,165 @@ +--- +title: Changelog +slug: /api/changelog +track: dev +content_type: reference +seo_title: Changelog -- Pixee Docs +description: "Pixee platform changelog: new features, improvements, bug fixes, and API changes." +sidebar_position: 5 +--- + +# Changelog + +This changelog tracks all notable changes to the Pixee platform, including new language support, scanner integrations, API updates, and bug fixes. Entries follow [Keep a Changelog](https://keepachangelog.com/) conventions and semantic versioning. For enterprise deployment-specific changes, see [Enterprise Troubleshooting](/enterprise/troubleshooting). + +## Entry format + +Each release follows this template: + +``` +## [Version] - YYYY-MM-DD + +### Added +- New features and capabilities + +### Changed +- Changes to existing functionality + +### Fixed +- Bug fixes + +### Deprecated +- Features marked for future removal + +### Removed +- Features removed in this release + +### Security +- Security-related changes and patches +``` + +Categories are omitted when a release has no entries of that type. + +--- + +## [5.4.22] - 2026-04-14 + +### Added + +- **OpenAI Responses API support.** New API type toggle for OpenAI providers supporting the `/v1/responses` endpoint in addition to the existing `/v1/chat/completions` endpoint. Configure via the LLM provider settings in the admin console. +- **TLS-intercepting proxy CA certificate injection.** Enterprise deployments behind TLS-intercepting proxies can now inject custom CA certificates into the analysis service HTTP clients. Resolves connectivity failures in environments with mandatory traffic inspection. See [Enterprise Deployment](/enterprise/deployment). + +### Changed + +- SCA model preflight validation now aligns across all LLM provider families (OpenAI, Azure AI Foundry, Anthropic, Azure Anthropic), catching model misconfiguration at install time. + +### Fixed + +- CA certificate handling for analysis-service outbound connections in proxy-heavy environments (follow-up to v5.4.22 initial support). + +--- + +## [5.4.15] - 2026-04-01 + +### Added + +- **Datadog SAST integration.** Native scanner handler for Datadog SAST findings. Pixee now ingests SARIF from Datadog alongside the existing 11 native scanner integrations. See [Integrations Overview](/integrations/overview). +- **Activity feed with SSE streaming.** Triage outcomes and remediation activity are now streamed in real time via Server-Sent Events to the Pixee dashboard. Includes drawer auto-transition and outcome banners. + +### Changed + +- Activity persistence is now backfilled for findings analyzed before the activity feed was added. Historical triage decisions appear in the feed retroactively. + +--- + +## [5.4.11] - 2026-03-24 + +### Added + +- **Decision-tree triage analyzer.** New triage strategy option (`decision-tree`) for deterministic, rules-based triage routing. Complements existing ReACT and agent-based strategies. +- **Arnica SAST integration.** Native scanner handler for Arnica SAST findings. See [Integrations Overview](/integrations/overview). +- **Anthropic-optimized triage prompts.** Provider-family-aware prompting for Anthropic LLM providers. Triage prompts are now optimized per provider family rather than using a lowest-common-denominator approach. +- **Authentik IdP federation and RP-Initiated Logout.** Embedded Authentik OIDC provider now federates to upstream corporate identity providers (Google Workspace, Microsoft Entra ID, Okta) with auto-redirect and direct login. RP-Initiated Logout enables clean session termination. +- **Bring-your-own database secret support.** CloudNativePG now supports `existingSecret` for external secret managers (Vault, External Secrets Operator, SOPS). See [Enterprise Deployment](/enterprise/deployment). +- **Bitbucket API token migration.** Bitbucket authentication migrated from deprecated app passwords to API tokens. Supports Bitbucket Cloud and Server. +- **SCA smart fix strategies.** Improved dependency upgrade logic with breakage prediction for software composition analysis remediations. + +### Changed + +- Embedded cluster bumped to Replicated v2.13.3+ with Kubernetes 1.32 and upgrade-path fixes. +- Observability stack upgraded: VictoriaMetrics v1.138.0, Victoria-logs v1.48.0, Victoria-logs agent v1.48.0, Victoria-traces v0.8.0. +- Analysis-service now emits trace telemetry for distributed tracing through the observability stack. + +--- + +## [5.6.0] - 2026-03-10 (Helm chart) + +### Added + +- **Helm chart v5.6.0** for BYO Kubernetes deployments (EKS, GKE, AKS, self-managed). Conditional subcharts for object storage, database, observability, and authentication. See [Enterprise Deployment](/enterprise/deployment). + +### Changed + +- Storage class matrix documented for EKS (`gp2`/`gp3`), GKE (`standard-rwo`), AKS (`managed-csi`), and K3s/local default. +- Pod-identity support (IRSA, workload identity) for object store credentials alongside static key configuration. + +--- + +## [5.4.0] - 2026-02-15 + +### Added + +- **Hierarchical LLM routing.** Seven named LLM tiers (default, reasoning, fast, web-search, SCA, deep-research, codegen) with per-tier model and endpoint configuration. Enables cost/quality/latency tuning per workflow stage. +- **Global concurrency control.** Process-wide semaphore for LLM calls prevents rate-limit (429) errors across all tiers and providers. +- **Backpressure management.** Proactive cancellation of analyses that cannot complete within platform timeout limits. + +### Changed + +- LLM provider configuration now supports custom endpoint URLs and custom header name/value pairs for authenticated enterprise gateways. + +--- + +## Enterprise server versioning + +Pixee Enterprise Server releases are versioned independently of the Pixee cloud platform. The Helm chart version (e.g., v5.6.0) and embedded cluster version share the same release notes. + +| Deployment Model | Version Source | Update Method | +| --------------------- | ------------------ | ------------------------------------- | +| Cloud (SaaS) | Automatic | Managed by Pixee | +| Embedded Cluster | KOTS admin console | One-click update via admin console | +| Helm / BYO Kubernetes | Helm chart version | `helm upgrade` with new chart version | +| Air-gapped | Offline bundle | Download bundle, apply via KOTS | + +For upgrade procedures and troubleshooting, see [Enterprise Deployment](/enterprise/deployment) and [Enterprise Troubleshooting](/enterprise/troubleshooting). + +## API versioning + +API versions are independent of platform versions. The current API version is `v1`. Breaking API changes will ship under a new version prefix (`v2`) with a documented migration period. + +Non-breaking additions (new fields in response bodies, new event types, new endpoints) are added to the current API version without a version bump. + +## Subscribe to updates + +- **Dashboard notifications:** Enable release notifications in **Settings > Notifications**. +- **GitHub releases:** Watch the [Pixee Enterprise Server releases](https://github.com/pixee/pixee-enterprise-server) for new version announcements. + +## Related pages + +- [API Overview](/api/overview) -- Endpoint reference and authentication +- [Enterprise Deployment](/enterprise/deployment) -- Upgrade procedures +- [Enterprise Troubleshooting](/enterprise/troubleshooting) -- Version-specific issues +- [Integrations Overview](/integrations/overview) -- Scanner integration details + +## FAQ + +### How often does Pixee release updates? + +Pixee has shipped approximately 25 releases in the past 6 months across the enterprise server Helm chart, with regular updates to the cloud platform. Release cadence varies based on feature scope and customer needs. + +### How do I know which version I am running? + +For embedded cluster deployments, check the version in the KOTS admin console. For Helm deployments, run `helm list -n pixee` to see the deployed chart version. Cloud (SaaS) users are always on the latest version. + +### Do I need to update my API integration when Pixee releases a new version? + +Non-breaking additions (new response fields, new event types, new endpoints) do not require changes to existing integrations. Breaking changes ship under a new API version prefix with a documented migration period. Pin your integration to the current API version (`v1`) for stability. diff --git a/docs/api/codetf.md b/docs/api/codetf.md new file mode 100644 index 00000000..55f20d1d --- /dev/null +++ b/docs/api/codetf.md @@ -0,0 +1,261 @@ +--- +title: CodeTF Specification +slug: /api/codetf +track: dev +content_type: reference +seo_title: CodeTF Specification -- Pixee Docs +description: "CodeTF (Code Transformation Format) open specification: schema definition, field reference, and integration examples." +sidebar_position: 2 +--- + +# CodeTF Specification + +CodeTF (Code Transformation Format) is an open specification created by Pixee for describing automated code changes in a structured, machine-readable format. CodeTF captures what changed, why it changed, and how the change was validated -- enabling audit trails, downstream automation, and integration with CI/CD pipelines. This page provides the complete schema definition, field reference, and integration examples. + +## What is CodeTF? + +Existing standards describe security findings (SARIF), dependencies (SBOM), and vulnerabilities (CVE/CWE). No standard existed for describing _what an automated fix actually did to your code_. CodeTF fills that gap. + +CodeTF is the output format. SARIF is the input format. A scanner produces a SARIF file describing the problem. Pixee consumes that SARIF, generates a fix, and produces a CodeTF document describing the solution. + +CodeTF is an open specification. Any tool can produce or consume CodeTF documents. The schema is publicly available on [GitHub](https://github.com/pixee/codemodder-specs). + +## CodeTF vs SARIF + +| Dimension | SARIF | CodeTF | +| ------------- | ----------------------------------- | ------------------------------------- | +| Purpose | Describes findings (problems) | Describes fixes (changes) | +| Direction | Scanner output | Remediation output | +| Content | Vulnerability location and metadata | Code diffs, rationale, and validation | +| Standard body | OASIS | Open specification by Pixee | +| Use case | Input to Pixee | Output from Pixee | +| Data model | Runs, results, locations | Run metadata, results, changesets | + +## Schema overview + +A CodeTF document has three layers: run metadata, an array of results (one per codemod applied), and changesets within each result (one per file modified). + +``` +CodeTF Document +|-- version (string) Schema version +|-- run (object) Execution metadata +| |-- vendor (string) Tool vendor +| |-- tool (string) Specific engine (e.g., "codemodder-python") +| |-- elapsed (string) Processing time +| +-- commandLine (string) Invocation command ++-- results[] (array) Transformation results + |-- codemod (string) Codemod identifier + |-- summary (string) Human-readable fix description + |-- description (string) Detailed explanation + |-- references[] (array) External references (CWE, OWASP) + |-- properties (object) Custom key-value metadata + |-- changeset[] (array) File-level changes + | |-- path (string) File path relative to repo root + | |-- diff (string) Unified diff + | |-- changes[](array) Line-level change descriptions + | | |-- lineNumber (int) Line number in modified file + | | |-- description (string) What changed at this line + | | +-- properties (object) Per-change metadata + | +-- ai (boolean) Whether AI was used for this change + |-- detectionTool (string) Scanner that found the issue + +-- fixedFindings[] (array) SARIF finding references resolved +``` + +## Field reference + +### Top-level fields + +| Field | Type | Required | Description | +| --------- | ------ | -------- | ------------------------------------------------------------------------- | +| `version` | string | Yes | Schema version. Current: `"3.0.0"` | +| `run` | object | Yes | Execution context for the transformation run | +| `results` | array | Yes | Array of transformation results. May be empty if no fixes were generated. | + +### Run object + +| Field | Type | Required | Description | +| ----------------- | ------ | -------- | --------------------------------------------------- | +| `run.vendor` | string | Yes | Vendor name (e.g., `"pixee"`) | +| `run.tool` | string | Yes | Engine identifier (e.g., `"codemodder-python"`) | +| `run.elapsed` | string | No | ISO 8601 duration or human-readable processing time | +| `run.commandLine` | string | No | Command used to invoke the transformation | + +### Result object + +| Field | Type | Required | Description | +| --------------- | ------ | -------- | ------------------------------------------------------------------------------------- | +| `codemod` | string | Yes | Unique codemod identifier (e.g., `"pixee:python/secure-random"`) | +| `summary` | string | Yes | One-line human-readable fix description | +| `description` | string | Yes | Detailed explanation of what the fix does and why | +| `references` | array | No | External references: `{"url": "https://cwe.mitre.org/...", "description": "CWE-330"}` | +| `properties` | object | No | Arbitrary key-value metadata for custom integrations | +| `changeset` | array | Yes | Array of file-level changes (at least one entry per result) | +| `detectionTool` | string | No | Scanner that detected the original finding | +| `fixedFindings` | array | No | Array of SARIF finding references this fix resolves | + +### Changeset object + +| Field | Type | Required | Description | +| --------- | ------- | -------- | -------------------------------------------------------------------------------- | +| `path` | string | Yes | File path relative to repository root | +| `diff` | string | Yes | Unified diff of the change | +| `changes` | array | No | Line-level descriptions of individual changes | +| `ai` | boolean | No | `true` if AI generated this change; `false` or absent for deterministic codemods | + +### Change object + +| Field | Type | Required | Description | +| ------------- | ------- | -------- | -------------------------------- | +| `lineNumber` | integer | Yes | Line number in the modified file | +| `description` | string | Yes | What changed at this line | +| `properties` | object | No | Additional per-change metadata | + +## Complete example + +This example shows a CodeTF document for a Python fix that replaces `random.random()` with `secrets.token_hex()` to address CWE-330 (Use of Insufficiently Random Values): + +```json +{ + "version": "3.0.0", + "run": { + "vendor": "pixee", + "tool": "codemodder-python", + "elapsed": "2.4s", + "commandLine": "codemodder-python /repo --codemod=pixee:python/secure-random" + }, + "results": [ + { + "codemod": "pixee:python/secure-random", + "summary": "Replaced insecure random with cryptographically secure alternative", + "description": "The random module produces predictable pseudo-random values unsuitable for security contexts. This fix replaces random.random() with secrets.token_hex() for generating session tokens.", + "references": [ + { + "url": "https://cwe.mitre.org/data/definitions/330.html", + "description": "CWE-330: Use of Insufficiently Random Values" + }, + { + "url": "https://owasp.org/www-community/vulnerabilities/Insecure_Randomness", + "description": "OWASP: Insecure Randomness" + } + ], + "properties": {}, + "changeset": [ + { + "path": "src/auth/token_generator.py", + "diff": "--- a/src/auth/token_generator.py\n+++ b/src/auth/token_generator.py\n@@ -1,5 +1,5 @@\n-import random\n+import secrets\n \n def generate_session_token():\n- return str(random.random())\n+ return secrets.token_hex(32)", + "changes": [ + { + "lineNumber": 1, + "description": "Replaced 'import random' with 'import secrets'" + }, + { + "lineNumber": 4, + "description": "Replaced random.random() with secrets.token_hex(32) for cryptographic randomness" + } + ], + "ai": false + } + ], + "detectionTool": "codeql", + "fixedFindings": [ + { + "id": "py/insecure-randomness", + "rule": "py/insecure-randomness" + } + ] + } + ] +} +``` + +## Consuming CodeTF in CI/CD + +Parse CodeTF output to build compliance reports, track remediation progress, or gate deployments. + +**Python: Extract fix summaries from a CodeTF document** + +```python +import json +from pathlib import Path + +codetf = json.loads(Path("codetf-output.json").read_text()) + +for result in codetf["results"]: + files_changed = len(result["changeset"]) + ai_used = any(c.get("ai", False) for c in result["changeset"]) + + print(f"Codemod: {result['codemod']}") + print(f" Summary: {result['summary']}") + print(f" Files changed: {files_changed}") + print(f" AI-generated: {ai_used}") + print(f" Detection tool: {result.get('detectionTool', 'N/A')}") + print() +``` + +**Generate a compliance audit row per fix:** + +```python +import csv +import json + +codetf = json.loads(Path("codetf-output.json").read_text()) + +with open("audit-trail.csv", "w", newline="") as f: + writer = csv.writer(f) + writer.writerow(["codemod", "summary", "files", "ai_used", "references"]) + + for result in codetf["results"]: + refs = "; ".join(r["description"] for r in result.get("references", [])) + ai = any(c.get("ai", False) for c in result["changeset"]) + writer.writerow([ + result["codemod"], + result["summary"], + len(result["changeset"]), + ai, + refs + ]) +``` + +## Versioning + +CodeTF uses semantic versioning. The current schema version is `3.0.0`. + +| Version | Status | Notes | +| ------- | --------- | ------------------------------------------------------------- | +| 3.0.0 | Current | Pydantic-modeled schema, fix-quality ratings, package actions | +| 2.0.0 | Supported | Previous schema version | + +Breaking changes between major versions are documented in the [Changelog](/api/changelog). CodeTF documents always include a `version` field so consumers can branch on schema version at parse time. + +## Open specification + +CodeTF is open source and not proprietary to Pixee. The specification, Pydantic models, and tooling are available on GitHub: + +- **Specification:** [github.com/pixee/codemodder-specs](https://github.com/pixee/codemodder-specs) +- **Python models:** [github.com/pixee/codemodder-python](https://github.com/pixee/codemodder-python) +- **Java models:** [github.com/pixee/codemodder-java](https://github.com/pixee/codemodder-java) + +Contributions and integrations from the community are welcome. + +## Related pages + +- [API Overview](/api/overview) -- Authentication and endpoint reference +- [SARIF Reference](/api/sarif) -- The complementary input format +- [How Fix Generation Works](/how-it-works/fix-generation) -- Where CodeTF is generated +- [Fix Safety and Validation](/how-it-works/fix-safety) -- CodeTF captures validation metadata +- [Webhooks](/api/webhooks) -- Event triggers that include CodeTF payloads +- [Changelog](/api/changelog) -- Schema version history + +## FAQ + +### What is CodeTF format? + +CodeTF (Code Transformation Format) is an open specification created by Pixee for describing automated code changes in a structured, machine-readable format. Each document captures the code diff, rationale, references (CWE, OWASP), and whether AI was used -- providing a complete audit trail for every automated fix. + +### How does CodeTF differ from SARIF? + +SARIF describes security findings (what is wrong). CodeTF describes security fixes (what changed and why). They are complementary: SARIF is the input to Pixee; CodeTF is the output. A typical pipeline flows from scanner to SARIF to Pixee to CodeTF to pull request. + +### Is CodeTF proprietary to Pixee? + +No. CodeTF is an open specification. The schema, Pydantic models, and reference implementations are publicly available on GitHub. Any tool can produce or consume CodeTF documents. diff --git a/docs/api/sarif.md b/docs/api/sarif.md new file mode 100644 index 00000000..d2ef2152 --- /dev/null +++ b/docs/api/sarif.md @@ -0,0 +1,207 @@ +--- +title: SARIF Reference +slug: /api/sarif +track: dev +content_type: reference +seo_title: SARIF Reference -- Pixee Docs +description: How Pixee consumes SARIF from scanners. Field mapping, required fields, validation, and integration examples. +sidebar_position: 3 +--- + +# SARIF Reference + +SARIF (Static Analysis Results Interchange Format) is the OASIS standard that Pixee uses to ingest security findings from 12 native scanner integrations and any SARIF-producing tool. Pixee reads SARIF files to understand what vulnerabilities were found, where they are located, and what dataflow information is available -- then routes each finding to the appropriate triage and remediation engine. This page documents how Pixee consumes SARIF. + +## What is SARIF? + +SARIF is an [OASIS open standard](https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html) for representing static analysis tool output. It provides a common JSON format for any scanner to express findings, locations, code flows, and rule metadata. + +Pixee supports **SARIF version 2.1.0**, the current stable release of the standard. + +SARIF matters to Pixee's architecture because it enables scanner-agnostic remediation. Rather than building custom parsers for every scanner output format, Pixee normalizes all findings through SARIF. Any tool that produces valid SARIF can feed findings into Pixee for triage and remediation. + +## How Pixee uses SARIF + +``` +Scanner --> SARIF file --> Pixee ingestion --> Triage --> Fix --> CodeTF --> PR +``` + +1. **Ingestion.** SARIF files arrive via webhook from native scanner integrations, via the Universal SARIF integration, or via API upload. +2. **Normalization.** Scanner-specific handlers extract maximum metadata from each tool's SARIF output. When a native handler does not exist, the Universal SARIF handler processes any valid SARIF document. +3. **Triage routing.** Normalized findings enter the three-tier triage engine. Findings with richer SARIF data (code flows, related locations) receive higher-quality triage and remediation. +4. **Output.** Remediation results are expressed as [CodeTF](/api/codetf) documents -- the complement to SARIF input. + +## Required and optional SARIF fields + +Pixee reads specific SARIF fields to route findings and generate fixes. Richer SARIF input produces better results. + +### Required fields + +These fields must be present for Pixee to process a finding: + +| SARIF Field | Type | Pixee Usage | +| -------------------------------------------------------------------- | ------- | ------------------------------------------------------- | +| `runs[].tool.driver.name` | string | Scanner identification and handler routing | +| `runs[].results[].ruleId` | string | Rule matching for fix routing and knowledge base lookup | +| `runs[].results[].message.text` | string | Finding description for triage context | +| `runs[].results[].locations[].physicalLocation.artifactLocation.uri` | string | File path of the vulnerability | +| `runs[].results[].locations[].physicalLocation.region.startLine` | integer | Line number of the vulnerability | + +### Recommended fields + +These fields are not required, but significantly improve triage accuracy and fix quality: + +| SARIF Field | Type | Pixee Usage | +| -------------------------------------------- | ------ | --------------------------------------------------------------------- | +| `runs[].results[].codeFlows[]` | array | Dataflow and taint propagation paths. Enables cross-file fix context. | +| `runs[].results[].codeFlows[].threadFlows[]` | array | Step-by-step execution paths through the vulnerability | +| `runs[].results[].relatedLocations[]` | array | Additional code context (sink locations, intermediate variables) | +| `runs[].results[].level` | string | Severity classification (`error`, `warning`, `note`) | +| `runs[].tool.driver.rules[]` | array | Rule metadata including descriptions and help text | +| `runs[].tool.extensions[]` | array | Extension packs with additional rule documentation | + +### Optional fields + +| SARIF Field | Type | Pixee Usage | +| -------------------------------------- | ------ | ------------------------------------------------------- | +| `runs[].results[].fingerprints` | object | Finding deduplication across scans | +| `runs[].results[].partialFingerprints` | object | Fuzzy matching for findings that shift between scans | +| `runs[].results[].suppressions[]` | array | Previously suppressed findings (Pixee respects these) | +| `runs[].results[].properties` | object | Custom scanner metadata passed through to CodeTF output | + +## Dataflow quality and fix quality + +The richness of SARIF `codeFlows` data directly affects fix quality. Pixee classifies dataflow quality into four tiers: + +| Tier | SARIF Signal | Fix Impact | +| ---------------------- | ------------------------------------------------------ | ---------------------------------------------------------------------------------------- | +| **STRONG_MULTI_FILE** | `codeFlows` with `threadFlows` spanning multiple files | Highest fix quality. Cross-file context enables precise remediation. | +| **STRONG_SINGLE_FILE** | `codeFlows` with `threadFlows` within a single file | High fix quality. Full taint path available for context-aware fixes. | +| **WEAK** | Partial or low-confidence `codeFlows` | Moderate fix quality. Pixee uses heuristics to supplement incomplete paths. | +| **SINGLE_LOCATION** | Only `locations[]`, no `codeFlows` | Baseline fix quality. Pixee relies on rule knowledge base and surrounding code analysis. | + +**Recommendation:** Configure your scanner to export `codeFlows` and `threadFlows` when available. CodeQL and Semgrep produce rich dataflow by default. Some scanners require explicit configuration to include flow data in SARIF output. + +## SARIF validation + +Pixee validates incoming SARIF documents against the 2.1.0 schema before processing. + +**Common validation failures:** + +| Issue | Cause | Fix | +| ----------------------------------- | ---------------------------------------------- | --------------------------------------------------------------------------------------- | +| Missing `runs` array | Malformed SARIF document | Ensure the top-level object contains a `runs` array with at least one run | +| Empty `results` | Scanner found no findings | Expected behavior -- Pixee logs the scan but generates no fixes | +| Missing `locations` on a result | Scanner omitted location data | Configure scanner to include file and line information | +| Invalid `uri` in `artifactLocation` | Path uses backslashes or absolute system paths | Use forward slashes and repository-relative paths | +| Missing `ruleId` | Scanner omitted the rule identifier | Ensure scanner output includes rule IDs. Pixee cannot route findings without a rule ID. | + +Validate your SARIF files before upload using the [SARIF Multitool](https://github.com/microsoft/sarif-sdk): + +```bash +sarif validate my-results.sarif +``` + +## Integration examples + +### Upload SARIF via API + +```bash +curl -X POST \ + -H "Authorization: Bearer $PIXEE_TOKEN" \ + -H "Content-Type: application/json" \ + -d @scanner-results.sarif \ + https://app.pixee.ai/api/v1/repositories/REPO_ID/sarif +``` + +### Python: Upload and poll for results + +```python +import requests +import time + +TOKEN = "YOUR_API_TOKEN" +BASE = "https://app.pixee.ai/api/v1" +REPO_ID = "your-repo-id" +headers = {"Authorization": f"Bearer {TOKEN}"} + +# Upload SARIF +with open("scanner-results.sarif", "r") as f: + sarif_data = f.read() + +upload = requests.post( + f"{BASE}/repositories/{REPO_ID}/sarif", + headers={**headers, "Content-Type": "application/json"}, + data=sarif_data +) +scan_id = upload.json()["scan_id"] + +# Poll for completion +while True: + status = requests.get( + f"{BASE}/repositories/{REPO_ID}/scans/{scan_id}", + headers=headers + ).json() + + if status["state"] in ("completed", "failed"): + break + time.sleep(10) + +print(f"Scan {status['state']}: {status.get('fixes_generated', 0)} fixes generated") +``` + +### CI/CD pipeline: Scanner to Pixee to PR + +```yaml +# GitHub Actions example +- name: Run CodeQL + uses: github/codeql-action/analyze@v3 + with: + output: sarif-results + +- name: Upload to Pixee + run: | + curl -X POST \ + -H "Authorization: Bearer ${{ secrets.PIXEE_TOKEN }}" \ + -H "Content-Type: application/json" \ + -d @sarif-results/results.sarif \ + https://app.pixee.ai/api/v1/repositories/${{ vars.PIXEE_REPO_ID }}/sarif +``` + +## Scanner-specific SARIF notes + +Native scanner integrations handle SARIF automatically. These notes apply when you generate SARIF manually or use the Universal SARIF integration. + +| Scanner | SARIF Notes | +| ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **CodeQL** | Produces rich SARIF with `codeFlows`, `threadFlows`, and `tool.extensions[].rules[].help.markdown`. Pixee extracts all of these for maximum triage context. | +| **Semgrep** | Exports SARIF via `semgrep --sarif`. Rule explanations are in `fullDescription.text`. Include `--verbose` for richer output. | +| **SonarQube** | SARIF export varies by edition. Ensure `codeFlows` are included when available. | +| **Checkmarx** | Produces metadata-sparse SARIF. Pixee compensates with rule-ID-based prompting from its knowledge base. | +| **Snyk** | Use `snyk code test --sarif` for SAST results. | +| **Trivy** | Use `trivy fs --format sarif` for filesystem scanning results. | + +For full setup guides per scanner, see [Integrations Overview](/integrations/overview). + +## Related pages + +- [API Overview](/api/overview) -- Authentication and endpoint reference +- [CodeTF Specification](/api/codetf) -- The complementary output format +- [Universal SARIF Integration](/integrations/sarif-universal) -- Setup guide for SARIF ingestion +- [Integrations Overview](/integrations/overview) -- All supported scanners +- [How Scanner Integration Works](/how-it-works/scanner-integration) -- Technical depth on scanner normalization +- [Changelog](/api/changelog) -- API and format version history + +## FAQ + +### What is the SARIF format for security findings? + +SARIF (Static Analysis Results Interchange Format) is an OASIS open standard for representing static analysis tool output in a structured JSON format. It includes finding locations, rule metadata, severity levels, and dataflow information. Pixee uses SARIF as the universal input format for ingesting security findings from any scanner. + +### Does Pixee support SARIF format? + +Yes. Pixee natively consumes SARIF from 12 scanner integrations (CodeQL, Semgrep, SonarQube, Checkmarx, Veracode, Snyk, AppScan, Polaris, GitLab SAST, Trivy, Datadog SAST, Arnica SAST) and accepts SARIF uploads from any SARIF-producing tool via the Universal SARIF integration or API. + +### What SARIF fields does Pixee require? + +At minimum: `tool.driver.name`, `results[].ruleId`, `results[].message.text`, and `results[].locations[]` with file path and line number. Dataflow information (`codeFlows` and `threadFlows`) is recommended for higher-quality triage and fixes. See the field reference table above for the complete mapping. diff --git a/docs/api/webhooks.md b/docs/api/webhooks.md new file mode 100644 index 00000000..a087a4ba --- /dev/null +++ b/docs/api/webhooks.md @@ -0,0 +1,320 @@ +--- +title: Webhooks +slug: /api/webhooks +track: dev +content_type: reference +seo_title: Webhooks -- Pixee Docs +description: Configure Pixee webhooks for real-time notifications on fix generation, PR status, triage decisions, and remediation events. +sidebar_position: 4 +--- + +# Webhooks + +Pixee webhooks deliver real-time HTTP POST notifications when remediation events occur -- fix generated, PR opened, triage decision made, or fix merged. Configure webhook endpoints to integrate Pixee with your ticketing system, SIEM, Slack channels, or custom automation pipelines. This page documents available event types, payload schemas, authentication, retry behavior, and setup instructions. + +## Event types + +| Event | Trigger | Payload Includes | +| ------------------ | ------------------------------------------------- | -------------------------------------------------------------------------------------- | +| `fix.generated` | A fix passes evaluation and is ready for delivery | CodeTF snippet, finding metadata, repository, codemod ID | +| `pr.opened` | A pull request or merge request is created | PR URL, fix summary, affected files, target branch | +| `pr.merged` | A fix PR is merged by a developer | PR URL, merge metadata, fix details, merge timestamp | +| `pr.closed` | A fix PR is closed without merging | PR URL, close reason, closed-by metadata | +| `triage.completed` | A finding finishes triage classification | Finding ID, classification (TRUE_POSITIVE, FALSE_POSITIVE, WONT_FIX), evidence summary | +| `scan.completed` | A repository scan finishes processing | Repository, findings count, fixes generated, scan duration | + +Subscribe to individual event types or use `*` to receive all events. + +## Payload schema + +Every webhook payload includes a common envelope with event-specific data nested under `data`. + +### Common envelope + +```json +{ + "id": "evt_a1b2c3d4e5", + "type": "pr.merged", + "created_at": "2026-04-25T14:30:00Z", + "organization": "acme-corp", + "repository": "backend-api", + "data": {} +} +``` + +| Field | Type | Description | +| -------------- | ------ | ---------------------------- | +| `id` | string | Unique event identifier | +| `type` | string | Event type (see table above) | +| `created_at` | string | ISO 8601 timestamp | +| `organization` | string | Organization slug | +| `repository` | string | Repository name | +| `data` | object | Event-specific payload | + +### fix.generated payload + +```json +{ + "id": "evt_f1x2g3n4", + "type": "fix.generated", + "created_at": "2026-04-25T14:30:00Z", + "organization": "acme-corp", + "repository": "backend-api", + "data": { + "fix_id": "fix_9a8b7c", + "codemod": "pixee:python/secure-random", + "summary": "Replaced insecure random with cryptographically secure alternative", + "files_changed": 1, + "detection_tool": "codeql", + "ai_generated": false, + "finding_ids": ["py/insecure-randomness"] + } +} +``` + +### pr.opened payload + +```json +{ + "id": "evt_p1r2o3", + "type": "pr.opened", + "created_at": "2026-04-25T14:31:00Z", + "organization": "acme-corp", + "repository": "backend-api", + "data": { + "pr_url": "https://github.com/acme-corp/backend-api/pull/142", + "pr_number": 142, + "title": "Fix insecure randomness in token generation", + "target_branch": "main", + "files": ["src/auth/token_generator.py"], + "fix_id": "fix_9a8b7c", + "codemod": "pixee:python/secure-random" + } +} +``` + +### triage.completed payload + +```json +{ + "id": "evt_t1r2g3", + "type": "triage.completed", + "created_at": "2026-04-25T14:29:00Z", + "organization": "acme-corp", + "repository": "backend-api", + "data": { + "finding_id": "f_abc123", + "rule_id": "py/insecure-randomness", + "classification": "TRUE_POSITIVE", + "severity": "high", + "justification": "The random.random() call generates session tokens passed to authentication middleware. The value is predictable and exploitable in a network-accessible context.", + "confidence": 0.95 + } +} +``` + +## Setup and configuration + +### Register via API + +```bash +curl -X POST \ + -H "Authorization: Bearer $PIXEE_TOKEN" \ + -H "Content-Type: application/json" \ + -d '{ + "url": "https://your-app.example.com/webhooks/pixee", + "events": ["pr.merged", "triage.completed", "scan.completed"], + "secret": "your-webhook-secret" + }' \ + https://app.pixee.ai/api/v1/webhooks +``` + +### Register via dashboard + +1. Navigate to **Settings > Webhooks** in the Pixee dashboard. +2. Click **Add Webhook**. +3. Enter your endpoint URL (must be HTTPS). +4. Select the event types to subscribe to. +5. Set a webhook secret for signature verification. +6. Click **Save**. + +### Endpoint requirements + +- HTTPS only. HTTP endpoints are rejected. +- Must respond with `2xx` within 10 seconds. +- Must accept `POST` requests with `Content-Type: application/json`. + +## Webhook signature verification + +Pixee signs every webhook payload with HMAC-SHA256 using your webhook secret. Verify signatures to confirm payloads originate from Pixee and have not been tampered with. + +The signature is sent in the `X-Pixee-Signature` header as a hex digest. + +### Verification example (Python) + +```python +import hmac +import hashlib +from flask import Flask, request, abort + +app = Flask(__name__) +WEBHOOK_SECRET = b"your-webhook-secret" + +@app.route("/webhooks/pixee", methods=["POST"]) +def handle_webhook(): + signature = request.headers.get("X-Pixee-Signature") + if not signature: + abort(401) + + expected = hmac.new( + WEBHOOK_SECRET, + request.data, + hashlib.sha256 + ).hexdigest() + + if not hmac.compare_digest(signature, expected): + abort(401) + + event = request.json + print(f"Received {event['type']} for {event['repository']}") + + # Process event + return "", 200 +``` + +### Verification example (Node.js) + +```javascript +const crypto = require("crypto"); +const express = require("express"); +const app = express(); + +const WEBHOOK_SECRET = "your-webhook-secret"; + +app.post( + "/webhooks/pixee", + express.raw({ type: "application/json" }), + (req, res) => { + const signature = req.headers["x-pixee-signature"]; + const expected = crypto + .createHmac("sha256", WEBHOOK_SECRET) + .update(req.body) + .digest("hex"); + + if ( + !crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected)) + ) { + return res.status(401).send("Invalid signature"); + } + + const event = JSON.parse(req.body); + console.log(`Received ${event.type} for ${event.repository}`); + res.sendStatus(200); + }, +); +``` + +## Retry behavior + +When a webhook delivery fails, Pixee retries with exponential backoff: + +| Attempt | Delay | Cumulative Time | +| ----------- | ---------- | --------------- | +| 1 (initial) | Immediate | 0 | +| 2 | 30 seconds | 30s | +| 3 | 2 minutes | 2m 30s | +| 4 | 10 minutes | 12m 30s | +| 5 | 1 hour | 1h 12m 30s | + +A delivery is considered failed when: + +- The endpoint returns a non-`2xx` status code. +- The connection times out (10-second limit). +- DNS resolution or TLS handshake fails. + +After 5 failed attempts, the delivery is marked as failed. Review failed deliveries in **Settings > Webhooks > Delivery Log**. + +## Testing + +Send a test event to verify your endpoint is configured correctly: + +```bash +curl -X POST \ + -H "Authorization: Bearer $PIXEE_TOKEN" \ + https://app.pixee.ai/api/v1/webhooks/WEBHOOK_ID/test +``` + +The test event uses the `ping` type with a minimal payload: + +```json +{ + "id": "evt_test_ping", + "type": "ping", + "created_at": "2026-04-25T14:30:00Z", + "organization": "acme-corp", + "repository": null, + "data": { + "message": "Webhook configured successfully" + } +} +``` + +## Integration patterns + +### Slack notification on fix merged + +```python +import requests +from flask import Flask, request + +SLACK_WEBHOOK_URL = "https://hooks.slack.com/services/T00/B00/xxx" + +@app.route("/webhooks/pixee", methods=["POST"]) +def handle_webhook(): + event = request.json + + if event["type"] == "pr.merged": + requests.post(SLACK_WEBHOOK_URL, json={ + "text": f":white_check_mark: Fix merged in *{event['repository']}*\n" + f"<{event['data']['pr_url']}|{event['data']['title']}>" + }) + + return "", 200 +``` + +### Jira ticket on triage completion + +```python +if event["type"] == "triage.completed": + data = event["data"] + if data["classification"] == "TRUE_POSITIVE" and data["severity"] == "critical": + # Create Jira ticket for critical true positives + jira.create_issue( + project="SEC", + summary=f"Critical finding: {data['rule_id']} in {event['repository']}", + description=data["justification"], + priority="High" + ) +``` + +## Related pages + +- [API Overview](/api/overview) -- Authentication and endpoint reference +- [CodeTF Specification](/api/codetf) -- Payload format for fix-related events +- [SARIF Reference](/api/sarif) -- Input format that triggers scan events +- [CI/CD Integration](/getting-started/ci-cd) -- Common webhook consumer patterns +- [Changelog](/api/changelog) -- Webhook event version history + +## FAQ + +### How do I set up webhooks for Pixee? + +Register a webhook endpoint URL in your Pixee organization settings or via the API. Provide an HTTPS URL, select the event types you want to receive, and configure an HMAC secret for signature verification. Test with the ping endpoint before going live. + +### What events can Pixee webhooks notify on? + +Pixee webhooks notify on six event types: `fix.generated`, `pr.opened`, `pr.merged`, `pr.closed`, `triage.completed`, and `scan.completed`. Subscribe to individual events or use `*` for all events. + +### How do I verify Pixee webhook payloads? + +Pixee signs every payload with HMAC-SHA256 using your webhook secret. Compute the HMAC-SHA256 hex digest of the raw request body using your secret and compare it to the value in the `X-Pixee-Signature` header. Use constant-time comparison to prevent timing attacks. diff --git a/docs/code-scanning-tools/_category_.json b/docs/code-scanning-tools/_category_.json deleted file mode 100644 index 86bdec71..00000000 --- a/docs/code-scanning-tools/_category_.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "label": "Code scanner support", - "position": 4, - "link": { - "type": "doc", - "id": "code-scanning-tools/overview" - } -} diff --git a/docs/code-scanning-tools/codeql.md b/docs/code-scanning-tools/codeql.md deleted file mode 100644 index b8dcb0b1..00000000 --- a/docs/code-scanning-tools/codeql.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: "CodeQL" -sidebar_position: 4 ---- - -# CodeQL - -Pixee can automatically fix and triage issues detected by [CodeQL](https://codeql.github.com/). - -# GitHub Advanced Security - -No setup is required for GitHub Advanced Security (GHAS) users to receive fixes from CodeQL results that are uploaded as Code Scanning alerts. Triage for GHAS is best experienced through [our dashboard](https://app.pixee.ai). diff --git a/docs/code-scanning-tools/contrast.md b/docs/code-scanning-tools/contrast.md deleted file mode 100644 index e8d40cd7..00000000 --- a/docs/code-scanning-tools/contrast.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -title: "Contrast Security (IAST)" -sidebar_position: 4 ---- - -# Contrast Security Assess (IAST) - -Pixee can automatically fix and triage issues detected by [Contrast Assess (IAST)](https://contrastsecurity.com/). - -Use the [pixee/upload-tool-results-action](https://github.com/pixee/upload-tool-results-action) GitHub Action to synchronize Contrast findings with Pixee. diff --git a/docs/code-scanning-tools/overview.md b/docs/code-scanning-tools/overview.md deleted file mode 100644 index 2d96d508..00000000 --- a/docs/code-scanning-tools/overview.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -sidebar_position: 4 ---- - -# Code Scanner support - -Pixee automatically triages and fixes issues detected by code scanning tools when synced with the results of those scans. This page explains how to integrate code scanning tools with Pixee. - -# Supported Tools - -- [Sonar (SonarCloud and SonarQube)](/code-scanning-tools/sonar) -- [Semgrep](/code-scanning-tools/semgrep) -- [CodeQL](/code-scanning-tools/codeql) -- [Snyk](/code-scanning-tools/snyk) -- [Contrast Security](/code-scanning-tools/contrast) -- HCL AppScan -- Checkmarx -- GitLab SAST -- Veracode -- Coverity on Polaris - -# Supported Rules - -Pixee can triage (T) and/or fix (F) a wide range of security issues detected by code scanning tools. Many of these issues are common across tools and languages, such as: - -- SQL Injection (T+F) -- Cross-Site Scripting (XSS) (T+F) -- Insecure Deserialization (T+F) -- Insecure Randomness (T+F) -- XML External Entity (XXE) (F) -- Insecure Cookie Handling (F) -- Command Injection (T+F) -- Insecure Configuration (T) -- Sensitive Data Logging (T) -- Resource Leak (F) -- Detailed Error Messages (T+F) -- SSRF (T+F) -- Hardcoded Passwords (T) -- XPath Injection (T+F) -- HTTP Response Splitting / Response Smuggling / Header Injection (T+F) -- Log Forging (T+F) -- Path Traversal (T) -- Open Redirect (T) -- ... and more! - -In addition, Pixee can triage and fix a variety of tool-specific, language-specific and code quality issues, too! - -Note that we won't claim support for a code scanner until we offer significant rule coverage, and we will then continue to mature our offering until complete. In this sense, we are always improving and expanding our rule coverage on all tools as we continue adding more triage and fix capabilities. - -# GitHub Action - -Pixee provides a [GitHub Action](https://github.com/marketplace/actions/upload-tool-results-to-pixeebot) that can be used to upload the results of code scanning tools to Pixee. - -We are also working to support "native" integrations with code scanning tools. If you need support for a tool not listed here, please [contact us](https://pixee.ai/demo-landing-page). diff --git a/docs/code-scanning-tools/semgrep-issue-dashlist.png b/docs/code-scanning-tools/semgrep-issue-dashlist.png deleted file mode 100644 index bc512cdb5b60e0e2991bdf64712f882aa5b16ae2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 122318 zcmZU519W6f^LK1+>};~(#x^&$ZDV3{lkCQ}Z95xlV@@!!Hny!V&&%iie{)Ws?%Q3} z)m>fpw(2)wit-Z32>1wKU|`5nlHZiUz#yVNLJu6wN6wv%@`;mqN0}rtRgZhi)BjA4oFfge2U@+K^_|r#F%moL7{D{H-D$j-ZHzh<= zF64jGJs;&@!YZOtQXjF3iIbU`owKFAOQq$TEQ%;u0#2&z4WNL40#^3>P z_=^RM&x7Y92{3apBJ}{++Bx%h@RR+6g6AXsS2iOV=|4zZZ1~AEIT)B2 zn8*YWNJ&ZgoJ`Gml)s7pi~Zw?pUl$5#es*B(cRsh!JU=C-pPWInVXxNk%@(og@yiu zg5KHF&c(=s-p-l)pOyT(o^NK(CQeokE>`w-q<__GWNh#1!cRu_m!SXr{@G4553B!5 zvUC1dw>~<^_*V%dGXoRjf9n2V<@+m_N72f|%vS5072rcXA2I|unb`RLLI3}i{8!@N zI5q#v$-&P0ch0|+{9jHrXEP^Jd%%ZC7lHqd%)glbUidFYKE}U#{x?nhQ_cU#{m`=j z0w3dl#!LXgd_m`9$c4b9z6q;(fS>5W8e)p!_#N`cqIn^9-s>mkhr&@W)_ujME2Rz$ zhaNyF?GFD=ik+DMT@nMcQ0lxhW%@JPjQ8UPr&036?wQkP9H)T$&3b^F+uh3Dgw1yH zfCyROcT!R~IEep5L{O`zwh40odHz?ah>&E#D%}6(dXkYAGAo1@{+}9R#am&az=eg- z(4hVmU40XhG|5Jj`kzcF@Xt|BsDG3EA!#SMg2Y{?;KOC2|M7*g;k+_(t|O zBt1zPGAC!1)SO+{H5qkxls8AJusam07W1so4rygj^*QwzW9aH=vy1$za>U;iBNq8x zCTd@&V9|vdkVcm0DN3xdYp*eS;}#woPsOy%@B5c#uPS)C7Vj7XVUM&bcOi-=GmuTjOPvxR$0gzYNj`y~RR!A<&CI;M7`0nR4x{)@jw2P@vI|B2j6zGcHAGBTH7s@eZ=7rY(VL>Ma6L`Eh!BskU88JZJ{V9pInxh04lKvLI16M)xM&;Fjd)t=2xVk8ATzme7m6x z;K5j~l@E>4%%(jd5L}}CX(Xm8$`0Of2OF)g*s8^r!bH7U!Gv-lhh$`UICppvS6Wg! zfAPU%bl8-Y&E{)M)tYdH#YsWLUF#&cw(b0&-0Ra`PwC^YgZ?Kf|>v&2?I4# zEX2zTH5*gti;t7F`1LGyV%AN+!cFf`PTdvemsD!DFW=;%1bxOoQ3RHWJUY2-BNH7~ zcllD&RVLOg@ill&Xg~SQD5w@mo8dq7HMAbH;4lPVD+s(20@mx*nqDdxB~*q`PQ$mf zxIjA!629`YB~!Vj5jbViyQ7V^BO+(Rx^80*mC1cy)l%=ZjXdnEqLhXRe&=B=EU82KD-nb)(fEFO2;jDl?X6?fn-scvOMA+V@72hC_e zG9oN0Nzu~vdmez-?V6MMS*LJpu2enAYr_kp$!_cEzSgcm_FBA$Lb5=DBTHpjP>~l+ z9IiOm!$Rc`4GVo5K2#F<`>$)4y+5DJwI(C*DZa$pyCBdjn4RiNBNWvKJGw&H;HLfX zV)B%^N69OKXQ$5n#`Wmsp)9T)UXJsny0CpaZq|Z99JszM@qjC}b9yRDOia8p>FUwu ztyIQiHqt%lw%mNlc;$+!4#iAEpDbbnqtaS@OARDXVA0$TWepFP&TX8-yfXBku->Ir zISo%z^{(Dgu+{Al#;p^S3@rL4CI*Znm#~^YYPz{ib-cMo#VGY`DCQ0iKU~b$%EsQ z{Vjf5oe3<}T(&#bLC+>|;82si{HJFPx3atb>DV(8qB_J>Wfv-7{>Q$y3MrQHY~+e?34Ue8sYEr5U8(hZT+zgjQ>o}$Zg8pZ1>E*(1A`2Zo?jHUUo#|{AjrT8LT zZDb{a{l_ZtYg!GOe!{3mjl50Dn*=&9ijulGc2WiKyY|{#T)D&J_zsf5B*mxk*~lB0 zHeA=_yKJuCeyQ2A#6&g{`cb#{Q=q>cXtrUF#KyDzV7hrHHH`K?Ms#19^R z!j`Qbm-QLn^{G_$$(UYVQ4dQ-y33_Wd>@3p&evKpoxT^1CC~mu#BrKqcLtqQh~Ntc zr?*(!6MA0<&$qIHK1O9%t%dxQ72iL}eEN|MF|?+Lkk2I)hVPw>fBxOk%Xhe`yh;`|lSjVGuS>PqNA2qNwj?srWu6jqcTY)O8~Z2B zPo)^%XGQCC(|L6gka(Mg(}f)E@`MVLtR3ptq~QoDizO#D8h-vLlz;C<@NmWKYZ+5y@sZkw6 zfrp@nawW?l1TB?gD%XFjevKyP%>(_^7?Go{+ji3{sGwRKk?0iG$EzD*6#5bVlyc!<2&Z1n zs3;#=Dgt;8wk1OD#T0#h`|)JXN8Sw-DtU>pnbi`bS2B$8ewU^s%=bbURBkFz8Kz=S zXIaWzo$F?szi6p(TNsj;mn$-r2NCJkV?I8@P}Ap8`jdV~`!V;ct_+yPe&a`&h_QL5 zKx}okGgztClraWosz+Qn+dmc|9i05xj#-RKw>1rXsD%RjBxa^o*w@SdVWm zm+t;k@Z%l8GGEhxuDJvEm$UKT0 zBV_VoV&XH^nS}%q{x#}EEyL27k~|71VO3g5%1Y~O93=s$U4F&vAT=MpUqsnQnH`@mlynYGt_ynkKxf{smT;dWrb`(Jb^IBEF2M%a+eqS%$gwhvxA`S{D!A_m=1 z*M1rCn>?pAEcsmzBBaqI!_{g}x)ui7qq*LdN)v3$muaWFEX zB5cAPo54=a1}-8=8$oy$?*{yU1`K7T$-JJ^xQOReM`A3u0sFsnfP1o`BPoE384Nn3nfzL-}tVh$XfW=>7 zmk&{QXB$&z$or+bOZBQXb^x!$scy%D;I`BWnhS_*UiZ`D1Rnve^Kh)M)F;F~n|}Q- z_SKuG?i(7#>Bs~e_!aNZ_E^ZoPsQ4Hph9M&jjwTdtc)1_0xkEHse+Cjs-R?Y7A#@r z(Bes%+_X%73u1cR8_p~)M``Z$g)+SeZ8rO2Khi>h;^FtC_o`yS{YjPkgw`|nbpoSR zNKt*FZ)T&W?x4ywn-CO|;<|0B@-_ZP?q`SJ4((mu2RC$DZL&!<1})L(V%Al55-TD5 zTN!oRYFS6b=7K7#1V+u=KI`g0h^iXJJiboW6W48G?twQ;f(Nf= zyEPV#P6y$%DZp}yQuN|p z3?^)}Qn>vTboS%G<+?Mo0=(moG_zi}ANlJb0}L7z$z5v!r!Vgv@6&V6fJ^l2B`}PH z=K-sU$RDk+>Ehhqa&LUe8d!MMRcrpPTE|ZOV!sl z%uL}B^7_XBw=q*>OBlIj60!dLSuR(3m`5hzOu|!P0(UXsg?Q0$LR0i1Arxe<#8A%t zqtTS77k~Iz$VI(3_Uor@u~!U+nP+5?N9Y6bk(YS){gi=uG@r$Br!A4hOC^I2Q<^Hh zl#i*$XB+tl5|X|Q_Wn!BD~IUm-Myg9+}M;YLqE)eRM%kP{!JQdxo%B1f23C(1UNzs zGLd<#v|8vpsqXee7)GP{DNj=H&d2`aaws=qJ=5eUlE>wzhaw$Mnv z9Fwor=zg)qvbI!mgceY(-`O(YE7lzYM!u}S*GVAd8=mSz#yuv4(boRF`E`qZ^!q-K z{?TpKz0qW!p=n7LR5^cY`AmCt4GyU467WDVq->@jEj^$Uo<5|JZH;&>l8AnbpUmbh zLAl=Vcx;s+aZE%D!YgT1N>6CvaRPUjTrLx94B&owSvf}o7D=*D z(!aUr#GJ7`H7E?n_;vu`ho>q;*A*9Lb;Vmu?oL|SYz9@6)Q3CPoQUuLT>A)k6psg@ z;46QP%DCXqxENA-^|~F;i1I94?CY#-5II0TVA}S4bU$?ZdFXKmJ;V=?LkOhdDR^oX z3NbxyKILBL#wlRH5BU}g!cag_G>c5)3)(Jl=6$`#dlB#&>loR3w4}@-Xt8b4(ogti z13kWCJrBnj-f{P5cF;$kmB}@TNu*r0JXXVTNgoN#u%PT1-iPoQHnCVodOjDWSFNl~ zL5g7&&wwbj)WW=dk;UM`!qKS#8F3{_hZ3&y~5k)_S)%#9N} zW4h2f+rA4~t3{!ru{bS-Q(_AN#u~lu+XNKq5#gB}fpy3@1l@g~Dol)^gapydvn(pGp08N~+L*jMccgSmV_Lx

1xWWPxJ9s4B?PrHW+QYUMUJ}cZlOg=@G+Oa( zZil9rKzu%vpH`HA7MX*fj9fPaS~8mVvRxZ}dwYeU0By;S{$@7lxAmUkF)!&&DX$G@ zN8TZx4YT_|_|BpgIq^> zu@`(!f#@Cwz%e`2J)WDF&=`RcVO$_g!=~P)=DUTeL$YV5=NnRr=hITaUkkJApY^04 zI}q=0MVPGT5uU4K_ks_W41J;Z(ON=%=co5fRR;cA*EKCTm@0ax#Wq^oPrUB9Rq%~@ z_l^V?x@pi0$O}Xe^jjJBofX6Nt&!x{J*U|M{82eeJ1=O@1bzF{FSD+HTA9z?y<_aW zRJw}a9n{h3hgYbTU(g+-W=f52&95|r8HBY&$TQGWIZ@Djq^iKc8S{V$sxROZ0OGhR6@eQn=mUAi598Xc!ox z-+0}!SBTU3a0Kw*>AGZ3F7h*8j#Ue|bNp_EQCL|+XQes1tq+&B)!okC zf4bRkd?Q$>E`0YDh?mw6Uk?g4{#YZ?oVa+(W+{cV3RvQiUR-B#`5~PyH^+ghwZ%#N z9|U?aOQDC<@Uc4sO9Wro(#W+Lx8V{_e=!>Xo8@fgQLn4Co0;yubM!}|PCg&>@^i~h zPfHpT`EB@Ry-z}}!Wk;hLCiKLXSC^3#!eqqbEXZr;>qUG2Zs?B+rkNGGCIZILpxgl zC#wi7r=lmMuglqGLr33DcP!QJ%HCosn(cMH@o;Q=>IE2y%4*zdFJVXan|gl0VwA9J z)f&dt;S2aPX)GtaG@|13(@Po@%6WNZWs7)M$N{$0DySPe*VQ#uoYU!KPVpKWOB5_@ zo*Z937B;=V+@9U-3ls$3dOX%I?b2WOI|wIqJI%9%ryZh(d|sie3_1g`Co`(DXE}pW zI7WkNkNDyTrDu^sX+jZZB&+mWRrw8$)fuUrVa-X}-Fz;)?Pa}pGofihl92(PzQcyv zPg4es_6zFi0=pJ%`)9mSeZvSBp!RdTvD983OP-1QtBN3f)%`#o2l<-Lr+VRHC6ryD zBfE?+Gy4McR~R_b>ao=&R=C5`U=&X^Ea7_hSNXnhH^7PmWu(33Q1We~(S-EVP64`V zt1^Xa_vd{(KMJOvoTt0Cfd_W`8AUbVcRfeDV^Eq`s^6M@Tb%Dr=iHs})Gg;-?;Cx( z`FTptc8+;V&ZEDDKO?OMokEok$Hdf`GDr;FL2o8?grv4`JJHbtsfg}OBuv5_81NmX z@z*FpW9>Q<&la&X9*~N9Y%IfHe`ohtcpVQOlR!Ozqs1o#K(Ho~Jrzy%1I6U;!}EpetUQcxhnUyy1Pj zdu-%1X32$(GLDZiGxq{(jQUzPk``6PU0aza$)Gj359Kshh57Ph7AR_BaGjaC9O{Zh0)w+E~M+RIqp;8hVMPKb7?h>>E1OXV+nX)DI1e; zi`~44uc~wsZIQs2?e5p~SHT7Y)q}?=7IadJxx5vV?7l*F$CnltR-5G5a_F~6OF_vT zEdu7f_!xq_fk(gB3C#lh*q>4ugLuV;mOF;nZ*T2&KLFZYFV;xi7p%AWvnB6U+GeTr z=uF@Vjo5&4&=^Sh%5bIekTubunBgA(nUt)zo#Qo+_@S+f?E+fwhi^kNb@x{jF>s4q zs~>~t5dPKg>Q&9!+pCZMc*o~1^}(q3rEc9|M!Ic2t&Vip;}8kh_4YY^^DIZ(=@QOu z!-dib>b48!isOPkT~16(+sgr^xsVPU{O-Wm1^r%gim$Rn+?ARy=QAhBFD>3Jc0VSw zuw9sPjB?tV0ouoEqYBfSwW+<#624F9pWmrpa6g-kB`Ohpa}KNI)*=V&U?P@%6&WNOI2%3?52T=B&tBmp5cM3!1_^VsV0XZxca{TY``n>25 z6nkBN(?Ji+>Ei5d_&&?I>TMc?1KS;HM8_UpQ3dhE;x566v@DZ=Mnmk~@9XVW5H-$) z3HGX{7K8dcS+f?CN=Fnp=ndjC@~#}56qJ;}lnwbm_vUVVBJUyR6sS;*;h5e~x_7k2 z`m3U_IGwW3=BRn(G@lzQCnXx|`(_*2D+xTs#8g5kwo7Ghu#eEvW!XD0hGEMbAp$iE zhT>+j^>;>usk1YuS0eU--hn}{(Z40zdQ7x=$ayZTBh01w^ou|FK@87uzkUdX&_`1 z{?2pOIQqoxW2K?bKQQM0(qceUU%GHe17R2|q=o2HA{6@>uJro|LSW1k6lE4}F;LlX z@5OEv*Mz+hskEf_w=9(X_T+cU%_k4@339dpP@{$O9^>=?{IZl!Y1K%A0-yCm|JGX| z$D|g->D+0jH~zd9s}hMBatTLO;Oc!_Rfy6$9_z*SL_msEMcMHXKiC8z)O~N3XX?#`U}fntrLi4(N128?~IlhH4DV8SD2>#FEZe@20atV8hT>asq^x z)nwYFI-Kj%z1rwaC_A5oNkCBP9Q59IC+t3&w>;N3d9deGd0A}skTmQ%(Aah6+GB)w z_j7^IkUR6~hMj4I{Wq zY=#wq90b++v)OORuru|gCN3-kLG|$pu{d7=(x>`DY2GPHVWg;6H>0^%9SmEl`141q zX_HA6lJD8P1Mpo96FLHwVK)x@zT7Fsl|JU!c0zGO70D9>6EboXG$6PJK{HV?ajr(Ta2IOdwN`KuaUu_Job z;G!3sN4@a(cpOH(+=%X82cu%kwrF3}6TB`BaR(aIPMln;)!6A(FpBC)Bv3}(RE9sz zAx@TxE)HjY0d;aSL7VfHLVn@LY^yk3q7W22=){7wW zY#oL0{BE@i!bBc14eWl>ov=2_CqDaLGkWrB47j!i=(jM*LgbH44NDPnAcuCu65Cq2 znREMn{Q3}{$^)hixE6cKRsbb4BM@Iz4~1OC%4)v62m!30WfGNgqa??NOrnv$(U9l9 zWPNJ6(Q0-Oq+a3b!60hH6#f9ivY>5S0UfW z;>GPJOK{a&cqxi0lqwDI%7?omtlo?g(FjDD^Fj`6ZSwnZJR7lUFas-^G-`QWO$!{? z>YJ!%W@F^VvvP&r!LH2Z$bZm~zdM$w@G-a|*-*%M=)a+rLSXwx*K0k|N%$6lDn&14 z@9Gyb$48~DH99e~qW?JNwE7Itn$d9m&Y2{N&K0+LE8qgDesgB5dI8BbmN~JHmSW3u z&e6+Ik!@4|^foXXOUnNgpzo61lyXQjk~oY%Xkv>m6~Sfgc=N*8hdP}7oyqvbs=+?7 z^D22IS6E23?ydCrbo!IF%zHrNC+!O-+l9Ia{c-mB0JcT23F2{%2Swfjl(C@CKY#Lr zFF~p=4;}J7mx+u6$~0=CJ89>d+gy)u3xPAR^ix?xbYOtY=(_=i2ht2V*EalE-B@wB zK=biJrJ4n^k;-R5?vyqKX0zD`j+`asN=Ki%?MN(Ef=$^?{&wJ<%W;8SAyGqrxc8Di7DbOzOxj)bp~T4!L& zy4~5Y&$TEv8;u9fW3G(XO^sB)K-xlsWK%gB)wEtj#Twydttc{m)h$~d+PQL#RJ9=0 z8g)5-g1gbBm13#SJlDf19=Z)sC=4zZ|)du(%zts9Nk2mY{7fEBE zC$^2{1V@0w!Y4Hc$pfMfo={4oOJ+N9U18D=%PpxrY{Y+JUJ)N9*sWE>t1>(qu?&u| z23v_=JC;ty@I~HI`2E;pX8HzZxE0h)rA4v}nS;D#%WMUrrAz}yy6Nl%rOiIU(-3{? zL4_y*GZq|Za2(kgoZRrvH#vaA5HDKYzGCLXR3VFb`qTeNAj4Yst!o4cZU%H^|M}%o}a(FD0l<>(Vp3!_Y~=!J)o{Yy~08DfmHq$mj5+W$%oG zNh(1J^E(LkqAo#Q__cN}07eDT9wh+pBKua&9R_3=7N0s~KM;wH#74sY0#@13If z=xCF%arm~Mh_n=CPqT8?VK!9hNq=}sRcS8~m3NFDo=T8K&(^=!pKDak#*NqJ%I2^u z;Hapqvh&`XwiD26)h%BDeh-4^)0KnT?lv;0@5k&LtVXWXQq?>OL%P_6b}d!E?o6=< zeIH90w50S)%QRh?=+9t@pHcyZ;bl6qCvX-2kiG=-%_cO8|Gh29Sq)4WRiET&f4Yt+ z6Lm0KCiV}$qjKI!&yVS=O*0jBoa9>W@&+R{oPY6x8dZsTPC5F$NMmRRpC0# z$oqD8IL?Lg7RjwauUq1NZ$&KqubmGDyZ0~?!#)ZATSO<%nwrb=S{lWDfd)0+*#fL|N2SVZq| zrVQ{6&vXb{(8{q7R!Ho0b4!qAd+*qap-tGUP!g2=qC0jRWZ|(kSE*~_nV2g5ST45@ zUg-z#0oOZit-zTCwPk7FN>G_ z%~Se)z|3sr^SjZ-X@4`bM_P@GG$hZwKAbp26rU_g?F!SjNe0i2baP-OAh-iP2@;(ER<@O)|bHeSID&AvG@|F{%YRnvrn56<0Pab+EG={Xx{J9O`C*Wqj6Yv-s8u2x zupldcS_tjAA1nSln-ohX#g1PUJ=M$T42t_ZHbSAgjb1aW0I5~8>B%qna82XqPWKHp zYH)!ItRMEorr^(LWH{tZA*8AKMvyCh&gHQfZ$00tRDh(K`EnWRvbpsuKVmvN;f$#W z*GnND5jOnXf7C^qkpGg3;0`1brYMl`%jX&LYR|52#k{OanNWE^-_8~(;bFSC8Y1qO z{}a;42p1htL;jnv$EbQJ?V2l?f2LHTwU@c#XGn!;!KvhVfyCreok_|lOfHA^qlq7A z%-I6kF9^-T(0bRQRbA~vUzPo@$YW9T*8-9h>rIbw@GT{4!Al za}!ExnwD^{t(zpo__d!pAI43%o0oLHi#r`fp77Nf6^URO(OFSc{OIH{)wvYuc}ki6 zIhhx356`jBGVgT1$^80>np+^4<=4E{$+3qM6>5V^A=JDrf9#9LgRqYB=va;&T$yx> z6Uq=}?=ApqtVtj|Oi$XDFQbo@I-8_TlQJ6E!4N-xUkAiFjMizNLFQ~M5RWXu~mwHMw3Auz$wfY#G5ANGr$RNkV{b6RrG@DfdHQVR@bmC*Q7g`#zol5THH z2aIzL-jYh6MoI8>;@!%E%xu~_Z$mdhcHm4(Q|Vbm6cN6eSU&L@&vsp95pf>Glt-=3 zIJipNJvtkRcasIVE4lE;-tK})2ignlFQ-P_JbZg#RZb@*TBst zAoEf^C8-rg*E?|0RDMHMQ8r5YI+eLZI8c1$<&60}{C*;KAtX&>*Zb|mk0qSRSi&ZN zfk(2~dRH1{q0?uc=gDytNlhRT*2*J-J(4tsY=Psi4~}RmQZquiP!bnen^7>%fS5!4 z+3QHAnqV?)okGFWnqV=?DKWWwONYWhh%e?fdDlzty_vVur)Lt%S~uG05feJt<}XZ- z5%4rJf+svu1g+QZp&{Ia-7Xjaxy!|6Z-jttxuUsA=L|f14B@LI?IGX0MbZNPg(2h1El-awS`4wc+Uxv zFKCCCd~a3Uj+}eKZMAZU${~q#N+OKqR#qTvs{lNPZewB&w1OGZKP%{m&d+8}@H4Oz zFi`1VrfpHg@GLu+67k^R3gK;NCgKi0XD-Ms1f0U6?!9-^l0f}XDtQAh z3vk1Lpm)jPWylHAKHSWCX-4%+xyi$L;=- zHMb}?^~mcgy>Fx5x4l`sj%LAq7q$t ztX@;U#qq1$gH^g02~J z>v4iYn&FiszjP8lX0{b)r705?;(fuQ2S-2xLD40w%HtRFI{z;=tLg*A@ge?NPN*&g z6E^OSU)*V~s5R2vDp&e}-NHNid0$S$q>I4bNu%E;bJ+w!T&l@~;O+S051iQC4rTfe zu+SUbP!R)}c5XSN@?JNo%!rBhTEP{{fS(P|zJ+5VL589uH~L(xx6f5c*xx!0MqE7N zz?Kn)0+uY08Sx(uQiHgK{KgsW=e9p?wY|q@Kg*&C8Ue&JK=ex|3B%j{)tr);qrzj0 z@0Su2?b8=68#{5*Alv{M5`UiXE~5J^W^EYdtR8-0MA@+Oj@Mv)w&LNDV(9&M%$WAI zH1bt~+9kE;gu~Nh6`zA~`00s}Qu;A%hJKtgNR*47rtjyJ<2A$Y>M^q!hI6Qyh)|-v zt_Lm&_-arOo0%U+f&Qj>6JC2|R8Fd>pOnH1tjVLz5(q8Dg)U+XuFXMERue|iStoQo z_P`nY2GQqcahHlLy(+u5_`9_UN^2QGp+YYp`K~5^Y|z&frn{AS?Yi<0nVS@o1Ue1!yszMG1 z9$T&8H@g}erEXh(w*I0TNqw+;b}k4?HD@om(=w1bV{z>uywvg_-V4}%`n!YqA=0B- z!^pS55OTo0NN3EZiuG}}L#|grC}k8#(unVhQ{T&8tt#Ff)@AHY?`GmhPSkUm-m!V( zeb47xRuoHaJQox$czAn>w=R7?1_LZ7_Z~r| z^PCMU8u`50$cYJmz@oU>F^F6N^xd@HO}x_~RS`NLS(fs%K=9ynRENw#b|yiLe80IX z!x)h7<f<#de(7X)MKik={^5LXde{i zhd0wc!LmrlfqyDjGz{N;K65(4OVp;OJz55ea!% zFe2q5bzR2ep*F*Fb*Y9vVqa6-TNs6uRD|DqJ>8_e6Z(On*?wX0S23%_qLvj19DWnFkl?W;^ZOBdfUMHUGevg(@4ku zW(%w!YZU7pwI!IW-wG^%cIIoIN+C2&K;~zr^T6?4iUW@hz6;L^JcL@t>Y@FUp@&hM zny-HX+%Y8MaZgJfZc{?pxzM zW1R}MpY~Q9%lQv9(|A+bQ^sqQB?{P&oN^>@j#mO8?&IR?um?NBLYh%@{85?20%dA{jod!;AyH!L`7 zp)y2JA0wf}hwd0g6uv$mL}=t#TsKmtKH9WU4IfZ2PaV5HrlsG*q6hpQ82GqNh-NFt zySPbECz_30d|q!qXB+KJ1aK^oF<*S#JF0#wY0{0S(3<5rC<888T(M9BgkNmz@OJh)s|TA@iAJ$(co9JC3<(TZ z%JKs5hb$X{LaX0^JttR=K{?Vx*I}D*o6)GNI=<&$o5|g086RwxRSQ#Fqv(`1=DCzsx!N8Ve zj89Xf&3OeTa?@Sz!JT;*{hIfnLiUVXAhXZ$L>_nTv>9SJO>ot`u>fc1Bp3%!a?kL##;#o`fD~{RRov?88}RvPz22o1y($nTIa%9Yt4orkiUF;5G`@uyev1<7|9PJ8Q$zg4+JlJMrPJ5`n*D<8@ zHtb>y`R@+TLOe^PwN{J4?ER$>4#nT&MXsq#9pAYU*b%K{aT7G#lSa5(VFYfeecxtS zp^Uvc;owFcIef{e@VuJTJTMU~ahcCcKla{A$z6FWkbH0*?ci-uLiU=R1PFJG24SitXQDfb zaDNWRhjLY9X(%iBE#Ffqs;s!Jr(K*^oqd=mo4V&t{Q!RFfY zN&zg%`@giugB+$}`e@WBaHJwcR^g2t*j7bCgkt}|IQ`N`A3ki{{X=a^L9`1LQ67mHD(YIEY1K06 zQ~36QMXT0>iYDYPXS3C5In6C2oG6DUZ!8kQtyw!}u%P?^j75J|tduNJpt)-*zx?9) zByHJklA<9E4-qKjhvxA%py34l-qZNDcU-euf=~1HFN9eSdzeriS(JXB9K0a~*WS*nhQuI~B%N6BWM-|@fN)!;Ry3$e zSv%L{5blKX-;OyTlWxZM!x3}&Ct{!Ih)1AS=L4wj71b$KzP%}7D?GZ>hi7CEpuexK zHu%fYf(kNh+;UfrT#B`gwif=-jB$Sq@W1ejLd+sPyOP^;0B5UZkZ0rWZ~4*jVam|6 zlu%3~1SePIaI*fCVMj_hmWcKc0``iz*faa(h$r?#U*znj%=rKI5)%hXH<(SFVqp5g zRmHMzxhyd`x%$HS+QH(Fi*K8rxp^&owm%vpqk>mCK+vmr0uu8`L!>G}@ZatDt2w%I zf8lh*Da2<>lQ0fb}L4}5SsBb@QI<&DNfnTEir>Qvbe^x9kbTrsO$GVBn&dvtJ zPf{6G5~)X>+0R7S!P$#p1&);-yV2eeR`In36az9Oo~KA!&8v&ZqGi3lV?q4XR<-@+ zDy`9OK3P+%@P(2gPClnwQs9K-=zL$sh$0B{5)yp8=DTH}L!gI#XmpWEoRX>l-4AJ~ z$Nd&s8peOyD<%O{_*}_l#5*MrXRKS}(1ovqXun3ESpUXtVgE4C+?P7Ynd2;iPnLJ` zOeL3-Rwrac)%9v~HKf}%O^*DHNYo0?YG5yLXMQ?z&Lt_?Lb2qHt#lj16RZ2Ig&gH| zX9+PeHBkg>EIA)ckfg*UzQ=VN_f3~G`ZJG2i6|Ww!at4e7Z^k|D?1hEor~_5S7$>k zSWkyd8G%53Azc49i!V(z%b9!UdeZjquh3!?V*8eQr3O;?j$@==g^yXP4XRxHPtP_e z=tIhHpH(xQ$;H4IFx7u({Ixsk(^092HO5SKQX<7C&c?PMstY~|_iC|V~ zc4m96&m{TybO5lNmu|<@tBb6+lFF=i!x>fv^Q{-t8sc_(wclrq^2Fw$xT`l=_iLMzkNUkINQl`Q&<>qppDd~x)^l<9#EDai zcL^WX=zR{3fP|zNHjBuMx)=O$sy^Q)H&^PH1ray6TLDrMG5)kRvkP<82s{jxll%aW zek)fC{h<_unlo6AB|RGuI*WO5F4GI{=cQ7YGnxI)*<>@nN^AA|wZX05+zC_e{*PvYPzQTUFsLr z`QdEBUk+tQM*bQ6IbN>kw1vPQlXrUFR;z^uG(42*RaKf@be%7{{(U!IiR{OmDrL%* z9i^YEB^I`C8Bz9iO@XsI^5^R2R$pq}R5$zK64=-xn?L+M84`t;LekfI@xL9TZs{Sn z&uX-wYW#5Ajf-OQ93yFb+>y7|uLFN|n6fxwT$<4>k{O3&jf{mvLZqb#3_9@7K`Dtl z?^de(R1!4&!t#m=BGY!~7plKe+0QTilo7F2ZkQ}4qdsjig~CzeJEqZU zt2asK6DY*x&m7)e-0ki&8E;E@luGP8C6ux8w&fQcZo8woY(HGq_`ygo16TcSLf#S8 zqo?#NZi~+VLz~D@(#>)>%(P<1`=y|z!Z`9`A}pxRo)C0OD+y>b`!d%cgj7%ekp*tI zAoa_&3ZCCWjla*Yz0HQylsHyh;i7Y4o7;Aoa!gc{|rw$u&Ej=vZjN*6Z9JgBRKO%Et&ca*ly=1pe=pD&2UwYFOnFkEEsr&J(1DYLhX=h z;sixt9I&-{PtpaIly~suka6JwTLtKBcU3wr514m?()g z&6_Xh&b3BKtyZpPROVte7j}BGq-5=1k7j(e@QPZpLq4oFAw+T6IEyu$Sb%VLBJ5;2 z2cE%ET4%g{(%a8-(Is1sZglZZX9^&V%E(_|7dTw5qFq_tGIfexTnu*bKFNsQ9|}3k z3;uNyOt9xJ>cbqnipL~x-f`7E2tpet;2;oevu*on(^A0PcD~r+=G?l8fw4bDKQQ4Z zELJRiz|j0wv3iJ?En91SIKm05{V_hSn8?WYq@YK#1Pb-ig1y442&LS-C+Xx6m*{RM zWP5nx#gubs`?kouX1Z--;Lf6^|K=d}>5S!c=LG?E>Q_^EqnB8TXA{#gA~>jUJXK5> z0a>07@pci!7e#iZ@G0-0AI17U)kz5kr*kJ;r_A*FV^oi|E z>koHt$AR;XI{bq*tg?q^IYrl*KhteT$fX|+7y7Uh-}B2B@cnxK>d?iXFqnkMqZNra zopVMhS2Sfs8gkSLX@UQ>>~yI`G|+j)yEP8?$6YD7QmZJ+`rhq0RHpyp?9>5&bYpAl z`GSt#}T&MPqT^7)&V94Bbn50hJoN^q)&9ZpIbo#-uyq$yDo2U3nQNuy2LOFzZJx8otTYhsBy3T z**?BraA0xjCyPSvCFxpG#tS5*5BD(`ICPSICpERq|ulMjIXJ)`!$WKaYZw8KnmkW|70t}$rf zwC$R+;S-Qays5eX`NTlu^<2}#PjrA>{>#Vr9@Xn-1uXht2KSSb=mc|xaaVf`_`{Ykz^@~(eU{jNP3|>P^J>6neJWZ}U;bU> z<0H4z*+KI)OVHVX!}1To!_V5NG4vuG9USY7hl3dyF=;YdF1uB+z@+)h3>ElCHz!g4N6Sn-GAZUDZa%1zS3Iz#ycvki3mbs)h zA>mp%ER;`TMz~CVg(+ELrDVQl`e=aiXJbEDYz3jr^T!?AX$in|STYh*@Pygz9eDxy z)LcV{RNF%%``oeqy=dY0&o1LxnfYW21Llt72C!H6<#o2oki#(Bye7P9CkhT16}X@G zZJJC{iQRB}PBI*>dUlpn9g3a?4H4ucaC@E;GK-Lp&T9nwEt{RsaGqL{+mDD_*XmqF zB-;J7yRTHjw(Zvck)ykdaJMB$DoJVBG%{j$wo)xTxb;3llW2%uv)1Hgw>*qTARZe} zF^&(HPq|<~V??t~qT{*n@LiSbO;8aCoJNNEfCniAmqsXD6yR9dTdnS5jUex*P z2vd_jg|wD&L2KsO8$Gcdw#vW5<2+%8mqA&K^5U)vM!-m*8A(PL;+(({4Faz#yOiP0HoA2yR3O z_;UcC_;T;{XN@Aiu!MMeEMcL^fv9sXf}+X1!He)Urv0mIEs2++Xe=H$IgzGA<4;IW zbyl1h`KCjmS87|jq5jL!&XX}$TzE!I{mxjz;Mo)H## z(5_?R$VbY`$F?{TF7O{G-<2&*TttLL6^`?JN|{3|6tf_lll(@3Zuq#&|G03_Iex?q z^b!nDekqzQ6M8OsBfI;WB^cx22z#O195BSc&EoQXB9jJz_YWG1?SsO?w;(R^-zO?&n$@!VccY4ExQM@CRSY8=`iEB<% z`jHLD&d4f3D})4+d2X!^z;)zI@cW7vh<jLKOV=Di%cw%HsAU~+|2Vi%YEDX z+ZPnzs13XBB=}N5zamHT-A8F{3~$2Z2_ z$^Z61Nu5BS2Ox{`bN8cW`IhAGaAU&sgy;gD%5FWlT?|#X8O<@al-X$&GB$$RF(!X! zZbT7DJfE6AzX*TQ#5+XstDdp@hAK3rQYO+uMOg)WFUIiN$cB8RQvqBwZj2=0bY3=? zEMCF(A|7B%753i-OtnqU@&wP3&5c!#f*@ew1wuYaX~gBWjs{u{GWS zLGiabo(C(~u<@?5=4amFsXB`MdT&>(-kvUqqX18+P1_jap*`toM7Zj7b2O`%FP+>~ zE7^x=fxdJR^;N5|wu&<}ph@4K9kRqOWWSjyTT&??h?f+kRHC2y6%eS{N-fq~l(MYZ z@q$+K{i4}UF|3eO@zkBM}?rY-ywt1d>;?8%cDmp$Fc^W3kT|b{+uB*t2xOuHS_CJM}!wo>x~5$ zwwLB8WkJE0_}feegh*?!fW<%MkSOU3dni+`oF=j-S9hKE>BoTdvCrM9_xF!q%2C~i zLT7^|@D14xNWP)MdViCU*6c1*R`yP^Ab*=!s)|VdTA&r2qVg)(gZ=-7JEk{Olsg|#ig5wj5ky;?;wEPV* z_^D(3<7A|6kYyT$b)i;l-C6S4a4W-~nNZJ)K{xAa*5P7kitnKhoGQZ+c@La*Gd6Y1 zZ&i16k&)qf>}$Z1Fd^n}ln=0X{IHq_B1DWsG+;~%``XB6p2G4*2e>yQtvR5HfGYa) zWF~8X%gQQD*)K#-nbCUNvU@5ChsU+=S3z3qw+y3bY1 zxF^c3ouJNsV{Q-J(Jc^+a1r6O2`23utY2A_z!>|J3J=foLsTZW;Bj_uDc}jU z+y-0J-K|kWPl!mgMvsh0Tq?eH6~QFuMOeAEK!ies@h8vlb{UPA-VQD3i&x2bjtnpY~fd{zNa|zm>FBd1*&&MvxiK6LbSTHOE*e*sZd8<(vymSRENT-Qy z3^*i={>ULA$9#a{46J#1ak*h)!9MTl3ZHxS56qH9nxzqR^vJ#uCgKL%`t4$9mg;!i zl{qmGYDqGseXJ9mY#ogsqGN$if)!8pD?wRgkI`ZsFTBH+!T(wlhZ=9pk#E`532b8s zf41L^_N6N-I&AdxlzLyODe=?C0Qy@#?KW|mm7i4NpM^!#UrR3Mzc1aod7@xGlG+9N zqHW|Eqdfa9`8EW-rBYd4h*>fjL?8)9g7bl|5nO~}i=eIOSN+9# zD+kt7Aez~I%0`F>6or=lJ3}KWJD!y39M+JZ=re0e~m*zs#pj zG4?oKqLW$~CU??#zZD@t%d}AtGSrZ67 z?`V9r!|!f+*FGD*;3O`d#|vwsWk4!#oL}X=kXrkAUT7tg7ho2e1BE^j(YrF(vmcsG z6N+$KM^QQQ7MhnTHj#nctb|YD3dWe-^i5`9!yWiMP~sW0`@-P3rWY-zNO5S2g;y+t zbW6L%!rS7yrX-DlU*qm{HicgCoul4Nn)u;=9*`UPtRT3gu-8}vxYV3~7@~q4QeYYc`&lfa~lv=cR ziitlonYMzSJwp8h6KG<~bF^;PxJ=mQ+6^8XQ#SuOXR&N`X0K`B-?DP=kx}8kMglne zv$B3(cjX6lqNh;387Yx61fG$@YJR)d_CF6$KH=_+x|n*Ehk{##>$+@o$HnUlKK9`F z0V8LJx`9Ww4(KA&^J3Hf>1-dluKCWIa-^RjW9j34LJp1eEm+z7yQMAgiY+FAlYjtP z4Qg2~grkE@Bu#qMWc14Hei79`Z=7g_OUe0M_45q8T5UGV9k$up>Py_ zCR#TGW7>VmGp(4f(%r5^ln%zswMJ0V>t+`Y0HCCZ+un?gSX8;p9krV6dIXG&xF6O`oX?92XH@HuKvv2>rZhPQ&OJ3x?KU;26A+VhguNE+@dpW?-*FuJ8?i~ zlMBbK8?a(<^!Sz1Q@i0cr}wH@C)%{N)ud7U)~Q404zDWTh+eE2A`c%ZNXX^l5pTYH zW&J5yo+9pZ{Fp|SI5>+~n6EcRozjm!9Wy;Ld^8=#^J;8r%xHQF3yGQ@9JFJeQPXgo zim?p@ks%YGKD=c}g@J+UWdP<{ZwcPXGg-XXi{w9*@Sk^BQFL*cH_R5hQ>9|?Q_#+~ z#6>}##0^!#>?1AW_~f11~POg<%9LhzbMip&M;a zC|~`lUO`v4&=R47Km5kb>)Gtr`QuOm|e9Mz!J zmwTkG#hn?^aN$LrGQjlR|+5Pt1G{|`E6kOMPm+11VXbzy`&Eoom>aGp zgSnQRIE^7IDB;7{P29|0;3rq&qNu8!j|htX#P5bfmD~6|Q}mr#xOb1N-NTr`D4Om2 z3U}>!Mati8Bfy4I*=|AamyXTyhe<)uPL>_QZA401uPX14*W8{*;7UL0lBlJPJdwG= zJrK}FKMne-VV3yKq6Om3{kdFrA#2z;OnoiJE83gw9qFM|;TBYEOnKnXft0b~~=y$H}_c*OeC`xyd= z+v;JvnD4QI-%+Dk=_jw*7hOy?#YI=wU3DU%dq>=gr1e-O3VIy3&0jD!h~X$ymZS0= zR>)H%$fmbt2cy@De)-+8@EmMXGw-pX#ZAXzLL9+C7iBB=>%l-XX|9VZ>FDOW?vfLy zrIM!=42(7Z>*C(zV*Bi@Mo*6>r`C}jzs^CM`595uq&3J)7iWPh*}nn-`+fn#W6#(U zc;)W6`O9g09k1GGoDZdWzWDnGQPJvg_C33x%95X**%hsjn{8c#k-eMed5=m=Q4gA< zz_R{C#8tv1*S$Np)=8sbZ+`(@fa?ddp)z>`Yq6L=QOr;KA1;x5*n?)7iq<7<{%ln);*RM;H4Apac&tJTEpSKwuIsf?USxS~d_qQXHRO_TMWjudW4`WKK4&AXf;=Lh) zG}-EU#@GNQs_)gdpI4phiO=B%&i9(_KRj`XngMkV|CjivK!L75QBvExr{ZK|aow7g zHqdLcdJ`at;_R9WM9+ULslTHh`JNO*t_ASzR52v|)MF$FaKZWzB{F5m~9? z9agCsG6W0Ldo}|_MI2Dtkgn#><#`1_iwQ9U6);!jz)P$<K}uI@x^oS_NjrUvMldy!D`U$g`8&w1HIJddxWWNCM@w)_e- z{3AoMC-~-c@S>kzbq~{mA;3mhK|0pdFVFc)xR1L!vkRniT9E#Z{p8zA>NQ=M=@8?8 zEdIxEc|aq9xkwpGI=>{2iOEHmO6|!u(YJhoLNtT&!5LQ93*|6uHv7`ggVIrH%D==Q zcbNhWGY8Uj-QAU4%t=ZZ|4ZliZ3g;E#fc)XbIN8$#%lbVthvC+gOD|!qp>2Z{D1Nt z8uqz|O=F9XX~zz9^cOSU3{U5pVjU`#Nk*zbUl@9QpLG3;9x+9;GoN%F&8DIJ8}<=k z6eGTC)arW<%zyZsSAjT248r?dF(%^uZC>Lpgcx!i)luXm`R}XIVACOxljxoi73=@- z5dT`ncB3T3`4_1z`QL^9elrIU0yB*bC|h9uudPsm>#4#5;#;gP5<7wa2WH}fAWj+4 zCDUL2!+ZRT(h7kfRhFl5f8PI>_3fx@{}$R{oCRSPRMAw4#~>0;(rYXwMVvo z@JvNmX8-gG7(kT#`uCr}`jLut(uNldYLOuSuaf$|thF%Z_w#6k* z{eOII{tq~Iy%XF2f4qwKkEbG!h|B+;a%aImKKcJAj0XGvO%J$@(fN*#XmoLe(hY#^7QnqIK0@=|9kCWBET+JtA~~5R8>`B0<#3# z+uOI#&ct+eb+@}dpIS)5$4}SRvPeox=WcHsLy(^A^>zIsR;Y8)zFsA5Aq?_@d_~R2 z8S*|^ZuFABc3y=gY*++~KZ8&U4go>0CLe!tBS1nz0uvvDqs_CJBN~s_U83c@1 zB=`Tq&>79d#4G_Yy6_awpZTw40?MEL7|sm>B{bt%)SA&i9~Xn!utoIaQ1tmFWN?ra zlaK#JnEr=MR3MZ847p`Dzh`JJ&9(*^3Bu+>h!zmezscACnb((70OoshkpvchU2PRG zTWu9_TzabWOn^J$r0#;+-!Z}CUk_?#lo66!qrwhbgR}&d-a360JaK4a6HWdb5x!LX z^B_%yzC_FaiR!xOcDR$S8_&3ZXh`2W2E#v9%pKA1(f%EbgaMcme+VsUTN*FT!|n!2 zvkp-qg6&=ldlO5Vj71eo?vDVOs5QAG7>xa=`(5Rh?~O`F$$$P1Fpa8ckWs{c9$+4N zrGDA`$mQZn+N9zYC^>s9^$O)D+lS{JY$;2WUGf9L+`$e}0j<M+p!LuFG1gA#gfBN z-$zokJJ@7_7y#O55?Gge`-XKCRF}Prn2;7JJ1=nn9?YiDvIA$s%h6HOYFY;2%1X}f^C>tbnHna3oX%KT@&|9oeGNi=c7oQZ^j?&}$m@Uw#4hv=#1C^32OHL?dKQz`>{T}y1XxVwVR^%3z10RZL|C6QV=b?z_eS5a4I>^dt20YZ)Q zfOk04g5bc;_gxMz{TP}}&Me{o2Z??f&Jn87sxR z>p!eVGwdx5pgGO=5$|IZ6-Yq4d!}Xlt(|wBv7+W0a895lDuqi7z5lGNd1G`yMX5RQ zm+k|LjQMO7w~8>0GJt~SH!c&^8O4p(9|;$i?`!W1jzBlv8kySb;dFA+8IlNZ_v9;j zwf?GR#)^$pE7@A3wIm#=+M=N^aoeiD7P7w-giIE55qQ351>jE=$`uKt@cQ$;ZchpMs)0lNOXLbofjd&-LWC1Y=C^mm|Q@9 z1UO~FkQ#=RmO-_;Q+>#vK#zoHlU^CUaMq!t=ojU99^4uK9^l}*fO@~Ul5%RQj2+x8 zA4T$I_I(5zLEX^%K!Ep{`&Z2`}nZ8 zjRNiLmdR~P#Cv--aNx7%WxIFsv~uS2EI7`0$20nqd5%%`y-#dWeyu-Oo$b^*TgY$o zwmMkSxy)aidrNZ;n0IcavZDw1tLMf7K#4817iO zKSa7{JheO|1<^9tw`&i?ldNkfE9ZaleC%Vt9t+75DP|RI62pkchr|KU?7z&Pb5kR& z=^VrpC1(%G>WQ+}QVgxDGgYg#&%@v#PKR|;QJJ|OL&ySelDBUB*%Y!81;-{A#h&iEe|ho% zdP{b^Fpm05UlOf(x{$6okM}(D-abQEV@W^s#`9yP1HCz2ydQJm9U=*F8%U7JULcEM zVv8*IAQHEH^-M=Bot?GBsY{AwjndSQ0L1)qv%0!Ps&zk?ovzTj6Bk^*U*TDlk0h*8 z$FBIqK^%=I*I$|QPFm><#dd}sgMT#*G(WO0JJvR!nX z|BW;fk2Q|2eIGh?V6i&{_`)ue`OI8rF%xz>@0H?S$$zxJ6V0QnqB0T5z9OCF^$O>- z56(m(VvmyLc%2u&-KAF-K;^&u@&a*gs~dT^^Rhics@+AkEoUO z#YO%6$zztlVyzw-dC7?quWG=C3O{wV%Sd#pSFR)1>1a-AO_%pzdn-EM-`}(O@^J|? z+I(|;g33QpNyDN0{S|k*T}SKjU~lc<=*&BtTq;@VER%OX8|E(ORLdIIZ+F zmxh=y{GHjdv?&FoE{F`${@(SI2OVJlYO3XF1T1>vjBmf+<<@L*CcHVE$dKi{0AX`P zez)&=Z1_5L0J+D{*QzMX68E}ZP-F2p_2haRiB}PtTXv*G#&7=k!e)}1DzfY|fLzM^ zv#FDbd$WAE)d{qgbi3vOds02+97~*a5qEYM?``^4S9`M#HC2hdHV2fwRpYu7;j3+F1WE zJ&45%ChKfavrqkmG^v0y^RcYPdizO-eRpb*?#KJcDrhow#G3g*Pmx9>?~l7ZV|$}n z5G_xRA2w|-C>9IV1$Y7^pqHavEi6GAPLdHkqQ?6D`Pkr-di>E$Uao?kgrV;pIGCQk#_4GXE4-yIHqnq}o#RS@JmZ$!=AvI(PU}Vg~O00aQvJ(@`h>n%%JGmORB9F1b*T2%$Bh=AwcIZB`CP zFsAXh5LyaO0@;+%SQ&I(hF2UncG$r+^lf7UXTNFRaRY+K+wZw#8V@O&pPRJ~B3<~5 z1=Gs$U4^G_8dmeVTQB=PuCK2uOFfQIC%-*9pFXIq=2v#S_ywP~@uI)s$6B#} z%R7{R+}y-yew!!)?Uc?q?l-=e51iCf(7?1m?mmTK9$yh_dp_NY&gT| z9nXA;x}GQ2hm+<=T#vu)wcAauXWqQ!pO;?JeP)NI8(ieL>6cv2s_km#PKC{TGkZX@ z%Wl^gMR0pTPPkW1?l+5HQbTK^f(%c5rE=r9q%Q4OU3 zr|CY{4Zaba_7R@P<>fW2mvhBk#1@^V{`R#X&oA%kOGnKWF9HY_mc8I{pMwCJ9z=(w zC1PtAKx^4eEh9C!9(~x$5YFVLvl7H(6HME{hOJDEyKCF(rvs zOEiRtDbwb4E>e=&{j#KJDqn(s0+s(+yePvx3{U>;syE(oxoQAx5JH$cBwE3NQ3O-8 zvCH@HY&q+GB87&Q%}H%F;ol#<5}g^6-COS#Qnjw6sypW2HIUGQHw<%2D6z%C6WEvG zG9T=`?5(AB$(c?UwNcf~RA2dYI*^rU#}XDq*VyjmKKVowSZ*paKceB_MogDWO~)6a z*}xRId42uC-FCCc@%|o$Y+IJ&kzsb;sYu6V)sNWGx?z-<%kKKiPKQ-rY08d4$3~8h z@S~cJJ5im!AR!9AWV<1WOVLS#!uUPsYq79K%YqnhPvN;s6niRMG$H4Qq*HF|3BeVz zcd*NXFpraOgf4-I9S}A9{YgvP!nHzKHN25Z4T0miqED8;q71C5CdRmJ@X<$90%3iK z#RKRY>uAnL)2-(_U-_JZ>3_Awtr^YJNh(==sz6TONc=daf+xF;tht3m-;oK)`~(QO zYx8W|(?o>fZ_KQslqW(?Yk5~32VN{D{XgmQY(Cwph9Fa;T{AN=?a!0-m$_Ra2XMWd z-0@FH3=j#n)KK77s2Cu*AD8T@v^<_fA1HU@>sB;fds<8_f_>-Cw?Cf1#Z#6^^?h%+ z{4)Me*2o3OPXGhd-A}!+Y5yDuaPsp=Jp3Y5Ow&*3RIfCch9-Mntf2al-Q;Nfb8#Cw zR)$-vD^?E$wP*?}pka^sEj@XP1-Zzw7Lszw?qkh_)lP61+0&PESuhLB_G+(w!p5fZ zLl<;+Jd<6rX^F(>-W~b*@gp@oeRPG1!R4{TSl)QYeO&#jJAlwDf$_IY7N2mC&+WqA z!6#j=;GR><#slWp&-6Z6F+R?O&EXh07d*}*evT_Q?A6Xw>Ne?YquC(^-#M(97F@F0 zusWtVUfS;1U_b91oCnlkGV_e-6SUpgE&61khjmlUQpx;$r6lAr*KBNW^O!G;ay&sn)~j{>f#HjQdJOzASLZ;jqxXm$T`(t^sST1L-+WUn zGMTQmJ6SD%9V{hUsn36VVOTgObmD&*@0hvzINplshPvUlk=u9p0IWyu!{832;s9`? zk(!PEG;0+<|D-8!(n*~Zw}Jgq)B9v_+O}*HZks=`u8W z6Yn1ARXHW^d>F0TT;|6QyFD33*7J^@K5E!#v9dZszmo!=L%j$lmhbaSQ3_6wZ(4py z&r37GdiG~$98EUWV9YW!3WWCh!mEvGA~q87x}Q&0F@lf@ID8-Pjs~RqgEC*sTo175 z!aE9c2|>b^{#}@BC=iZ4{ihir-%qjP6l)B7ev`#43zsiR@-2>s#S3|3o|OojgTov) z*Ov`bew!*YDhXpk@e3xu3(-;V?P{fJtd1`p@gmpGQ#}LJ$WE2Yg-F%QdX)NXLS%VNmQB7?2c zHfy!kcqs0RB-(OC+bcZl`3D@Zp837LZD_%k9}EK3$=3bF)_yTrB)J%kOQpUH4y**d z4=u~<^KfM=tg6sMD-!nb7#chRDqeozl%RM3`{48SlpKrWCt;<_DY;-aOK`TILMwJM zrWo%L0st^Wv?w}nXMvz42vXHNCr<6t3+oC-Ihn1{8Ly8ozsYNEPJBPfiu8qRQ&p#> zSPOK$ctP=z1LT@bh{xtA=Kr>>S5!=Xu}r|X`-5<-B0#>49I1}^uvYL-9;83cc}?>D z7$oUWhI7u-5DxXz|0tsFD^u+Jo4>a(T^NN+pu;e&4LSC`VDgw&F^`2DKpB$HPDdj< z-*n?iEuiHZ=#{cIfkhGQ=idc>Z#lh0Qel}#ObsHig6|f^1!-R0TMGS-?N#(4p~vcR zyC{a%@UF*YimBK&F#+8EPONp%a$=?MShD6#K_f!3CZfPlS40^9ZPdr)oKJKajKe{D zUWza*XO#RTX!Y?!5o1ti@tTHuycp!t;HFfIYQL+ocP_iPauEGh$#rkb9q*4+FRfM5Y?XxR;k3EqHhRd^4@x3A zgh=i{h)x#WqUAWR>rYoq-kWQm1KCyUwg`5eb&j+>S2Nb-y)5tTgGx@Vc27>iq57Br z4Z!o^k?r)+izt3TC!a@jK4q4B>f37>8&T&jT1!C{lxc%bNa=4h(~aNn&2A279ESqK zXKG%dg6BC;Z_PV?WO)zOo1Dz7-}lIMP(9HBKre1T(4_3uUjrDPR`Q2x#a5Vru#zD8 zSN%wZ%FLCLfJiok15&TDp8l9}NH%6bxl9;`2wKP~pylFmY^RnggU z!L!}owrpn~`rUjei5wccJ&FkH3m}arV%G2cGPXZs=VH@5iY z#$3oCu=P`PtZx!N;LQf5zGZ&dUq+*j2F|ehn(^#hG^71$w`_*)w1HzSn*RlQE(YF<`WYS!R(~6#`i<*v)Q0wHGs;EoRa4pqdZ48jG0Ibv3|3Y3VtTWJ zuc+_op>^I3fd0eP&r z&ABLAqqx^*E_{qvrj7lrvB2YTXaM8*DRYysFELTYLKrs6&d(Healm1m2dorsW6uX>-6m0DFrM36a+ zj76@V^SUUt*qwQwuQ@VjZ8glDwv-}M-lqb_)I~D&#lrF|)_)`6FY*9r=YK2*z!4og zXY#uEUEV#~Z}rhue40&>7H|mK`mUe)E(hdMLBGzriNnp_0Nisxu?#!&NI6266TMyX z;4l!Yi-J#`)3J}8q^mHX1+r<5rZOj=&>^Sk(i5#r-d=L2oq*o1M#6an-2@k^NXs2$ z`6cQ+YP|>wt`@btNbDg_@gSV|{?oK*Yo2&CXHe*?Ua8s6TT{LkoSl7znrQB~l z#`>?%aMO8WcQ~6^t@+i?la$I=3;5H)+=k=?R9zGK2FgPD7a!gj`1f8OY9W^+Wmg9o z2fu!dY!{qJ*E=bzZLPY7cx-V}x5f24kL8hhI2D$2IficZ{TN8`E&McrZ**9zB6)<9 zH4UI$fn3LRohlwR8J-b53ExskyN5-nliZak_Kg`J_+kt zKKhS3V9xBzrj8LO`!9vDd&kWBm+%luD_=pvYQrC7E|8xo97?McE&DF2sdlvxtNdi$h`>sBaIYpW6sj>-DNoZ9#Xv&=pl(=N)DRBuB(}r4WisPN=-?|3bH+Bxr(132E7|XRn zawI$ag!1B>GKN%&&87Dd=M5;ATqqUJ2ZrE*Jz#9b9C7$45EliSY~LteM2U;iU=~$w zuth~*goh@aixV&)>mRO^ZrtY5gSV3&+6f>ss08ilA3ZD&+ZGcZYMtBcxcy4(t$0%C zxeI-N+HWMi{*In_1p7QI{>s8<*LAdfd9-!74HB?eh@i)KWw$QS;uS*?a%e>(cAZ8h zYVV(b#m|=>B~mC!rAMq0{ce%Z5isp_N^FtOQ95nwgRjr>J$M0Cyk(&7`L2Ys?1xEX zjHXn$fmhyUd1MR(W_ykgtDn++i0JW`EMc~Y7p!u(Yt~g#)dYuC%L~Q`@ot}{z|}Nb zbx}v(*hq9BCFf7j3_lt#N~PwL?3xz|SOTLB{RzpE!utMIVE$b~8WSg!hkH!UtTrLn zfvvRE`eCu%i^yqwsB8@YLu&+)HO-<8@tC_rS*eDrDTy0rNL#Fg+X0#%@3R)g9(w?y zz?w7D!7~_NKg@2~gFmOciT+yA;i*kEO273?7?kWsZ<*pgcgb<6sp95ss)$Iwi-8A` z@j~XM2WvNY2da0%{8zcXbJt%$5-D=Vvwg+30YA$_OG#5EiKzQ6yy9xq5KlC z@%B2NcyBaQ`~URLdOjOQK9;TbwEC>c3r$T*7TdZb;i>oFebG^Dy({>Bf>El@9-o{S z{)Lt|o~dR@LGw#ItGCAC<1S^HI%pbwdyxRG)5fAsdo+#q4|OT1r{7Ss%Rg%+S*!ID zM(`svCG5B=?d8{Kmr;)e2KNcfeQ@22igG3ha#GZMb9yz<8Nzh> zn*Gh}Oj!6Z^A3oY>&C1$Mc+sGb$Rktx_<3-w=(IR&bSB}Gfg;$eSk;kcfk4=wvf@P z>p-)Azt>OZU-pGljvC}J&Z;0E2x#fry}RKvtSrv>y@Y%!Ew?)J^EI>Q zZI<==6l;+IgZ^pPCaohBSdDx4CFYkvHSt{||6MydEX+2Qkvpj*pBx zJu-vQ6wQgxhvjD83IA?c-ILpPBB`RKm^Q<0S=0UI<=ge2URGu8BtdG`WG$gT|A!>; z_r-^nA!XSl5cT}leG-mKdw(C_eI+U%^6@r*492~Ar)#QG_=(MNb;x=@zej4n&CLyd z_&-_zI4dlSjjF5ag7dc=Iy9LpwC(q(JYLaD)&Ga(tq8+@(DIo83ZeiHkpt; z+uS5T;raJM`u#ux{>&Dc1{{eq`p+i#XD_6(LzA+won3xB{m&--2lE19!is>bFjL6? zEfe)WW$ynMJ}dKjaN zXtbpsbFT7W)eaVHMw-aeY%Eli&rB1H4u@)JVjO_7AGaCRJl3KexT|>>#+Nj1 z@pk)lY0Y~m?>=)0th|R0O^Opd;o|!M26qa0q#>ffAZzDlWGd<6N$EREb~LqztOt3E z%jL$Pwmc?8Jm*A|YT$zaqBO=A>st6l=TP1?)lA6s>gTmv3+YA1=W8)6Bdvw*9hfM# zc+h!DZn>4+fAowv_)U<#(dcl!iU5(33Z=*?!C5;X2eUXD)pXFIA8)4Pq`F}*|H(58 zJYoIU3LF{|b=K0Y?HC&#y5jQ?zoybsQQEh@{7;mqjE>N)gTv7sA4S`yO|a;_Wq(om z4QZm{03kDOmD%wUHHCLtsOH_-g`)-*@ri70?o{^ld3<|Q+%OcK0v~8S$d;vHYOFnZ z$vU^)rrGdp5NGGDu+)b)NWA*id1UpZ8f!E@xwAp&d8oXyWU&y1nz#NkS`~*y!J?*099s zDMKJ>xfEz;nl~+FBs{ctuIJBzHK+=VEORbS){F;u(8njEVBD!BhSW(Du&CKn#zAQJ z%EZ=I{Am-D8tkP4;^RYIFw5q9)Fel4b7`V(dkbkNBBz(x@e@m0F0}1$}>seO3zW214NnjIbx!p>VTOMV|luvq1=p0A|N*d{u2CzTSP|LU~ru4 zm7!v3yx#;1o^5Lekt;QQW!Q$w)v*(+(Fc+ecs7&B{TM#B_pY4la3R(9-G9!RyUDjc zL6_)gI-fbZoATVW?7H^_hwn(u!Pk>l{3?!GPm*-aF9>ptVI5)WRAc&o*gLDPID_uX zhoHd;?jcxkcXxMp8iF+LF2Nl_@W$O;gFC^!ad&rbV0hQ8|IGUl=3?&qrt7Iy=bWm& zf7^rYu)y%k%P`?`X10TfQ&>}N?Y~8b{1y6b^31V{T?Oe`9b?grF9%=}jZZ1r*ViMD zJI>h!HwYwC@9a%tnPC2wLKH}C>+Y^G>h>BE-$3#MP28usogY8B*Nhv`kNWv(72w=c z-B8)tiTV7yE`Gzktr7+ES2Oc=W~UJ*PeFob*~zukg5uiiSAQwxn{x1f6DMf&xgk84 zjGgDZtK%*asXHmblvXxv=bv^9EItmt0m9l|FGJL=*WjDHK60Ic8=G)H%p>nDwf5S%l$v99D6l8Y`(0t-#z>>iH)EH# z9=b+D&0uE0f$|fwMpLG})4C&9#T#W9s4E8JkbBi!S+PB*$F!+TrgvsP#?}BPamiMZhEciThD9x#KIJR?k+3qks95RC)`OI>RcxJ1{OIa~Q zc1zvMcAQ1v@RiI2lWX0nfec&YKt?=Y6x?LuW)4^@Nulh!**RdC+tV{S|@y{cp9#*MyB{+aH);^8uuM z_mv&8G@KdjGCVNITc|NS|GwpTS1Jri{s0#1Tn6S z`#m&kRw-uxVMjj}?uZMmKcI&)*U*fswTo|uFQ7khJR?4M5d_a$lIZlC)y#0m?-p)O zD7ZYI1I9a<*S^pq{tetjP| z%#Z|k@c%GnV?6A-v^i6&Y%kpVscatSme}FUHG&ULsDpFO+dl9w8tKx~4w4i&=|uFv zyBocf1a%`8f$+4V9i~&s3bLILW-dg2)s2>~dEh2tj6y$W6uIp?x$F#}khVnx5Hc_c zVGwkn%R>3LN&XtyeL%M-8V-V5T6IiJ8gx$vB=lgcEWnry*zeSnTOq?q!f(%UzfN(v z|HSi|iZ99&J2vH zdFty|QflX@9BlnA^mhqBz?o{90tHz1Rw3}^;t=0ZQp*1;7ZE9Y#v}4-M)5e=iHUL* znm8s%{KMiQE3sbAeT1k5R%8XwoJ?on<3Kl_L1*AjP63oIc^u4zo{mUS+B~y_^>~Ey z^W3Q@_LfHI2d&wm{-;KvX!`z&S4Si0;`ud|;~k-9Ym7TGSSnDBJjzG$|Km^2!E4Oq{8qt1sw zQ_=?PNPg-?2~Nzp`*9BQ5uZUgQzL5J03bK!tgd?$L=Cz5!zzUcYW-GGg?6MkSFM&R zi6Wa%Q$KrnLnE$+8&YcLF9U;J{6(vTIj#=QC3jWeS@j;(fF@tdT6WYtibKOM92GG6 z*q30yr3EcvaYn3_!}v@C+@x4ndvntOicm z9PAy;`7TePW9`&d%O{GYbPBM{aHf{^P|1MiLh(GljyfCIk13z06P~BA8sBwk5}FzmC0W8vl)(ps{GLX}g!JarESt@!q&bd0$M~Z#g`^Ost{AiGZkGZ16chtBY5;W>r)q zA_~v5G_s%w@4z=e{#Tn#cw|cl7R&_h841Gr@_NS)DWo#k56%-?QU?A_Rn!CGIlu99 ze}L5DKDWZPKDkkiE=6KN?j?2D`=po%QqW|>U~P|4qi9@U#TZ2kM%KKR>;R#=T4Ur@ z`HD7(rK9_<7lme}>x#%l<%g`_y4jW(zjyp_Z-z?jlz>8t`u0!mf}SWJb=#1~CVsEq zD%qYr>uI5Uj2tS#BgiZIYGT!vI==(fY}$U~3o^hf_|osO0jzWhOF3PJZJnuS;Sib)J&s9!p$~;nmf+9pkL7<+O;OR;mmW3OF`H@! zg(^UN%%3RvWX#tDu9U%&Z{?d#GzSKgNf1|(CcuZbiZOGMD_hrWKE?KjP&T4uYz`z> zjHbiPTef_w?^&OlT<~z@k~kFhpVe_ zUm#uFfiDIZIkC-m1GqS6GLxT~eP7u}b)##P|3^l{k`g6=po&64gU5x6`5zz3tsOD! z<2@VRu?y(gitEJMDhpCj&FZA7lFFKD6YoKHolJ1oJuEX>V^$zpG|Z9}9b zC{zV0+NTl|uQczxlRgvCn$1#uMSrm845_f_ac; zyw4uvrL~}zCcu9_{U!fKA!K4aX8zm9*wFAT)?+@p)^o6Wc6hk*z+LxEOA*)y!2~gZq)*Jb2z;Fd>FcyY3k)skwz)+Kz%ta1~OaFO2GWozD*X z`$?1pZH)>g|0~|8&dR^fmb{M$d2xUAZTH zfG-4R?9!Pfacds#AA>pxm?r%XiSjC*IG)hfswG7q6BidB<)gHup)fS`Pfs0_0}~Lu z&P@k#+>gH1cAJrXv_-C9u`mm8MUI$Kfm-tp#w{Y!%~?CaE-`zQXLOn!bm%1xU#h0M z`g5IWZ(6oNla&-VU1KeA>;|o6F7grqA8_S1;~A^?p-CKcS!g7fFb@Z=+qUmzYrI{t znP3kVM+iS=(lrjgOr7Z6!U5{cfwV|xoRMe*;$R19tDI$xfA)Obl58v>#X`n2w}TZ^(VJmyXbqlG#S`)kJ|j2ve8Hvl zWrbyy%Kc(u2&=;h=AQxdYcz|2L64L6)uN~QEzmY1CQKuKzr@RKn3A#aV(Gw*M$%zM zJ!`t#NxWh?IM~uuF&uGeonO}DCyHrD6H8{D=P*8B#Zp!vm$>s!gb4Y%D(&z6^L&0f zdg`JaqmeWgFM{fIKF~;s3jW=$!7}NDLXRurQ7;-_E+{Q4*a805uC0t|)cas&!$}GK z!H8XvU`eK6wST0 z7seFC^Lz*x*0^eP(sl-*ICS2rA;K%*=MxUsU^Y%>{Y6ao;~kqwp~65NBt@@s;@#w~ zPMGHj)B|FD$V?Q!MDWJ9=Jir08c6@;vmYP2Le7IsugsQxQBt!7{zX0V7)bqvuj>1k z4^H6=+O4N@$)muo0bAv$ico$`VC+h2Vc&Cy3FT+E7`Hnl*HRoIC5>R4Xu-;i`gMT7M|BE@l zwVB=ZLRT6pgq8Ge*!H#_HS#GiF(HeKeR4T`nEwWYg3H&SW=XNO{9zXoG~&KC!z9Ja zWo+f0h+}kS;5IhVUHo&Bsim*g8{r-3k9<0sQl+8`rWZWmGz@c7ov^@#>zT~ZY`+pV zjWhH~b+;BY3~LM{s~0fkiG!u*1~X}#cvnfa10{*4gG{{~(8yF**tQV^FarxbOItzN z)~rAB<)}xN8ne@UU8|3S3O9OFb4CTI0^@Mew;{aIzOqQC7*L#pim1L>Mgg_33xL;G z8#;l8>5u=Gb8$C77UTT8vpf}B{3_NK%s<5BsZBHN-1ogZ=4%*86o3-I6m(X>=^7R~ zqKEq9)LDio1|g`5bY7r07h1|9>Z5ETbx@J_7soD;Ox{xm|*xh zi-9-hC-3GayhXE!Y8;SV-eA|hLr)fp|5VmU1%V0zif`0HpH2VDFQ%V)0w_RWB9g9cW z>LRT;u~g0o2-_r4apFq9!nhltQsK;1W_OAY1^f*^=IgGK>jsHsnE)nZhOJ8p7QkY;J`SP25zKPBOz0#_g=aDqYS6$VX_@w$a#Mwskb~Cz~V!oMDe!!cnVJ}N|KY{Trj-85vF9huS zaETkL>`#@MZvT-FYd61ErH4EDIU9R9+@hN@`Pz^#4dJ%`g%4*-zelP19z+$Fd3y-` zhk+u$;#=#|JQG`%nFhe?rdrm^UlSYUB2_`^Qp*62RjE?@CN(!DeO}ddjg@^uzoPu* z7$QM$eZyub(RqtNDem}1qgqd#QpiVf&tLIiK66n4&%ELn5AzhJE!UeXKe46|^-dZ4 z4PXxHO&4(izWNQ{#{|+>?7>CVQaV7#&;|kQA$-oSJ5#EDXU{WOEbX5LL4) zTzmhB_r_WMu2aW%CPx1A>)_XcCbFI1STMn(RnV7c#YGAGUDn{=;xLl=`bpur&xk^< z)Y8NVs&M-?aOTOqd!I^D9J2NbMPc82B0s^YR@`!fDdVo)Wamq(MfupWbpu#SekNop zr6kY3Cu_~5u72kITf^aMT&c(CKTfH(L@#Q&D}!l`JNxl$>ixx%pjIDch#w5Ds~Iq7 zotG#tbr}g$7d(&>V;PhAd zC_Wz=jP&jML4#7MQUzys_v&fm(Z)5rJrK*eo;!91Bl#FHg@DD$7M6zk%)u8HE5|{9 z4pR|>j;*1kDZq?(aZE_osS7w5i}@S_3)F^XBUYLnWHS#r<84q+_us}Kh>tbwoVs1B zl3p1rM@8bDvijCFg{YxL7{q@W7<^J}I^WBFmL+aY9%5ucF) zAxf=Z#*ctxxop(`I@8T)mu2?Rx1U%z>(3FFr@cK)u>fvm#JTz)w7Zc136 z=8Fvo29WgXJq^`=h5Oc`KJ+}K8hL>-Q)BHeQi|V}E~c)j8IR=!zKvQ^oQ;g z*Z>~Et8Ac<<#zh_^Uaa(rUTpxtk0>ZQUE4ZFB9ma<7wq$x8sqjR_SUozBe}|nEuKH zqhOs1vt8Jq^Y5jel>UCozO=t#*OzBZ${6*;ut#x~6{g|J7)DJckpuJ&;31+b>OG=$ zLPJkAFzg3vYEtyZMSfYT9#ryeKHYqep{bdgNr@f>z^lBQ&H zZ@ENY^f1WQZnStxb5H>gmC!(LOwg%o`1>!^@l}kYXo48t%;hGg-Pnpw=kf>Y!Y8qv zSyacVOUFj%!(Efi_oW|hV~iQi`Y3*i!2X$P{~%Ny_f1rKF#J9ryK!6l39;>FPrEbm z&nz){N9**UO=ikTtwic&}hhdSQi{h41NpOJid+WiDa zKO;5Sjmi~aHaR&UN;QRsX0D-=Zt7+YjiQ1hhDL?9bYXq5^3!S>7UTYn=s zhpu#O9i1sce4TPiydvU(Ah-;h%Lquv{#;h;s8_L@Z+}Wekg3rZ+%qHD87)49t6$Of z<1DyN8fF%S7k~c9K`KU2bV<9vwjg!_P0=W(_|dP&yYy(4)p)yL&|MA+I^EyGk^*vB z4HuUB)cKxxD#{DY{SNqRqdsI~Wc$5mj7!om4<4_+YfS(~P2khglir31vlcP^0)F|d z>*(|PMg0b^jTD-vlK2M;N9$~!F@Sp=n7+)NM@1QF@H{Pd_Ld++#ptId0h(g9V#BoN zpVK>Gu`u+dj*Vs!G*=c1SP&&Tw5TC*j01t^$mdiuSylS@FCSD8vin|&n`{{-`kd%h%~dN**U6KfhL^DuG;|VTy*!y??GbptF2}Wio}X4!T|w%y7UAI^Vy=t+^=(bxbEb@)e?<%np-G zF!IYG1%@>YYbwH~l0puDD-9Fi^Qq?b;E!f6P)}3jtJM>cJSq|tYmmJM3rI7B7U)(I z_$Iv}%_dgZfFb$~$vP=Ys3;n8p15R%ZieNu6V$#^)2+?)`DepnA&m5TXvq}oGjUvW z$?rQM<~0$13$kJFdRc+SMZSt_VTaol_rO3*CiCM^2cmQ>p`Dzx*gF!l{KV!vr{j$>0?YP6@c9=UW1b9wIx3WtT7?q%a|OW)ODud`!Oz_z<@| z^B#ixbUgVnH}RYxs80>AZW-o+CaDdcDyqE)Fr4aS%LNPC)u+i)gmhG!Rosill6{}5g$fT`lzUBnlw*gmBDE-Z`9n$GSauL#o-fLPIP}{m zt$0#~GT6_#ZWqy+7=*4M_wI@f%yw5johs`j10<#g5%awDp*TBm&o0JWR%PlbWxX_@ zkRN^~q>tLPO>HiJ(8MjHC2SJ>)Qkc?&wtmG-(E^Jk^8r0X6l0ICSy9>uK-pi4loeU zzKAZA*-^8LNC|Y$6A59U8}Mlw_)LY@@0zw58G~USCV~wtWnL{!v%tKJ!XfYsqhrzn zdYSXuJ>;0;P~~W-4L&Ca`CzYE-mm_n+AW61K^Ot9#?!TNH6tb}Tdl`eawe{`tco2% zbi_)(n`28(u{O*A87Kc0t5ig2(HBE4G2vJm*!EV)SbVt5OEQXTG#%lPqN6QafhAiK#A7-B< zkx64_pEqXdm070CV^su8ST=mGix7gxSI&To5-0m?(BaLF4WALZFEhKaAbut8Bj#NS z&kHj!ZU}c7hKhQ&0S(MJ{w-d$cgZ0{s&V4hgv(hl#- zxTJf2XS1m`q9v6=yFly+$*0!8qKs$?TQYQjuqW{_y z;Goo9Dt)iVu(Vv%O)P7ChOQ`dNk8?57?@U|VZ0MJe6uVWKEA!Y!@gLzr(S00nWCmuTfpqm-r}!#nE8C z{I;ws>0aYK%<9(OsW<W`#+e@WRN6x_E3zrG`hKS5syd@7C3i_Fz1>g2TRKVLxAV zb(`lYz>t=2(H^cxbzaTzx>tAs9rc!Qq$d_UA%Z|>8IKFRa08sKL$!$$T@%FNbdbTe zi(lvOd{%PK?44=0Q{$EYz7UBh2=lKlHnMXrgX(aH=ib0�`)q_UPSvgl&jw79)t+ zEA*_q*4$09X5R?kb+@Bx^VaV1s|y>`-!a;6nyzXeWe=l(fh)7MU+J7u9_usSY{i<( z?_M~TE^I?;o8ac6GGDcWGD3vM5aF;jvtcK&BAQDhRZm8!fsSy^j;A*TUT;pV7lY|{ zA-7v$gr~mj1b+&a>GN&&xVYk8#Jbhe2WBrM=es7$Eb!2DZYEZ7$~`7tQaNk2H@}mj_9PkuFP?KbttuOY>zz>{5F2~2%4M~l`5Z*hgs~zv_#-0&?lJ6W%~;(?-~Fd)6w&Aj)fKp<*bN;+Q%%CTePE zXv@uvk@?o$V=Tp+6k4s5UCc!)Xu4`hE>Q}oe{>kTH`aFq%q7<4)PgfGcE#3b8_`rE7;lTJ3B8~!sm-j^OcAi^YwYF z!XUP67m2zD6KZ-EbEEP^`l5|iWx|{Y7d!qZOk6H z4Q%r+Q%}@{a)|<`pH!M65DF~$Xx~?3+lj8XC@4x>_z@^TN|!U}_pXMXH`mR6x|4M6 znO&L8Vb$!E--#9rO%cjnRew?b@;qpnb{}Ni=D-!1`O^sJJ+|M;RwCCx45Ls@(|3To zdx`6{EyOk(;ck4myumF|;eD}|?}?6n5h~Wro7x-BwPDhK!sRM}{^2l8i@dXDlr|zo ztvV7OKQog?>Y-hluucX^dv&ixb`T37%W6P|2Yw%USGsM1j){}WoNnq$)l%HD=#7Qh ztj+n!9}#{{d}1*z_)|G;%y+_CH*c*i-3e4 zN;XyivR>#k>-C|@U_b$1m%x~J;M4zrd(6lt<>OXZIOL0|E<1F$)YG)32=-|1#Mqlh zH^XuHQ-1UNlx`VeFj3t_+tqr$RoGWL&J;HP2P70IOiTVv)RZh-t(+Cjp32;ozyKLTU0x|*EGHQsLEG~PUkH5gt}Ws_eOaz7eR zo*mv1RHl3f?h5Xu7Dw_AVuT)hY>YbNpXmRQAIH>7de72v3{NBO`kt&Z|bP~eA&EJ1uX-^9mN@S#RB(9a(Eh3v%~Q9hk8Lr znv;T$(nz7&ZU_I%yxiPHyZb08ow2^w4U!>c=OFcNYr3+X$AzByi$>an;FJ2}5XC>UZAY(yN=!hvt1( zn(^!PimA7YNPTibN}=zH{)zFG7bWah9YFsY$}IU+Bo{|d#Zd+yd!N3j7s9S0Zfe^slu5zX<0+e0GnXG^3_jTCLOu7vxhpf^EdDFg6l}cJ@@w@wArz=`omf& z67@-R)z=n_EU%0*Ybyv$5_3AwXH~5{y6yubADQZ|C(amB_uto+D@_cqZ#Qx3%D+j8 zr}mFh^WzGjQ5WNM8*NH`DjRI_*pJKAcZyk9?JGAPgdP!Mh-z`qYF^!9;(gQ!M2=O} z`z1Z3&DK}z>=}%jYhsQT7JVX$YFXsCCK_t^S}QE^=PO=fIilGj>Y58;PFR1i*Stl4T<$s*U0dl2qNTaNvps*qhnW=5-L1YcruMOIFwcTjl(sg&L* zw=Ft)>P{o5vlWAy*JMI6IejJ7e=j-j&p1+N$*-K&Afc>SV;OkADyTGp41tw;&4$yY zb!!tYn<8OT%^SX?5~Oby8NOMv?>SdtvmdA->^(GwDGVu6rEvdSN9vEw=Yz8sx0gH( zPb3cAydH2*%9pk7TWu)DZnXh@R6CSi5QHZ1=NWB1wkA5DYqY98)NS2XY1#Dw<8~E^ zNn*NQ(D(>r%Y7*ZKFh$Z*m<%`8<>xNo}eUD9REUsj=i_>?ir~l@M?2+9!5$%P15&} zyWo-L_gFIB@T%B0O&%wps8*zy&$5H6vFH4#GK7)LvlSRBMbr#=KS^FW`ZHRs>i?sQ zYr{_qIOt*^vJ@b6vazt?gEUi?@o_ky64XBUm7P|%?mw3lYFF23i9b?HckYj;S3joR z&i*9Mq@|++UQC-}#m1);5pp4;BfEZfm0oa6BwTgn`k;EfoFX+i?a?OfvrTs7tdly9 zUETJCk;dMpYG{u<`Q`*Zs231V$k98vn zRS(Yl6Zy^)ZPN4Zw?dZ-ibGGg^-St%d4^e@6Hg7sfQ~0rPKX`7=DYj0DOg-1*^eZy{Y|XI=HhqjIg8tY zoQKW6xalkE%&!t^LOC1a#QoYKtb+H!?`mdH{?XL#tG?B!WmQ^Nk0G7d6SiY4Dbob2uv35Lc}s>DQIe49A|#G~St4avfYg2fit%5FoiB?Sdc zg&GX`kPQD4+74V>eZo8l*eo%vGkFAzt>!lP5&m(BUio^Cn70kI+4#aenWA0Hk;1awfns>A2L=ySsckbP82F3TGQNB>8l8PAehBAuMwcHS8$_`XdSGT9hCy=&x` zOXx8b+80WFV;t)KVYSIGZ0|>dhq}uih&rM)OBr$0`e_wnicg%mik`nTa^ z%HaFOZ453P`V8YX?@X;JeCyV7d5KsUs;uABg*X6ET2vBNVCETcsHbWe=?&uXU}p_W`VN(hE}M#)v74M zJ7X^3ZRIrCK|t8EM*;GP*_yRt-zDgK_-tLZ>$KGU*{mT#9ethogV9LM5Co5+?hBN0 zj35a5KokMY$(-IlDVZCZ!gdc+X9}k%v`EiS*H3mRKiLcXMEHOrwPA>m?!8U4UCcJE z*j2_>ITJdM?GegUoDVW65aXEc9QsO5C+Tw?Flcx0YkjUAmIADOFw3#O?;_-@tAZtyCv^! zR6|7y^Izj5%4*kZxld8qS_Vo5m-{c1w|i`V*#ecZDjBwjhUq|KW5yEtx4duK_7xVw zp$NjWj_LMaRyJ=G_8Phk%mcu^rQYD=VDEckEW>)YN-stlnlDOkPbm&EKp?U~mO|JI z@*?k8rb7Qk^2#}~`^mfzUmT(&cqe~%ngos&b4SZ|J%^2N zG4gq8%o|@;xI=w2MH8ggH!#T0ax}C3nF^17=L3-`4vpiz7k7;#eI$qQ92ga>S8CU? zj`hl=hUne3`@O;?J#ejiNeR>|SmLEx4W)alKl4K`RQGPeK6O02!INK%afOk(+N4?x z$7@w!Bj0>0&eEYHkR&h%pX^d@@PE4Fx-~fQ#bj6CQIQ^#ht3QEqH_zDC3HB$3WB zRM*9cZ>Q&Q=g_;YC#|R({0%&~3L`e7!vFiw`^h!D@h^t1CEqGf*oN1Efy7SM3kd?+ zny*JNiJi7JvENmp)*RoZ$$gh)ubKRX_TCU@3?kYb9XFqD1sOvAYcH8CxHWi5P)9(| zzx|`mIfog9mbyi>(2Iw7-w_hMUDQwN$&^~~`L!=oEI)koDLA=W>grhLD7KGJxQ3DK zvs|tEI`w%*rO$z04d&yZe|$JNy;3C3fnH$8sRzrU1V9M65>B5q+TBD33DVK=T7R72 zm-@;^#PU&ic8_gz$+qBn@J0L!5xRLy#&usD?jY!cV2{ou&GWt8ZNGI_!_Uwa+ia-G zIr3JfID@2fGf&Qy^>{?LgSq-=iFY)7w|+Aj&R8$`{gTn1m=t2~O0E|P{`&3?sF8M4Z`!$;NEXpzbe*xIAh^oZrzzkUT?Geu6! zm<>MeB^RNVUx~ExV`%VSm3=1B;M>!nagFnvtRyKHE+S4K2UDo!=03E$$wlBTy1~BkF!H zO+!;Nnd8SRhcgvZ$iv43(iHx9)_8D^p{mTo{=rO@HwiXheo)i4EIC;6HE%pK(cuqSj3cqXS~^dui;NyD#PA&o7iNYP5y_pG zihW#-kHqe@G0aYZeH$ysir%(w7VnvLnYU&n!aA` zrdKN1o*o$a=R4W?bFKM!Q-rS#qj{hGmFg#5{udbd`T69cD+vzcPSM&Iqs05cZmv+y z;~;R_Bx{_Bbiy z8SnC3x=Tz@QZMKBh$D7W ztiX)(^}lX$__jiop1I*=6KmS>u(EOFp=fL3PC~vlW|~H?WId;P8#!XAqoP=7y{|ex z@<1bW249v7R&V$&?g_isVD`>0Th2&Twp|#&jx#ZH^T?EPF&iOzlt^MI#o;q(`WJIml2FJ6|jSv z`!S}-+BQu0ni!HC#2CbptOEh~GHti5J&Hm*AhTiIYn>iW8;2U(y8V^YI7&RQFb!F~ z86a0TRFXe2#VuFa_a@MmC?lyTQ@C=+6#peg%jhS-4YzR@`b8Q{Wpz=~aQRj4Su@3a z8_Li1I*LPkcgfzv|A{NO5Wz7$y}bIbNJqz>`A%e*Q`LpT2m4XW9GaQ9TbTDeho!xL zWnF8D?sE}o*VAziu(#k-&@fZiTUj!Akffz6LiM#07p?*WAX3|j3Ld(3U&xnoPqM$f z-YFPfjg_6>$Mvrzvx&|%v#I)&tA-ZaJvrey|Iwv?&X3LBnnJVmZ!6bI4`z%MfQvr!>${P_L_!lpE1;J!Ly4$E-Z z`9i9CpID=DvjZ_k=H2Jt;`z_Hncz&`RAoY~cbB?zQXhy|7L7oja`hJ$C0!5NJzp%kh0ZF&Z1*P$1oYR;Co1Vo%#pIW)sR(6EHGO-qwe=4y#(W3ZY;WzUQjsSZ z$3>GIvhGk+e@hZAIdpk6vO9vHf)|vG`OVy+;F%aqHE{GH#!^Q3G+Q7tvt;f6^rNHu>St)6?SGm zw#nk@)l$g)q z+coL;F?A-Tqz{q)PAw-*8gKneDz<@&+$iR6=Lf!cH4OV0iR`;>1gjw#1)AnllYoI@ z-?qgs=!3G0LPlet;rdB_1Ihpep8av#ROwa61%cI+&R**H#2+ZEpS@yu6d}(tn2stJ z&v$3}|Ad7@OeErv%$NO6YIzj%9u#eRW9>R<`zN&4Ie0#^nUCd!AmPrGZR_gJI~c}$s&f0v6IWObd_y{FBi1uqMG*dRY_d;o6^9`H&D z7&w2*r}1h~mNy2QlSszmRgu*4VT|H1yZIe%Ns)`(I`!y5vTTWxga_~AG2XucCBEy} z)eJ-N9o1k(oWv#g<*}F|SALCNoqjT&olNBQr%xjBnZlDWi;5-oT-X!s-G}KHde4)~ zGhazAn7bZQb#zR+${ibU?hA<5y&e0R*9}XqB#=Aryq@H4&>p zYBQ6T*)b(@phyGvH%1Uwa7qgwc4B#CQ4T!@NjZrctQRzGzy94{CY+~&rq2Wn?H)o8 z(!Bpn>_{TLVM}%(i{8n33L3)Sv%OzTjmalkzPE7jlm>ZhW+3g zFLR-_f&{BJ&DJ4LR>i!>1qsf1ungF!$U`tcyQW{bCA89cSC89F#o^JY{fGj~7cBKI z+8;W%arcSvPTe=G?F&(yqKaQ7>v)if#)z2_@@z@i-|&7ks(RJS4PlIl>t-xHNB7e9$uRix?qyE3dDlICJ0ZDXTc`HLd%l5Vi4k;XQ93 zh<5Umgi7Tw>Z0Yu(Ci*sfhuDm)ii}<{YeIM%dYE&#E|n{`%6uU)*?)CivL#iM;Wc? zqux25qdK*Wnz9U&MeJDlV8tdTLmh9;4*=Dd_l3)7`BTeiXG?NwmbFI^uH^aqM`y@z zh&;K>T6{P(>^>xK)>;mxb_3O>7C-&!Ej8s%xO0_tf9~65^%k0A_TUbu>@xM zZ<)33G^LkXFEH|2?INBn`nqrQNJY^r2Tn8i1o!Kp zyK!8!O|Hl9X$S#XQsQsFKTrw0%1{#x!CU*6#}0U=xtnJ@gYo0pZfeMHdT%B*+*o!z zbRLPbjtqVG%rIUO*c645;9p7l2VeR_mm9`8#S$}92E~lXkuS%|(bkKT^*w`7hxn3i zS~8a@t#NU#&O2{3IiiNXzL!kHml036ulq%PU-~GC0~-fMm)D3l4_HXt`44M)Pig+& zpE$cJ+N5|u-&E~iLmwvmZ36dw0__*G1)gr%Wc8q9P~QG?ErNYD9Y(UL<6*>m(fj2% z{2Q`hoX~U5%<~hCxAn2#O^Anf@4UrH%s%hIZaXt~v^!*{KS0aKTaB0omXL0d0(HY$ zNy2IF-N?mDvxRd1UjVCQ_HOmL){JUIqAlNNO!l1 z^3HUS0tK%};|VExcLb?3kNEjX_|EC@&7?q7*8VVcEY;t$*tR2iJB#k=VF^ozUkuHs zvhRMoP|sl;Gmj2X%T()YQp4UhSM>Q z{`H}$l^!<*!XsQVr_adEdK_@0J9t6}25ubfpC5-mmSL z{AAc_t@c}l(s_OBL*^u7+ty_48J|*8OJSflEH_Q3ZLBX!X{|LIicLsUd@;~4a9OU6 z4_ri|8vBj*d8)uz<{waJQuec)aHVdogLQ3}7Os4{(n8v)IxX87N6jZKu2q^R5s7Go9!ehYKdyZvRo z36h|4@7CVUi6x4ZOn0#t5tDKg1a<6TT_pxa#cLqr&qrOF_pffKeACpeH=k7LeZ-6t z`l@r>JXkB3FTg$TZmnHyK__Im)hIM3@C%o7w|}RG9)*zAnXpfMPaWs>E#p4D&LY$x zLrqYnS^2@(6nKzBCYinWbE9%6hcO`5HA3LWpxa(}J*-&tWYEJ}WrEzud}S2~^Vd|! zRcTI6H-y&-jc+(+)t%>VE&dk?mv%_6`M)o?S=D0+#!=i>8?V4`>B#)gQ?E_6JqsWX z$#f*$u=YWs6_}^OZ1$d)&^(mby9wEqDiXauiff_*g+mwZ8T6D91moXJe{2(&b2feG zT};xRVCVAQlRK3?oMzG?(Wb)aCZyt?h;%AgdicfySux)ySuwfjt@7-OscI~RQ)|@q0YcS)kkw|)2Rej!1V<|HMeb|eOPe9F9>+~1B4b}cqupibW z{JKfzt6t}yT1sBZmKIow#_)QOuokT9Iy z9nD62zj?u`R0@8df*Et~Z@{+2zrt~JdM!~CFcEA$wY7!9PJ8FeyWpsx$6t{r!VevNhjqqrLENo5 z{rKVxyDzJb2CfM8k#@DfP^GNR|MBK5mOHGs6DIIyuoD@K-+f6~bWFqVe-x?yCAUNXLYx9f$ zAy)i^x`G1WOKxtcsQxcZ1^-PnxtI9RU%w9DG0~lLpG;83ElKkOG{=8lol(q>8fmhZ zS#ZJK5qR$cu>6nrN=jaeA~a4hLq0>$-YiqR5*A(446df3xfu-)H3i)3jqjRyc<+)H zAmj$T;+r!uH60rnOKD{;l#L?!nx#yoq`21NE~Fj(>Ax(b4QFIzneF2YV8nUpi@gl> zx2Bx$Md|BbG%x4ZosMc|XSm#toT$}_2xIA#9`WNP34moNj6UM(lsjTy&p~R$#@Bi1 z0^VSus9)P))}5CJuKzW&?|*};4}SL3{X7ya4ndMYxiS(h80%wFuMReuT% zzyZ+9rf^DV)!F3dkEbbAlKh}F9ZNwR>}mA?n$M^4)%d&tB;#0NcE?hGRT+8reY^5>T2I5|c>{YE%5u(X+7uI^EA<^dH zNhximu~1usX7Iv!A{|H46i#gy`{cnJbmfVr#Fa|HksuIjo&wiQwmKr<_phF z!7it3GHpLS3l(#(Vpt_monP)R(Tc`^ge&=;CDt_B1rs#8LP9gH{bS#pE++Jc{&1mT z?3$8G#>nqxzE#t`g(q_?-ZTe{fy%I$Pv_)a?GDLz1rnc60>RS5aXC<8dWmk_uXg6* zPi)GyTScLe2(r*9Q^; zP=_#r>O_Vy${2$(MT-ow(S5B?cep*1MA|0qgm)NjNBo9~WisnxWc z8}DUwekMLWVBg&Du14;Byg;Hl>wK!YheHEJAv_4d49U0;GAL!tH#RS;k>=1A}ku zQ1#XUAbqLd?wfAmV!^;%mr20OA|RrN^G^C&Y1q#`g>-Mg_;R(3DwGkWQKVWZqD1a( zij430&>x8})B1RWWRC>BiWFwr3HA_fb++Cvhk(ODTH~jIu)^lNlcj=nXE z>(MhM<8MfKJn7+A?Xq9SR&W@!g3*o75~vjHV}lX@CQAwShzOpjp;WJiDW>zejxERy zFL4ZfA;%iks%L>Fh1NY%E}UUQPGUdhnVvN4pJ95%eZ1ue6*TXH9>o^N-I>@VRW7#q zYh;Cx z1UA?AFu>`)t;n^AQ1bo%cmO2GpwgzK@`j1O9(M-O9&JZ8A9v@!^c_~^N)^782O;L; za@Z7k-8Y=BG)1wOX~{(QMXKb$PuA)p;AfTzYjJp-@zx@t-W_K>)R^|0EVa4w#nLKB zr?wB7OxGT>7rbP4w=rFn>6F5ruD6EYova8==S#DO>{Xy-!z&irz`i2kw6896Oil)P z97I1lhf5JPetH5b?AP0B$T9K>XF#mfzxhVVp8FKi)`6AH7OAT4`*rt?YEgPUIu%(j)mUVXZMScBLl!%Fc>r0*7SCE_lN*)x zV~gKZA_K{R?Xfh#V(9gyeam%W4z&Mf2VT6Af-3&L*pg-kZd1tSG4Ik8 z>+(mW{ph<`x;;Mn9&~e9C~fz9WKAzCmPr`$XsR&4-e(kNworKx_2{0_5;$+NCL?dNWyadgddwQf(Y>LVd2h3i>QTxG;ggV4$AxFS|{?TSs{~Q2$M`7j&DBILZBK2S= zed+xbKf^zApt)3QojY=fy$z20 z^qZzMvDB)1;d7KFoR83o*J;^b@ zd46R!9{IebO`=33X`!SuantF9Xi)k>2_*ECFyV213LEV*3~vDo01NkW}iLQKvDvYYdG*a{?Ra3F>%CotTSEgXK0Gbge)CDj-b+-4YDi zRXmY!dljOnRVi)Fz)VM92Pc^0s8obdL|1|jjH=E4nDOTW%XOM>eb40 z*bvdaNSd7-<6m=$fGtbzh~Hr>ciM#24dN46wu^bdXzxO-3s!S>?c*34(wGoRYO_3< z9Mvq*edxcdu_WrL%duZ198NUzlJN5ba3^!rd9AWL=8sK?`e(c~-MjiD?UCxZc`o1K z9|hkE^SD~cr30%VnOZADB}D)G9PvPfm(TI8Dg==EgXogjRIodE!#=J#96LqDC_aCL!~goWqiVP@EY@BOt!}DC3kj+?yw{ADwDx1>B))j=8olDbZ7H_ z=qy!RpLDD%1Apr@L1`*i|6J6TFF(-P6Rrnl%Jeex|90FTE6(*C;aEl$O>la$=P`hb zW*xc9l|)wyMAIB83vKR7a^ENtQNA{;Tunf1qmFCu9R~N1q*!C;7xY@_b5l*FS8M}_4EQGl9 z8Ek7_?YSqG^8@*<06Dc8&p23ChW!z_6(9Kvbk)gtq7~^vCfJi>)!v%>ph>38E6PZq zNx?1o?;cBVG3d4BA#U_qh1CqkzjbFThM+2PglCf97|!_k3CV$5!X)%kZ|RTesDURx^h9=EPq~z z2EW|K&G*r2iD5PpFK11Pm=p3Ww(fiVkbaH&HDs^9>ntRTLA3^&VU3_;=^#GI6o11I zUEAefE;KSY$$PPLQtjwgT1J2PJlQwE3k1q@?eCw_`GwGWw7QOaCtOQC!!>%TEuu17 zEiFHR$cv#rGAh^f9CYMtA8RCLnykezMwndJz`Dk13Fn_fkaOX&C(a#Te-ZAZ7dF~W z%Dt>wI%i=ld(Q2iDlWV4bV_Z&L)N&rGJi*n1AJcST~ zyBWR+(dy?wEEyyWWd3aS020)it?KA*2|#=vx7kp7eV)s;`i;CaWkRpE#;jtMnpO{_xXbgW*(vQ4pXbxcsaQk|wdFuYb@ijvI~j zNnaE|_eq41I@=l1|FVAcy3vsVacxqZ8$RN5g(USk9Oshl4;7ODoDYtDPenQOFzsS! zBOXpX$E=B4TqEA2Mt6{BA;0R4|5_5GQ1WV}7jA9NZ)>hy^?x7tAlf2E{^?bALTiC~ zNqyB8d%rOV7sKP21k6&uaPQHjml!0Qkp6RmfoP&~KlMfW!0%Imc9CQoE zCNVir(uH~ZLzSJqoC9X+I`7!`YiT7O5+hIP-M9?Cf*)65`&*2AOqKzofmU1&-5-<68 zD>65DAZrjJgT()+c`Zgllru@1{EhnWR>1>gQ1r>&LRS0VvkdRuBKYb1TQt(jrLgAj z)=Xg{i-SK>N3K6RoZp(yuk5dA{~H>=Ym4K(e?KwnrVp`fNy4TsG?m}qH;4KD?gKX9 zy7gatkCdYLiuQjs+CRz(33}r271rjK{g2_IfQG9NE^G7Gm4J?DP;U<;O6i<2{<$AO z6b3Q^JgJ>S^4~w076=-HoP~8^@!zfbA|Qi*_KRNr&%*Jqe-~sRdwo~5l=}8}>J6F{ z^ccFKQ&#?!`}nVDJq0mnl+l`6NALAZ|Jz}~&+jq3=*ABF-v;4@0SzH-W=T=)@7Asm zkR=$wDC++{n6x4B{v31W;+pobLQ z3|jxUPwyReLw%n~|1V6td`x;VY%6up(J5RWJGofBZ#ETUe)IfrJwLSX)%LK`cs?nY_<8E*;+)V!f~EJ^REAjL-RSiKVs7Vhd^`eJ}9u)#ocay)p*Zn zI3By(GEa`BHXlX`sI{oZji>P`o#Q^{yl-=E1nSsrpo3;RHeT08neZr)nk0T&}CIlhl_9tZ9Kg_;{gtH@?qXeO>8{%wHsdZ z_S`3eKKStY`A7SN|JU{=XNIL7?7lMQN_ARRy9u=#Pz0|gv3`F`HSI&x!cb1??Hxb! zROc|;ULGCZRPVa}vF|D9bvopjgADQoC1|FI`tI@DZ6NOsroJ0$BVHIfDft4~>@$@~SB;x$MyU-B!F5~-;7lcqaQ6E;q@qA|_nkV^5a zNFt4zEGZQ^aPE{_A@yxGueG^uYD*V$B9BhX{OAT-6lWP9IjTg1St;x@lNCeZ_6rnZ z!D$$wX?s@UYW?|#U3R{88%UcJUe6t9FD5ri2>$OoqDK=Hi{s})ozD-#KH1SccPEQd z?$>)Rf3|jWUsi0ZjYqeTx8tc!&r|taBS0A|(1#5`-lxXE(-Xe{C@R~tc@LW=Cv)@l zGwYd5ujC4hE~oj|7pTI!ezw`CI=eNzB9&`WFu(Hkil16Z&Pu8_r&|Fg9asT{inBOQ z?CMHMJo&e&#fpt2r5Z2sms&654wCWg2(ci){SSrQp6cr#apVhdkX76EOFiFSy|^9k zO1dRXy8C35t6lhp(waZ06g;E6u=->wWPfW0Ql6r)nqd^r5G4c<7puPI4-A2T2Djfj zB7|?{ZT6Aw{Tge_b?5S$jAo^b(84Uh(}l~v(}@r-4t>;EdbLD{JvtF*T-H2Nu}JKB z0FDLA^mGCxU^&P$Bb?LzDkciEUlSK}a#Os;_U+?) zZeW{#IrWot1IgD=kyz@O{F}pRg+s+J=6Y}ZGp&{skM?)k-_bu8*tkF56i%_m7OTfz zRo|71jq~@hk@=GE{pu7h5J`kpE>Y&fVfQ54B=7(`?Yk&%&&t$AP>jEZL^G4NAr%YH z6-78M-v5;U{BY%vC^-?4%5!R*JC=#)o&ri^mVvT&$d5DWG&&aYpKR9ietCQMwT>M% z*k5DLx^7^8aDTpMVzXWg<#syDW9_F~c9P#;b~(vf(#2nR-Y?-x-3(@i1P7le{oqri zQ;oRGpsXGBVIz09yj@L^ZZ09KeC8(TPi5Ga&chif@D~t*g>X8{57%a4_Gb5 z`{TMqrstE&bECwJ5-6|VXDYk@J_`IYMoquU(AQdyQQpXX@_=QE2wN~%x ze*Ny@9qvOo9$rLcgO@g7s#!O=tU_AMSJLcK$p;qA7076M6r9g5gHjE@LD{w%hhApt z?(_P{NTgiJSjBI$$O8Pv;^}MmFVzmUBxQ!}_=UFdrJyB}5wt?CU)%UfAmKE6x(s}P z+)=gWQS5`qHoM`_rJQ6Ey=YkSoDunU`ut*Qe9Y2G3M*I(FuR|eDdPDQyv=W zvz69j@&=>9Xzo&mG#J#SpQG&&o`jhI$#i=B-UxgxECuV~82a2ZE_7-BB_`~yoaGvO z(xcUCp3>zCfJ~e?Jo8+Zv&T~J(sEfUPZee^6_y|t7?iJWj>o_}9|0x(5KAH< zWUumS?l?--n6!2`8_yI$N5`uf^Vvv?xdK@#b(&}vF_)wDdJeCVBvLK=xwNv2>D`q! zFN#{Txxk?~s;_X3>Ca6Ik4!hqTkD06_2ZO0mSAG=Pm;H>CUncl(6Hb}U^^t{Q)D;0 zST8UyW$wjw;PZhk(wY}c4iOU3f>6d+oOKo<+ollTgpE4S-c<@>z#7z4z z`|4vkj}5F;?dn?k>O2x1m}`_6+Q+txZ|Y8JoqU%{mpiOdbUkZs4;Nfjm`J7?jOOe%!$i;WM^nRD(l{$h6|>{h)*i9S_n&MV4XRZn z>~3a@9W4kDb#&p#->x8lFc{u)-S*9@He3$tN?MJ_;7j=B)FZYxQ+gv%sNWxZxe6Y&**{i28a$7|wCB${w&EBhjh^1tIo#7g`C+p30 zs^CX)SnAM~EY{h5_;Zvj{UJ;&u2jC4+2Q8%_JT{lhDTGE?Z7-KZOJOzBiI_uO*kMR zSo5BA(4YU-z1^>mbaMWZKO;ROz3Ohh%R9Tzc@AAuowV?%ix3SYt=O0%|%mmDE_{(WToX?eXy^?EMj*v9-hwLCYt^mq*-f%vU#s zhf0^YeqU1y+6MRQIQv!*l7Z=BFW=vx+HROXp2BqG_v@FBZrik2e<_%|8kJ0jLmH+s(O2(dW3D3NC zgRg_hC*?q?-0D*LW*vk-HQs-l6F%7 zlEwaqgR#bO54qah<5m;9D|Zp;&+$8!9xFG&l0BI(^8|*yCK=JZp`V z+I*Vl4D%A5T4wkDu)->pbMSaB7|ZyKQ;~F`cALqjZz26U2JwE`_S;im*kxpsc{>|0 z*({X3p&abmYbojQ7z5i$#w?lIDJEnA!U=w>SbE=oaCVvBwp+%?S=|kGAiTT3st%|^B zWc++Q$#H{wXV`CVx{3i5^mRhFJodq|o@0PP>kK4QjMEr*fnV9DLeAK3#G@xd9d!MG zRp<(YnGFp7i4<^`F6EOw-sGyUGy-s;x3xgVH*!g!5EqMXE^YzDsB2-6xNTf)W?OW1 zihP)sk3uz$!RC-TQXaxWBA4M?^d$q_kOfJ6ZnIY_|E6Zb%$bWttuB}g@V1j=(8^;S zO>PevQY$O-Zndxp}LnpxDb1GChRIXAXQGh>qQ-s@l(KUy}EvBt3z=iNoV!MQu!t}==v{r9L(#1h)8=h#KJ zb4@fhg{NmnKZ=*2*yeoEWz;0Q8EK776v+?xb?zIs>idUp>;s?Hex|If*K|;zygD~U z`qfy3ecJ>liKYLh3F7to*9bYat3h?XHGVgpmOIJ3?Cowr;)t|4X@;}EBiIy1F=Fwkv!b?+wE1SX z2UKd1bEjFK5|v3VygqvlX6jgbg7i_0!8J@PX75e-uptKvJq(FOXcfD7Nydxd&y?f*X)8^yD@V5H7XVIwS8HcID zP)|CUosPJvLAbeYrc%l^m+Bp$!6^Ai;c}n0h-T_8tmO9lC4tDq!50RCjN}`)H~CX+ zu1R}l`>T4EI6Qf-eM#)pAwW-%eA5$A0tCQI0@0vmeFvWF9Ux?BP7lA3OG4xLj+?Bn zr7I-DsvMsCs8Xc^q;tag%`>10$vwqxRT8-#kkm7Eh?Y$N;4CQ@!ASTetduZlkCX<} zWim9R*h^4t_6-7v^Mq|7n#g)piJve8nE?l!gkc?Sy? z33#0XGk!`ZGXLuz~ zbWm+NUVKc110t_0KSAFJc^pPEpLEM94maH%WB5&uuZ;IR8Mt{qfrcYPeoDC4^KV)H@Ic+0lxfLOX`FV(u>F}RfrIwvK=LK8<8y=O=o zq<*IM!+s`X65aUL6C7O)gdQIrAe5QdBj!ZfK}#}x_SU`2hyBepOehFV=16|O(c--g z8NY9wF819Mop=H21yvR0o<<0-mZ~|o;MhB!ULoQ{l?3ijr02!vp?C&UkSd0k3LKa( zBoe;tYLgQQ_-@F1*2oK7WZH}{9=JtIP9^T^^P%!B@iJhJ$_DS)H+TTRdC?t({}Fu- zh8~spd#!b_tWy|8SagXOr_XB(4rSDO>l3hYbJxX%>Nx4R2J~l7?e* z01`1>PnJe;$^>&YK74E(0*BPZn2Y2rwZ+wGg0$@7LQNQw$Krf2#OJ^BQjW@3=eW#1 zQiI!^FvNxn&19nI5)M6M0%37H71OoL4Bx%+`}pV@P*E0vD%nm4Wb(R($I?QBQhVs9UjUNU`ICk$LqC#9ku=u=B3 z-y+Upul;@dNjr4A-d$}D6zBk7FwV8*S2tg!i1Sr}ryxYwN|%)$VdfX`cB`ihSiE}^y&P#e{7)O zWv|$A?(eG4@PmnL5FtUifh#5CnqSXh>fj7?8BK78*FeJpzVG~?^Ouz82k+iUkv%VI zg9gR*?qQzRu5KT#W8?dW)MI#Z~pM3 zYk3a-K~bP~#h5Or2U#v<%Ab4ZUPus&l%~|6Zay5^{^tHAoWFBPRwb=?zU)wmxQ=(R z_!xSO5$@tE<0rhgQU4EE9?l}o*UUnYduFCL0&~wr%i}3rmH;C7p%FrwJ=)ne&=dkQ zy(d-=`9>?WGbqKZ0b<_hrx!=5+6wZB2BTwcQ$_G#83|a!Y^bJk|gw}ae9~{uY62#|0cJs3Z9xl zAe}eMMc&!x;qMwLGrNMNRcP4}5x>B6)*FGC1(-gH1d>jYir%`}A zq)=m|L0S=7yB|l(b)~6ZZ85gAAcjnEHYu><=lbJk+0iFap*8#2JZRaea|ZteWbgp{ zz9_wufdsbrA8Krjf5IMJQgHI=b#7SxO~_dgBSMw+;C1wd`+&#m?&n~Nm|8BQ9{TYV zNlt!<)#}_kA=9ubu5-kPv!U&qEYW@&7m z?L$?s%dz=6-xM&p-psNlo-WO8{{-SZ@f=~at(yHSza4~M9p-l8d)B#y?>+7J#cCbH z+*7L8hhov7sSb!0vD>{Z#hmJckkGo;bvS-~9;POTbwXyzB@1%Qqt5j`&*3 zc^ch50iUcZaBic&_FjSIGE{pni7Dwoi2$YkV&W}0bLQL7p;Hr1ZXU9 zvhUp5dhx;k130LBM|CQfq$FwnMkyMIKp4UQUMu*&cKDY7+W!+fgy2+$9yjJ9z`|yw zHUlT_PI=5hRL>Y9Z%=9vT8}}anowmryw}(vKKc)~wvh^&h?l7y&)<<6ect%l%vQo8 z@OcPGvft*)l=@GX>+)W`Jc1j@q5j6QS|r}zN(t6=A)R;drVhX9b6}-Y;UDEXX{swA zQbug?Yc7lF_!N-EJEy0uZKg@(x?Ub^Q1LI2>|>TVCg#VjQBu2$9f+Y+u2D-<-tGQH z*5~9&>U6}@CHZ##)-YZ|2*|0oBX1!J*|aS2D3Zy&+c$+!^g;8vl=OqgTU@I)dTA=9 zyqvEBZ;~7~YdIu8U=@2qcd5+(kckp3aDiYI>xGJ+F6XOKR7yGWCg+M@eks+MO)57j z<&RHneUX}Fd0#5q8J?nD&Q@fY4Ei!ccZU^fi(-X$DE=Do#U==7yrio=OeP7(Z+6P} zQ7y|0!)Bf+YJbb2R1oT;?=<>Wy7#6`mnZ!g!C#~r`<_DXk4(?#l12rd3JA)j^RrnT zMiYH3y*GsUB9|tes?}`s$D`g(snoOJ=fA59*XI}k-WT{Qcq@Fe?f_LezUYBDH1 zSttjeH6z`OOPGk{|MsUNI9N~|@@jLIp=xZ3yn!MG(fSE51ba&IBzqQ!1M{>WIdSQdP*Fn!*{v9PzsnvJqXI~6*$%tgfa>l-cP3_vKn1rNp`>U zPt3P=%(-a{Jq|8V9t{L_j~3bxKtx)#)bz&}`0b{Xe_+;*;Ge$ttZn_L-}leHH971S zQS0wXC!WNin;eE=Pffpmf;t?S%qE^9lZ^R|Ir0+a>FGK1;C8t+3F0xEpSQgPZY157 zFu}vaD{A%^M)ya@$799PYxsk(N-M@OBeu_x>74rYIUve2S-VvHOs#gKLy-8V(JYOvUN3jg{W1I| zkh5U_&=;PZXTe=l?`%?6+!e$;TX3^B!NGOzG9lyczoYSJO`F~4*@{9?Y?g!*bRtU zN<206KY)Id_t-{sn{TE3)*iv%1<7O!F|~Q}4xdM51NIqze@sg+A=%Mr{0=r#WakFt z#ZQ4Ey@RRT;l3$85MefkTSamxx?hqRl#L)HA^Co{;;vi|Ftk{$+x7?vL6`XFZSMN? zagsF%>L}BVye1gLeEmY(`e|#vLc(!(|9)ps$uKcxrciNmMT13|=ogozhzb%e)1NkM zK2a1gF9b_I1FBT&Sn48Y%*%LV%^DlIM9!&4Y=+i=0t;~vRsWW*>Mw!;lGr=ZD&v!K znX(_bH%Cw?7EMu21aw$uQ)pY;&jOS1Ba1>j5y|BtirZtw>b!7-Yc|Z+v&qt5+`%;p zSt7(Gry))t4s>30zAQ~wh?!+c>q4#)RO}a$npzQ(>9&At?ozA27Do_`1QX~jW&Mzc z39O?d7@1M0K>^UKTlA+L^tLY7nt%QD=v5}YTz@}~NG=yQqvNoRmsOB08ZP-0EjX-; z9d+QZ=j%obW{?)4ClgtV4!1LoRiwC0pcaUNebkPMRy6XZ5;Oz;Go9VQK^NYIn8Zo` z?MGaEf1e(=7ak1fI-It3j~>(Z{%rbOjMmaUqW^Di-akwRF(RD)b=&`5`u~FkSIw5&bIDZV7{_HS5ok@d7`HIR`+N0pqkpHD z)Ss%10>AMKb-$$w^-k~Qv%F#zj$cI`@j@FGr$0?>o64D;JSNuc&0v1lci&{!yslr* zE`PnrPX?yr0(m|3GrQvnr=w`(4jP{{uz_MRsr}=$tbxb;&a0{O)K_uSelfNK5SkU+ zYnHp)2YYDqX$9<>b?1KBWHpyY8AVd#x;9hY6qt{X3_jGn&m^fppQ8%`H7xICFI_$m zd}c{tOCqN>9&?O>>z9#_S;TpV%9idtS{jPiZgINob5?(MTEE&aq{UxPeTj+o0JV~t z(I2_Kg+_LagyB~}XwjRab4F};vqTkJAyv4?>OQT_?Y$kwtE z{c}yFT+xIHzW(&`otSO8xN-;+Wf~LtZ9#(XR*&85TKj0IZZj~fE)^k1eUfx~dLJ_s zv-csxK14uvvOXCrQi^at{H5<{;e^ihu+tE(mL5COSIKO6pI)^sJypSQcT(S+is^h` z8YR^QQTp`aE}KGjdWUdtYNoQAlJbD5_G~G>4VNhd^@&^=ShCs>?)|L^v`_m8z8}q! z#-38hpOXncMr4VD^A~(a!1-Eelt;Axp!Um(sN``diQkli&`F9}?5?C-LI1wXE4Ag= zyvjv?otm>7_M+c~fl4!N>U-lNlUdNjky5Nb2e&8*IsnX?abd$aQdt_w=cpk$NYPP< z#@jrj3?w=y<3^u*3fBK5BT8hKsckwj%@}1w8Zu@EInfiQhvq~A8r`#?krv&KqDaD4 z6B#{~D59vlrep_W<0|!%KHHXv+mgzu{rE)?##9l3GAbE#gXuLN4PnIPI&|Q~v_W;s z|CYdh(ciruOfZ%HP4TyF3gspkLSIDcr)f&C-B89QnvLW$!|pfO3>w!og#ds11XfW6 z!{y_cah*haM8e;5{1*6VHwzn-FN@b$7$`lr(WYZjt|JMM#Jp}hoG+Z`SVse7Og?9L zPH&yUNzB(2NzB`zsx=!dVj4s403vXZ{e(L<-JvA5$g*bfy|Y>jiFWA!;@L{ev|ae`nmNw+@JEN4;PqLEpd(V&=V>YTcyQj7l zN}F`CZVd}R$Gf$XDHVy)xZ*_pd(a4-I(;-b=#3!?hc*7hU9daB=rxkf07~Q6hiSSR zw{;E~p<#7LHq+y8bLyg5O%I0C2jAPCF=Rq7;NOD^LXp1PFB80r*Zz>;ez zn11~gNo8x%--F}~##9~a_g%doC5sV|`l*d-YQ?dVVc4G5Jif zv1ILLm11l-tVNB`eIQ{y^OH9DZ+~VDgC+hcP8;B~v!?fi#gf**-la+~;ZzyJ)I_|` zN|v>$znOP(j&_h4q_=T(-wu+WM~Rm^V7Aekf?c+RoYyD>#^tc>NfejY>##B-4Qq)v z^TBDZ>}x_`_f6ZW)$b$QN_8|Nn#z_E5hixaG6S)Coq4V0nx^yF%{J$l(X<1BOGD8- z?^!QsYeYX6uZ}4#r-LiBuU3M0{SE?>IOE(s+{eoegkDChmb`w}%6rCNr~8$G6cM;T zGG>LEop&Qc=5kA3;K~RO<_&T0sl(0GADPlDs}Gtqk#u_?SxclBDvq6*MOx*!U`o7)4X$6T|d6we)U#MVvfKWu5&D(F1rTIREcQ2 zj5f%*67c1>>gHwUv6LzPaZ@lej*KaS7dUT`i=JCEDScJC3djF3WOA9u6b4oDxz6Cs zaH4{3v&9O+c$tMVocom0R-2Z8iv+|LSH?RQW4r3f^CNs{QEVgSl?~T+Pp-RC-|gKg z7wP-Vnxjf0*||Ns+JR-$%5#uDVI*qo2oIgp+7{+;vgGlb-D(lwfrQsb9G=KZ+T&e% z6pQY6vX=P;gZ{Tz?&V#C#A3BkR=AdHk>P_JvKgSH2cq!Tky=iAE)=ao`_kML1_=^*O9CIpEe1p)8wI|$?h9? zO)KeX73PIt(Rjb(2(`%AuG*ZQuxFDTew3|xiGEqca|!SwX1dhgD}P8|{zCc|Jbp-) zY{68SCy6YBkde?p9oa4-w;0UGf+h$*#RwE~gmU2iQ=3ehP|@)me(dOu8qiL>Lx8k2 z-ayOvwgt5Xbrs^bxLV~oYG^E_t(EYC^yKzf z25hrbi-^5c9|)_Cfm)%GNveh6z380IJlmjgavW_x|jqWp=`>Rzv9)dF!W*yEZxx?G$hQs2l4 z_-I;--0@TxP)ZG~iKldoOXPuo6VrqrFqOs33`_2ED1D)et>)O4)ai_iv{)s8sc|-2 zvDsUdK(~{l;A~59GZ#J;{ui^*}W$cb^SmL8i2>c!={H9nT$_AM!7qbCG^)n<2*VKFL z4gMm|&FX04$8L`viPk{q9Y1jshqo)1ypY=!n~_>mhf2uR`>=Rlk%Iq>a!hOMX|%Bx z#(USn8(s-Ts9d)j;6h+1PIs5D-9y+44Mr=lhnoBp0F4_i8PJ|=j@3C1%;BQ-kzddzkbKZLF%Gc;i!2nQyl`ez*AKvpkn zLzFTx_01$43DP}bnP_555DrGhUn4_*VhNDqT2HIu;0B7TJ@nYY%>zHRVVV&W;h=e~ zxp)X1a6Lt~k||91FQFwoGbz-WAizoI6v&+qsX81MjRY@R!TN3UlZzwg$Z>tx^Iezm zh=iTxGNT84CT5HcKo_hIFtbF4H1pv{VBhxd!O%lEsbe8t?zr=dxN@rhwi!_P!f1Wn z$5hdS}s9)_Dso}f;i5~&Z6WA=BS#@ySvMi zGaqce1glQtLF#Hv=KBi_%3zzMBYU0{-!?O&ek(=u* z%j6XP^jI0}>)w?lQhK*=vU+qHz&3bMEO=UzMdJfH-edC9E>tGjxyJ^`)0J8+40huo zbmexPR7Q-Iw@qv3^tGj75#4Dm4|6+urYBE;p3U?h^9`;!*p>{s7ey*G0`gC0hk`h* z0WeVHId2QVLibCz87a&0`(JoVLS{1+ywV_Yj4w9q(h!4s_GGZk4hZK!mvwco9Tb&aA`y2VS{kG!Z2rCOKgmLhJ@sw+`thZ24?ab6spqc$(Hb)TC}jmOgjB<5 zfY2NKG6N-oONeFiCzoJvqy39V=@}m5i|QbX)Pr=kPy2J2qn+W!;Vv&`m-8?vm{3dGUEayFedH4b|I48(<^r)8KiBvCud8ZXcMfex>1~uw>?F()?+~ z(IO1Ht@f zNy66*4gHR(pc|?5q&^;=g^@K3nJReGw+gFc>AFVI;IM!oK^GDT5Q4jt;O_1o+#P}h4Hh7{yF+kycXxMp zx6^$8xBqv)_vhxE+j@G{>aMP?nl;B9W4s=~)oEbISBF%reyqw`*s|0V#lPXVcAch;4F`WNJJQ**=A34}Qs1H9$X<7eL!hR=v zjd>iQk+8Zx>icY=wT+Y}a!0u%hLwW%H(~?trOvmF7IGqfnKaA}8+;CRu75qui5w!HI6 z;xeiOwjQ}VG$Fa|J^#Jq^vnLjUzJmZT(alWMA zTsNyRnaFmbo3mmY^YwDwo=nPw{;`Ragu?oqHQBEWvI+QcjX9%+Sbw8U7Rg}nu28w! zE*_qYy5{&v`=Zf4R{8ud7mK}O`YP(vwYcZ9Se7+)EJyAHHa})&+~obAxP8<1K@;7z zZ~kOn^l?s~Fw^4F%M*Xnw*#tuFvu{N68*XbsO*W9NZK_pqc&TchAp|1{FT+YD&hx# z{wQLH>I4G^ox9%iL4cBqdHR*|Z2R(Guni>n`)EjJ^5c45_@nW^Wb9!6N4ot>w<4** zhq-Z9Y9^Drcj0P|8bUIto2JS@h5J1eq@Q(u5o715l_s=~QIDSt6$Q6x4;YVban}HW zOtc*KDb_PAX{E5LJ@~r5Z2lTTKrARefE58xUW0q+{_yc?Mmx210qd53Gt9&B+vky= z%IWuvp*+c?_KEtxXrCz0xxa;w>2qVk4L?orCUndwEw+u?dnFmh{AAgbaQ#5I7Q<7I zLst@`X?9c|gS^C<-V9yeFnWqUA~43rtn5}acyv(DnX+>5;^HGl{{ZjnenxQjNW0~% z&=^oR;0!hgz4jV{klM(g@Ul^fSylIleOUl!GIUGc@Cv~$XRMiW!A&@ZM#g;1r?eBY zHhd@rHsAd{y887^q?XO#%-LgTr zU)X=K-w(RABUaq7zdBM{?HVoRs@jRv#;#<3j`Cw-Nb7WUh6#1->`G>>cI3!J@{0TP zwPA|HidL(Mo~2kJ`sLml+Vf?b?P|ELfLeEFkXNgod&Zfk3&jo$KPLdjC@LyJWpVm4 zP*DC4@+mdP-~<=8AlPWrU2ZPFp4omLTi`abDy;mki&3^uV^eDh0zk@rZ1 zm_i9-o?mTd6ms8}${T86XP0<9v;r)=YNy>Pr{i&7OPBH4@{APEj#5a{1RB zYx1xa<8ln*9EWZD%4&-s*%@F#6btI!prc5soq2eaCp=4iwQsGgI@t>2+-P>5Au6}{ zfu?_-ek%lJwVI=9QPU&OL+ZYoAlH%tumB_lTTF8>4H<7%jYnU9P@fULGGmlDjm1!M{nR+T}$C z@V2`@3k;d2c&qZ)2;M@QSHqOwgK_T8{o~ps!>du&d;Q@hiVt(8-1TTN37%E#V=Ne6 ziU@P&39M;?l410E1jlIatXD&tTwzv(8(Z$>#l!yxclS^Q4v!uZ$NT#L4h^^r{s$Q1 zXD3-(aso;J{M{=o3Dd-t5)uy^_kVcFYwPgbiHZH4=#dAF06Hq{Ec=_;iUjNzu0bzG z`cK&kSdjG0m=u-Na5`t~-w;1M)X5u%SSy8az+NTBMW)*OfY>=lx?vcV(_k)qlhX z01k1RJ@A9Qddsr!EvFagcrT~#sZ&|`QqEgNJ^w@~?h4>)JTC=p4no6Wbtt*hT;3_hE6twOG=2h`r5(dI!@twthM>Gn3)-pAVva_trT zqz-TXHf*AWRLkgc;75y1+Qdip>iT@U`}H(0bwMP1<@Ajreu{c{dm$!LruKTJ6DL1h zpj)Wvz;zZ*z1z|3{i!3!&sGvIiFQv&sm1!_H@h)`P59X^4Be{hjy&z^f38r!ZK!Sw548qW{W+NOhnVi+ z)`=6-(t4eO-$5*5T)_JBTYT1W9L4eBa@DHPpee1U)!irK6j-@(6F4e(kA9^ zSv;t}7-;iE(WB-*>H)2UpoA?VlbkEv{I0;=*Oy2kx`t=3XE^S3Ho+bz|21-as!qze z!S2{C{~~-ZczYCH_zK%&_(J7hAOpws|AGvHXlXDQ%;9mZ3#H6q;P69f>ny|sadwYF zB4V974mbdj686Md&Bpj(Ab;#pLAXPM(-F`{{75`zND&64UgbyLk9YnF9@e^9D7L@9 zQzZ999(WE&)w}Go;gd|F$2%s756~A51;C1LZe-gZUQ{5o)+37E!EQ#@s>G;VJmrSd zmGE8!g==l25x?x+WeN*kGu(9l)p#Eqde)gI)<>yqm^i`CFrDJ`v!}F0>UEGf$u94g zw0+G=778UaRkaK=-g)acl8Z0NUxb5Nel%s;Hw)6-JV0L9D3y)z?n>o)r+6J4V^K}1 z`awL~@1ai*VGia809h^dZerp{9NDbD+_TVmoNm{ADziGxo5RT!vpo%;5%h&JUgv+! z?_&tLAHyxW@0gq54Iq!Cwu&Y&W-B;|<%a7#$0#z1T?;@lnSP<3$@=wuqn+wWc3%7>s{Q-J>VDc^NK* zopCGoE|UFxc!121~rxPibv$ac^gtjDeq_KLd5LO^W;H zAC2&0Z%EAFx2U>>vZi``Q*jv^P2lFdE<5?UUFlYI7|4DqSKR!Dk$5y^$=+M6Feg*) z;I?DZ1wl~UTvI|(S^er`J|iP`Ov`#*7-^Qye>I847#osu-fwzUpzgqQZ~e}zNNXm25E>i&PK(1Z%Kjw2q?QwAqg%b+eTR}xtA8o+7=T}_hBZr6kz^d>b?z^oJ^$1T~H_;t1XHL zUBK|fR|ntvY0LKhJy&Y|`fl2;TYmH@c(Lla>F`P;aBJ%IHt8TGew-Vjd!5%5duy^; zAL^2-@o|J+%WG}g>xVPMX;`xxM<+I#^Yusq68x}M(fsW6+*rOS!GXqfU~WlkR?tO# zk_?rRZ@ywgF#CuIf|?_R4cgZ$h36B;B2XGj_H9fJw}>5G;tV;0(Y8}ZbdWl5GIYkaGoRYWSwV_;>yhs5oMbxlACjsIQ6?1a(VZ4gTVrPJE{Lc|LigL z8;+Qz^D&Poe$7#OGaPEsCPTEb|6G|;GseAEi#W8qb4DNcJ^`;2W7l)4jqatmt6(f& zGUt~^1CBQqyyryShwHt2j*`2_GwqKax!20xRrCjGh z!i;9Y1I@#)?e>Yi+14mY49$1ZAGIZm0$}}VsAT#oT=*}%?~;R;G4XnL@*O3cHtg|` zMjt}syL9E3+$e(nQe4ZM376Nr>wfFJvEw_+Hz?|xX#Z(TRSJq*Z zGzCx(CI3U#S?CsO~@XDb}Hm({di_(`S&NX$q>At0W<=N^;=P zdVl4mFMgGulrdPc?Z}+syz}+KdCnNJ-7*)!uc(G`wqJXdpQE8d4eJ~HcIj_2>|+B) zmC!>Zc`F*|cycK<=fKpnoF}u)qLwkUc1NM3C@1o0k1MRmIGEy;q`^dXki!*hq(Xc$ zpZ-!hq#mjBBl8L5I~U3?m+U5G zVT9KTOGVvktpbVVzvxPPI4@oFiO4Qx;fB^$5F&`rjVH% z8xT|4@Mg$(JTz%=4J2~-9hVT9Gz<6A{m zJ^~ChIz^tTAA6=HGY3fn1rc$l8WbnC&=DKkX zlBEM$I~shx!uH+maK%{eW;HrvtO%a)v%idggvByC#_3ZHj>0jcjxLo!?AGJsqG3o`W-M^Sw)xV#KyUg%kFr8*X%2(-whun?Y+`15BWhSBgc^Pe5xzxRC-yj-d>)r3+Dpnx>`0XTn{ z%@`LsnMfBI0t+K7FTJ>3%5^U^#UN4fzEmGfDT8^L>(MIrsRanP2j-L(@+Vt zJk5ma-C^i=#)Tj>!Y|NO(FqA_Qm@RxjAow< z6XRV=A)o|0XC=UETjquH!to?p9b1x%ar^V#q4LL#@h+eiXrY^qS6uX!$TJ^aO=ZSH zTK$r`pqe(W$Ux*7%^)2cn92o1bd!5kJG8u0N7d)7FF^rogdKGmum&G{-kUtXJJnb1 z!BH_FWR6lFG9d5a139QFmR1_`F+>~|)uZSp_{O#=+wJy=?@#9DuEv#RYiljY{=ywM z8xEkI`YXmm9m5x4X&1rm)jUcV;eYg8aPv6*conV-%VLPc~6Qi-m?CH_@YbLLsRM zrnmeq*0;^@2s+lgq=fl~h7l{$(a=7(XMW(j&lgEf_#RsSC+C&%F)j?ng}eCVnW9ur zVlmWikpbhF6NSi05SL}nrR@xxxXE8>nC*D@I3o-cO!^13DyJIxxZzzJq@(9U6r&MX zJ%5>A^lHUD+0RGAlvD96!z^`L865uXh>GnjF>qet+JG|` zqiRuL3(Alz8)&5Jc|_jRDfGvm0zEx*jdgA3?i($io!Qi*UFWvXW8@2%raJt;uFHf^ zR48SZc99j_?>RYl5j9j!lSgo_KVVBb2_WlN?xSZ`7i_*ZmIU!K&z_YqVN#|9W?4Eq z{q%uIx;x^v30x*QgFFyj>TZBCPgqw$%nZHh?Ui`%C6n~iPSZ{iRpfazd1bmzUm8Er za}63L{T%5eZUj&(T(Cj&%^_#r3?&-X40Eh8AW!vUz$B)inGgBFfQLI)DxXg5P7zAHwzI^qtCkS=@32zLgwl8KIY@I*A*+Ie6+Yj)q9_m zMA}j5xda*ijuH&TM-J9zQ9(idM(~AV;A0CYcsa=Qd*u(R-g_kGb5~<$A`%TOGYygs z^-O^~E2or^+I75-I$2mY6+aB(_OVw~u4wuk)|^a`W}jDbwLJ3BLw*xCkkBD6R#84&k>p z(84U?xL2{L`N<-f+1x!Zlj_M9@)(2S^OG^7*^hS%Q$JI9-$iSgu%;yDP+}TH!kQ{p zC+q3(mJACM|M){l3_XUuhzMm}7&Et!aBXfp)WqTTUQHORmON~o=eS6QKyBc;;olG}vHS zxgrdyO|wSrcLCZ&wj6z-P+9zy*J6!0`stq63?-VZ+8f64Ss?kEILi^p4`%{}2~ALz zLDks>;ZqN33@7?B#UPqg@nSg127~z}GjKT5(~e&d3{O68h}nBTrwHdm{CkGJJqj<8 z@>}-K<}QCCPJ~FMI=NCStYtKHG-Z`a1M(q9kT9LW#tB}O#I2eqqMQ{B9>0UvLE8@B z)Q7(hdxJ(+FDNUcqj;E=OM0z5K|Sb?^l=%eOi7eVkfL`Xw?-RDsnyJ5q!tLQUm(hs-)XLYz&OM1wa-y$H_Wq>0S(3KDPLuduz zl{GmDpbS&4b!|;32(&Z93Cx0xck^^?u}BD#GpF*vX~2aJJodDYmhV{{TuB+eFvnU_ zO2EewZS)wI}4Xuf8tKu^;_$Hv`I>ws|q|Xw0e>)TD^hB9wLrzTY;VV!06NfnOw9xR5 z3?9^#!fHRQ3?F1i5rwM;(6E^ogQObr1D&ADr^!3WVQG;>-SY0)VwBM>_5a8nd8-G` z_CTZF3DEnP>8DZ0gY^k}URqZ(kB?*!qMcL$EDOa{69hlrEC}@i;hG`2ZHgaHLt<0X zMjpC`dzXBWZ~i<~bW|4d$)m4JI2fQ)j~5DYT;N6RgYUr;LH;6RsLE8h>NFV_^_}ki zLdWByw+zAGII1MK+i1Tj$+5Ilp4o0n=Ts?LfOrJW3d38Rp`Q>LF z^AN=zRhJMODlohD=xhjoIA+fUAr&rzijA<{EiGEC8c(HL5eDxzMpR8SusxAm74H}f ztlH|r8BnilVgbPp+238kd+S;J)asvF7Xs@WT-Kq!ud+7h5w#MCabrQEmEG1{y7!-s zD5-Z3o=gqN`FL@i&C&$bMGLRO*dvoO-hQ_9ozysVHHY#EUf;xF z$MSaq28`+Pvm>GLGv+7cwIJc}f!!W9Ny!}7equ?j2E$>Hla3D-w(gf{UI(c z>>syc;wF6*_2*NxV=+H{COs5CL|m|tWBV+O+5w+d{Gk|fsB3h*cE6+r#Yn9Wk{)+1 zLr%**`4!L-Fb-j!7qX5Zu8d(tB z>DhgK1oJ~0e*c)1A*&6~%nf26DBF+y?WQ8uHfY_Y04bu1|K6AU%*?NKoiLm;wXMb0 zlxD4{Ea|bD^8;d{y&%G9VCTOf7MqU;63cw&Pd}*Z|zpd3O&AgN3R|FJXHv=k!rqYM+wh zD=&$ovCwL^|Ah14Z{??a^oS&dUT)S&gSnQ{!~O$J<|-QHX~c8r*^53Yk1+To&sYT~ z1-powe=OV>avX_v=E183&|&at=FOVa(*!c^H`jqE6MKL6uWl~>($;3#!n&@JVF*=xP_WRpLJL#6`Ik!CN*ew)(DGH>FVA zg;}91YbRf5-<(KfLmC_1ZJp`lmrCjsnnaP_A4bG&oDgC3z1&L1_YVI3&5zBx-%LDD zxoKj2o8oNrBVZ!6E#e)Tk$Y6h96s`kyGvuu$GeK&-2R1#K4qdMn$A~yIA88H;+U{% zvOO-}Pf(<$NMi{s;yV|}C5*Ege1_@6zMHK)-k-9+av6{IPV(9BSd0UvS`8{ z4f}oZW6;-TIGq`U&uy1Ds-64g_nZF{|B%FAVYn9u6%h)iGhwcH1yd4eiEAl5wGU5Y*-@}AvAbth(xCRzz}||$`Or0;Y9^b_qKmd(m3o{Rl*lU@TyFrp7qSS za0P5E5m+Sxm2r(-u0Ejg!`F~7Zlc6N%$OHcwLJt~>Um4LU)M9W+xi!{a@WlGT-QDM zl~kT4*GnDRSLLxB&6vGjn-68VrX-!W4I)ZTk95rtEYfWLpGSmz){Z@@`B(?F9hyK*EonE^eZ9qO)5cyCK!9#P7_ z`}7asHpdS>6NIr;{8IZr;<%uHly-gLfXX7jUhaWU|8BRT0$Q~Y%M|}j-r_&w2V{27 z;zd6E{5NFxMF>!?l~|7*_~(Y++^_({9zea9=<-w6|NW;oKrIJob)agJum5)k?a;u3 zw;K={z5mZ6gW>Dm1Fc_vs!-$nbE`lHV3)TFHJ72RUvGL~|M!mL-T=m&Gx6bJ1xW>r+i)aO2lLuNG-fI_V{;LB(@B`p{t}#R~BK`+11i@&A01#zd2TkmM$uM)j zvGBQfUw*p{uCB~7Nf8=VDTXhXf!gFLSK>_1Y9|6 z?2$Zpj!Fv=L04K8Nc?Bo_)-8y7`Wedj;Hop_XnoUx7ODM00MQ^DjGrdH9nhM!okCWa?2$i zO@S3lqmc;Ihvg1DKb~T#SA4JjUS!|v^q$p1HH-H!ns%{f60il@2YBl-^m81}V1yQ@_fzU%mklXEhr9oe+XUC%#(wnn~v4z3t-{2*3FwfJLR0K(S61GH;t; zn#$~7V_@_4xe!!Z%L|%+0CaiuIp*uHcqYRM z!2a+o4V)(wzM*ct+2LGWY)cprB-L7FeP|uZP-DuKZ)tMfJE%Tnwx1!0U1>0~Ps$$G zuaK?8wltkhZ5HNvFg&awWVT;;&)5DrztZ7;ps=;C*6dOlkI9R)_0I7Lp-UCa2TNsAa)=>`*Q!|gWF+G z_4_ZH?Ba>c!PLLmWULm-%|c0Y@@bfM$Dw{Vn!XTBe>rK73DZqAx0neqTU1Z)U#i(; zb9~HO;XxKe3^O}<658vZ%yW3U69W_=${pqEvH!FD;sA^CIBfbmr`S0tI1DbQ&q5RY z;7XIhOi?oUk2iua2+$dvZbx)jVCac_Xrs3T6ho$niet8Tg0CkG8dLpZu?G_H(Y5nN zz$qrOJ+eKhWQv65K9STiRV1<6W4}=#K*?FdE2r`Ci60eukl*QbdEUwTG7FBRw5Ipu ze&O}dG_bz`80XW|d$yRS!wo3HjFK0T3VAX}X3VltnExyiZPjnv4{eK%CYP@!P|;p` z0I4>VP`gIyXk~azB-x@wtt6X`?iJwo?n=okyiYUdciBGPZc4+I?r}C9!q0b%->35H z2z5EUHnK0wJf60Ksgb1gr}E{FW-w_JSDiA2@8faQzk>8Dxn1^()Vg_OMr$2jU!d*( zlJ?UthW=+4YMXuY6qs$luhbAIN0J;-Pp6vl-81QHxW>ma`>axmjDpMk%gWB-0?=*P zM->t4BrZ4X-=JQ_Lj67NUtw}vI+d<%S)GIG@gXn_x8&mP*5IY18>S=vvzmM&uOmi| zbgcY6h4DygFT4}OtYd0*Fg-^n90t^JCU%TaqS{2BL=lwp+9|vB4Kh}`fpnbxKjQ;@ zMGf$x;Gx-WuC|hP6Lcs$r|UHPDuYAeO>5*wO2HTBozGe?w>rN4b?`|!BoE$Jka{q- z{!4X^5`^bbOd_m8xag7>hl!3op0BAt;srN)LyO?aMk=HtSP3^5J_n@|@!5u4RQUHe zw54ZIf6#!)k&0eOR!aG5pFmoFip{T(H%xAAZS6>GgwJdx%{P_*mCI}KT8yLqUpsB7 z06^O>ZD*1F4x6#qXx&k`hZ2|O1(SUa-XMRDv{SYdTF8&GXFSWvl2dA?D9^DCl|wL=vq*^VzWwS zKk7`FR%WQD{7+!;g&(-xFAyx{g-aC%c^P`0%3L#0!}=$h9Mi{PO{XN;-_G^lA$&bU zV(plL+NjYzp&K9uEnWcTaEa9(1^HhaS*b%=2@lDv4(vDk5(Pv9ol5ot3uCDyQTYY{;m~{svT! z^)5`_oo~)BSu7co)KmRuczgnYxQpL!!deKZPkg>nF8#kD9WWc`&d#?;>ZcboKE^!1*!|6lcGZx>|C&AjPh{O8O2p#W@hoIgbw|JC$%fmsa8e_aM% zdy77$Nq!^$_x}ju8KM05Pubt1UxgrYzyJOp;1;3(`=|e(y+x2X_ub(g&k6sa>GR=@PnT{`? z2wa!vMYcAF(J+Z0cGJ8~Pgk0+!im3-0)qs)LU*}+;c52T6ic;Uop9&H>DcqK58-HE z(ha9qiDyC=0J8&P5)6GqrD$qRY0=%6L~1L|q^FJUeY+!e7hW#OsXU(IXhhty{^t>V zFJNoyQ!o?tem?L>c zV;TEBVfa@u)e)!Knjh181N$!f9rLo9JReb0T5aSK)RT=-jX%6_+rN}K@Bopay8VZEAcS2{LIUP?nDD9{-8KgPcD%Kd$5xb5dpdG|!q@>hTJ|vl_&nBP9 zG5eXRTC!jeFl0mCQ}tbJ5MQ)31bLLoWSQXnSv=l5;d%Vz+|m(KCd)vr(88EAn(X(c znY_i|!nwrfdGiaKPE9z1n2(hn(l&v|q{a5Q6d=-QXSIJ78LQkKU9Jv=Jeck3S19nz zD|Oh~V{m)f80>L)IDH*oxWaVLp2#A;a`1Kj=crp{6DHJ9yg~wK<_T|%Rlk+L>H6eXGqoJq_gMJtMz*mF|&(+3P z2&E$R1mOtWhi-%UdULiC_2xf?%B5G`j-Jx6m%Bq(m@o{s7o&>Brg{UZw1>NjCTx4# za}}*IPB+&{voV16R-tA=W-FN!4-b#o$kP4Q-nhX)BFmu3H4XTu@GpX|wwpcoN2^gl zU`j>Yj?0h4%)5*9Idd#cOjT z2xah;Ds1(oUL6@>xV@gx{&Z~!{v7c_{nWy8t}%6DW_>48kF3DGEG=KA)hC8U zM4MW>kel%FkbPLAT-1!da(kd`f<9ohKZ0=#Je{wV#%Me&RDH;jX}RdF;JCgC#Jl;r zQNO8W3jSg#rREN6Om0%j{NjEv1Vo*t%5Ci(=bMx?zMrjY=0$v9i@MmN%d9Fj=#`nM zowfzeX-k1_F&yqzg3n_XX0FdWD3Fw<7L~hS_>Vaq&a?U*6qRQ)BF=)LR@xXeMm!2> z>rmriyIL%|3k&JOlB%;Qk3!P7ft|iUyOV;N)_Z+pDgxo}O<1R9Mw(v$a$d44QsIm5 zQoPYg6KtWC?lPeBo5=0RIc+^P)ps$v?OkB`I8taGTQp5S<19%2Vy?U*Pxut=Pgj;hpc8NAGMKV zw(v_QhK_DvNTWRdWYs%;rUP($RMNm3%=|b2D&L!Q{_!0;*ln5r@K+17`FPJ>8gGGG z9wa0ht!bY0bI-$XopMy!b^RR06in5@xwuwn(9+k|xUwgu>)nSi`~zNIg5i{?{*iv* z1ZcXoXB)$2ZAGn_4=#CdL>V1r=BnpwCIrp~3-z8%*GDVclizTbT(2Lnn)Nat>i_Cb zf5+o-dfLTy7UOU}ik5gs9g7I%1cK*??3PYkdVzvD;c*iNj!logc)Zvs=#0!d-*Qyg zzR1pv&3iSIxbGM&_|rwwdL<|Q zlbQK%ksz7a0dz9qOxVyrV{$XvT@l1-7!*M=BwquzE?vaG{vi6S)#B?hr>K?dAeQwN zGw(^VKp`hPS@QF2$*Slft3~!H#>dQ_u!G6-=seT@2`q>64I#iG=go#fqB@Gy)lP{b z{oeU_zDN{z;k#_>m*p1wz+CC1jH=JU7!=t^OCx~b{6184c&-%QxN|V(_&Zh<;Rx(w zOj?;a8$BvP|1e)FMkRMy!uT5!mZLJ1P6^nhnxbl#Y_(PjlWi}xj zvej?;>f<++t3^2w$A>pyn4|>1w^c@lo+-H8=2(+3Uq}KEdw%t1F7-{JiQd2P#nY z)Ec=llYigk6HB|jPU)Bp;Y}5l1ho@UG|=3y&zF1gGysO1c_kUI&!@;N2DJ3_%T-26 zq@PTYx}E}w&1q(RM+g@HZ7Kva)acZ5y-ts0n$$AW@l5&6ch~bn&%geZs0y(ZzNTyA zDwk==@G+cIsb_tYp1ABWy?V~^g*gI84qXlpd41-EH=Gxf6{JZKiDQU-x-=}QZsn-+>v^AeOFc+ z%gshx03V&{`G__azUm~myugCRQ7n58r!B)!@G8?hh1(+)FS$RNlXEm*Iq?jKHiZfW z{cxROQ7q)=gowATGe26cHYxo5Nx~&1naf+d8F$~&9!Nn=uWodQ$o?i@eM|`Fd*K!| ziJwz0k{7Fvh|3Dap_4mSXZeIN%JtxO`r?_I)Bt0DWto~rT&R@64n(WbfHdxh0-;Na z7*@ycZf9pvo%NTK^g3X~S@n0QMB<)q*Xe+8S_P809kqNN=z1&eN6#;onVwTP)K6)K z9=&IoKGk6yz7}(J3E>1>xqYtw@aTXAcZB-Q@)Kd_?LlK#u#)x@Q8JHv>KnzcRN%t- zsYYSA8=vAvtmQTovjy$&o^9>jV-CgIYNU-`XQ5p_n_af(kz3d!^d zz{zG?Vxh%=@_3;+u+=_wY4ubQ?*woW4S(5)8(plmz9foWc}qsz-BLmRG%*h%^SK6$ zlsmh))TxOT?wkxX@2t!#W>*KFQkE<1Da*R6#N9*VKuzVj(y`*#bYRa3+&$LqPw+4} zFhi|d?M9OA)&xyH7IiNBeSw_ghe()I@^v)tIiM;6s8D{^-LrK|V@K?HDqgtU#&iTW zNUe92|Dm;zyl^E9_Ye$NOOqi*!_OzzwY$6ALI5=Lb$xrNfiud14~(yDrm7r1pu5`f z)o#MSLX!QfY|JOQ7$=K`m|#V)x3-e*V9l|^AL1D-niz#y$o^K{bqpa8<*&4%)A9Xv_-=d@qu$iENg|(bEiGO)dulT>4Y018H=0fR0DMXm3xGy~*%e zpgeow0J$EqdDNK=l~y54(iQe6#{A*@y0|h~+iNgvJ>dHEna@-ne{(RFDKKN-L3w5m zA`N`u`O!QAFs)Xt_7MNgk9#O^;0$XxRH9tsxnfj1C9pRy zSu1b53t+jBDcVewBwfko%(*;%zEFJ_!|Tb(G6HDAJX{~h>U*g*x}OrgDvBZ~AMSHL~s%nhJH(Bnw>vj4ok?YiA1qW+AhHIH_|LqQmaXeY@>k0c% z5M6+2o_tDQFceFJgJMkU$U@NrzKI0ftH*%!@07$x8?_cYEZStYBppSM;7vR)bg?cv zyLiewPt?6zOr=8A)ZMGFiIW!3L$QQ=_qn`N@t8^*i&^r)7j zZSLOmPw{YI!T55&AtPPy)%$k0KO&wR!Zo9%{PKQElbxzdeLw$*%2Q7mkV%0!Xx&2~ z_qf7VI76oREi)4R{+JWloM4`L$H2SO8kCOF9XiqeHBe2#Hb`vn`wIgff7YE|C|sR4 zIiO@7LQh&oK?AG`(|Bt{M7Y`%!(#jwuct$5-xum23+13Xd;+zt{Wr0kHQhPtW;rwD{V{>2xshmGImr@NBjC+%JYs<61B=y zmXtW9HspogxvF&D5>MYh%pB(O)%W;28zU(ThsB729=}+ay&|)U?|p<#&&DGBI|v-L z^ZC7IwuE&jZ9h==n-`i!bto1Z+Fmp2D;}(oe=N%y)~NZ5?OZ_Wl*DSSrUO4dir%$<_0Io{M)a`Zyfeg+738{%%f^@dzAsKD zYWfoA%O`s$D~k59LLx&cM_7vf_}4EfoT@nXE|%6O1lSwjB6m!QwPDhI{G3p`C|obH z38Y?yu>vVvx+l6r_LA36rGP9@%qwYCh@;vgQoYMQu_LoLgo>$XMF5#lc)ravogrY% zK^6&A$XMp=J(0@hgBz2|Sv8}DO|7{cO(mwi^K+|`ZSWynMN&Yj^w>iwIU{-b-yqRk8V$%)e4!L~_qf{y%kg4_B#g$Qqws-) z2b-&#n~%4NQwftpyE`objMtawe4htZZl((bF!TCJB`?&A4_V^^WoY`!)l!p6t9!tOY=Zk!t7b*1(w^O*B)ca676eaNFVmFPR ztAE6Q=Ivcs_C!~`W@Js{%?Iv_1`OLb8&Q6ToN^9r zjiq`8lN+%?gM>w?Q~4rAX-6KAW&^~rXeNeqj3ery3uIj5K&lWvuAt}kuONyI z?c!jy4oDJk*vJ4L)`i%^mD%(*ItA64h(Cn+9fKg|mLw|Sivq0Q(PH!R8CoY%%*?lO zZJrNI#=7>K!ZSy#nfY>ApQJ#{4S>~~vXJhHUj&t8*TU1?(>;<9^SSql;3U=`ErNw= zvz(Xm6ou%Wl9*Fc(PFZ8yg(gOoEe82vuQ!2pRFYnVP{2O+t4KE&KSOF0DfYbO6D_o z+32q#mDqPV0^)yj6&lsoTHPC653$>&1fqpgR#(t>OxE0Do+06`4ol!sf>@qD2;j1y z)(m8g`g}Y?@z)`T@$v+#oY}(M`}Pyew!s{ty|~jKLMaRddT(8{zEWFK(EBfX@|P z8+zOEo5ii*(%uMSm6<3W_gg9*RjoJz0AK&%C1PG%E8*j9GF_~aMId-dtN*#)vf zz)JJAvBESNB4#R!*D1GWbx1}B%`j=DkPcJzt%06UqJf0BxKfnOi@UAQ_ns2R=&%R0FoJG zVx*LdMtlbC&uZQ`hAwX4y4A%xLn|z%~ijPBEkEx!++$nr?WpaPox&To7|^4j zHFpn@!2bg^Gt`HSbZgw3R%JeoPUeM_+3-%3!h;PV>XmNZu*ep0Zy|?4?*=c>o9vFp z1(GGg6@V$Hf=$mRwyBFCkhRJx$)J)zU68;1S<9Wyngw*le4g%)vEibid4ncq#t)sC z9?2jRts}i79qvq}6WFzzMT?o6&)QRC2GQtxf=7k{?7g=cwJQruC z%3i_S_CbvFt7MUgCp2So9Zg|-?vVtc&A2QjIb=aYPlbIVROsQ4VQ z-FlBCo?ZR!HUGv#RC}~^{IK^neobg|u_cl8FoP6iNX<1sYzTK#IBhN$Jh46Phc{jb z2)fJ9qr)Ouejs|kO`}8>&y)c>X?-@6YfP8}KO9Y4(Q^FR`#6#B@2Dcz_O9}MU}BZk zvhYKJGa8nQUa8J)ugB;N$53|A&T?0aJ$Mkb3}^3Us&s{WKu<)tP@P-?2A^#< zo%!L>R!K>yC!DC1xjg8Eb_93B+v3ABNqm=@ntc*`8l!D;$ivA(GtP9rLK;hp^SmVM z@YonQ;sj@8_;(6R%9+-q>jT~QET?$I^T?_A!>oGbgNaSJ_PMGTl^hQ7BnlR(G|s4j zmzw0LMd<0tN5tMZysx8a8GgQQFNT;J;o|B7V=e76>i&$-0J z%`sF+L~%S_-VUwgz+`jONuIkCF|8B@D&`4HXtYjCmE@k0ZO{Bz;5t}CEsEgf83`O( zKl%E>o0z(iOy){vGMmX4pmfPmN)9mPNwNC6ME1@%^moIc8hyl;Uwn#@ zg|XaQgABO8?M-xa3C$6-Fy_mzsc7f8vGA8nV^Fw1f;?4!@(d;9VwFl}R?5j}ZFawr zZ3%L{z{y?VyHy-XK?7ekUUH_uw zjRg&E!3hq*-QC?axO>pxF2M=z?(XgcNO0Y_2X}Xv#qZqvoO7Rf0aH^o|57_t*tWi_ zyFcAVn2j&dx8T94-GCk0K|V`7tdaABq;PiwFCkQc)+=9$U1z+5{e|i01g%B<8_t&J z%SA~3tC2KBsRX&7#u-J)>L9d1#u2F#8&dJTLB7_b$hS;>&BhsV2@gt@yMNR?a{?$9GM8jem zLZsn#2&73c_ZBM`G|By$ct|^Ev$r3E!bfMTq{77~5q(4vx5X-(dPIK=3DO@ylRK476ja6FJ~LQMaM=q3`>4v&KcvT&-m_vrtyN;65*f) z0D@1DJ#VX?`a~MKNT@@Q z(1=P?=L?Q7qHWgL>%^!QY(up%dykFfvzoO^0csrPpx)(Q-#C4VFw!W?VpUy_mP!}U0gL6o;$?V!%f%-RcHs9bVR87LOia5pO<1&SV z4V_{wKAi|t0(m_i((`D#kN4Sz&ocO{?zC^gUBH05#qW-&IbXvS=D|0t_fQ?{x_%UE zTgjX9`_8YICsdAus58q7l$Vzq9vzZ1x&sju%5^|a>!j?b+L$7XPpjs31(a1n8#6y( z<{L;G|EsP83I#kC#iIHgaGwA>vZq;mV+Li?ewEZx|KIVX_q^Q+VE*j8s*n(%{X4B8 z)bsNGQy(W1zW?#l|M%E`Y|j5P&)KD%$MuuHi1YcRp@40-*F)Uv>pD)~h4t{!eD%TT zqSN1lg9o6d+A2EymG^=beJ%uuf|A6JZOC*RLw$E{9PC9mmo z2T0r8K3imlV_pcYE=TNgY0Oc2-R|2B4=~7t(<=`MaNSZ>gSHcEFAW}J+{NDTWjN{; z+62d4GD0r&T?OmHxZO~l2Fh3hd34JS#X#z+92Jnulda}#C2{I^^TO52%8g&dV=C=dw4Fu zaBg7R&2c^<#-Lm|dP6*qzF~R$ErY__i-30f8XNL(>5SPV;DsJ@oNgu9PrVMx>Fif; zQ$pC9fUd6YFN|?{4AClex~V6ZzJ-QEIDJ*f=F1EmIKc%HO1M>sr~qO8lYi|tB`_SgNTma!Eu*wu{+@Stwmy@DXubbLwm!2n@}>+t z^(Auc@(mt4%9pkGC0^S@(LfD4%l(1(N{hpsO90db9F*f~NR(>(Zj8_6S0H)A{TzB0 z1GBdF8L*QIuqv07!nVXLZ^FqFI2}lQzH|z9k7kwsIOonL&d`Y6u`^r_1=dMn#Uon0oasO>|w)FI^1XYAuBl`II?|};Uw{u2BJf^gc z&W=)-^4-}oQ9FR_5?@m{XyC9)eLOvc)i${JEf{5d8v{r6) zG^Ns>Edf8QE_X;5FsJC;USGBU46-Kju5mfjxt3dUW&kYCeZ4ExjWu4++l+UE{MFFt zj%#aYM~uhyG;bJlqA1&Rw;72NKOP*^C{&g5p2DgteS~*JgV zc0ww@6T1*X8ik0uDRlqWCcF8cb%2$6_=(Mx_u>8?%|#VjMJr~_n_8nwIDCQrYsaj@ zT`arvJ(a+n)ofKUtMKFQBVu}jI`&J&*Gg#H^;#9mDPSpG^#O1b6@jGKd%o63)_r`5 zgXZxYv&n*_&%wTo8`qz#c0b&=^Pk4|1HZn@h9bS?o(dVOl~_<)f%2kg4q!w32BfDN zkLE2OhV|7Jk2vf~n7g*iBvR}5iU9BSi)~n|!0n)|y^qywsRAJKv6cB1eOmfvvB@;C z-1KHvaNt1vkI_qby?GH&DNfkJmq4o`WI5&k^pkWblJy8Z#lALV+H|;zb#uQx37bKW zN{$mGnDs0MyI${sm|k)d%FEbkB>Mo5siHY+JE^%@IFddT{Lq_*!)n60GpeI#IU)4B zF^9fDq&)h;dOkN|x^43b1lY)lmB23h>_&epy*WRcebh-5Z{P)E z6NbZ4q2iTX`F3qz(D_gwir0|s{e;Mx=F;$b(}G{gmQTX(&_HNY>8*38n9Wjg?A<-; z-OH85Go~e_SnOkL8s*471lrkoTz(&fS~h$epcAoHt5Q}g1B_jlqp5U|Pe{xpAm`5j zX|04JFamfSW-@DhmYGQXU6kLyf!!Zf0ihOYj4#rJgoNVVxn#eP3tm~!_%jj!v*Mv9 zgVTLjvM&abHE?G*iT%`{_uV_Q#F^^SA`y?29Ko6>zO2Bhq5Qs>@p^lrBR#CGRKM?Y zkk2&+;_~?oWLa&=OeM4F1$Qw}l2P*qX)0}-=?T=b#iI#}56iU+(RP6Q=ElOGB^nb| z;jtv(rUp&mOhgNBlwz=WY_>vxc>2D$q_W6dXnC9Q!0P-<0&O8*Lw~8ol7+28UjxEep3Jh+9rE^ys3b^$84D`%=Fc)@1&x3 zlM&`zm0DmLo24kQSgCjeovA!G7~{WNf30q4u(D(GB9Xs^*Y$n+5B{J z8N6zVLa$85lr0f~+uh#PE) z+@{jFlg-VC`40oA3|(^R&C2V+dVFolAllT#TgR&;+cHAW6VfRyEk4TK#+wk|z?wBL zTK+@R3Y_Yn!1|c-TeincjDTuk;fMweLTI*-R}15INbPoeWOr5v;krj>p=Pa7*}9~} zl{qrUXumFKMff~#)8ggGVNu7LsLdK5zY<2rdL6{q(Zby~Jasp+51TE>G!>$cvhjr% zaL8OE;LX2BrH=e*O(*U_Rz<}o{&v`>hCO@OJj}fFMW;(4Yw-SyURlQa$JdsnI+u2u zx5FE2(!0#|?{vTgi22ZT>_>2;A=YcHn)_?3*PU`6kvbn>U z^>Mo3@T7(U>Ey*eZC=utR{ck>zbOthy3OB#{F2MquLWlFHHbMPP)Mogy=JFtC%NUY zbJF*-HN3k~%6*w=-Vc#F)YB#n*RQ4B4pEoK3YLcGS#2D4ePl9O5Mq(e895)(;kF5_ z$7!i&%<5LUoQ7KNuC7xLvznWmgXIp&vMXAdrn$hxSB=q%PA~cgr)!=Oi|+joYEEP+}XdDH@puwzjr$ts~eE1 z)W@dX&_=H$a+zejoyB>L%x%b{0B;{UTOMciyK7F)lF{G&Y2r5oJ%}KBodsVI1pepe zI0{) z@;P}TV2?q#is$?8g8;$~lBy$jKm3^Fj(}BqL}WeJSW~2&xgF>oNoNzKIKRj6RrO@+ z$x1|+%{<5@*T7W&naQMUM;xmPly z*(i8C>uSS?qY|ll^~1*r(jis77jM>WGmH&%uV!Y`5z|)ptE9FQi`Up*EIU4r7ZY%G z6!Rnfn2|MYmBbYOjDOzCk6A1g8Q$IJI$QwUAQL*iN(=ly8_y%ErbHy1Y)s`yx1M|ja##aNC1Ok~ zmxT5g{ZJH2+%Ld;)fW%Sd5XbAT zEHE#dF}rZFJF+fLqgn&jXumxCJCOU__2qa`#rMg&w;9N?$l|DVem`9?wAHimeu_6X zi`U;zWiek|$<6@6-R6G-Q@wzq1$y1b&<#OkYE|OypINEPLi#UX-nQA(*zF7~qHzFV2~dKW_RM>{)mAaHJt&RcJs5I%`T`JP3l9dn4ub zD#I9m;MR5Ms2@CA-AB|->HI)eGrN^mdbx;!W<%Q3H6RoqO=WQxU%wodm43N1Oe6RC zD>X0`msbI$wGjNP+wt}JgVj<&ZtdEJbR4CIyzmCz-+ld|IeECi&}i1Om5w=$kso-` zOW)PiH7v5wy^$p%x&GX(&!n*(EsFYRedsVCAXi8l%^2I{8f3ETGfCsJWwylrByqJ@ zQ->Tj4(hJz=cT{Wo;i5@GNdH+ixLal^$j*z~$}LHsv&sJogdq$nR=Oy`4DilwFQ0~akfHVlW6k$=u< zJ6<9Cj^lUvQ$A+hpcb|C_KQyrt68hY!powe4@Qy1s?l96$l?O%5xbH;V}Sfpv+WpE zRpT&3cV!9%rDuv?G~q2dEF+AuOk|1Da~uV4%DJE`8ROaRaB3j0u$$tev*p3lS=Uwk zOJ;MmKKkKhbr4f(vxsKu(#aeu$u9{8)RaY$&<6_=2^`%$9ro=0AS9;rDF@qC30K@6 zTM@=??TuV6Nx;@yJjRkiU2m5)As%1SNR=f5J=`=BBG-99 zfx)QE`N#{op#&8cIu^o*eDTY7IC_qbuCRPCS@{IBJ3yN&?E6bS-ll+3E-lE_W;I8) z_vw~MvB);|ps|}?Lln`yp$E8w6RME$8meK}YA@(222xe(i+U+deSObq)jTdIRRJyV zjJ2|VYz;E4-?Udl9!lWyyRe5FTrc>91U9Nee0mA;#Of(#i#5Jyu5M0^K-=x!gm19? za9^XTjd2mql878pdKw=-j82_T>Ix-Yu^-l`Dzd|*SDhq|KqU#{Ft7JS5?;$y(Fkzw z0uTXle&E__;`nXr_`4u>V>8IPjUU>XZ{Kk@pQQrg@+ANbA{?$034g4%71{Ci1oi&@ z==S7^gb$V&g4l^z$0jY$xx&2{*fTiCPkk_BAKcn!*vCCPd+ma5ajx9jF zaf&*@h|(l59K~Lfl;IW-D;G$Dmx2uSs*#Z;JyWOaiFU+6@IrxQ%Y5Vfxo*~>?65k% zf*ZaijkxC#UgsP6Nn8-tb_}|0Hmv@(F{1~>U_%St(b}wRm&A(1meXV%(bHv~F^_)F`NfO`lP1Ha6AL2pXSy-rxywNdL#eECDRcMZVBCT}>Zw%lV?j$K_6QA~v86 zrosUQtKKgMpwH6StFGph`y?>^(NHY3Y6*84G(|~65Y_KC0^z+r6XTzYoJ^PUH3B~4 zst9rT15dHt;}s+ihC$?lA$T`tr_W(^my_A_{tbx1fn6iYCE@`DP~BbQapdT|`VGcU z?1y(BA9A#UlRh!j{qqgcYSn=@<roRit% z^BFk(IGbOo6grBD4c1WZP_Ic6D4j5F=Ig%w?)ZQ}ZQpBDhGcQ9kjY;ezQ`QhH|uq? z#Ky*Nvo!8wAbk`9u`mU;{vBlit?)|;UFib${I}em2(sUNuJ}FApAE#(<=?JnxD`5~ z<+zMGvdR#;VHWls2FX(fCo)0~K9>!7%J0?$|&no>d~MeGf@S3s?~>f7)|w`$B$}f^4e6EJ4@zQ00b zzfcP>yey!`XHh^NR4`5;ihWuv3dUhBz4>6$jOj)vE@ptNYRle0UlAeDs@tp0L4>_b zIhx$-sEm@He=$dlX=}Q>5Q*YW>Ux1$lzA;+fHg1_w)ndj+I0v6p+>w<2|+oT4TyAQ zo*>h2@pm;1U;6Fh zwzX7E@0g1UmTPRO`~~7fA@(OGgSEz`s~FI@3gI^&`>FAPw?woYIoh>Zwd6U_3g#-3 znEr_P<10}H?QvG_;Ex;#sJsIMDhf*)Mv=yNmh52fKdQR>kiU58E0CSQP^aCUywy0y zQU3zqTCMkd#<8&CIrY5g1A%nBgZ$gu!ZO0OLtplg8 zU@`LiCHk9RE5^$#g@rEVXzQosH4fGFc?pT_+ll9%WJG`6Y|_bnBiYx*k9ZWe6_{7} z#`0WNUu|cgPAH+$+NITe3$iH{7#l8shY~YOa6%QlrPxyS%Wnn4joG}FCLpwnfYILAYj-u~GI*hqqtf`Sl+ z0fW4)4ap0HMu!Cs&qb$rCY#fP0g^ix3$2~PoD?Lk{o+oRaPk?_< zqe+}i5@F8;`vEV^nB&8Jb=W^h+y>3NLQ7&27*{kUh9cScZ~P4<65w*06&*aq0v^{t7zJ3&A6~mRd&TG4hVAOU#B`LzKD;(zRWPYA36)16v<}?m(5qmbf2tL*2lUKuFlg4%&G#y zcZ?4J6eOBWWZKUjcvmoIS~d`xy80@g=W@j1 z9Z@Bf{>~Q)LJ5Ch>^4CTfsG^(2y--<5MQh_Q_8nq?n3u}wppwR=~B4l)9rd@xH(>p zS!y^EE!UtYCyIy}=I}YD8V16*M54e_(U$k_6khp#cXObL!VzpGe1-V@q}q~h_-$sCP#a~ax= zHsbCG7=;AgCwbF_()%MUw@#{ zV5AUFvpsuRkBnjzQMpp4b{B)lPf`hGOQ{E*bO58koqeOcyu2+!r&O3~IOtYfeT=eX z@hx7J0{*2GWi(-t0S?-ilhR1Fxgj4soV0g}o>Uk`6trmZODh_?ABYim0VuW%y%=Wm2{}NLEdr`dCcb8P%^cyq ztacd}OZ$!l6)R3DLqSyS@LEG6U{ROq5r3<8E4^g(-nD_)l#2iSCHHK6u=ohVKa?G5 zx^rIP+PKn#`_BYwk-LS@%)68Fd%s$1cU&juR3v^4K-daXLnv00FzD68t8}~NM>Jl` z1|41o5fg2JPcOX4EO_NZ(@FOt4PlOFnCyBnkiJyr^!YPo%?X^6F#zIm8~0A+;*Qw0 zVqvhe#bK-Dwl4@#<`0+ebb%C=OId+cL(QI}p}qVKSVq*mR$CR!(7S}! zSfR`M-_B4Sr?&4ns7fg;o*p&3Y;bnUq2xlbVhJpu zM-u5O?Q7L%LdP=&sv9CL)@k3VE7OQQl?O-D(dL(o{tSdZ2*e02=kDvN46`GAC~oKd zNpax2DCL;a`{hnYhtGEai|IBCpbrGZP+13)-F0A5D%D#Fgk=|Q>lQp1%@9GO&!ezxBA^8kX?QeGo-R9+U41XbCy=Hdu=sF5oT6BE#Z4oX>K!_=I zpAqLQ97H@+0U);7)(6O=R)jkSQtO^jL>$3)0#07nb8@bHUbSh?dVXfZkQB}-;#R-Y zON?=6z10b*pLJNv_r&(`4;xRrub3@2*9b`R1gczS8$Io%Q;7Y`NdL-~d2o-cr!hDWIOgndkIhY&CDD_c`5!@KGc78G7ZG2lA2Z)7?+>Onf^A7_r)w zLTqRP8OMevyDYbuUsQ@P#G)~zHtQ{~u*y{0DSAU~W|Asd-3$b*6sx0YesZaZ7s}1v z*sNdRHD5%6D)pq^r{$X0yFIH%FWn@!4BKoTfJKa=>vziMz+vlGQPT;}J3dP#`U6FN zdD3?C9#DdJ(wAzz@l4l(!pex{d$DFRA(HiP< zAO<_e$Mg<5CGH|Xr9u*QIOz+~i^~=n`sNvCk{CR80TXFxsa1K6YYW8FNgrKr(#C-K za}agKn2bDUD6M8okmKI46d*Dx&jZyf1wguVI*)v0*4t&~5b_AMt6pCxXJEDc?Ynl1 zMc6d&;L`@b(J2h8@9i$ex{mp_OH$RcaE&sN-j{9hn4IwEI8zz?%5LUD8LqGGO^5NG z?^pho_mkXL-fk<~P^6cG;!Xe++}c|bz*b0c3;LG|@58GJs?Zk4rq?s7KL;THpP=D&v{P#eV|3L-omkneKLcAXnQ~h0kp??-HWKqxv zB#c224JngHq}zKtBE>Ti3KM?jO*pvvN7UW}3cFmQ+HC#+?L(<6gvwHwG;bS}2&1`- z-$h0#?7yZTT^S)JH~wLCwphPqB+9b)4%4hFkeUr7+Swk8k*Q6g3M5`N4S;f(4H-6g z)MWK#w^ypqbgiTI?)yb;L!TuYu{*{t$@LXN(5JCS1N}7<#iB|$#QC}2zp-GztLjXM zr)*&H-kJZ6a5H|XN(7rNTQfanW_`h2;|{W`iMZFyAC8}R>txKy%+Xj->#H?-O=VkO z2%?Cobn-Kq<#h{O_R7;Vp4)-v-75i1-?f_BfH@+&o_d9@fHTkd?(CvlX5o?RIlv_FQ$M>WmkkuUOe)XRTncX6RI%gDcyiO@2kiTB?!in9@@mE}G z*qflnwI0pU4T@QUijD;FOOzn*^2ZMP!4np-`BsdZUGEHcqmm(t&Q@T42%`dMWIDYz z*@ueF+}sZo#x`tm>`}HelzAD+=ULv{l=2k+h|M*~d8E@3-e^;Al0Uujl`D@zs!9Id z@pYrJO2vLZ>qz9n?s5XY(v+yQ8xe{}6K@Oc$x` zk*9+77h^z-O}z`t)L5_1C=#|MABp${O_-|6Do#oVi%e1Up`t3Z>(zgXk0N{BcsL)~ zUHLl{@$e za`Z3W{7czo|BF#y0k!yIBo0drPro=QiCr02e-wr_2$sr$?C}Gb`*fjP{yF=efWsx3 zv2iwR>Q&n#FHJR^g#y6?c>2?Zh5Xgt$dPl$YcJ&M;4*u)Ig5|2)oN3I_*OI;d0i{s z;mXvbQZPYyr{%@VAGXr)UldQc8W}*jvD08zvu}@GTf>aA2Ljd`m;^j;IQd*St&LX?Dv37a*Ck$ zY>O7Qn4m(~)3EEl`dlqfw>+DhMF4IF+;Hz`8Y**r&Y`2gVp#i+;FZ%<>#6(L%GvEc1u>F*H@dr4tPy?)o%^FcD z1Pah%!O>~rB#`Iu`TU}vU25SQ&hE{JV+4(yZ*WV0tidiJ+u^`8Vx6HfBXKyCKAaki z3C1Uqh&k?z`)vTEUF0_3J$_jI1s9F=7esCLdyT$I2%lO4?(ZxOk-yiA%{g|g!%HsG zTyParFV#LGR#iTJL;g8Zg1qgojey|E8|*kBk26gra_Ie&lpk&J z%okkb@Hl~v`3kE(y`*1Y?a=U=QK_pN`cC)sxWN7>nsQn2Nld$l9bDgoZ}1@|BnBfU zVhp3#V@&3DK9nBQZelA71~~xm^dOtOIMdIDq<)xND#Vn8X*|9DFRJ{h-DXIpi zV+wHP2=`clB@9r<_7o+lf%PXkS*S)s9c%LiAP1wog{Y;g48H`Ca$ct;lm3ZmExg@V ze?L-bJWu5D%w|Qt-?pn9 z`}Pw_xbLfwN>rssjjl?iwm_Myn-=xd_HF0oi!(dFlOFW=1UWscJg5C1Z@zIM21HyA z4YH;W_H2QTmCGN%R{-8aY^!$97!N5r;19;~!$SOH1=H#9)S-)8w#ae(4{wRH)%I#v zY(Gn)UJikqQ^UJ~K~P%byt?3N=sB$6)l<&U;d)!fSn2z*m16>V<-=e!Zq+LbIMikD z&A^Jj#1ZlXex>ePw8kYI5X#;o-RQOVBqE6A?DKAdG<8Uq5tS4P z4Bo)5C;kDpT7HsxK~^ZZf2 z=X}$9tfT3$za{r4lYq(CgF%+(z!R=;yOqrIOh_w!lZvqCt=Fo-Qq(vZNbfJ_V}$dS zi2i&`8!B;-An99p{l!Bw;orbTg06g!n@BvumAl5;ZE#0y`z5F%}hZ0mmpd6{&5mRM^6AM*a8I0F#kU_ z&)*=(PgDUW|4%~hKac#c?k_;W1iE42wMsSqBSruI*x14U>%_|ka*>CZp3mHF`!(4# zdR<;pzHetAH}BbYfYv+b-D9rH>+9#Vu}4emgE~y-?Lj$#yRR=xRBA&OW-__9R ztMC3ps~lO5gYH6tz={Yinn)2dpU8BQ3LH|%C}2Bc=d64JN=M)OT0P!gJ6AjS`T3oJ zk`s^HV z)U^4y&9xWL5QcwgNayy(D$}c{e`#`R9v23=JL{J}E2`|&o(eo_H5sX;@qO=7 z8frY^DAAeV4}vM?tF;?a*FR1Ktchr#IJS^5>-*`wQSl7_p4-2wsm6(ZWvevjGkfdb&(|D?ryj-EIf|gbmca(Wmk}iU zzz{+J{YZKEi}gxP6)pwkJfID#n;MD6R6Y7fwBMahRa=9UB0wh=1Jhy&U(8)eCx&+- z=2~B2iRd%9=U#}|jHq^of9hHeA>s4N_KQbS*fZE$t(I{$S}jIiVo^y0&5vS*GKrIF zUXIra`ux-;ZQv(%zkZ;?YKDHqnNGNLFaD4GIe#?-cB13FPpd`CddHII-Koktcp$Y% z$TbG3c;v*P!e|Q9!LO-)3~J?H6Ett+!RL7k6{dJVf|Ib(23Th~M>u(JG}_Vmk`+=j8yFwyCYgDR_m@Ryv=NzzQShUe>j1&$OcvD7Kc~pwP#)K zjBOXYDZkpvW^ghg9=@TwyL--r#TR41Rq1py+3udzzh+*jNYX?36G!`5;0E49@f+Fp zWJ^R(56HZEfh0RRIxL39byZu9+|>vvh*N;%6_vQ_Zi9HZn!YYYr*=71 zJ@n5-2>yr}2k`ZIua~=jI;D_HYxb!%bKYUhDiXyFLjor^W9^;6?tGO{0^?Absb zjn+yloDQ=H#(-pL@eubRAyEIC*zI%YI6YYe_9!s#gP;Q3)>G>)HL&LB6O}2KLPX(k zOeti7cY?hF>E}GdK$uCuT8TWXtfG`%s7c_}Qoi9y;8v3^Q_JT@U!fRo989uC_-zZ| z1an?y6S{s&F8h~aX$GsvT<{S3=)kpIAN@qo&Kgkn4>y(Tb1C0^LboLs=@TB0lhz$=jV)Np*vW}A79MLyf~@#n?~Q3 z+u=FO!|8ou6=M|yrG&KF+N})_PEV6gPsa;qpvVeQ!66k<#lRs|g+--=l$23WI@cev zP3iACy=&Vq{dC7S?{3$4_})@^?nc9ej&o}uIf8=G<9f@~Xi|xlI0*P1MGGQNr<;ni zebUtFb!6`i+(=8r0jErC;eqE*!^qc6hpf|H!J#O;`RL(PQXUpCLo_9x$%!aW9q~v) zi7)HgB0$?;!L6;%$WZaRU$3(Ci-!wUiz=M-uef+2$R}l3-+M+vZ_Tv02=W$y*eL+Y zR8*?FAoqWT#mB+W@JZ?b87TSu`)y#VvBbc_&mnV(tyJ_P@7Z6DYRCWJ1EQI@%Ul_o zYO}oD;c7k}ff<}#`fa9-&Kyuztg?Td8Z_2Rm6XQ&he$;KBqRtXPB-PtM?B`(aHq^z zEBE}8rV*{RM(g>npLBoewmF9xNP`E!qsXegtH{G{%IR{1XYGQg5E%;xFf%D!;4O3`ueN#1d}6DB zt0A|U&qZf(D7KvR>q=m-Crm{z>RgD7`uqK}Opz?Bb>)krDfRgZYx1!m~L(x*l6$ zl>4i9{O9R6pjFqwsPFa!OsPd7<2ffh{0ZO9IJ-GK@6L*qloV6bFR#mBc`=~w1IsYL zppfwSQ2ms3BWyr*QHks#>Q6(iKdRtJ&Kq2oJ>%YhUOiVUJqx;~`uY*mgQ$Txs-x=e z*Em)ILIJxWt|JEBraWEofikvAfLznDvA4K6<>^7%iz!c})9^V8B;YBG1h@|EBHpCf zg@Y8hx}<8akyr1F0sgRbHuJ85rf3iV!~Nwj2H}6|nVI3k`=_w8!B(S1#uGqMxbhm_i64^3fO zA*Wrs8tEi@`#d`JFWRGETB9kF3p*nkv`wuIDN{-2O&1Ngtaf%o_1C|Rb_cb)9pZl} zq%)1sXxByR5}u3UCDH2`hSpXl1{od;0R&)O%4Xg6OJh2@quBm^kzJZ1QN=j&6sOIdi|r^i=ER?>-ju=J3?& zG{2agKHW50E%%CQeKJqtUEYp#=;;{pgbIg+KD`2a&|I>m)31eZrf0S99Z^4h4z6S| zAD8A_lW009z>0J0nGqmK5wY%J^QlEE}sG8}T3-!#moX_F#l1Q^#D?`rKn zm1!1+47d*MPVEd+u*KOAjmMDTA5E1oZR<|odl*pi_M#tQ{@`%LD(};+;~e>wA-G%v zokXp#HQidx0^Ebv*O=iMVRj6ld0drfh!JZO=ded12di}pBm(n%ONGRe5+pLQAOi{H z^v@#Hi}VgJX^C4=El2UIBsdwYfvBuJVINaCd z2EyL@Dr$&qCB~Bf2-zA^Aa3TcUt<=!hLcfFT2r%sxfl`~SBZcJq~eR%$Y|3<23X}- z6RCJ<&vpxPXNa|c3WY*BKHoJ&RSPbdQ2=h)#X{VRD>>&2F~NR zR@l4cbc!)~D}c~aZ~nNad>XvY@cZWJ3|XZ#&M;1}UARjsix)?T8z3Ttx!n&jbUQud zj%DmuZ^+(GpG0P>`KJ%k)Za5v;Uwc zR<#O6`BAJqW+bW(=Wo>QNRs0~g`Q;WkA52xDqC&sZXa|eW5IWKG3L8>U)k`rtH;Wx zuurEiQD3GvbeVSv7-PV=3N54-2hVRS8N=`nA(`r_HJ%Lz70L2k{k8|!Q_@=ZGhm{R z>6^c4rn4Kfck=o+jgpF<8mrOE^L%2li_3H!Y4RMW0*)GmuC_XhS6I7bVp`#$bseZS zVTRiu+x0U}YdlW4lg>{m7Dza(6l2g>#5+naQ&u_i1-I}qm&VbAHsGWL*3dgxYOI4y zmPeoRkEf!DK-3+3ni2*u@MAwH0gEbJQpXTlvC0N#s_Cz(3O>0QG56;jSz~8hy5=S< zAU{8AL9xJDm$LWcYi{%h;~=q#QV(&xg@X;48?3YG0rBw?NL1uGx!m?!F}GV$18D<= zW{)us2j$)i0+u2^QYb#W2EMgvw*{!HX@E)v2 z#&kHybsn9CE}42o%2cT}3zJn-V8fiBAlV3QGA9WQBG_yHN)N(F875=#xc<`D$)|TZ zgB)Bfc~+#KwGVl2d}8N8Xf0pg8bs{>?TwVmyjqQFo6JJATN2M`k60*!EqZ3}nGUKw z=pSl#jaW6?mBq2_UsC&9El~9F&bo#Fau+_O*Cb!NvMmljvd|Cy7z zY?PRYHvZ1ndh6gamvq;|cWOWpT0)V$-nbXEU%0VX=`Mq=Kg#q+6Y^0+DAiLKN(_ra zBOXVJr43G_xsh*Guq@b(!Df!Siru;P0w`)d!50!0etwK7+*wL>hcIu_6jsK(Y~R{> zdgusG$y5UXu_I?Gsa#CI&%!_(+^?A#PMW*gLS`^mH%5=%^5gh!QsU7_!=I{$zvq7| z(uaZSXpaziDTJBg9?VAtJN<*jd_uV_;jX|L&EXE2pXz?ncCAHS*g)VnjT;XfKlhVE zki?KD5ep}NfeiMq+sFYjf)s8Mu7y;%AeM_!7y^mXj4je&#U#qh`O^v;7MML)Nq0nc zeV>~~jGgfXu8}u}6X_npU4xX(NTUM#nrs%R^ft=W)-zCH{PVZ3GCEDQ{m*}X^0kvi zjB*k~KB_i4rkv2(NHY=DUGfHHe%U4CeH;^q9Jh#F@Fex!KBUWT{?;K;n(dnfeSKt0 z=^yl1TAWpv?O;q6|2jBJ9-j;oNq20kQXnf72y^Qsl?b%vE?sO&^eGxb!UiPZPjlOl zF`6^NAm-BU)x&XUWaz+46tHiOh86S7*I<7n! z^$Lt9WW;t*{s3AL5|Q}5R4AK|PTuJ|i`qh|=QgWTc7hNJ#{ZZff{f_`i;p&4hyb5F zsPAV;7QK4Y72*uN*2Gvh#6*3sx%E-BsnF;~OI(L7(DBaqfvxr=ab#k~f5pJem+O1< z+FD1jHoN^{t<*R6p3rW){-Pjc{*GRaN)E8G?k+6a!(!N;2`7Sn$7$VA|=sQs<_WY|^1=vUKEXFtB?S~v&kR4h98cpxA7C0aZ- zgox8kamml)<%aUB@fmcF17sw^Z2l)0w+pQQ)!kPG<<+cf;_eV!gG+FCm*5V;-7N&S z-~@Nq;1Jy1-QC@SyW1@GIeYeB=XNe;YPg{a>g%ry>0a-nqgi_8l3)_Bqg;%))&hrR z*s%8;<@_ujAptIot-%ftcLwZ2Kh2m|`lp?})rBk;UqE7cISqu4FjW!KReQ7uEDh6H z?OzJBO#FYzQtX>)vO|M(dEkz+@7s-W-}Z6AZn^qwNiqXUzm$bZZEQQc-WK#)Y%1u+ zo+0?mrHhM!zi%S6l`PZeCo;VlSAm*p?%^*Ub3A$ z+j9B{zB(d_rrn}_FF^RIjDSOj!*@ZIBDWD|&m$p6MHeF-lNCd*EfN|N3qrBY9Fk6k zRwWP=SCmM```o40ojN!y_A(C2~gJ8jsoUqvhp1fguKOVNC zio!?{(xpolN+>P1K)?r}UCbb6!~m5cqW#I1 z|4f197tF6#02{b z@sl|9{utX^R1gQ4oYlTB2AdXyorj~G-6~~@63YQk=>nX-Ka-p4H}Sy+XnU_?MC%=K zw^LxTDA{}Gc5jU@CQ+SNP|oGjHkN44>x$t|cXrYinNA}!Fe2qfHJbBS4!5k0V2)#8 zU34Q@lBI%apN0y-IsJDt>md9%oI<*J5X>6iUEciFClsp|8IUh2-6e0L$O1OJfqP=OzJ(F zeJ@3*qudwmf@|e@Frpj~@fHY^A!3vTsCSy2oNi083pyv*;1II4RL;}!7S^OrAu0U} zxndr5G55%zlrw*MRX5+}vdJNFK{-!efZ56+6!wSCxAxB$oFtoT-=7_Xx0udpBf(R6 ztZ?zl^}I%78W&#Utxq;;rFuL--R~EPqnV7v9d2Bib(2K~jAkyeXBFjRx3FjVPD4Lm zOrj`A8U4(Tl8fyJ5z6kP0So>4IU9xwEL0FdSg@_oXj0!&9RpNM5LE%b&#DR# zV1d92zQSrFs{i#q|9U%OsE?;h1Y8+lr~lg2f34vwESSp@nS>Jjr@j$ z*UJ|PMuyJou4sP?nz!>@v0LhR`5qaG|LXhpctBKP@%{?Lrabj9HGda-r&XySwg~ua zPXuiClK&_6S{SFt9hQ5sv`Z+FK>LrqB*%kdhZ?nbT0Mgj#g=yMkHnOYx4X37_m^u} zxZ&in9b|Z3n9D% zwNHDik~t7-Xsq6GdwLtsPW6RA;0+xR>7+ORI2JortH|~#s}%Ea|7$#)L0c#-0$^w) z6B7bip`C)Zo*pc07PFn?W0zUpzxlF!NDP9gSL&XXj~0vZ5*Vg7o zCM>L@^xy7eoKL;K-3ts|TgQ@3Bk`uc->QFW@g{XTS&dl#RuvD2MWbJ+*=CutnkI0W z<^I)H_L)*1Um_456XkI6O#XiI;g|B?^A#WE137}C8R^qvjUg2GcYgwvVna7&(MBuL zWi2RN$8!gh`^%r6Xd_VlcTeTp6VS5muayTCUMv1LbT?r-3}Gb zwrmJ~O{YSwvzZC?et$&`t+N#5!~yBIf_B39fnE<^wo(pq9tym4aJ5 z_OFRRk)q`%`SaEx zXELmcsY=|PQ|&)X=5Yr08FcNYzBCVdB6@ItR4e2o#p=ARgJ8+Lx2OteOk{pKZGcxP zk%9d7Vv0TU!r?R7AD$(-N28W2-1k+nA=67+rp_%6dNi5oRB>eL14Joy$J@ zTivO71E^y^o>-mE_|@b<^`}y9fAcNc3T42zc*2;Bp;Dx+L#EVea=!lRoZj)a2>S@7 zM7|k}C<5eQQOo;&o-MXQ=61M>&p26(8Yl*`YS4lm2*wd`k3dphqHiFBRccrMT4@7% zUeQ-*#C(z-3B`85KI1=kK98TG4wPc*_spblx3h!TFxZh(rSSm#UM70q?}D(_az^Nk z2at?>IbVP7>73y;U#x{}t1(H7hy3Fk_B`_S|(GP$dKdLIt6YZ;vOn1nfS%ce>f<< zAWteQ_hhMhYH&-W$axG9>@3S9F_S)nyvS#9N$(7V=h>XM+jTS)q`S)VOW{lx#yL?* z@5{_K8hDx7uY_7eP|jd7Hh@DR$6eAXq{NKUtm+KvojCu|1>BHx8P|v)&Vc z_$_%I4Q5WOao)#8iTY4*=#G3KBP~o6%#Gv}Xab1xjNZ_$_j`NTL8eASP=Bl@!Jt*6 zYk@Pjz3gHX;MqQtt)ofkBZT9z7t!D(!TIwoKNc3vX=aO5LUi~qy^Y7yVW9<(RUd#H z#NlUoGhe0^kkJt*(=s}Tb8twA@B;|uIxR})s%8O4p+Kzze_d^CFzNm4Ph;#l}#*DxcF6YoJ_~)FOVkVewGh3)9V4jjX z0=6Q%^UUfPu<>Lw{ncfclTo6V5mv*$`j(wLjX*a{OlU5491$Lv;X5%L9Ncd}l=MrbjGzG) z56ZfFxz?71&vLDr%gKB}{OtAPG5Y5t69pL+`ZY#}@9Xnq*-ArzVoxfFR<|<&Hxs%` zDiq>h>Bp=67%qe5urVOV3ai?9Sd=svasNgkD|mzVtH`7LIiFWsnyBR~LOVr-ehL(Q1r^-voI(esnyZsc z+|;mOF|PBWJGGZZ@hvP{S&w^Juv@KEz81Es%E-{6m$suz6xH;3y-mt{ynJxr8Q1gy zq!_2nG-_oQW0^b~h8`lNE*qfEoIcuR)=gJhL??^XCfaT8bIf~H0ljhqGSPLOds=tr zVGMUt_$))1E8O2o7yiU;0F%?7&1g8a{S!C3H~nRc^i$^hxB|I2SLF>L+iouf$LRQ0 zOgfM6Pe~Hvi$Ows0==^H@py*M3FARTM?GV%QB_-9?aZ!+*)eVe(XdinLCd=~GD0`-wfB)F2Ya*fM=&A;g3l{re!D6Z@CY@L{ z0^V-k16&O!jP-S~jNyD#M)TU3EZP8??_2{h1PC}9obHkwoe9-Wr8^c4x{w^#Me}vW zU##ZKlbpGGfZ|+B)nZ)!rLYd&!Qi|f*GMn|R7{-`GG!1Ew`8|FH> zi1oN3o8__+;Zl(1*;uRT{t8^NLZ9JbffV7{uuN)StivJnKHfh6Jfg^_(%H(zvqj!! z?WH{NtJB5Dm;fU_pfsaZ8dnebB!JS@unp`|eB4mAQ5w@MB^liuZ@v>yh)8qaI~54+ zn5qGNWGBoTkakr8>)!Kt0NDE<=AfB}*IK`BKUuMdRFyN2ZE>o{bWq`Iy|i|RX}&Az z*^_aDBow7A?5Dbwv@l(^A;3tI8J|K99TZL);nrUV1XCE|^IQKV_Io9oor`uQH-`P4 z^KgkicsiEWAcNx79UGtTGNk zuQv#?8M~GbnIt0IJcJyho>Ch*u?I;B`QGHk9t(2LxbdLH(+RXmZOeg=mH_fX<#M}x zdy?|j6z{Qh5C8r3?YRdiiAW}!ERVK}rIZ(sjs)6RqvbNW#Q;_r{dro;g>R_i`3n?dRiPctrDt3J(S83qJ2#X2i$cddb3Qi_S&IdpaqT84|9J!e>jJb=a| zlDxGAwtf)6ZgYFXQSC~2O*zJ?qB$i3iBTakqi=Tjx_H1_#3k#;S_Os)*B%Tqx;-MD zAe^%&!(D${s+NY-eli6C!r)MCq;=W*6qO);qXVO)c;VD{E81j6#!o?S_cF;q(MIIp zry~tUagCew60_aF3?y#_yGwc<>)mi}luLy*jAkpn05f@r0*JdGz-fa;`3Zl6$!OVF z@k{CrwdNdL!e4{8O6;0k|?qwtEnJB58VmrKW|k!T}x-^Wo- z*S=H)o7oKeR%hOCLnB$086pO>N$1uwG?z4;y%3n@235DlRMfAwIw@D@%VUudq4VZ_ zP4H87mkRt9E!iNTu+udUdkR`_jxJqp>=}*WY*A$-@lwZj#C*@MzZx-&yeIr>I;huT zS5p(+^7O@al`(wvAewsS6?e*+>)Ifa8}@o$q4|f<&0Bqg1wk6WXRB4iqK)Zzd<^>^ z9WekT8n*8UIwrL%|A`~RUNTogJJh9tYsw_#=Yhu{+W%eu$WEKwi;kMP+eg0{G?+!C z&QcAFNBjDuRU8BSfY*MXt>;lvTZH?#{?HxqbUj;{q;=sHQ*>ZC_duP+aBaWZvWM&)$Ri=^9kdn_#6OpTz%( zr*zUoY%@ljcv~+^q8TsBY-dx5Gw{@y*k%Oqx6s@jGdFcgU4e-HFd>cYCV36&_40UPiTf~D0RMLT6+ z02B8~ZMDg5>qE~-%G_c=F6ZVL0Zxf-S*Uyg)__~~Yc!)+!0HNEuBQT|sjdMsoFD7< z=u%BQ%^n|hhUn_6KQbKuk2H?*1e8VOYPfYdzo>C<{H>|W^#KGV=)-BqDn277Dd>W6 z1te!vuq_$hYoP%}n!*Q3lK8z}FLgY$E2CXpVAtdN*L&)E(u!x{88t8O)8!B+21r3T z<5c2LP|sWseX&J8Z@z%As_y@On$AU;iWz#!^`g>&CgOVG3eBCa*AHeU-St!%eWqqId1`5HfK-y?EI`2H|Hc@Q3a^`+P%@7e zG@|SltqY`C#iKZUy);feRf$N@4ToJvb6T#g4kVK6T5dMgR1<-H*`q=z6L zwnpgN@yuVoT~U0ZRaL`}AVw6hzsRlyy?r{CZ|q-3{J8^#ja4MUgmkg}C0U?DI|d>W zE!k23Xvuq8iwW(_PTR}$4h8mH-xYc1;b)EskIgzC9h~c z-B>ORFDt}DpgJ4~7;-o2zBg-{ORL(JVb^?V1w(b%^JA}681gNq$oC!5Zi!?K##JaB za69yaR%S;kiw8y>hkzL9x0$#6ay6jxpzjxm!Dy@GeUt`TL$>ugW)+qQ7z!{H8(3kC_!ue zqs*$(kpx~)og4yu9i?u+-I9I5*WY~DJPZHn&SXl3JdW%sSZxu@$(vl2#$;65i|Ts`|8= zWur~Vr+Ocu2UQLONFuEzFqo7`j1FT#SoUSVEa;){*7G?D@HE2LypS^Gr02- z?$VPi<}^LX)wH|s7or238y^nukAOAy-j0L71+EeoU1f4i!_kYMyTBndvhK={t&-h*)^voCw>|calJ7I2J9r3SK zGJ~kWqQJnaCPRYztNJ%Xk>BiNznjV7eQ^(Qydj44zYdGb*6p4mWoVD?=hs-lAu94H zlAox8qd5&@SUj2#oZBnY#;5e}X-lH_9#eaEm&S{+U+lhwjtuwr@8FGY7GB8bl~j zA0YR66-tS&yru|7@_J5?tgx44Jqcd>m4e3A!tmQD^aT}1{oehBuO|TXx|4H?b4DZ| z*{>!oCq!R=T6{0m3EY$*bDw_MF=7n&vp){f(_37|hCRja8lv&~Ef%OlGoV^+w}`-W za5uSh>yM%LEQ~3Et6sLPI`FuJ_kp~d_x?tofqACGPj9szI;M9H2lb=)hQVVo%vvAA z-7B+mJoUS6dGI;-XPm{4Od9)l%gI=<2oQYdx2EeT&OV4{`Y(E@uIVU^4X>W*?qyz1 zLLdXaqZw=whzk|X0RrR5)JuyU7I8sQED%vP8!V=yRFQ=8{qT-|U9EjX`U&pIa3cHH zrV41mq7cAn02)Ip-3p?H2*FUzVEaQUxBUJm zO_BXUCnyYBHvOBp_~0ITi2*1mT*&`XulZ`|Y~t_C#9brCCD0~5-2kA3jr@|$4m(g@ zK7Sd3X6$PrwPU4)&;+|FAbM20n{Y4q7H^}#4hi4WT-I~(7W(&2qREtBV8wJ!PcXRR ziwG@C!QF9bMF+{Kh(h+WD{#Hu^lx*(S|xC}Ta7hK*q*&SpLhJ&9aMbUi4tgKMDzE^06uAA54@xOEn#n(mKt`FAtab${p!E@<7w@Z|z4o<%s3mz2)CdJWsa` z8)R<>S@H@B{nms&08t?~O$PSJv)`)DV;46sc5TOq~8Io z5I_wl%HzYLuPsMWq2%SXZO%FoviCEA%_7E~;&mpCC6nU;Lmslg6Q^a$xk!1i;yZAR zOeg7ic@cdhQVV!~&~9~&5jGqB9g())Waq>S2e~%kt<(NJF!76?6xFrCOfb>uZ-7yV zF%_+kIx{-2U=YaSl=>hfXw@s+WpTN^D7@+q;43cMKhwZwXmEgl;O!6RjN6KK_o)w4k3JM0}wwAHEIK3+U+VND!A*P~o2QHl8|2TW8Xsx#?L}GBt2Ym9%eQI0CGb)cm9tN@&QyT@{ z(043W^%TS#TmWiQoN`To%YwsVcbwNY5Hyp``s#MIn~1D1gw|)?wVLu#Jh}|9B+i+O z4u;CWBzHxtRtpnBz~{H!7bZdE)jC4{-;_e+fb7!`1CyVc{oCQy_3h7@c~Y^QObK*~ z>44jYW&-t5x!jOVQBx>1mBo&vM5T_x>#a|Bh#TmZ{Z?y?^Ln=exwOUL%@Up?mI=ww zAs+4bfkMyfV2_NixmT-X2gEaR{oocVGlrq50`(781Qc`Ki|tL;fxlvDw}F1+6SR3C zRXGMGrBl|fgH%bUwnl9&=w|(SMHXYN$x-4eIKD!L{A*G!U^SSI=y(HEwR3iqtsX4S zFJ$XK5J;`%!UK%D^NL%UV2@|aJovF>h^yd`iX~5ZoMY14?WuI?KLdt{P_;5$S~nny z@QYjb(_H!$29+>Sg-#(EoxWSPvEE;3FoStBo@nEY8jT@>i$u-a{|JbpD|ciBq6-WY zaATotfac%W3@B6NPc-US)ZF$PEiN4d2j1YSwEGHotB|5-k@a}Z&Znu8-AvG-iBux4 z6R8cBwAaWMjJki7FE^|G!~nbsf+22Wi6I<$fAnt^dXYkv(q}$s5nC7&5<(@XaJ>dX zFVX6d`!dxuq}V?qh2^tXXKh1fknxnk{*ZCCR0iV1VGceZ*5=vmL0(rdxea5>wA0uM&8V^zZk%RLx2J8a0TjhN6#xz{^7h28Uug#Kh(F_1RNarvr0)CsXwScRiIAs^o0}Q= znPHQ#;%{@q$j%Om?<+M}G!$%iaey;JnIF_W8%lr-c>JB8)B>b&gz?y0Nb)Vb` z>K`-(+zSe&m}3Dk!K`-}r89^+jrP9Y?`w0WhjeL(+9u-Q5Nx{VfIa4e!LWQl`I^bw zRMbAo8G+3gsn%W>l*(!=38bME02C0z^+^1Ag?HTe2T?#)Z>kV@d%hA@qF(X200dy6 z6Up?20m4Yc@t}iF>2QAx7e03nJ{a`%`J(?bpc|II2)MzSKH`6cR#Z?xK_p_9d|D|t zGBcP}jH&SUz$03$!$pUy?Eo5%)clDZ<19k}|b z^Dy^Y-EfQBUpYq_(tynOnu1tT*XJ=fp?Y3&+p$9;`7%%Fi7tM<40$@;Nzwy*cS-DX z9Npj+*!tE_WD!q@1m-{}SNHAsRd6#xOxoH*fKzC5Cn!qKc#w`&0U9rLjEL1!pSZY_ z!LcA5@V(gRrl(FRyQsEG!XGBYRZ@A??(p$YS%5de^1rl|NBmz6+xta!6UDMJ@T?&lGPZaRU--8hwkAC&=H$Ov;l z_LZ%`4wR*tC&n7=QCh@m`Kz9{7|;$;pR4D23E4baV#Qb|?q@0C-qbaaZ+A|J_B_fm z!5GIRnT&Zu#Oa3v!g89||EE2;76W4EyCmsCr6nKG){KV9psW2BGLcIH{ydX4y4g|V zgcpIsmJUcJX)fKqAD~Hv^NMax{3e$UtjgdcRl)QeP04w=?2({W?nkJN6^K-DVJp&8 z|0 z=W7J{N1d{kDs+wCcGsRL;zFw?dg6`yIfshxdjCMJ-B8*{F<^KJaQ3rY_#@3%DZXQYbb+xISGdPbsvBu;m}=Lh1d&$buM$ zsm@qgL6`Y{_P7Qa`l=c63?fFS)$lhVoa@Fl+Ac+PP)!z9S?At;%=HE zn-QOR-dsC;_U`oorFQ)?-Z|?&0(-PRN*E?Joe`+#B>Uo#Tkc>aA6aOQGKG@3H&M0| zh}Y|w(9@N)I^J@529FX}B8Xq;g==Dkican4voviVM`bws=W75^svb9(X?ZWL5Zl&i z)j(a586YDX#G{gghejYAK3^0@x7OPlOh{XR5z#nbcQVJ^zFaMuI8NjdGe$BQNe$c| z%cMRwvhfZEGy;onB*ujpU)R1VkrIzCFxk&&C)trS%5<>l zBC_I)N5JEj|Yf6BJ@ll~%oM;@1COHAO1jA#srT2nH4-4dKRFN{p6$HtNE|2jNm=$1==Ph3iJW0f%$!j2nC3gIW&3aEPqheB`v1_e^>Tyw{SW|8 z%Sf&&{;*Qq>VH-Iuu`Bs7^38(Gzi2HynD6!_8h_j6HK-Aa`hLP;Si7_-<3KWlL-TT zjd&av&KbAQEY9M}+v(St)8Jv*wH6kyPqNlej@tOTj2+oD&S>)pA|cWVH2Ky@t103> zjx+IFt-l$f(G0!1Q`OtGHBlVS#H-8zgT zu6tRR>A>yVJ0bb1-*B7WGsyp6eh)?{P$eXMub7a0ce!qf-Yf@> z*_PGtIMi;1 zx76;#PUbpq+8eROpO*gD#`|FKY1hw;yb5tRC8{;eHgKDz8x(C7#~VKH1mzolq5J!! z9Jbec<{6hl$Fr>^b3e(MOrc-ZfUKdnHVl34Q#iK!W}&KQ{JVf zts-+PQO-Qi<{COAIi;D6QhptG@^akOjk}Mw8DO894XpNg_&Ezo|8y22ht+BX*p#$g z?+VjaS>fvwn-`K_P+SAm6e~J~`&D9kb{^R9_b#2YfmX%?gr;0`mVr{s($GoODSZ&I zXEx=E<%iH`Lh@J5J15E-=8JlIjx#Cas~mRA$>P zM+;V)sErNHknQwkTl}OTrbwgn$aKELt|^6 z*hSASr??&O{z$?Z3_xG0c97XWgBP>qkq2>gr?@M`bwhx};=5c0`%9g_2pZXTt)tXu z2N9RCP<(2CvdMF9?}t85u6kzO^LZWP7*%LW6-ws3r#-3dRQYi{E#@s+{z^L6_zCy@Hk4MNoq0?VKQibMIVTYVO-1x(?h|wUCg;VoLf`N=(gy6 z9GB{bdFz6O{7WjQ(fN(Z{4b2#LAuP&saAP-jmH#lsItBFK^L+okCEXct)*DuKN^o(cA95$dj)mIH^p@{9cHdS zhF6`f)wC>Db#L{xCXKT;p0CxU=?C4eNJS&8*VwJn5RDdj?`)$2drOto339+e?nKAA|nw)1(Y(o_>uD`^dj&aMRrj;AXv zh1dc>WP}PP2V?g|cpxeG@^1MV)1$uKZ04Lwr4;Y?8))>=k}@s&Q(?TV5EL9gSyVE- z`>^cx?qJBfZ*mmln%*!gAzMAOZR&c8bzK)kTK!;yW?)oofdF5$IxAJ@D~GR|8HcZ1KWi%&{2w7kDTt*?#+1Z7 z@g0co4eE&?a#gB-xGj%gW9^o1gxquR*DcARjAD=H_2Rf*SO&up-HHeN+iYSYXy~)K zDKxZSekDq*GFHhX_O8FNlItQ6Q%QnUK<2v9Mb#aIWLDhGvWD;GA3>Jvkl>P zJt3kUhEZdoVY}X^5WJ!P`RYvR`p_+9upGYhofTzT@UuarEz@C6w=d0PG)GWhFA?tp z0p5>|8Uog>{iAiv87%Y(g`lZ5ypsom^LZe0^=K{^@4b1MGnv<3(%qyB|5DDTcc87; z=ZG2(iJn^gkz%ZMi6t5I_{+eRVE1&hs-vQ8>eCieSRZ}~W$%KCL=sTVtxWd@?e~i2 z{8-7*2fD{e2#X}#A7lQOt~p9|hu;4w4P@8L?aexk`cl2aqVO6{9HU;v^}SdKq*z{(_cx(@dMvW->)niPMsnWWtof`5&$Zv{_V?`hC1)WD+P z^lX)gmYc*Fc8?Hb8Z~232%s?I-vaR#0VJ1b10hFsM?;N5%kNjE6*K5n-MbJ4_<0Qn z#Y1!kRn|fLKZYUhGKqw#;2(({*p$2^BUdVokYz+S7cbuG$0C)^*2GO-u*TEGatCBF zwD?AiIJpAlkZP30GbkSeK+~^&R&_GzT&M-l&PUfo#SnNT_p=(^UhwkMc>)62??Ed%;N+04B_2jHf8OKKd9(_epqXsuX*~Av0h0@xKAH zXoXwg{l>xr&r0zC5aJ_@qi45* z?%*q;^6Qn7@J{5qc6!)g$7G|ejXs{yL?s)?p7@cMgks5YFLQR&cV|4&$O;{zVR}Ad zc?p%bKe%;Meyo?b+y9(}JY}UZSB9Ex`kTZw%>n%VmTsWp5OF5`JPd;q`W?oPGn8Gy zoITyI?GVY-k8xlx><+OH3PFuGJ_IgemvM>xKON*U)v>oh^gg9 z*RSLTsO@e=e;{pnN#4kOjyg~4a2i}_6>jm2=xA`Za^3u}sBBh7u#@-n!@U!HQbCa8 z5y#f)!Tc+P&R>A~m`Gk1fL zqzjc*e>S^25X&oN`reu}W}FCVy!mDA8J98j1li}a!{tQop zbN)MpneBtHN~T|X+od|0+ml%G>`9r^pXq)(4ywPumWjOW2UJ|%&)Xs*)3niLkJD~GXVh7-}Qbm0^<&ZV5 zVHpb9sey;V0#KBKW0#tLB0J<=S(Q*j)L@F-xdnSZWz5ci`U!^p$58WO({Yy{$nKgg z|BoLBaL!PDIFc}`zm@;fWWxjln0NkvvH$#^Gk(Q7ivKhwDSV7TRK|7M|MV~!q5!|j f{{P!Q-pzNjpLl!bWpHaCz=xEWoM^eQzTf`>*0_+k diff --git a/docs/code-scanning-tools/semgrep.md b/docs/code-scanning-tools/semgrep.md deleted file mode 100644 index f2b3af2a..00000000 --- a/docs/code-scanning-tools/semgrep.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: "Semgrep" -sidebar_position: 3 ---- - -# Semgrep - -Pixee can automatically triage and fix issues detected by [Semgrep OSS](https://semgrep.dev/). - -# GitHub Advanced Security - -No setup is required for GitHub Advanced Security (GHAS) users to receive fixes from Semgrep results that are uploaded as Code Scanning alerts. Simply installing the Pixeebot GitHub App is sufficient. - -# Others - -Use the [pixee/upload-tool-results-action](https://github.com/pixee/upload-tool-results-action) GitHub Action together with the Pixeebot GitHub App to synchronize Semgrep findings with Pixee. - -The following GitHub Action workflow example demonstrates how to include Semgrep OSS vulnerability detection with Pixee fixes in a Java application: - -```yaml -name: Analyze with Semgrep and Fix with Pixee - -on: - push: - branches: - - main - pull_request: - branches: - - main - -permissions: - contents: read - id-token: write - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Install Semgrep - run: | - python3 -m pip install semgrep - - - name: Run Semgrep - run: | - semgrep --config auto --sarif --output semgrep-results.sarif.json - - - name: Fix with Pixee - uses: pixee/upload-tool-results-action@v2 - with: - tool: semgrep - file: semgrep-results.sarif.json -``` - -This workflow: - -1. Runs Semgrep OSS on the project and stores the results in a standard SARIF file. -2. Runs the pixee/upload-tool-results-action that sends the SARIF file to Pixee. - -Once Pixee receives the Semgrep OSS vulnerabilities, it recalls them on its next analysis of this commit. - -- When this commit the head of a pull request, then Pixee triggers its _PR Hardening_ analysis to fix as many Semgrep findings in this PR as it can. -- When this commit is the head of the main branch, then Pixee uses these findings the next time its _Continuous Improvement Campaign_ analysis runs. Users may trigger such an analysis to occur immediately by issuing the chat command `@pixeebot next` in any PR or issue comment on this repository. Pixee's continuous improvement campaign shows the queue of fixes in Pixeebot Acitvity Dashboard issue. - - ![Pixeebot Activity Dashboard issue](./semgrep-issue-dashlist.png) diff --git a/docs/code-scanning-tools/snyk.md b/docs/code-scanning-tools/snyk.md deleted file mode 100644 index 2ca1a3a7..00000000 --- a/docs/code-scanning-tools/snyk.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: "Snyk Code" -sidebar_position: 4 ---- - -# Snyk Code - -Pixee can automatically fix and triage issues detected by [Snyk Code](https://snyk.io/). - -# GitHub Advanced Security - -No setup is required for GitHub Advanced Security (GHAS) users to receive fixes from Snyk results that are uploaded as Code Scanning alerts. Triage for GHAS is best experienced through [our dashboard](https://app.pixee.ai). - -# Others - -Use the [pixee/upload-tool-results-action](https://github.com/pixee/upload-tool-results-action) GitHub Action to synchronize Snyk Code findings with Pixee. diff --git a/docs/code-scanning-tools/sonar.md b/docs/code-scanning-tools/sonar.md deleted file mode 100644 index 25d33d44..00000000 --- a/docs/code-scanning-tools/sonar.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: "SonarCloud" -sidebar_position: 1 ---- - -# SonarCloud - -Pixee can automatically fix issues detected by [SonarCloud](https://www.sonarsource.com/products/sonarcloud/). This page explains how to integrate your SonarCloud results with Pixee. - -:::info -Looking to fix [SonarQube](https://www.sonarsource.com/products/sonarqube/) issues? See [SonarQube](./sonarqube.md) -::: - -## How to Get Started - -1. Install [Pixee GitHub Application](https://github.com/marketplace/pixeebot-automated-code-fixes) -2. Install [Sonar GitHub Application](https://github.com/marketplace/sonarcloud) -3. Add [Upload Tool Results GitHub Action](https://github.com/marketplace/actions/upload-tool-results-to-pixeebot) -4. Start receiving Pull Requests from Pixee that address Sonar findings. - -## More Information - -Pixee fixes issues detected by SonarCloud when repositories have both the Pixee and SonarCloud GitHub Apps installed. - -For public repositories using SonarCloud, Pixee retrieves results from sonarcloud.io automatically with no further configuration required from the user. - -For private repositories using SonarCloud, use the [pixee/upload-tool-results-action](https://github.com/pixee/upload-tool-results-action) GitHub Action to synchronize SonarCloud findings with Pixee. - - diff --git a/docs/code-scanning-tools/sonarqube.md b/docs/code-scanning-tools/sonarqube.md deleted file mode 100644 index 834262db..00000000 --- a/docs/code-scanning-tools/sonarqube.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -title: "SonarQube" -sidebar_position: 2 ---- - -# SonarQube - -Pixee can automatically fix issues detected by [SonarQube](https://www.sonarsource.com/products/sonarqube/). - -For a given Sonar rule, Pixee's fixes are the same, regardless of whether the issue was detected by either SonarCloud or SonarQube. However, the steps required to integrate Pixee with these systems is different. - -## How to Get Started - -1. Install [Pixee GitHub Application](https://github.com/marketplace/pixeebot-automated-code-fixes) -2. Add [Upload Tool Results GitHub Action](https://github.com/marketplace/actions/upload-tool-results-to-pixeebot) to workflows that run SonarQube analysis. -3. Start receiving Pull Requests from Pixee that address Sonar findings. - -## More Information - -Pixee offers an on premises solution that can be deployed alongside your SonarQube instance. Please contact us at help@pixee.ai for detailed setup instructions. - -SonarQube Community Edition lacks the features necessary to integrate with Pixee's PR experience. - - diff --git a/docs/configuration/_category_.json b/docs/configuration/_category_.json new file mode 100644 index 00000000..f308fb5f --- /dev/null +++ b/docs/configuration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Configuration", + "position": 5, + "collapsible": true, + "collapsed": false, + "link": { + "type": "doc", + "id": "configuration/config-overview" + } +} diff --git a/docs/configuration/ai-settings.md b/docs/configuration/ai-settings.md new file mode 100644 index 00000000..a2d4141d --- /dev/null +++ b/docs/configuration/ai-settings.md @@ -0,0 +1,105 @@ +--- +title: AI Settings +slug: /configuration/ai-settings +track: dev +content_type: guide +seo_title: AI Settings -- Pixee Docs +description: Configure triage sensitivity, fix quality thresholds, and LLM provider settings for Pixee triage and remediation. +sidebar_position: 7 +--- + +# AI Settings + +Pixee's AI settings let you control how aggressively the triage engine classifies findings and how the remediation engine generates fixes. Adjust triage sensitivity to match your team's false positive tolerance, configure which finding categories receive AI-powered analysis versus deterministic codemods, and set quality thresholds for fix acceptance. Enterprise deployments can additionally configure LLM providers and model routing. + +## What AI Settings Control + +AI settings govern two behaviors: + +1. **Triage Automation behavior.** How aggressively Pixee classifies findings as true positives, false positives, or won't-fix. Higher sensitivity catches more issues but may surface more borderline findings. +2. **Remediation Automation behavior.** Which finding types receive AI-generated fixes (MagicMods) versus deterministic code transformations (codemods), and the quality threshold fixes must meet before being presented as PRs. + +These settings tune behavior. They do not bypass validation. Every fix Pixee generates -- whether from a deterministic codemod or an AI-powered MagicMod -- passes through the same multi-layer evaluation pipeline before reaching your PR queue. + +## Security Gates vs. Guardrails + +This distinction matters for understanding what AI settings do and do not control. + +**Security gates** block deployments when thresholds are exceeded. Your CI/CD pipeline owns these -- Pixee does not replace your existing gates. + +**Guardrails** guide behavior without blocking. Pixee's AI settings act as guardrails that tune how aggressively Triage Automation and Remediation Automation operate. They shape what Pixee proposes; your team and your CI pipeline decide what gets merged and deployed. + +Pixee operates as a guardrail layer. It proposes fixes through PRs. Your existing gates (CI checks, code review, deployment policies) remain in control of what ships. + +## Triage Settings + +Triage settings control how Pixee classifies scanner findings. + +| Setting | What It Controls | +| -------------------- | ---------------------------------------------------------------------------------------------------------------------------- | +| Triage sensitivity | How aggressively findings are classified. Higher sensitivity surfaces more findings; lower sensitivity is more conservative. | +| Category controls | Enable or disable triage for specific finding types (SAST, SCA, secrets, etc.) | +| Finding type filters | Which CWE categories receive AI-powered triage analysis | + +### How sensitivity affects results + +- **Conservative:** Fewer findings surfaced. Pixee only classifies findings it has high confidence in. Good for teams new to automated triage who want to build trust incrementally. +- **Balanced (default):** Moderate confidence threshold. Surfaces the majority of actionable findings while filtering obvious false positives. +- **Aggressive:** Surfaces more findings, including borderline cases. Useful for teams with mature triage workflows who want maximum coverage. + +### Relationship to scanner quality + +Triage accuracy depends on the quality of scanner input. Pixee integrates with 12 native scanner integrations and accepts any SARIF-producing scanner via universal SARIF import. Higher-quality scanner output yields higher-confidence triage results. + +## Remediation Settings + +Remediation settings control how Pixee generates fixes. + +| Setting | What It Controls | +| ----------------- | ----------------------------------------------------------------------------- | +| Fix categories | Which CWE categories receive automated fixes | +| Fix mode | Whether a category uses deterministic codemods, AI-powered MagicMods, or both | +| Quality threshold | Minimum evaluation score a fix must meet before being presented as a PR | + +### The hybrid model + +Pixee uses a hybrid approach to fix generation: + +- **Deterministic codemods** apply well-known, deterministic code transformations. No LLM involved. These are the same open-source transformations available through [Codemodder](/open-source/codemodder). +- **AI-powered MagicMods** handle complex scenarios where deterministic patterns are insufficient. These use LLM-powered analysis to understand context and generate fixes. + +By default, both modes are active. You can disable MagicMods entirely and run only deterministic codemods, or restrict MagicMods to specific CWE categories. + +### Gradual automation + +The recommended approach is progressive expansion: + +1. **Start conservative.** Enable deterministic codemods only. Review merge rates and fix quality. +2. **Expand by category.** Enable MagicMods for specific CWE categories where your team sees high fix quality. +3. **Broaden over time.** As confidence builds (tracked via merge rate and quality scores in [Reporting](/configuration/operations)), expand the scope of AI-powered fixes. + +The [Phased Rollout Guide](/enterprise/phased-rollout) covers this progression in detail. + +## Enterprise AI Configuration + +Self-hosted Pixee deployments have additional AI configuration beyond the behavioral settings described above: + +- **Bring Your Own Model (BYOM).** Choose your LLM provider (OpenAI, Azure AI Foundry, Anthropic, Azure Anthropic). Own your keys and control costs. See [Enterprise > BYOM](/enterprise/byom). +- **Model routing.** Enterprise deployments can route different analysis tasks to different models, balancing cost, latency, and quality per workflow stage. +- **Data flow controls.** Control what data reaches the LLM and through which network path. See [Enterprise > Security Architecture](/enterprise/security-architecture). + +These infrastructure-level settings are managed through the admin console or Helm values, not through the Pixee dashboard's AI settings page. + +## FAQ + +### What is the difference between security gates and guardrails? + +Security gates block deployments when thresholds are exceeded. Guardrails guide behavior without blocking. Pixee's AI settings act as guardrails that tune how aggressively triage and remediation operate, while your existing CI/CD gates remain in control of deployment decisions. + +### Can I disable AI-powered fixes and use only deterministic codemods? + +Yes. You can configure Pixee to use only deterministic code transformations and disable AI-powered fix generation (MagicMods) for specific or all finding categories. See [Codemodder](/open-source/codemodder) for the full codemod catalog. + +### How do I increase automation gradually? + +Start with conservative triage settings and a narrow set of fix categories. As your team builds confidence with merge rates and quality scores, expand the scope. The [Phased Rollout Guide](/enterprise/phased-rollout) covers this progression in detail. diff --git a/docs/configuration/config-overview.md b/docs/configuration/config-overview.md new file mode 100644 index 00000000..508263e5 --- /dev/null +++ b/docs/configuration/config-overview.md @@ -0,0 +1,84 @@ +--- +title: Configuration Overview +slug: /configuration/overview +track: dev +content_type: guide +seo_title: Configuration Overview -- Pixee Docs +description: Configure Pixee behavior via PIXEE.yaml, organization settings, and AI settings. Covers repository management, scheduling, notifications, and reporting. +sidebar_position: 1 +--- + +# Configuration Overview + +Pixee is configurable at three levels: a PIXEE.yaml file in each repository for developer-controlled behavior, organization-wide settings in the Pixee dashboard for security team policies, and AI settings for tuning triage and remediation behavior. Most teams run Pixee with zero configuration on day one and customize as they scale. This section covers every configuration surface. + +## Configuration Philosophy + +Pixee works out of the box. The default settings enable Triage Automation and Remediation Automation for all supported languages and vulnerability types across your connected repositories. No PIXEE.yaml file, no dashboard toggles, no AI tuning required to start receiving pull requests with validated fixes. + +Configuration exists for when defaults are not enough. Maybe your team wants to exclude a test directory, batch PRs into weekly review cycles, or route Slack notifications to a security channel. Pixee's configuration model is designed around progressive customization: start with zero config, then layer on settings as you understand your team's needs. + +Two principles guide the model: + +- **Developer agency.** PIXEE.yaml lives in the repository root, version-controlled alongside your code. Developers own the behavior of Pixee in their repos the same way they own `.eslintrc` or `dependabot.yml`. +- **Security team governance.** Organization-wide settings in the Pixee dashboard let security leads enforce policy across all repositories without touching individual repos. + +## Configuration Layers + +Pixee settings operate across three layers. When a setting is defined at multiple layers, the more specific layer takes precedence. + +| Layer | Scope | Who Controls | Mechanism | +| ------------ | ----------------- | ------------- | ----------------------- | +| Repository | Single repo | Developers | PIXEE.yaml in repo root | +| Organization | All repos | Security team | Pixee dashboard | +| AI Settings | Analysis behavior | Security team | Pixee dashboard | + +**Precedence:** Repository-level PIXEE.yaml settings override organization defaults where applicable. Organization-level policies may restrict which PIXEE.yaml overrides are honored, giving security teams guardrails over developer-controlled configuration. + +If a PIXEE.yaml file is invalid or contains syntax errors, Pixee falls back to organization defaults and logs a warning. No analysis is skipped. + +## Quick Reference: What Goes Where + +Use this table to jump to the right page for your configuration task. + +| I want to... | Go to | +| ----------------------------------------------------- | ---------------------------------------------------- | +| Exclude specific files or directories from analysis | [PIXEE.yaml Reference](/configuration/pixee-yaml) | +| Ignore specific findings or CWE categories | [PIXEE.yaml Reference](/configuration/pixee-yaml) | +| Enable or disable specific fix types | [PIXEE.yaml Reference](/configuration/pixee-yaml) | +| Customize PR formatting (labels, title prefix) | [PIXEE.yaml Reference](/configuration/pixee-yaml) | +| Add or remove repositories from monitoring | [Repository Management](/configuration/repositories) | +| Organize repos by team or business unit | [Repository Management](/configuration/repositories) | +| Set scan schedules or switch to on-demand analysis | [Operations](/configuration/operations) | +| Route notifications to Slack or email | [Notifications](/configuration/operations) | +| Set up webhook integrations for custom workflows | [Notifications](/configuration/operations) | +| Manage team member access and roles | [Users & Access](/configuration/users) | +| Configure SSO with your identity provider | [Users & Access](/configuration/users) | +| Tune AI triage sensitivity | [AI Settings](/configuration/ai-settings) | +| Control which finding categories get AI-powered fixes | [AI Settings](/configuration/ai-settings) | +| Configure reporting exports or dashboards | [Reporting](/configuration/operations) | +| Export data for compliance audits | [Reporting](/configuration/operations) | + +## Getting Started with Configuration + +If you just installed Pixee, the recommended approach is: + +1. **Week one: run with defaults.** Let Pixee analyze your repositories and open PRs with its default settings. Review the fixes, check the triage results, and get a feel for the baseline behavior. +2. **Week two: customize per-repo behavior.** Add a PIXEE.yaml file to repositories that need specific exclusions, ignored findings, or PR formatting preferences. See [PIXEE.yaml Reference](/configuration/pixee-yaml) for common recipes. +3. **Ongoing: tune organization settings.** As you scale to more repositories, use the Pixee dashboard to set organization-wide policies for scheduling, notifications, and AI behavior. + +Enterprise self-hosted deployments have additional configuration surfaces for infrastructure (LLM providers, authentication, observability) managed through the admin console or Helm values. See [Enterprise > Deployment Options](/enterprise/deployment) for details. + +## FAQ + +### Do I need to configure Pixee before it starts working? + +No. Pixee works with zero configuration on supported repositories. Default settings enable triage and remediation for all supported languages and vulnerability types. + +### Can developers override organization-wide settings? + +Developers can customize behavior for their repositories using PIXEE.yaml. Organization-level policies set guardrails that PIXEE.yaml operates within. + +### Where do I configure Pixee for enterprise self-hosted deployments? + +Enterprise deployments have additional infrastructure configuration (LLM providers, authentication, observability) managed through the admin console or Helm values. See [Enterprise > Deployment Options](/enterprise/deployment). diff --git a/docs/configuration/operations-config.md b/docs/configuration/operations-config.md new file mode 100644 index 00000000..0550376e --- /dev/null +++ b/docs/configuration/operations-config.md @@ -0,0 +1,249 @@ +--- +title: Operations Configuration +slug: /configuration/operations +track: both +content_type: guide +seo_title: Operations Configuration -- Pixee Docs +description: Configure Pixee scheduling, notifications (Slack, email, webhooks), and reporting. Control analysis timing, alert routing, and metric exports. +sidebar_position: 4 +--- + +# Operations Configuration + +This page covers three operational areas: when Pixee runs analysis (scheduling), how your team hears about results (notifications), and how you track outcomes (reporting). + +## Scheduling + +Pixee can analyze code on every new scanner finding, on a fixed schedule, or on demand. By default, Pixee runs analysis when new findings are available from connected scanners. Customize scheduling to align with your team's development cadence -- running analysis during off-hours, batching PRs for weekly review, or triggering analysis only on specific branches. + +### Trigger Modes + +| Mode | How It Works | Best For | +| -------------------------- | ----------------------------------------------- | --------------------------------------------------------- | +| **Event-driven** (default) | Pixee analyzes when new scanner findings arrive | Teams that want immediate feedback on new vulnerabilities | +| **Scheduled** | Pixee analyzes on a cron schedule you define | Teams that prefer batched PRs at predictable times | +| **On-demand** | Trigger analysis via the dashboard or API | POC evaluations, testing, or ad-hoc analysis | + +Event-driven is the default and requires no configuration. Pixee watches for new SARIF uploads and native scanner results, then runs Triage Automation and Remediation Automation as findings arrive. + +### Cron Schedules + +Set a cron expression per repository or organization to control when Pixee runs analysis. Standard cron syntax is supported: + +``` +# Every weekday at 2:00 AM UTC +0 2 * * 1-5 + +# Every Monday at 6:00 AM UTC +0 6 * * 1 + +# Every 6 hours +0 */6 * * * +``` + +Configure schedules in the Pixee dashboard under repository or organization settings. + +### Timezone + +Cron schedules use UTC by default. Set a timezone in the dashboard to align schedules with your team's working hours. + +### Branch Filtering + +By default, Pixee analyzes findings from all branches. Restrict analysis to specific branches (for example, `main`, `develop`, or release branches) to focus on production-relevant code. + +### PR Timing and Batching + +Scheduling affects when PRs appear in your team's queue. + +- **Event-driven mode** creates PRs as soon as analysis completes. Expect PRs shortly after scanner findings arrive. +- **Scheduled mode** batches all findings discovered during the analysis window into PRs created at the scheduled time. +- **On-demand mode** creates PRs immediately after the manually triggered analysis completes. + +**Avoiding PR storms.** If Pixee discovers many findings during a scheduled run, it may open several PRs at once. To manage this: + +- Use PR labels (configured in [PIXEE.yaml](/configuration/pixee-yaml)) to filter Pixee PRs in your queue. +- Schedule analysis for off-hours so PRs are ready for review at the start of the workday. +- Set notification filters to surface only high-severity fixes. See [Notifications](#notifications) below. + +### Enterprise Scheduling + +Self-hosted Pixee deployments have additional scheduling considerations: + +- **Maintenance windows.** Schedule analysis outside your cluster's maintenance windows to avoid resource contention. +- **Concurrency controls.** Large deployments can configure how many repositories are analyzed concurrently to balance throughput with infrastructure load. +- **Monitoring.** Use the bundled observability stack to track analysis duration and queue depth. See [Enterprise > Observability](/enterprise/observability) for details. + +## Notifications + +Pixee delivers notifications through your existing communication channels -- SCM-native notifications (PR comments, status checks), Slack, email, and webhooks. Most teams use the default SCM notifications and add Slack for security team visibility. Configure notification routing so the right people see the right events without creating alert fatigue. + +### Notification Channels + +| Channel | Events | Configuration | +| -------------- | ------------------------------------------- | ----------------------------------------------------- | +| **SCM-native** | PR created, status checks, review comments | Automatic via your SCM integration -- no setup needed | +| **Slack** | New fixes, triage summaries, weekly digests | Connect the Slack App or provide a webhook URL | +| **Email** | Digest summaries, critical alerts | Per-user or team email addresses in the dashboard | +| **Webhooks** | All events (for custom integrations) | Webhook URL with optional secret for verification | + +SCM-native notifications are always active. Pixee PRs appear in your normal PR queue, status checks integrate with your CI pipeline, and PR comments provide triage context. No additional configuration is required for this channel. + +### Configuring Slack + +Connect Pixee to Slack to notify your security team when new fixes are available, triage results are ready, or weekly digests are generated. + +**Setup:** + +1. In the Pixee dashboard, navigate to notification settings. +2. Connect the Slack App or provide an incoming webhook URL for your target channel. +3. Select which event types to route to the channel. + +**Filtering options:** + +- **By severity:** Notify only on critical and high-severity findings, or include medium and low. +- **By repository:** Route different repositories to different Slack channels. +- **By fix type:** Separate SAST fix notifications from SCA dependency updates. + +Per-repository Slack routing is useful for large organizations where different teams own different services. + +### Email + +Email notifications deliver digest summaries and critical alerts to individual users or team distribution lists. + +| Setting | Options | +| ---------- | ----------------------------------------------------------------- | +| Frequency | Per-event, daily digest, weekly digest | +| Scope | All repositories, specific repositories, specific severity levels | +| Recipients | Individual email addresses or team distribution lists | + +Configure email preferences per-user in the Pixee dashboard. Each team member can choose their own notification frequency and scope. + +### Webhooks + +Webhooks send event payloads to any HTTP endpoint, enabling integration with PagerDuty, ServiceNow, Jira, or custom dashboards. + +**Configuration:** + +- Provide a webhook URL in the Pixee dashboard. +- Optionally configure a shared secret for payload verification. +- Select which event types trigger the webhook. + +Webhook payloads are JSON-formatted. For the full payload specification, see [API > Webhooks](/api/webhooks). + +**Common integrations:** + +| System | Use Case | +| ----------------- | --------------------------------------------------- | +| Jira | Auto-create tickets for high-severity findings | +| ServiceNow | Feed remediation data into ITSM workflows | +| PagerDuty | Alert on-call teams for critical vulnerabilities | +| Custom dashboards | Aggregate Pixee data alongside other security tools | + +### Reducing Notification Noise + +The goal is signal, not volume. Teams running Pixee at scale use these strategies: + +- **Severity filtering.** Notify on critical and high findings immediately; batch medium and low findings into daily or weekly digests. +- **Per-repository overrides.** High-traffic repositories get digest-only notifications. Production-critical repos get per-event alerts. +- **Channel separation.** Route developer-facing notifications (PR events) through SCM-native channels. Route security-team notifications (triage summaries, compliance digests) through Slack or email. +- **Webhook filtering.** When using webhooks, filter by event type at the source to avoid processing irrelevant payloads downstream. + +## Reporting + +Pixee tracks every triage decision and remediation outcome, giving your team visibility into what was analyzed, what was fixed, and what remains. Use built-in reports for day-to-day monitoring, export data for compliance evidence, or connect to external dashboards via the API. + +### Available Reports and Metrics + +| Report | What It Shows | Who Uses It | +| ------------------------ | ------------------------------------------------------------------------ | ------------------------------------------------------------ | +| **Triage Summary** | Findings classified by outcome: true positive, false positive, won't fix | Security leads reviewing triage quality | +| **Fix Activity** | PRs created, merged, closed, and pending review | Developers and security leads tracking remediation progress | +| **Merge Rate** | Percentage of Pixee PRs merged by developers | Management and security leads measuring developer acceptance | +| **Remediation Velocity** | Time from finding to merged fix | Compliance teams tracking MTTR reduction | +| **Repository Status** | Per-repo analysis state, last scan time, recent activity | Developers checking individual repo health | + +**Merge rate** is the percentage of Pixee PRs that developers review and merge. It is a primary indicator of fix quality and relevance. See [Fix Safety](/how-it-works/fix-safety) for production metrics. + +**Remediation velocity** measures the elapsed time from when a finding is detected to when its fix is merged. This metric maps directly to Mean Time to Remediation (MTTR), a standard compliance metric. + +**Triage volume** tracks how many findings Pixee classified, broken down by true positive, false positive, and won't-fix outcomes. See [Triage Engine](/how-it-works/triage-engine) for details on false positive reduction. + +### Dashboard + +The Pixee dashboard provides real-time visibility into triage and remediation activity across your organization. + +**Filtering options:** + +| Filter | Options | +| ---------- | -------------------------------------------------- | +| Repository | Single repo, multiple repos, or all repos | +| Time range | Last 7 days, 30 days, 90 days, custom range | +| Severity | Critical, High, Medium, Low | +| Language | Java, Python, JavaScript/TypeScript, .NET, Go, PHP | + +**Trend views** show how metrics change over time. Track merge rate improvement as your team builds confidence, watch triage volume decrease as false positives are eliminated, and monitor remediation velocity across releases. + +### Exporting Data + +| Format | Use Case | +| -------- | ---------------------------------------------------------------- | +| **CSV** | Import into spreadsheets, BI tools, or custom analysis pipelines | +| **JSON** | Programmatic consumption, custom dashboard integration | +| **API** | Real-time data access for automated reporting workflows | + +### Compliance Exports + +Every triage decision is persisted with a timestamp and LLM justification explaining why the finding was classified as a true positive, false positive, or won't-fix. Export this data as evidence for SOC 2, ISO 27001, or other compliance frameworks. + +Compliance exports include: + +- Finding ID and CWE category +- Triage classification with justification +- Fix outcome (PR merged, closed, pending) +- Timestamps for each state transition + +For custom reporting, use the Pixee API to query triage and remediation data programmatically. See [API > Overview](/api/overview) for endpoints and authentication. + +### Enterprise Observability + +Self-hosted Pixee deployments include a bundled observability stack with metrics, logs, traces, and dashboards. Enterprise reporting data feeds into this stack, giving SRE teams visibility into both application-level metrics (triage volume, fix quality) and infrastructure-level metrics (analysis duration, queue depth). + +For full observability configuration, see [Enterprise > Observability](/enterprise/observability). + +## FAQ + +### Does Pixee run on every commit? + +By default, Pixee analyzes when new scanner findings are available, not on every commit. You can configure event-driven, scheduled, or on-demand analysis modes to match your workflow. + +### Can I prevent Pixee from opening PRs during business hours? + +Yes. Scheduled mode lets you set a cron expression that runs analysis during off-hours, so PRs are ready for review when your team starts work. + +### How do I trigger a scan manually? + +Use the Pixee dashboard or API to trigger on-demand analysis for any connected repository. Results and PRs appear as soon as analysis completes. + +### Do I need to configure notifications to use Pixee? + +No. Pixee uses your SCM platform's native notification system by default. PRs appear in your normal PR queue, and status checks integrate with your existing workflow. Additional channels (Slack, email, webhooks) are optional. + +### Can I send notifications to different Slack channels for different repositories? + +Yes. Notification routing supports per-repository and per-team channel assignments. Route backend repos to `#backend-security` and frontend repos to `#frontend-security`, for example. + +### Does Pixee support PagerDuty or ServiceNow integration? + +Pixee supports generic webhooks that integrate with PagerDuty, ServiceNow, Jira, or any system that accepts webhook payloads. Configure a webhook URL and select the event types you want forwarded. + +### Can I export Pixee data for compliance audits? + +Yes. Every triage decision and fix outcome is persisted with timestamps and justification. Export as CSV or JSON, or use the API for automated evidence collection. The data maps to common compliance frameworks including SOC 2 and ISO 27001. + +### Does Pixee show fix merge rates? + +Yes. Merge rate -- the percentage of Pixee PRs that developers review and merge -- is a primary metric tracked in the dashboard. See [Fix Safety](/how-it-works/fix-safety) for production metrics. + +### Can I integrate Pixee reporting with Jira or ServiceNow? + +Yes. Use the webhook and API integrations to push Pixee data to Jira, ServiceNow, or any system that accepts webhook payloads or REST API calls. See [API > Webhooks](/api/webhooks) for payload details. diff --git a/docs/configuration/pixee-yaml.md b/docs/configuration/pixee-yaml.md new file mode 100644 index 00000000..a019add9 --- /dev/null +++ b/docs/configuration/pixee-yaml.md @@ -0,0 +1,273 @@ +--- +title: PIXEE.yaml Reference +slug: /configuration/pixee-yaml +track: dev +content_type: reference +seo_title: PIXEE.yaml Reference -- Pixee Docs +description: Complete reference for PIXEE.yaml, the per-repository configuration file for controlling Pixee triage, fix, and ignore behavior. +sidebar_position: 2 +--- + +# PIXEE.yaml Reference + +PIXEE.yaml is a configuration file placed in the root of any repository to control Pixee's behavior for that project. It lets developers specify which findings to ignore, which directories to exclude, which fix types to enable or disable, and how PRs should be formatted. The file is version-controlled alongside your code, giving your team full ownership of Pixee's behavior in each repository. + +## File Location and Format + +Place a file named `PIXEE.yaml` in the root of your repository (the same directory as your `README.md` or `.gitignore`). + +- **Format:** YAML (UTF-8 encoding) +- **Required:** No. Pixee works without it. Every setting has a sensible default. +- **Version-controlled:** Changes to PIXEE.yaml are tracked in git history like any other configuration file. +- **SCM support:** PIXEE.yaml is read from the repository root on GitHub, GitLab, Azure DevOps, and Bitbucket. + +## Complete Schema Reference + +Below is the annotated schema showing all available top-level keys. + +```yaml +# PIXEE.yaml — Full annotated reference + +# Exclude paths from analysis +excludes: + paths: + - "tests/**" + - "docs/**" + - "vendor/**" + - "**/generated/**" + +# Ignore specific findings +ignores: + # Suppress by CWE category + cwes: + - "CWE-79" + - "CWE-502" + # Suppress by specific finding ID + finding-ids: + - "pixee:java/secure-random" + +# Control which fix types are active +fixes: + # Enable or disable entire categories + categories: + sast: true + sca: false + # Enable or disable specific codemods + codemods: + - name: "pixee:java/sql-parameterizer" + enabled: true + - name: "pixee:python/secure-flask-cookie" + enabled: false + +# PR formatting preferences +pr: + title-prefix: "[Pixee]" + labels: + - "security" + - "automated-fix" + reviewers: + - "security-team" + draft: false + +# Language-specific overrides +languages: + java: + excludes: + paths: + - "src/legacy/**" + python: + fixes: + codemods: + - name: "pixee:python/url-sandbox" + enabled: false +``` + +### `excludes` + +Controls which files and directories Pixee skips during analysis. + +| Field | Type | Default | Description | +| ---------------- | --------------- | ------------------------- | ----------------------------------------------- | +| `excludes.paths` | list of strings | `[]` (analyze everything) | Glob patterns for files and directories to skip | + +Glob patterns follow standard syntax: `*` matches within a directory, `**` matches across directories, and `?` matches a single character. + +### `ignores` + +Suppresses specific findings without excluding entire paths. + +| Field | Type | Default | Description | +| --------------------- | --------------- | ------- | ------------------------------------------- | +| `ignores.cwes` | list of strings | `[]` | CWE identifiers to suppress across the repo | +| `ignores.finding-ids` | list of strings | `[]` | Specific finding identifiers to suppress | + +Use `cwes` when an entire vulnerability category is not relevant to your project (for example, CWE-79 XSS in a backend-only service). Use `finding-ids` for surgical suppression of individual findings. + +### `fixes` + +Controls which fix types Pixee generates. + +| Field | Type | Default | Description | +| -------------------------- | ------- | ------- | --------------------------- | +| `fixes.categories.sast` | boolean | `true` | Enable SAST-related fixes | +| `fixes.categories.sca` | boolean | `true` | Enable SCA/dependency fixes | +| `fixes.codemods[].name` | string | -- | Codemod identifier | +| `fixes.codemods[].enabled` | boolean | `true` | Whether this codemod runs | + +Disabling a category disables all codemods in that category. Per-codemod settings override category-level settings. + +### `pr` + +Controls how Pixee formats the pull requests it opens. + +| Field | Type | Default | Description | +| ----------------- | --------------- | ------- | --------------------------------------------- | +| `pr.title-prefix` | string | `""` | Prefix prepended to PR titles | +| `pr.labels` | list of strings | `[]` | Labels applied to Pixee PRs | +| `pr.reviewers` | list of strings | `[]` | Reviewers or teams auto-assigned to Pixee PRs | +| `pr.draft` | boolean | `false` | Open PRs as drafts | + +### `languages` + +Applies overrides scoped to a specific language. Any key valid at the top level (`excludes`, `ignores`, `fixes`) can be nested under a language key. + +| Field | Type | Default | Description | +| --------------------------- | ------ | ------------------ | ----------------------------------- | +| `languages..excludes` | object | inherits top-level | Language-scoped path exclusions | +| `languages..fixes` | object | inherits top-level | Language-scoped fix controls | +| `languages..ignores` | object | inherits top-level | Language-scoped finding suppression | + +Supported language keys: `java`, `python`, `javascript`, `typescript`, `csharp`, `go`, `php`. + +## Common Configuration Recipes + +### Exclude test directories + +```yaml +excludes: + paths: + - "tests/**" + - "__tests__/**" + - "**/*_test.go" + - "**/*.test.ts" + - "**/*.spec.js" +``` + +Skip test files where security findings are typically non-exploitable. + +### Ignore a specific CWE across the repo + +```yaml +ignores: + cwes: + - "CWE-79" +``` + +Useful when your project is a backend API with no user-facing HTML, making XSS findings irrelevant. + +### Disable SCA fixes, keep SAST fixes + +```yaml +fixes: + categories: + sast: true + sca: false +``` + +Keep Pixee's SAST remediation active while managing dependency updates through a separate tool (Dependabot, Renovate). + +### Add team labels and reviewers to PRs + +```yaml +pr: + title-prefix: "[Security]" + labels: + - "security" + - "pixee" + - "team-platform" + reviewers: + - "security-team" + draft: true +``` + +Auto-label and assign Pixee PRs for filtering in your PR queue. Opening as drafts gives reviewers a chance to inspect before CI runs. + +### Restrict analysis to specific languages + +```yaml +languages: + java: + fixes: + categories: + sast: true + sca: true + python: + fixes: + categories: + sast: true + sca: false +``` + +Combined with top-level `fixes.categories` set to `false`, this pattern restricts Pixee to specific languages. + +### Suppress a single noisy finding + +```yaml +ignores: + finding-ids: + - "pixee:java/secure-random" +``` + +Surgical suppression when a specific codemod triggers on code that intentionally uses a weaker pattern (for example, non-cryptographic random number generation in test data). + +## Precedence Rules + +1. **PIXEE.yaml overrides organization defaults** for the repository it lives in. If your org default enables SCA fixes but your repo disables them, the repo setting wins. +2. **Organization policies may restrict PIXEE.yaml.** Security teams can configure policies that PIXEE.yaml cannot override, ensuring baseline governance across all repositories. +3. **Language-scoped settings override top-level settings** within that language. A top-level `excludes` applies to all languages unless a language-specific `excludes` is defined. +4. **Invalid PIXEE.yaml falls back to org defaults.** If the file has syntax errors, Pixee ignores it, falls back to organization defaults, and logs a validation warning. No analysis is skipped. + +## Validation and Troubleshooting + +### Validating locally + +PIXEE.yaml is standard YAML. Validate syntax before committing with any YAML linter: + +```bash +# Using yamllint +yamllint PIXEE.yaml + +# Using yq (quick parse check) +yq eval '.' PIXEE.yaml > /dev/null +``` + +### Confirming Pixee loaded your file + +Check the Pixee dashboard for your repository. The configuration status indicates whether PIXEE.yaml was detected and parsed. Pixee also annotates PRs with a note when repository-level configuration is active. + +### Common errors + +| Symptom | Likely Cause | Fix | +| ------------------------------------- | --------------------------------------------------- | --------------------------------------------------------------- | +| PIXEE.yaml ignored, org defaults used | YAML syntax error (bad indentation, missing quotes) | Run `yamllint` and fix reported issues | +| Exclusions not working | Incorrect glob pattern | Test patterns locally; remember `**` matches across directories | +| Codemod still running after disabling | Codemod name typo | Verify the exact codemod identifier in the Pixee dashboard | +| Labels not appearing on PRs | SCM permissions | Ensure the Pixee integration has permission to apply labels | + +## FAQ + +### How do I exclude files or directories from Pixee? + +Add path patterns to the `excludes.paths` section of PIXEE.yaml. Standard glob patterns are supported. For example, `"tests/**"` excludes everything under the `tests/` directory. + +### Can I disable specific fix types? + +Yes. The `fixes` section lets you enable or disable specific codemods by name or entire fix categories (SAST, SCA) with a single toggle. + +### What happens if my PIXEE.yaml has a syntax error? + +Pixee falls back to organization defaults and logs a validation warning. No analysis is skipped -- the file is simply ignored until corrected. Check the Pixee dashboard for validation status. + +### Does PIXEE.yaml work with all SCM platforms? + +Yes. PIXEE.yaml is read from the repository root on GitHub, GitLab, Azure DevOps, and Bitbucket. diff --git a/docs/configuration/repositories.md b/docs/configuration/repositories.md new file mode 100644 index 00000000..38f1312b --- /dev/null +++ b/docs/configuration/repositories.md @@ -0,0 +1,113 @@ +--- +title: Repository Management +slug: /configuration/repositories +track: dev +content_type: guide +seo_title: Repository Management -- Pixee Docs +description: Add, remove, pause, and organize repositories monitored by Pixee across GitHub, GitLab, Azure DevOps, and Bitbucket. +sidebar_position: 3 +--- + +# Repository Management + +Pixee can monitor any repository accessible through your connected SCM platform. Add repositories individually or in bulk, organize them by team or business unit, and control which repos receive Triage Automation, Remediation Automation, or both. Repository management is handled through the Pixee dashboard and works identically across GitHub, GitLab, Azure DevOps, and Bitbucket. + +## Adding Repositories + +### Single repository + +From the Pixee dashboard, select your SCM connection and choose the repository to add. Pixee runs an initial analysis and opens PRs for any findings it can triage or fix. First results typically appear within minutes. + +### Bulk onboarding + +For organizations with dozens or hundreds of repositories, Pixee supports bulk addition. Select multiple repositories from the dashboard or use the API to onboard repositories programmatically. + +### What happens when a repo is added + +1. Pixee scans the repository for connected scanner findings (SARIF imports, native scanner integrations). +2. Triage Automation classifies findings as true positives, false positives, or won't-fix. +3. Remediation Automation generates fixes for actionable findings using deterministic codemods plus AI-powered MagicMods. +4. PRs appear in your normal SCM workflow for review and merge. + +### Platform-specific notes + +How Pixee discovers repositories depends on the SCM platform: + +| Platform | Discovery Method | Notes | +| ------------ | --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | +| GitHub | GitHub App installation | Select "All repositories" or specific repos during App install. Auto-discovers new repos if granted org-wide access. | +| GitLab | Personal access token (PAT) | Scopes: `api`, `read_user`, `read_repository`, `read_api`, `write_repository`. Use `member_projects_only` to restrict to explicit-member projects. | +| Azure DevOps | Personal access token (PAT) | Supports webhook configuration and optional work-item linking for orgs with branch policies. | +| Bitbucket | API token | Supports Bitbucket Cloud and Bitbucket Server. | + +## Removing and Pausing Repositories + +### Removing a repository + +Remove a repository from the Pixee dashboard to stop all analysis and PR creation. Existing open PRs remain in your SCM (close them manually or let Pixee clean them up during removal). No Pixee data is retained for removed repositories. + +### Pausing vs. removing + +| Action | Effect | Use when | +| ---------- | --------------------------------------------------- | ---------------------------------------------------------------- | +| **Pause** | Stops analysis temporarily; configuration preserved | Repository is under heavy development, team wants a quiet period | +| **Remove** | Stops analysis permanently; configuration cleared | Repository is decommissioned or no longer in scope | + +Pausing keeps your PIXEE.yaml and dashboard settings intact so you can resume without reconfiguration. + +## Repository Organization + +### Grouping and filtering + +The Pixee dashboard supports organizing repositories by team, business unit, or application. Use filters and search to navigate large repository counts. + +For each repository, the dashboard shows: + +- **Last analysis:** When Pixee last scanned the repo +- **Active PRs:** Open Pixee PRs awaiting review +- **Merge rate:** Percentage of Pixee PRs merged by developers +- **Triage summary:** Breakdown of findings by classification + +### Scaling to many repositories + +Teams with 50+ repositories benefit from grouping. Assign repositories to logical groups that match your organizational structure. This also simplifies notification routing and reporting -- configure alerts at the group level rather than per-repo. + +## Repository-Level Settings + +Each repository inherits organization-wide defaults. Override specific settings in two ways: + +- **PIXEE.yaml** (in-repo): Developers control path exclusions, finding suppressions, fix toggles, and PR formatting. See [PIXEE.yaml Reference](/configuration/pixee-yaml). +- **Dashboard overrides**: Security leads can override scheduling and notification settings per-repository from the Pixee dashboard. + +Settings that can be overridden at the repository level: + +| Setting | PIXEE.yaml | Dashboard | +| -------------------- | ---------- | --------- | +| Path exclusions | Yes | -- | +| Finding suppressions | Yes | -- | +| Fix type toggles | Yes | -- | +| PR formatting | Yes | -- | +| Scan schedule | -- | Yes | +| Notification routing | -- | Yes | + +## Multi-SCM Support + +A single Pixee deployment supports repositories from multiple SCM platforms simultaneously. Connect GitHub, GitLab, Azure DevOps, and Bitbucket to the same Pixee organization and manage all repositories from one dashboard. + +Cross-platform visibility means your security team sees triage results and fix activity across every connected repository, regardless of which SCM hosts it. + +Enterprise self-hosted deployments have the same multi-SCM support. See [Enterprise > Deployment Options](/enterprise/deployment) for infrastructure details. + +## FAQ + +### Can I add repositories from multiple SCM platforms? + +Yes. A single Pixee deployment supports repositories from GitHub, GitLab, Azure DevOps, and Bitbucket simultaneously. All 4 platforms are managed from one dashboard. + +### What happens when I add a new repository? + +Pixee runs an initial analysis and opens PRs for any findings it can triage or fix. The first results typically appear within minutes. + +### Can I limit Pixee to specific repositories instead of an entire organization? + +Yes. On GitHub, you can restrict the GitHub App to selected repositories during installation. On GitLab, the `member_projects_only` toggle restricts Pixee to projects where the service account is an explicit member. On Azure DevOps and Bitbucket, repository scope is controlled through PAT access. diff --git a/docs/configuration/users.md b/docs/configuration/users.md new file mode 100644 index 00000000..2a932ba3 --- /dev/null +++ b/docs/configuration/users.md @@ -0,0 +1,85 @@ +--- +title: "Users & Access" +slug: /configuration/users +track: dev +content_type: guide +seo_title: "Users & Access -- Pixee Docs" +description: Manage user access, roles, and SSO integration in Pixee. Covers Admin, Security Lead, and Member roles. +sidebar_position: 6 +--- + +# Users & Access + +Pixee supports role-based access that aligns with how security and development teams already work. Security leads configure organization-wide policies and view triage results across all repositories. Developers interact with Pixee through PRs in their normal SCM workflow and can customize behavior per-repository via PIXEE.yaml. Enterprise deployments integrate with your corporate identity provider for SSO. + +## Access Model Overview + +Pixee has two interaction surfaces, each serving a different audience: + +**SCM workflow (developers).** Developers never need a Pixee login for day-to-day use. Pixee delivers fixes as standard pull requests in GitHub, GitLab, Azure DevOps, or Bitbucket. Developers review and merge them using their existing tools, the same way they handle any other PR. Triage context is embedded in the PR description. + +**Pixee dashboard (security team).** Security leads and admins use the Pixee dashboard to configure organization-wide policies, review triage results across all repositories, manage user access, and view reporting. The dashboard is where governance happens. + +This separation means Pixee adds no new tools to developer workflows. Developers see PRs in their existing SCM. Security teams get a centralized policy and reporting surface. + +## Roles and Permissions + +Pixee uses three roles to control dashboard access: + +| Role | Capabilities | +| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Admin** | Full configuration access. Manage users, set organization policies, configure SCM connections, adjust AI settings, and view all repositories and reports. | +| **Security Lead** | View all repositories and triage results. Configure policies and notification routing. Cannot manage users or SCM connections. | +| **Member** | View assigned repositories and their triage results. Interact with PRs in the SCM. Configure per-repository behavior via PIXEE.yaml. | + +**How roles map to SCM permissions:** Pixee respects your SCM's access model. A developer who has write access to a repository in GitHub can merge Pixee PRs for that repository. Pixee dashboard roles control what users can do in the Pixee interface, not what they can do in the SCM. + +**Principle of least privilege:** Assign the Admin role only to the team member responsible for Pixee administration. Use Security Lead for team members who need cross-repo visibility. Use Member for everyone else -- they interact with Pixee through PRs, not the dashboard. + +## Inviting and Managing Users + +### Adding team members + +Invite users from the Pixee dashboard. Enter their email address and assign a role. The invited user receives an email with a link to set up their account. + +### Managing existing users + +From the dashboard, admins can: + +- Change a user's role +- Revoke access (removes dashboard access immediately) +- View last login and activity + +### Access revocation + +When a user is removed from Pixee, their dashboard access is revoked immediately. Their SCM access is unaffected -- SCM permissions are managed by your SCM platform, not by Pixee. + +## SSO and Identity Provider Integration + +Pixee integrates with corporate identity providers for single sign-on: + +| Provider | Integration | +| ---------------------- | -------------------------------- | +| **Google Workspace** | Direct login via Google OAuth | +| **Microsoft Entra ID** | Direct login via Microsoft OAuth | +| **Okta** | Direct login via Okta OIDC | + +SSO maps your identity provider's user accounts to Pixee roles. When a user authenticates through SSO, their Pixee role is determined by role mapping configured in the dashboard. + +Enterprise self-hosted deployments also support embedded OIDC (via Authentik running in-cluster), which federates to your upstream corporate identity provider. This means SSO works even when Pixee runs inside your infrastructure with no external IdP dependency. + +For full SSO configuration details on self-hosted deployments, see [Enterprise > Security Architecture](/enterprise/security-architecture). + +## FAQ + +### Do developers need a Pixee account to review and merge fixes? + +No. Pixee delivers fixes as standard PRs in your SCM platform. Developers review and merge them using their existing GitHub, GitLab, Azure DevOps, or Bitbucket workflow. No Pixee login required. + +### Can I restrict which users can change organization-wide policies? + +Yes. Only Admin and Security Lead roles can modify organization policies. Member roles interact with Pixee through PRs and can only configure per-repository settings via PIXEE.yaml. + +### Does Pixee support SSO? + +Yes. Pixee integrates with Google Workspace, Microsoft Entra ID, and Okta for single sign-on. Enterprise self-hosted deployments additionally support embedded OIDC via Authentik, which can federate to any upstream corporate IdP. diff --git a/docs/enterprise/_category_.json b/docs/enterprise/_category_.json new file mode 100644 index 00000000..4164d936 --- /dev/null +++ b/docs/enterprise/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Enterprise", + "position": 6, + "collapsible": true, + "collapsed": false, + "link": { + "type": "doc", + "id": "enterprise/enterprise-overview" + } +} diff --git a/docs/enterprise/air-gap.md b/docs/enterprise/air-gap.md new file mode 100644 index 00000000..db3dd3ac --- /dev/null +++ b/docs/enterprise/air-gap.md @@ -0,0 +1,109 @@ +--- +title: Air-Gapped Deployment +slug: /enterprise/air-gap +track: leader +content_type: guide +seo_title: Air-Gapped Deployment - Run Pixee Without Internet Access +description: Deploy Pixee in air-gapped environments with private LLM endpoints. Covers capabilities, requirements, and known limitations for disconnected deployments. +sidebar_position: 5 +--- + +Pixee supports air-gapped deployment for regulated and classified environments that cannot call public AI APIs. Source code and findings never leave your network. LLM inference runs against a customer-hosted private endpoint (Azure AI Foundry, Azure Anthropic, or any OpenAI-compatible gateway). This page covers what works, what is required, and what limitations exist in disconnected environments. + +## What "Air-Gapped" Means for Pixee + +In Pixee's air-gapped deployment: + +- **Source code** never traverses the public internet +- **Scanner findings** stay within your network +- **LLM requests** route to a customer-hosted private endpoint +- **Fixes** are delivered as PRs to your internal SCM + +The same Pixee platform, the same Helm chart, and the same upgrade path apply as in connected deployments. Air-gapped mode changes where LLM inference runs and how network traffic flows -- not what the product does. + +**An honest clarification:** "Air-gapped" in this context means LLM inference is private and code stays internal. License validation still requires a network path to Pixee servers -- either direct or through a proxy. This is not a fully zero-internet-connectivity deployment. If your policy prohibits all outbound connections without exception, read the Known Limitations section below and discuss requirements with Pixee solutions engineering before proceeding. + +## Supported Private LLM Endpoints + +| Provider | Description | Notes | +| --------------------------------- | --------------------------------------------------- | ---------------------------------------------------------- | +| **Azure AI Foundry** | Azure-hosted models in customer's Azure tenant | Customer-owned keys, runs in customer's Azure subscription | +| **Azure Anthropic** | Anthropic models via Azure marketplace | Customer-owned keys, Azure-hosted | +| **OpenAI-compatible gateway** | Self-hosted endpoint exposing OpenAI-compatible API | Custom header auth supported for enterprise gateways | +| **Anthropic via private network** | Direct Anthropic API over private path | Requires network path to Anthropic from within the cluster | + +All providers support custom endpoint URLs and custom header name/value pairs for enterprise gateway authentication. Per-provider preflight checks validate LLM connectivity at install time, catching misconfiguration before your first analysis runs. + +## Requirements + +| Requirement | Specification | +| ---------------------- | ----------------------------------------------------------------------- | +| **Kubernetes** | Same as Helm deployment -- EKS, GKE, AKS, or self-managed | +| **LLM endpoint** | Customer-hosted, accessible from the Pixee namespace within the cluster | +| **Network** | Proxy support (`httpProxy`, `httpsProxy`, `noProxy`) | +| **TLS** | CA cert injection for TLS-intercepting proxies | +| **License validation** | Outbound path to Pixee license server (direct or proxied) | + +Infrastructure requirements (CPU, RAM, storage) match the [Helm / BYO Kubernetes](/enterprise/helm) deployment. + +## Known Limitations + +This section is direct about what air-gapped deployment does not support. Discovering a limitation during a proof of concept that was not disclosed in documentation wastes everyone's time. + +**License validation requires a network path.** Pixee cannot operate in a truly zero-internet-connectivity environment. License validation must reach Pixee servers, either directly or through a proxy. If your security policy prohibits all outbound connections, contact Pixee solutions engineering before proceeding. There is no offline license mode. + +**LLM quality depends on the private endpoint.** The quality of triage decisions and remediation fixes depends on the LLM model available at the private endpoint. If the private model is equivalent to production defaults, triage and fix quality will be identical. Models with lower capability may produce lower merge rates and less accurate triage classifications. + +**Model updates require manual intervention.** In connected deployments, Pixee can leverage updated model configurations automatically. In air-gapped environments, model upgrades require manual endpoint configuration changes and testing. + +**Web search and external research features are unavailable.** LLM tiers that depend on internet access (web search, deep research) do not function in air-gapped deployments. Triage and remediation that rely on code analysis continue to work. The affected capabilities are research-augmented features, not core triage and remediation. + +**Initial deployment takes longer.** Expect additional time for image loading into the local container registry, private endpoint configuration, network verification, and proxy setup compared to connected deployments. + +**Deterministic codemods are unaffected.** Deterministic codemods that require no LLM involvement function identically in air-gapped environments. These fixes carry zero dependency on any LLM endpoint. + +## Proxy and TLS Configuration + +Air-gapped environments frequently involve proxy servers and TLS-intercepting proxies. Pixee supports both. + +**Proxy configuration:** Set `httpProxy`, `httpsProxy`, and `noProxy` in Helm values. Per-provider endpoint overrides are available if different LLM providers require different proxy paths. + +**TLS-intercepting proxy support:** If your network uses a TLS-intercepting proxy, inject your CA certificate so Pixee can establish trust with internal endpoints. This is configured during installation. + +**Verification:** After configuration, validate that the Pixee platform can reach the LLM endpoint and the license server through the proxy. Preflight checks cover LLM connectivity. License validation can be verified from the admin console. + +## Industry Context + +Air-gapped deployments serve specific regulatory environments: + +- **Federal and defense** -- Classified environments where source code cannot traverse public networks. Government customer approval processes require documented data flow before deployment. +- **Financial services** -- Banking regulators require strict data controls. Air-gapped deployment with Azure AI Foundry in the customer's Azure tenant satisfies data residency requirements while enabling AI-powered triage and remediation. +- **Healthcare** -- HIPAA requirements for protected health information (PHI) proximity. Self-hosted deployment with private LLM endpoints keeps all analysis within the healthcare organization's network boundary. + +All three contexts share the same technical deployment. The difference is in the LLM provider choice and network topology. + +## Installation + +Air-gapped installation follows the same Helm deployment process with additional configuration for container image transfer to a local registry, private LLM endpoint settings, proxy configuration, and CA certificates. Preflight checks validate LLM endpoint connectivity and license server access before the first analysis runs. For the current installation procedure and common issues, see the [deployment guide](https://app.pixee.ai/docs/deploy) and [Enterprise Troubleshooting](/enterprise/troubleshooting). + +## Frequently Asked Questions + +### Can Pixee run with zero internet connectivity? + +Not completely. Pixee requires a network path for license validation, either direct or through a proxy. Source code, findings, and LLM requests stay fully within your network, but the license check must reach Pixee servers. There is no offline license mode. + +### Does Pixee work with Azure AI Foundry in an air-gapped environment? + +Yes. Azure AI Foundry is a first-class supported LLM provider for air-gapped deployments. Configure your Azure AI Foundry endpoint and API key during installation. The models run in your Azure subscription with your keys. + +### What happens if the private LLM endpoint goes down? + +Pixee queues analysis tasks and retries when the endpoint becomes available. Existing PRs and triage results are unaffected. Deterministic codemods that require no LLM continue to function regardless of LLM availability. + +### Can I use a self-hosted open-source LLM? + +If the model exposes an OpenAI-compatible API endpoint, it can be configured as Pixee's LLM provider. Triage and fix quality depend on model capability -- lower-capability models may produce lower merge rates and less accurate triage. + +### Does air-gapped deployment affect fix quality? + +Fix quality depends on the LLM model available at your private endpoint. If the private model is equivalent to production defaults, quality is identical. Lower-capability models may produce lower merge rates. Web search and deep research LLM tiers are unavailable in air-gapped environments. Deterministic codemods are unaffected. diff --git a/docs/enterprise/byom.md b/docs/enterprise/byom.md new file mode 100644 index 00000000..d880d300 --- /dev/null +++ b/docs/enterprise/byom.md @@ -0,0 +1,103 @@ +--- +title: Bring Your Own Model +slug: /enterprise/byom +track: leader +content_type: guide +seo_title: Bring Your Own Model - Choose Your LLM Provider for Pixee +description: Configure Pixee with your preferred LLM provider. Supports OpenAI, Azure AI Foundry, Anthropic, and Azure Anthropic with hierarchical model routing. +sidebar_position: 8 +--- + +Pixee lets you choose your LLM provider instead of locking you into a single vendor. Four provider families are supported: OpenAI, Azure AI Foundry, Anthropic, and Azure Anthropic. You own the API keys, pick the vendor, control the bill, and decide which model handles which task through seven named LLM routing tiers. This is the opposite of a black-box AI product. + +## Supported Providers + +| Provider | Description | Use Case | +| -------------------- | ----------------------------------------------------- | ----------------------------------------------------------------- | +| **OpenAI** | Public API or OpenAI-compatible private endpoints | General purpose; air-gapped deployments with a compatible gateway | +| **Azure AI Foundry** | Azure-hosted models in customer's Azure tenant | Azure-centric enterprises with existing Azure agreements | +| **Anthropic** | Direct Anthropic API with Anthropic-optimized prompts | Teams preferring Anthropic models | +| **Azure Anthropic** | Anthropic models via Azure marketplace | Azure-centric organizations that want Anthropic models | + +**Custom endpoint support** allows routing through enterprise API gateways. Custom header name/value pairs handle gateway authentication, so Pixee fits into your existing API management infrastructure. + +**Provider-family-aware prompting** is a design decision worth understanding: when configured for Anthropic, Pixee uses Anthropic-optimized triage prompts -- not a lowest-common-denominator approach that treats all providers identically. This matters for triage accuracy and fix quality. Most single-model AI products cannot do this because they are built around a single provider. + +## Hierarchical Model Routing + +Seven named tiers let enterprises control which model handles which workflow stage. Each tier is independently configurable for model selection, endpoint, and effort level. + +| Tier | Purpose | What You Control | +| ----------------- | ------------------------------------------------ | --------------------------------------------------- | +| **Default** | General-purpose calls | Model selection, endpoint | +| **Reasoning** | Deep triage decisions requiring careful analysis | Higher-capability model for complex classifications | +| **Fast** | Quick classification of straightforward findings | Lower-latency model for speed | +| **Web Search** | External research augmentation | Model with web access capability | +| **SCA** | Software composition analysis | Model tuned for dependency analysis | +| **Deep Research** | In-depth vulnerability investigation | Research-capable model | +| **Codegen** | Fix generation | Generation strategy selection | + +### Why This Matters + +**Cost optimization.** Route simple classifications to cheaper, faster models. Reserve expensive, high-capability models for complex triage decisions that justify the cost. Your LLM bill reflects the actual complexity of each task, not a one-size-fits-all model choice. + +**Quality optimization.** Complex multi-file vulnerabilities get a reasoning-capable model. Straightforward SQL injection patterns get a fast model. The right model for the right task. + +**Latency control.** Speed-sensitive workflows (fast classification, initial triage) use low-latency models. Quality-sensitive workflows (deep triage, fix generation) use higher-capability models regardless of latency. + +Most competitors in the AI-assisted AppSec space use a single model for all tasks. Hierarchical routing lets enterprises tune the cost-quality-latency surface per workflow stage. + +## Configuration + +**During installation:** Select your LLM provider through the admin console (embedded cluster) or Helm values (BYO Kubernetes). Provide the API key and endpoint URL. + +**Per-tier model configuration:** After initial setup, assign specific models to each of the seven tiers based on your cost, quality, and latency requirements. + +**Preflight checks:** Every provider configuration is validated at install time. Preflight checks catch LLM misconfiguration immediately -- not when your first analysis runs and fails. This is a small detail that saves hours of debugging. + +**Switching providers:** LLM provider configuration can be changed after initial deployment through the admin console or Helm values update. No data migration or reprocessing is required. + +## Governance Controls + +Bring Your Own Model is not just a technical feature -- it is a governance feature. + +| Control | Detail | +| ------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | +| **Key ownership** | Customer owns all API keys. Pixee never stores or accesses customer LLM credentials. | +| **Traffic routing** | All LLM traffic routes through the customer's account. Pixee does not proxy LLM calls for self-hosted deployments. | +| **Cost visibility** | LLM usage appears on the customer's standard cloud billing. No hidden costs or Pixee-side LLM charges for self-hosted deployments. | +| **Audit trail** | Every triage decision includes the LLM justification. Auditors can see what the model was asked and what it answered. | + +For full data flow details and credential handling, see [Security Architecture](/enterprise/security-architecture). + +## LLM Resilience + +When an LLM provider is unavailable, Pixee handles the degradation: + +- **Task queuing.** Analysis tasks are queued and retried automatically when the provider becomes available. No manual intervention is needed. +- **Deterministic codemods continue.** Deterministic codemods that require no LLM involvement function regardless of LLM availability. A provider outage does not stop all remediation -- it stops AI-powered remediation only. +- **Existing results are unaffected.** Triage decisions and PRs that have already been delivered are not affected by provider unavailability. Historical data persists independently. + +This resilience architecture means an LLM outage degrades Pixee's capability without halting it entirely. + +## Frequently Asked Questions + +### Can I bring my own LLM model with Pixee? + +Yes. Pixee supports four LLM provider families: OpenAI, Azure AI Foundry, Anthropic, and Azure Anthropic. You configure your API keys and endpoint, and Pixee routes all AI inference through your account. + +### Can I use different models for different tasks? + +Yes. Seven named LLM tiers let you assign different models to triage, remediation, classification, research, and other workflow stages. This lets you balance cost, quality, and latency per task type. + +### Does Pixee use Anthropic-optimized prompts for Anthropic models? + +Yes. Pixee uses provider-family-aware prompting. When configured for Anthropic, the triage engine uses Anthropic-optimized prompt structures rather than a generic approach. + +### What happens if my LLM provider is unavailable? + +Pixee queues tasks and retries when the provider becomes available. Deterministic codemods that require no LLM continue functioning regardless of LLM availability. + +### Can I use a self-hosted open-source model? + +If your model exposes an OpenAI-compatible API endpoint, it can be configured as a provider. Quality of triage and remediation depends on model capability. diff --git a/docs/enterprise/compliance.md b/docs/enterprise/compliance.md new file mode 100644 index 00000000..98bf5f86 --- /dev/null +++ b/docs/enterprise/compliance.md @@ -0,0 +1,109 @@ +--- +title: Compliance +slug: /enterprise/compliance +track: leader +content_type: conceptual +seo_title: Compliance - SOC 2, HIPAA, FedRAMP, PCI-DSS, and NIST 800-53 Mapping +description: Pixee compliance mapping for SOC 2, HIPAA, FedRAMP, PCI-DSS, NIST 800-53, and ISO 27001. Covers audit evidence, data residency, and AI governance. +sidebar_position: 6 +--- + +Pixee supports compliance requirements by providing audit-ready evidence for every triage decision and remediation action. Every finding classification includes a timestamped, reasoned record with LLM justification. Every fix is delivered as a traceable pull request with full diff visibility. This page maps Pixee capabilities to SOC 2, HIPAA, FedRAMP, PCI-DSS, NIST 800-53, and ISO 27001 control requirements. + +## How Pixee Supports Compliance + +Pixee's compliance value rests on four architectural properties: + +**Audit trail.** Every triage decision is persisted with a timestamp, the classification outcome (true positive, false positive, won't fix), and the LLM justification that produced the verdict. This record exists for the lifetime of the deployment and is backfilled for findings analyzed before the audit feature was added. + +**Traceability.** Every fix is a Git commit within a pull request. The PR includes the proposed diff, quality scores (safety, effectiveness, cleanliness), the vulnerability that triggered the fix, and the merge status. Standard Git history provides the full chain from finding to resolution. + +**No bypass.** The PR-only workflow is an architectural constraint, not an optional setting. All changes go through your existing code review, CI/CD pipelines, and branch protection rules. Pixee adds validation layers before your existing gates -- it does not bypass them. + +**Compliance acceleration.** Automated triage and remediation help organizations meet contractual timeframes for critical and high-severity findings. Banking and healthcare teams with two-month remediation windows have reported that automation changes the math from "physically impossible" to "consistently achievable." + +## Framework Mapping + +The table below maps Pixee capabilities to specific controls in six compliance frameworks. Pixee describes how its capabilities align with these controls -- not claims of formal certification unless explicitly stated. + +| Framework | Relevant Controls | How Pixee Supports | +| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **SOC 2 Type II** | CC6.1 (logical access controls), CC7.1 (system monitoring), CC8.1 (change management) | Audit-ready triage records with timestamped justification. PR-based change tracking for every remediation. Role-based access via SSO (Google, Microsoft Entra ID, Okta). Every disposition persisted for control sampling. | +| **HIPAA** | 164.312(a)(1) access control, 164.312(c)(1) integrity controls, 164.312(d) authentication | Self-hosted deployment keeps PHI-adjacent data in customer network. SSO integration. Audit trail for all triage and remediation actions. PR workflow preserves change integrity. | +| **FedRAMP** | AC-2 (account management), AU-2 (auditable events), CM-3 (configuration change control) | Air-gapped deployment with no source code leaving the network. Comprehensive audit event logging. Configuration changes documented through PR workflow. | +| **PCI-DSS** | 6.3 (secure development), 6.5 (common vulnerability remediation), 10.2 (audit trails) | Automated vulnerability remediation with full audit evidence. Triage decisions provide evidence for vulnerability management requirements. PR history for change documentation. | +| **NIST 800-53** | RA-5 (vulnerability monitoring and scanning), SA-11 (developer testing), SI-2 (flaw remediation) | Automated triage with classification evidence. Remediation with traceable fixes. Continuous monitoring via 12 native scanner integrations and triage automation. | +| **ISO 27001** | A.12.6.1 (management of technical vulnerabilities), A.14.2.2 (system change control) | Vulnerability management automation with audit evidence. Change control integration through PR workflow. Exportable records for audit review. | +| **OCC 2013-29** (Third-Party Risk) | Third-party risk management, vendor due diligence, ongoing monitoring | Pixee supports vendor risk assessment via documented security controls, data classification, and audit trail. Self-hosted deployment keeps all data within customer network. | +| **FFIEC IT Examination Handbook** | Outsourced Technology Services examination procedures | Audit trail for vulnerability management lifecycle maps to examination procedures. Event-sourced triage decisions provide examiner-ready evidence. | +| **NYDFS 23 NYCRR 500** | 500.5 (vulnerability assessment), 500.6 (audit trail), 500.7 (access controls), 500.15 (data encryption), 500.17 (incident response and notification) | Cybersecurity requirements addressed via: access controls (500.7), audit trail (500.6), vulnerability assessment (500.5), and data encryption (500.15). Incident response (500.17) and notification handled via customer's existing IR process with Pixee audit data as evidence input. | + +**SOC 2 receives the most detailed treatment** because it is the most frequently requested framework in enterprise evaluation. SOC 2 control sampling relies on evidence that every change is authorized, reviewed, and documented -- properties that Pixee's PR workflow provides by architectural design. + +For the current status of Pixee's own SOC 2 certification, contact the Pixee team. + +## Audit Evidence + +Pixee generates and persists the following evidence for every analysis: + +| Evidence Type | What It Contains | Export Format | +| ----------------------- | ------------------------------------------------------------------------------------- | ------------------- | +| **Triage records** | Classification (TP/FP/won't fix), LLM justification, timestamp, finding metadata | CSV, JSON, API | +| **Fix evidence** | PR link, full diff, quality scores (safety, effectiveness, cleanliness), merge status | CSV, JSON, API | +| **Activity feed** | Event-sourced analysis history with outcome banners | API (SSE streaming) | +| **Historical backfill** | Activity persistence backfilled for findings analyzed before audit features | Automatic | + +Evidence is exportable via the reporting API in CSV and JSON formats for integration with compliance platforms and GRC tools. The API supports automated evidence collection workflows -- your compliance team does not need to manually extract data from the Pixee UI. + +## Data Residency and Data Handling + +Compliance-driven organizations frequently ask where data lives. The answer depends on your deployment model: + +| Deployment Model | Data Residency | LLM Data Handling | +| -------------------- | -------------------------------------------- | --------------------------------------------------- | +| **Cloud SaaS** | Pixee cloud (see Pixee data handling policy) | Pixee-managed LLM providers | +| **Embedded Cluster** | Customer network | Customer's LLM provider in customer's chosen region | +| **Helm / BYO K8s** | Customer network | Customer's LLM provider in customer's chosen region | +| **Air-Gapped** | Customer network (isolated) | Customer's private LLM endpoint | + +For self-hosted deployments, source code and scanner findings stay in the customer's network. LLM inference uses the customer's chosen provider in the customer's chosen region. The only outbound connection is license validation, which can be proxied. + +**Banking teams** with data residency requirements: self-hosted deployment keeps all analysis data within your network perimeter. **Healthcare teams** with HIPAA requirements: the same applies, with the additional benefit of audit-ready evidence for vulnerability management controls. **Federal teams** with FedRAMP requirements: air-gapped deployment provides the strictest data isolation. See [Air-Gapped Deployment](/enterprise/air-gap) for capabilities and limitations. + +For full data flow details, see [Security Architecture](/enterprise/security-architecture). + +## Responsible AI Governance + +For organizations with AI governance committees or Responsible AI councils: + +The architecture provides verifiable answers to common governance questions: + +- **Multiple documented validation layers** -- constrained generation, independent evaluation, PR review, CI/CD testing, SAST re-scanning +- **Human-in-the-loop** -- PR-only workflow is an architectural constraint, not a configuration option +- **No bypass of existing governance gates** -- Pixee adds layers before your existing review process +- **Narrow scope** -- security fixes only (1-5 lines applying OWASP/SANS patterns), not general-purpose code generation +- **Deterministic floor** -- deterministic codemods use zero LLM involvement with zero hallucination risk (see [Codemodder](/open-source/codemodder) for the full catalog) + +For the full technical trust framework, see [Security & Trust](/platform/security) and [Fix Safety & Validation](/how-it-works/fix-safety). + +## Frequently Asked Questions + +### How does Pixee help with SOC 2 compliance? + +Pixee provides audit-ready evidence for vulnerability management controls: timestamped triage decisions with reasoned justification, PR-based remediation with full change tracking, and exportable reports for control sampling. Every disposition is persisted for the lifetime of the deployment. + +### Is Pixee SOC 2 Type II certified? + +Contact the Pixee team for the current status of SOC 2 certification. + +### Does Pixee support FedRAMP requirements? + +Pixee supports FedRAMP-relevant controls through air-gapped deployment (no source code leaves your network), audit event logging, and configuration change documentation. See [Air-Gapped Deployment](/enterprise/air-gap) for disconnected environment details and known limitations. + +### How does Pixee handle data residency requirements? + +Self-hosted deployments keep all data in the customer's network. LLM inference uses the customer's chosen provider in the customer's chosen region. The only outbound connection is license validation, which can be proxied. + +### Can Pixee generate compliance reports automatically? + +Yes. Pixee's reporting API exports triage decisions, fix outcomes, and audit trails in CSV and JSON formats for integration with compliance platforms and GRC tools. diff --git a/docs/enterprise/deployment.md b/docs/enterprise/deployment.md new file mode 100644 index 00000000..4a893b4b --- /dev/null +++ b/docs/enterprise/deployment.md @@ -0,0 +1,160 @@ +--- +title: Deployment Options +slug: /enterprise/deployment +track: leader +content_type: guide +seo_title: Deployment Options - SaaS, Self-Hosted, and Air-Gapped Security Automation +description: "Compare Pixee deployment models: cloud SaaS, embedded cluster, Helm/BYO Kubernetes, and air-gapped. Includes data flow tables and infrastructure requirements." +sidebar_position: 2 +--- + +Pixee offers four deployment models: cloud SaaS, a turnkey embedded cluster for organizations without Kubernetes, a standard Helm chart for existing EKS/GKE/AKS clusters, and a fully air-gapped deployment with private LLM endpoints. Every model delivers the same triage and remediation engine. The only difference is where the infrastructure runs and how data flows through your network. + +This page provides architecture descriptions, data flow tables, and infrastructure requirements for each model. Security teams reviewing Pixee for enterprise deployment should start here. + +## Deployment Model Comparison + +### Cloud SaaS Architecture + +Pixee manages all infrastructure. The customer installs a GitHub App, GitLab PAT, Azure DevOps PAT, or Bitbucket API token. Source code access flows through the SCM integration. Analysis, triage, and LLM inference run on Pixee-managed infrastructure. Fixes are delivered as pull requests back to the customer's SCM. + +**Component layout:** Pixee platform (Pixee-managed cloud) connects to customer SCM via API. LLM inference runs on Pixee-managed providers. All processing happens outside the customer network. Results return as PRs through the SCM API. + +### Embedded Cluster Architecture + +A single Linux VM hosts the complete Pixee platform as a turnkey appliance. The installer provisions K3s (Kubernetes 1.32), storage, authentication, and observability automatically. The KOTS admin console provides a form-based UI for configuration. No Kubernetes expertise is required. + +**Component layout:** Customer VM runs Pixee platform, analysis service, and user platform. LLM inference routes to the customer's chosen provider (OpenAI, Azure AI Foundry, Anthropic, or Azure Anthropic) from within the customer network. SCM integration connects to internal or cloud-hosted SCM. Admin console runs on port 30000. + +### Helm / BYO Kubernetes Architecture + +The Pixee Helm chart deploys into an existing customer-managed Kubernetes cluster. Conditional subcharts let platform engineering teams swap embedded components for their own services -- BYO database, object store, observability, and identity provider. + +**Component layout:** Customer Kubernetes cluster (EKS, GKE, AKS, or self-managed) runs Pixee platform, analysis service, and user platform as pods. Embedded subcharts (SeaweedFS, CloudNativePG, VictoriaMetrics, Grafana, Authentik) are each independently replaceable. LLM inference routes to the customer's provider. SCM integration connects via the cluster's network. + +### Air-Gapped Architecture + +The same Helm chart deploys into a disconnected environment. LLM inference runs against a customer-hosted private endpoint. Source code and findings never traverse the public internet. + +**Component layout:** Customer Kubernetes cluster in an isolated network runs the full Pixee stack. LLM inference routes to a private endpoint (Azure AI Foundry, Azure Anthropic, or OpenAI-compatible gateway) within the customer's network boundary. The only outbound connection is license validation, which can be proxied. SCM integration connects to the internal SCM instance. + +| Model | Infrastructure | LLM | Data Residency | K8s Required | Best For | +| -------------------- | -------------- | --------------- | ------------------ | ---------------- | --------------------------------- | +| **Cloud SaaS** | Pixee-managed | Pixee-managed | Pixee cloud | No | Zero-infra teams | +| **Embedded Cluster** | Customer VM | Customer-chosen | Customer network | No (K3s bundled) | No-K8s orgs, regulated industries | +| **Helm / BYO K8s** | Customer K8s | Customer-chosen | Customer network | Yes | Platform-engineering teams | +| **Air-Gapped** | Customer K8s | Customer-hosted | Air-gapped network | Yes | Federal, finance, healthcare | + +## Data Flow by Deployment Model + +This table answers the question security teams ask first: "What data leaves my network?" + +| Data Type | Cloud SaaS | Embedded Cluster | Helm / BYO K8s | Air-Gapped | +| ------------------------ | ------------------- | ------------------------- | ------------------------- | ---------------------------- | +| Source code snippets | Sent to Pixee cloud | Stays in customer network | Stays in customer network | Stays in customer network | +| Scanner findings (SARIF) | Sent to Pixee cloud | Stays in customer network | Stays in customer network | Stays in customer network | +| LLM inference requests | Pixee-managed | Customer's LLM provider | Customer's LLM provider | Customer's private endpoint | +| PR/MR content | Via SCM API | Via SCM API (internal) | Via SCM API (internal) | Via SCM API (internal) | +| License validation | Pixee cloud | Pixee cloud (or proxy) | Pixee cloud (or proxy) | Pixee cloud (proxy required) | +| Telemetry (opt-in) | Pixee cloud | Pixee cloud (toggleable) | Pixee cloud (toggleable) | Blocked | + +**Key takeaway for self-hosted models:** Source code, scanner findings, and LLM requests stay in your network. The only outbound connection is license validation, which supports proxy configuration. + +## Infrastructure Requirements + +| Requirement | Embedded Cluster | Helm / BYO K8s | +| -------------------- | ----------------------------------------------------------- | ----------------------------------------------------- | +| **Compute** | 8 vCPU, 32 GB RAM | 8+ vCPU, 32+ GB RAM | +| **Storage** | 100 GB+ SSD/NVMe (under 10 ms write latency) | 100 GB+ SSD/NVMe | +| **Operating system** | Ubuntu 24.04+ (recommended), RHEL 9, Rocky Linux, AlmaLinux | N/A (Kubernetes cluster) | +| **Kubernetes** | K3s bundled (v1.32) | EKS, GKE, AKS, or self-managed | +| **Helm CLI** | N/A | v3.15+ | +| **Network** | Port 443 (HTTPS), Port 30000 (admin console) | Port 443 (HTTPS) | +| **Internet** | Required for initial install; proxy support available | Required for initial install; proxy support available | + +## Multi-Tenancy and Business Unit Isolation + +A single Pixee deployment supports multiple SCM organizations simultaneously. Repository-level access controls restrict which users can view and act on which repositories, providing organizational boundaries within a shared deployment. + +**Role-based access control.** Three roles -- Admin, Security Lead, and Member -- provide access granularity within a deployment. Admins manage configuration and user access. Security Leads oversee triage decisions and fix policies. Members interact with PRs in their assigned repositories. + +**Regulatory data isolation.** For business units with strict data separation requirements -- such as investment banking and consumer banking divisions, or units subject to different regulatory regimes -- separate Pixee deployments are recommended. Separate deployments ensure that code, findings, triage decisions, and LLM inference requests from one business unit never share infrastructure with another. + +Contact Pixee solutions engineering for guidance on multi-deployment architectures for regulated environments. + +## Network Connections by Deployment Model + +For security teams conducting network reviews, this table maps every external connection Pixee requires. + +| Connection | Purpose | Cloud SaaS | Embedded Cluster | Helm / BYO K8s | Air-Gapped | +| ----------------------------- | ----------------------------- | ------------- | ------------------- | ------------------- | ---------------- | +| SCM webhooks (inbound 443) | Repository events | Pixee cloud | Customer network | Customer network | Customer network | +| LLM endpoint (outbound) | AI inference | Pixee-managed | Customer's provider | Customer's provider | Private endpoint | +| License server (outbound) | License validation | Pixee cloud | Direct or proxy | Direct or proxy | Proxy required | +| Telemetry (outbound, opt-in) | Usage metrics | Pixee cloud | Toggleable | Toggleable | Blocked | +| Container registry (outbound) | Image pulls (install/upgrade) | N/A | Required | Required | Pre-loaded | + +No other outbound connections are required. Self-hosted deployments require no inbound connections except SCM webhooks on port 443. + +## Choosing a Deployment Model + +Use this decision tree to narrow down your model: + +1. **Can you manage Kubernetes?** + - Yes -- [Helm / BYO Kubernetes](/enterprise/helm) + - No -- [Embedded Cluster](/enterprise/embedded-cluster) + +2. **Do you require air-gapped deployment?** + - Yes -- [Air-Gapped Deployment](/enterprise/air-gap) + - No -- continue + +3. **Do you want zero infrastructure management?** + - Yes -- Cloud SaaS + - No -- embedded cluster or Helm (based on step 1) + +4. **Do you have regulatory data residency requirements?** + - Banking or healthcare with strict data residency -- embedded cluster or air-gapped + - Federal or classified environments -- air-gapped + - Standard enterprise -- any self-hosted model based on your Kubernetes posture + +## Security Review Summary + +**Data classification:** Pixee analyzes vulnerability-relevant code snippets -- not entire repositories. No absolute paths, repository URLs, git metadata, commit hashes, or author information are sent to LLM inference. Scanner findings (SARIF data) stay within the deployment boundary for all self-hosted models. + +**Network requirements:** Self-hosted deployments require outbound access for license validation only (proxyable). LLM inference routes to the customer's chosen provider within the customer's network. No inbound connections are required except SCM webhooks on port 443. + +**Credential management:** SCM tokens (GitHub App private key, GitLab PAT, Azure DevOps PAT, Bitbucket API token) and LLM API keys are stored in Kubernetes secrets. External secret manager integration (Vault, External Secrets Operator, SOPS) is supported via `existingSecret` references. No credentials are stored in Helm values. + +**For the full security review:** See [Security Architecture](/enterprise/security-architecture) for data flow diagrams, access control details, AI governance controls, and credential handling specifics. + +## Sizing Guidance + +| Deployment Size | Repositories | Recommended Resources | Deployment Model | +| --------------- | ------------ | ---------------------------------- | --------------------------- | +| Small | Up to 50 | 8 vCPU, 32 GB RAM, 100 GB SSD | Embedded Cluster | +| Medium | 50-500 | 16 vCPU, 64 GB RAM, 250 GB SSD | Helm / BYO K8s | +| Large | 500+ | 32+ vCPU, 128+ GB RAM, 500+ GB SSD | Helm / BYO K8s (multi-node) | + +These are starting recommendations. Actual resource requirements depend on finding volume, concurrent analysis workload, and LLM inference latency. Contact Pixee solutions engineering for sizing guidance on large deployments. + +## Frequently Asked Questions + +### What data does Pixee send outside my network? + +In self-hosted deployments (embedded cluster, Helm, air-gapped), source code and scanner findings stay in your network. LLM inference uses your chosen provider. The only outbound connection is license validation, which can be proxied. See the data flow table above for details per deployment model. + +### Does Pixee require Kubernetes expertise? + +No. The embedded cluster deployment installs a complete K3s-based platform on a single Linux VM with a form-based admin console. No Kubernetes knowledge required. The Helm deployment does require an existing Kubernetes cluster and Helm CLI experience. See [Embedded Cluster](/enterprise/embedded-cluster) for details. + +### Can Pixee run in my existing EKS/GKE/AKS cluster? + +Yes. The Helm chart deploys into any customer-provided Kubernetes cluster. Conditional subcharts let you swap embedded components for your own services (S3, PostgreSQL, observability, auth). See [Helm / BYO Kubernetes](/enterprise/helm) for details. + +### How long does deployment take? + +Embedded cluster and Helm deployments typically complete in under one hour. Air-gapped deployments take longer due to private LLM endpoint configuration and network verification. + +### Does Pixee support multi-cloud? + +Yes. The Helm chart includes storage-class configurations for EKS (gp2/gp3), GKE (standard-rwo), AKS (managed-csi), and K3s local default. A single Pixee deployment can connect to multiple SCM platforms simultaneously. diff --git a/docs/enterprise/embedded-cluster.md b/docs/enterprise/embedded-cluster.md new file mode 100644 index 00000000..986a9296 --- /dev/null +++ b/docs/enterprise/embedded-cluster.md @@ -0,0 +1,117 @@ +--- +title: Embedded Cluster +slug: /enterprise/embedded-cluster +track: leader +content_type: guide +seo_title: Embedded Cluster - Deploy Pixee on a Single VM Without Kubernetes Expertise +description: Deploy Pixee Enterprise as a turnkey appliance on a single Linux VM. K3s-based with KOTS admin console. No Kubernetes expertise required. +sidebar_position: 3 +--- + +The embedded cluster deployment installs the full Pixee platform -- Kubernetes runtime, storage, authentication, and observability -- as a turnkey single-tenant appliance on a single Linux VM. No Kubernetes expertise is needed. A single command installs K3s, the Pixee platform, and a form-based admin console for day-two operations. This is the fastest path to self-hosted Pixee for organizations without existing Kubernetes infrastructure. + +## Who This Is For + +The embedded cluster is built for organizations that need self-hosted deployment but do not have (or do not want to use) existing Kubernetes infrastructure: + +- **Regulated industries** (finance, healthcare, public sector) requiring dedicated-tenant deployment inside the customer perimeter +- **Teams without Kubernetes engineers** that still need self-hosted security automation +- **Evaluation environments** where standing up a full Kubernetes cluster is not justified for a proof of concept + +Most AI-assisted AppSec tools are cloud-only SaaS. The embedded cluster delivers the same triage and remediation engine as the cloud offering, running entirely within your network, without requiring platform engineering expertise. + +## Prerequisites + +Verify these requirements with your infrastructure team before installation. + +| Requirement | Specification | +| -------------------- | ----------------------------------------------------------- | +| **Operating system** | Ubuntu 24.04+ (recommended), RHEL 9, Rocky Linux, AlmaLinux | +| **CPU** | 8 vCPU minimum | +| **RAM** | 32 GB minimum | +| **Storage** | 100 GB+ SSD/NVMe, under 10 ms write latency | +| **Network** | Port 443 (HTTPS), Port 30000 (admin console) | +| **Internet** | Required for initial install; proxy support available | + +The VM can run on any infrastructure: physical servers, VMware, Hyper-V, cloud VMs (EC2, Azure VMs, GCE), or any other virtualization platform. + +**Storage performance matters.** The 10 ms write latency requirement is not optional. Pixee persists triage decisions, fix metadata, and analysis state to disk. Slow storage causes analysis timeouts and degraded platform performance. Use SSD or NVMe -- not spinning disk or network-attached storage with high latency. + +**Proxy environments.** If your VM accesses the internet through a proxy, proxy configuration is supported during installation. TLS-intercepting proxies are also supported via CA cert injection. + +## Installation + +The embedded cluster installs with a single command on a Linux VM meeting the prerequisites above. The installer provisions K3s (Kubernetes 1.32), deploys the Pixee platform, and starts a KOTS-powered admin console on port 30000. The admin console provides a form-based UI for all configuration -- domain, TLS, authentication, LLM provider, and SCM connections. No YAML editing or manual Kubernetes configuration is required at any point. For the current installer command and step-by-step walkthrough, see the [deployment guide](https://app.pixee.ai/docs/deploy). + +**Configuration options available in the admin console:** + +| Configuration | Options | +| -------------------- | ---------------------------------------------------------------------------- | +| **Domain and TLS** | Upload certificate, self-signed certificate, or Let's Encrypt | +| **Authentication** | None (evaluation), embedded OIDC, Google Workspace, Microsoft Entra ID, Okta | +| **LLM provider** | OpenAI, Azure AI Foundry, Anthropic, Azure Anthropic | +| **SCM integrations** | GitHub App, GitLab PAT, Azure DevOps PAT, Bitbucket API token | + +Each provider selection includes preflight checks that catch misconfiguration at install time -- not when you run your first analysis. + +## Admin Console Overview + +The KOTS admin console is the day-two operations interface for the embedded cluster: + +- **Configuration management** -- All settings are managed through a form-based UI. Changes are applied without manual Kubernetes intervention. +- **Upgrades** -- New Pixee versions are delivered through the admin console. Upgrades are single-step operations with rollback support. +- **Health monitoring** -- Platform status, service health, and resource usage are visible from the console dashboard. +- **Diagnostics** -- Support bundle generation collects logs and configuration data for troubleshooting. Log size and age limits are configurable before generation. +- **Backup and restore** -- Data protection operations are managed from the admin console. + +The key message for infrastructure teams: you do not need to learn Kubernetes to operate Pixee. The admin console abstracts all cluster management into a familiar web interface. + +## Upgrading + +Pixee releases updates approximately every two weeks. Upgrades are delivered through the admin console: + +1. The admin console notifies you when a new version is available +2. Review the release notes in the console +3. Apply the upgrade as a single-step operation +4. The console displays upgrade progress and rolls back automatically if the upgrade fails + +The embedded cluster version tracks the Pixee Enterprise release cadence. Approximately 25 releases have shipped in the last 6 months -- the platform is actively maintained and improved. + +## Security Considerations + +The embedded cluster runs as a single-tenant deployment on your infrastructure: + +- **Data isolation.** All source code, scanner findings, and triage decisions stay on the VM. Only LLM inference and license validation generate outbound traffic. +- **Network control.** The VM requires port 443 (HTTPS for SCM webhooks and UI access) and port 30000 (admin console). No other inbound ports are needed. +- **Credential management.** SCM tokens and LLM API keys are stored in Kubernetes secrets within the cluster. External secret manager integration is supported. +- **TLS options.** Upload your own certificate, use a self-signed certificate for evaluation, or configure Let's Encrypt for automatic certificate management. + +For the full security review, see [Security Architecture](/enterprise/security-architecture). + +## When to Choose Helm Instead + +The embedded cluster is the right choice for most organizations without existing Kubernetes. Consider the [Helm / BYO Kubernetes](/enterprise/helm) deployment if: + +- You already have an EKS, GKE, AKS, or self-managed Kubernetes cluster +- You want to swap embedded components for your own services (BYO database, BYO object store, BYO observability) +- Your platform engineering team prefers Helm-managed deployments and wants to integrate Pixee into existing cluster operations + +Both deployment models deliver the same triage and remediation capabilities. The choice is about infrastructure preference, not product functionality. + +## Frequently Asked Questions + +### Do I need Kubernetes experience to deploy Pixee? + +No. The embedded cluster deployment handles all Kubernetes components automatically. The admin console is a form-based UI for all configuration -- no YAML editing, no kubectl commands, no cluster management. + +### What Kubernetes distribution does the embedded cluster use? + +The embedded cluster is built on K3s (Kubernetes 1.32) distributed via Replicated Embedded Cluster. + +### Can I run the embedded cluster in a VM on my existing infrastructure? + +Yes. The embedded cluster runs on any Linux VM that meets the prerequisites -- physical servers, VMware, Hyper-V, cloud VMs (EC2, Azure VMs, GCE), or any other virtualization platform. + +### How do I upgrade the embedded cluster? + +Upgrades are managed through the KOTS admin console. New versions are delivered as single-step upgrades with rollback support. No manual Kubernetes operations are required. diff --git a/docs/enterprise/enterprise-overview.md b/docs/enterprise/enterprise-overview.md new file mode 100644 index 00000000..1ebed261 --- /dev/null +++ b/docs/enterprise/enterprise-overview.md @@ -0,0 +1,96 @@ +--- +title: Enterprise Overview +slug: /enterprise/overview +track: leader +content_type: conceptual +seo_title: Enterprise Overview - Self-Hosted Security Automation +description: Pixee Enterprise deployment models, compliance controls, identity management, and operational metrics. +sidebar_position: 1 +--- + +Pixee Enterprise deploys into your infrastructure -- cloud SaaS, turnkey embedded cluster, Helm into existing Kubernetes, or fully air-gapped with your own LLM. Every deployment model delivers the same triage and remediation engine, the same scanner integrations, and the same audit trail. This section covers deployment options, compliance, security architecture, and how to measure operational impact. + +## Enterprise Capabilities + +Enterprise adds infrastructure control, identity management, and compliance capabilities on top of the core triage and remediation engine. + +- **Self-hosted deployment** -- run Pixee on your infrastructure with your network policies +- **SSO and access control** -- Google Workspace, Microsoft Entra ID, Okta, or embedded OIDC +- **Bring Your Own Model (BYOM)** -- choose your LLM provider, own the keys, control the bill +- **Compliance controls** -- audit-ready triage records, exportable evidence, framework alignment +- **Bundled observability** -- metrics, logs, traces, and dashboards ship in the Helm chart +- **Enterprise support** -- dedicated solutions engineering + +Pixee ships approximately 25 releases every 6 months. Four deployment models, four LLM provider families, and four SCM integrations (GitHub, GitLab, Azure DevOps, Bitbucket) are available from a single deployment. + +A single Pixee Enterprise deployment supports multiple SCM platforms simultaneously. + +## Deployment Models at a Glance + +| Model | Best For | Infra Required | Time to Deploy | +| ------------------------- | ----------------------------------------------------- | ------------------------------------------ | -------------- | +| **Cloud SaaS** | Teams wanting zero infrastructure management | None | Minutes | +| **Embedded Cluster** | Orgs without Kubernetes, regulated industries | Single Linux VM (8 vCPU, 32 GB RAM) | Under 1 hour | +| **Helm / BYO Kubernetes** | Orgs with existing EKS/GKE/AKS clusters | Customer Kubernetes cluster | Under 1 hour | +| **Air-Gapped** | Federal, financial services, healthcare (no internet) | Customer Kubernetes + private LLM endpoint | Hours | + +Every model delivers the same triage and remediation engine. The only difference is where the infrastructure runs and how data flows through your network. See [Deployment Options](/enterprise/deployment) for architecture diagrams, data flow tables, and infrastructure requirements. + +## Enterprise Capabilities Summary + +| Capability | Status | Detail Page | +| --------------------------------------------------------------------------- | ------ | ---------------------------------------------------------- | +| Self-hosted deployment (embedded cluster and Helm) | GA | [Deployment Options](/enterprise/deployment) | +| Air-gapped deployment with private LLM | GA | [Air-Gapped Deployment](/enterprise/air-gap) | +| SSO (Google Workspace, Microsoft Entra ID, Okta) | GA | [Security Architecture](/enterprise/security-architecture) | +| Bring Your Own Model (OpenAI, Azure AI Foundry, Anthropic) | GA | [Bring Your Own Model](/enterprise/byom) | +| Bundled observability (metrics, logs, traces, dashboards) | GA | [Observability](/enterprise/observability) | +| Compliance mapping (SOC 2, HIPAA, FedRAMP, PCI-DSS, NIST 800-53, ISO 27001) | GA | [Compliance](/enterprise/compliance) | +| Multi-SCM support (GitHub, GitLab, Azure DevOps, Bitbucket) | GA | [Getting Started](/) | +| Hierarchical LLM routing (7 named tiers) | GA | [Bring Your Own Model](/enterprise/byom) | +| Audit-ready triage records with LLM justification | GA | [Compliance](/enterprise/compliance) | +| Role-based access control | GA | [Security Architecture](/enterprise/security-architecture) | + +## Measuring Success + +Track these metrics from the Pixee reporting dashboard to evaluate operational impact: + +| Metric | What It Measures | Source | +| ------------------------------- | ----------------------------------------------------------------- | ------------------------------------- | +| **Merge rate** | Percentage of Pixee PRs merged by developers | Pixee dashboard: fix activity | +| **Triage reduction** | Percentage of findings automatically classified (TP/FP/won't-fix) | Pixee dashboard: triage summary | +| **MTTR** | Time from finding detection to merged fix | Pixee reporting: remediation velocity | +| **Compliance window adherence** | Critical/high findings remediated within required timeframes | Pixee reporting + compliance tool | +| **Finding volume trend** | Total open findings over time | Pixee dashboard: backlog view | + +See [Fix Safety](/how-it-works/fix-safety) for production metrics on fix quality and validation. + +## What's Next + +**Evaluating deployment options?** Start with [Deployment Options](/enterprise/deployment) for architecture diagrams and data flow tables. + +**Planning the rollout?** The [Phased Rollout Guide](/enterprise/phased-rollout) covers the single-repo-to-enterprise adoption path with decision gates at each phase. + +**Reviewing compliance requirements?** The [Compliance](/enterprise/compliance) page maps Pixee capabilities to SOC 2, HIPAA, FedRAMP, PCI-DSS, NIST 800-53, and ISO 27001. + +## Frequently Asked Questions + +### Does Pixee support self-hosted deployment? + +Yes. Pixee offers three self-hosted deployment models: a turnkey embedded cluster (single Linux VM, no Kubernetes expertise needed), a standard Helm chart for existing Kubernetes clusters (EKS, GKE, AKS), and a fully air-gapped deployment with your own private LLM endpoint. See [Deployment Options](/enterprise/deployment) for details. + +### What metrics does Pixee track? + +The reporting dashboard tracks merge rate, triage reduction, MTTR, compliance window adherence, and finding volume trends. See the Measuring Success section above for details. + +### What compliance frameworks does Pixee support? + +Pixee maps to SOC 2, HIPAA, FedRAMP, PCI-DSS, NIST 800-53, and ISO 27001 control requirements. See the [Compliance](/enterprise/compliance) page for detailed framework mapping. + +### How long does enterprise deployment take? + +Embedded cluster and Helm deployments typically complete in under one hour. Air-gapped deployments take longer due to private LLM endpoint configuration and network verification. See [Deployment Options](/enterprise/deployment) for infrastructure requirements. + +### Can I use Pixee across multiple SCM platforms? + +Yes. A single Pixee Enterprise deployment supports GitHub, GitLab, Azure DevOps, and Bitbucket simultaneously. All four platforms receive the same triage and remediation capabilities. diff --git a/docs/enterprise/helm.md b/docs/enterprise/helm.md new file mode 100644 index 00000000..baa76f3a --- /dev/null +++ b/docs/enterprise/helm.md @@ -0,0 +1,115 @@ +--- +title: Helm / BYO Kubernetes +slug: /enterprise/helm +track: leader +content_type: guide +seo_title: Helm / BYO Kubernetes - Deploy Pixee into EKS, GKE, AKS, or Self-Managed K8s +description: Deploy Pixee Enterprise via Helm chart into your existing Kubernetes cluster. Supports EKS, GKE, AKS, and self-managed K8s with BYO component options. +sidebar_position: 4 +--- + +The Helm deployment installs Pixee into your existing Kubernetes cluster using a standard Helm chart. It supports EKS, GKE, AKS, and self-managed Kubernetes. Conditional subcharts let you swap embedded components for your own services -- BYO database (PostgreSQL 15+), object store (S3, Azure Blob, GCS), observability stack, and identity provider. This is the deployment model for organizations with established platform engineering teams. + +## Who This Is For + +The Helm deployment serves organizations that already run Kubernetes and want Pixee to fit into their existing infrastructure: + +- **Platform engineering teams** comfortable with Helm-managed deployments and `values.yaml` configuration +- **Organizations with existing shared services** (databases, observability, identity providers) that prefer to use their own rather than embedded defaults +- **Multi-cloud enterprises** running EKS, GKE, AKS, or self-managed clusters + +Compared to legacy on-premises AppSec products that ship as VM images, a native Helm chart fits modern platform-engineering workflows. Compared to cloud-only SaaS tools, it keeps code inside your VPC and IAM boundary. + +## Prerequisites + +| Requirement | Specification | +| -------------- | --------------------------------------- | +| **Kubernetes** | EKS, GKE, AKS, or self-managed (v1.32+) | +| **CPU** | 8+ vCPU | +| **RAM** | 32+ GB | +| **Storage** | 100 GB+ SSD/NVMe | +| **Helm CLI** | v3.15+ | +| **Network** | Port 443 (HTTPS) | + +**Namespace isolation.** Pixee runs in a dedicated namespace. The Helm chart does not require cluster-admin privileges for day-to-day operation. Installation requires namespace creation and secret management permissions. + +**Air-gapped variant.** If your Kubernetes cluster is in an air-gapped environment, see [Air-Gapped Deployment](/enterprise/air-gap) for additional configuration requirements including private LLM endpoints and container image pre-loading. + +## Installation + +The Helm deployment follows a standard pattern: add the chart repository, create a namespace with secrets, configure `values.yaml` for your environment (LLM provider, SCM integrations, authentication mode, and BYO component selections), and install. Preflight checks validate LLM provider connectivity and catch misconfiguration at install time. For current chart versions, values reference, and step-by-step instructions, see the [deployment guide](https://app.pixee.ai/docs/deploy). + +## BYO Components + +Conditional subcharts let you swap embedded defaults for your existing infrastructure. Disable any embedded component and provide your own. + +| Component | Embedded Default | BYO Option | +| ----------------- | ------------------------- | ------------------------------------------------ | +| **Object store** | SeaweedFS | AWS S3, Azure Blob, GCS, any S3-compatible store | +| **Database** | CloudNativePG | External PostgreSQL 15+ | +| **Observability** | VictoriaMetrics + Grafana | Customer's existing observability stack | +| **Auth** | Authentik OIDC | Google Workspace, Microsoft Entra ID, Okta | + +### Credential Management for BYO Components + +- **`existingSecret` support** -- All credential references support `existingSecret` for integration with external secret managers (Vault, External Secrets Operator, SOPS). No credentials need to be stored in Helm values. +- **Pod identity support** -- IRSA (AWS), Workload Identity (GCP), and Managed Identity (Azure) are supported for object store access, alongside static key configuration. +- **BYO database secrets** -- External PostgreSQL connection details can be provided as Kubernetes secrets with `existingSecret` references. + +Pod identity support (IRSA, Workload Identity, Managed Identity) eliminates static credentials for cloud-native deployments -- a strong signal for organizations that have adopted zero-trust infrastructure. + +## Cloud Provider Storage Classes + +Platform engineers: verify your storage class matches your cloud provider. + +| Cloud Provider | Storage Class | +| --------------- | -------------- | +| **EKS** | `gp2` / `gp3` | +| **GKE** | `standard-rwo` | +| **AKS** | `managed-csi` | +| **K3s / local** | default | + +## Multi-SCM Configuration + +A single Helm deployment supports all four SCM platforms simultaneously. Configure each platform independently: + +| SCM Platform | Auth Method | Self-Hosted Support | +| ---------------- | --------------------------------------------------- | ---------------------------------------- | +| **GitHub** | GitHub App (private key + webhook secret) | GitHub Enterprise Server (custom domain) | +| **GitLab** | Personal access token (service account recommended) | GitLab self-hosted (custom base URI) | +| **Azure DevOps** | PAT with webhook user/password | Azure DevOps Server | +| **Bitbucket** | API tokens | Bitbucket Cloud and Server | + +Enterprise controls include `member_projects_only` toggles (GitLab) to restrict Pixee to projects where the service account is an explicit member, and optional work-item linking (Azure DevOps) for organizations requiring linked work items on pull requests. + +For organizations with multiple SCM platforms -- for example, GitLab on-premises for core development and GitHub for open-source contributions -- a single Pixee deployment covers both with the same triage and remediation engine. + +## Upgrading + +Pixee releases updates approximately every two weeks. Standard Helm upgrade workflow applies: + +1. Review release notes for the new version +2. Run `helm upgrade` with your existing values file +3. Verify pods restart and the UI is accessible + +Approximately 25 releases have shipped in the last 6 months. The platform is actively maintained and improved on a rapid cadence. Review release notes before each upgrade to identify any breaking changes or new configuration options. + +Before upgrading, back up your current `values.yaml` file. If an upgrade introduces an issue, roll back to the previous Helm release using standard Helm rollback commands. + +## Frequently Asked Questions + +### Can I use my own PostgreSQL database? + +Yes. Disable the embedded CloudNativePG subchart and provide connection details for your external PostgreSQL 15+ instance. BYO database-secret support is available for external secret managers. + +### Does Pixee support pod identity (IRSA, Workload Identity)? + +Yes. The Helm chart supports IRSA (AWS), Workload Identity (GCP), and Managed Identity (Azure) for object store credentials, alongside static key configuration. + +### Can I route Pixee observability to my existing Grafana? + +Yes. Disable the embedded observability subcharts and configure Pixee to emit metrics to your existing VictoriaMetrics, Prometheus, or Grafana Cloud instance. Optional Grafana Cloud Private Data Connector integration is also supported. See [Observability](/enterprise/observability) for details. + +### What Helm chart version should I use? + +The latest stable release. Check the changelog for release notes before upgrading. Pixee maintains backward compatibility across minor releases. diff --git a/docs/enterprise/observability.md b/docs/enterprise/observability.md new file mode 100644 index 00000000..d600872b --- /dev/null +++ b/docs/enterprise/observability.md @@ -0,0 +1,82 @@ +--- +title: Observability +slug: /enterprise/observability +track: leader +content_type: guide +seo_title: Observability - Metrics, Logs, Traces, and Dashboards for Pixee Enterprise +description: Monitor Pixee Enterprise with bundled VictoriaMetrics, Grafana dashboards, distributed tracing, and log aggregation. BYO observability supported. +sidebar_position: 9 +--- + +Pixee Enterprise ships a complete observability stack -- metrics, logs, traces, and dashboards -- bundled in the Helm chart. No separate purchase or manual setup required. SRE teams can use the bundled stack as-is, disable individual components, or route telemetry to their existing observability platform. This page covers what is included, how to integrate with your existing stack, and key metrics to monitor. + +## Bundled Observability Stack + +The Helm chart includes five observability components, each shipped as a conditional subchart that can be independently enabled or disabled: + +| Component | Purpose | Replaceable? | +| ----------------------------- | ------------------------------ | ---------------------------------------- | +| **VictoriaMetrics** | Metrics collection and storage | Yes -- BYO Prometheus or VictoriaMetrics | +| **Victoria-logs + collector** | Log aggregation | Yes -- BYO log pipeline | +| **Victoria-traces** | Distributed tracing | Yes -- BYO tracing solution | +| **Grafana k8s-monitoring** | Dashboards and visualization | Yes -- BYO Grafana | +| **Sentry** | Error reporting | Toggleable (opt-in / opt-out) | + +Pixee ships curated dashboards built specifically for the Pixee platform -- not just upstream chart defaults. These dashboards cover platform health, analysis throughput, LLM performance, and fix quality metrics. + +**Why this matters for enterprise evaluation:** Legacy on-premises scanners (Checkmarx, Veracode) predate Kubernetes-native observability and do not ship monitoring. SaaS scanners do not expose observability because the customer does not run the infrastructure. Pixee ships both the platform and the tools to monitor it. + +## Integrating with Your Existing Stack + +Most enterprise platform teams already run an observability stack. Pixee integrates rather than duplicating. + +**Disable embedded subcharts.** Turn off any embedded component (VictoriaMetrics, Victoria-logs, Victoria-traces, Grafana) and configure Pixee to emit telemetry to your existing platform. Each subchart is independently toggleable. + +**Grafana Cloud integration.** Grafana Cloud Private Data Connector support routes metrics from your self-hosted Pixee deployment to your Grafana Cloud tenant without exposing the cluster to inbound connections. + +**Standard pipelines.** Pixee's telemetry is compatible with standard Prometheus and OpenTelemetry pipelines. If your team already runs Prometheus, Datadog, or a similar platform, Pixee's metrics integrate without custom adapters. + +**Verification.** After configuring your integration, verify that metrics, logs, and traces are flowing to your platform. Pixee's admin console shows telemetry status for embedded components. + +## Key Metrics to Monitor + +For day-two operations teams, these are the metrics that indicate platform health and business value: + +| Metric Category | What to Watch | Why It Matters | +| ----------------------- | ----------------------------------------------------- | ------------------------------------------------------------------ | +| **Analysis throughput** | Tasks completed per hour, queue depth | Platform is processing findings at expected rate | +| **LLM latency** | Inference response time per tier | Performance tuning; identifies slow or rate-limited providers | +| **Fix quality** | Average safety, effectiveness, and cleanliness scores | Quality monitoring; trends indicate model or configuration changes | +| **Merge rate** | Percentage of PRs merged by developers | Adoption tracking; the primary business-value metric | +| **Error rate** | Failed analyses, retries, suppressed fixes | Operational health; spikes indicate configuration or LLM issues | + +**Business metrics vs. platform metrics:** Merge rate, triage volume, and remediation velocity are business metrics visible in Pixee's reporting dashboard. Analysis throughput, LLM latency, and error rates are platform metrics visible in the observability stack. Both matter for different audiences -- share business metrics with security leadership and platform metrics with SRE. + +For business-level reporting (merge rate trends, triage reduction, MTTR), see [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success). + +## Operational Controls + +Operational settings are configurable through the KOTS admin console (embedded cluster) or Helm values (BYO Kubernetes): + +| Control | Description | +| -------------------------------- | -------------------------------------------------------- | +| **Sentry toggle** | Enable or disable error reporting | +| **Custom metrics toggle** | Enable or disable custom Pixee metrics | +| **LLM debug mode** | Verbose logging for LLM request/response troubleshooting | +| **Support bundle configuration** | Log size and age limits for diagnostic bundle generation | + +For troubleshooting operational issues, see [Enterprise Troubleshooting](/enterprise/troubleshooting). + +## Frequently Asked Questions + +### Does Pixee include monitoring out of the box? + +Yes. The Helm chart bundles VictoriaMetrics (metrics), Victoria-logs (logs), Victoria-traces (distributed tracing), and Grafana dashboards. No separate purchase or manual installation required. + +### Can I route Pixee telemetry to my existing Grafana or Prometheus? + +Yes. Disable the embedded observability subcharts and configure Pixee to emit metrics to your existing stack. Grafana Cloud Private Data Connector integration is also supported. + +### What dashboards does Pixee provide? + +Pixee includes curated Grafana dashboards for platform health, analysis throughput, LLM performance, and fix quality metrics. These are Pixee-specific dashboards, not just upstream chart defaults. diff --git a/docs/enterprise/phased-rollout.md b/docs/enterprise/phased-rollout.md new file mode 100644 index 00000000..d5cb0759 --- /dev/null +++ b/docs/enterprise/phased-rollout.md @@ -0,0 +1,189 @@ +--- +title: Phased Rollout Guide +slug: /enterprise/phased-rollout +track: leader +content_type: guide +seo_title: Phased Rollout Guide - From Pilot to Enterprise-Wide Security Automation +description: Roll out Pixee from a single repository to your entire organization with decision gates, success criteria, and rollback plans at every phase. +sidebar_position: 10 +--- + +Pixee deploys in phases: single repository, team, org unit, enterprise. Each phase has defined success criteria, a decision gate, and a rollback path. This guide gives security leaders the planning framework and security engineers the execution checklist. Most teams complete Phase 1 (single-repo pilot) within one week and reach Phase 3 (org unit) within 30-45 days. + +## Overview + +Pixee deploys in phases to validate triage accuracy and fix quality on a controlled scope before expanding. Each phase generates metrics that inform the next expansion decision. Phase 1 data feeds the metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success). + +## Phase Model Overview + +| Phase | Scope | Duration | Decision Gate | Who Leads | +| ----------------------- | ------------------------------------- | --------- | ------------------------------------------------------------ | ----------------------------- | +| **Phase 1: Pilot** | 1-3 repositories | 1-2 weeks | Merge rate above 50%, zero incidents | Security Engineer | +| **Phase 2: Team** | Single team (5-15 repos) | 2-4 weeks | Team merge rate stable, developer feedback positive | Security Engineer + Team Lead | +| **Phase 3: Org Unit** | Division or business unit (50+ repos) | 4-8 weeks | Consistent metrics across teams, support processes validated | Head of AppSec | +| **Phase 4: Enterprise** | All repositories | Ongoing | Executive sign-off, compliance requirements met | CISO / Head of AppSec | + +Timeline expectations are ranges, not commitments. Actual pace depends on your team size, internal approval processes, and compliance requirements. + +## Phase 1: Pilot + +Phase 1 is where most readers will start and where the most specific guidance matters. + +### Security Leader Planning Track + +**Selecting pilot repositories.** Choose repos that have active development, existing scanner findings, and engaged developers. Avoid dormant repositories or repos with no current security findings -- they produce no data. The best pilot candidates are repos where the security team already knows about unresolved findings. + +**Defining success criteria.** Set explicit thresholds before the pilot begins: merge rate above 50%, zero false fixes (no PR that introduces a bug or breaks tests), and at least one developer who voluntarily merges a Pixee PR without prompting. Write these down. + +**Internal communication.** Notify the development team that a pilot is starting on selected repositories. + +### Security Engineer Execution Track + +**Installation.** Connect Pixee to the pilot repositories. See the Getting Started guides for [GitHub](/getting-started/github), [GitLab](/getting-started/gitlab), [Azure DevOps](/getting-started/azure-devops), or [Bitbucket](/getting-started/bitbucket). + +**Scanner connection.** Connect your existing scanners to Pixee so it can triage and remediate findings from your current tooling. Pixee works with 12 native scanner integrations and any SARIF-producing scanner. + +**First fix review.** Walk through the first Pixee PR with the development team. Explain what changed, why it changed, and the quality scores. + +**Metrics collection.** Track merge rate, triage volume, and developer response time from the Pixee dashboard. + +### Phase 1 Success Criteria + +| Criterion | Threshold | How to Measure | +| ------------------ | ------------------------------------------------- | ------------------------------- | +| Merge rate | Above 50% (first-week industry average) | Pixee dashboard: fix activity | +| False fixes | Zero (no PR that breaks tests or introduces bugs) | CI/CD results on Pixee PRs | +| Voluntary adoption | At least one developer merges without prompting | Observation / PR history | +| Triage value | Triage automation reduces manual review volume | Pixee dashboard: triage summary | + +## Phase 2: Team Expansion + +### Security Leader Planning Track + +Expand from champion repositories to team-wide deployment. Set team-level merge rate targets based on Phase 1 data. Establish fix review norms: who reviews Pixee PRs, what response time is expected. + +Use Phase 1 metrics to evaluate whether expansion is warranted. The metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success) provide the data points for Phase 3 decision-making. + +### Security Engineer Execution Track + +Onboard additional repositories across the team. Configure team-level policies in PIXEE.yaml for consistent behavior. Train developers on the PR review workflow -- most questions in Phase 2 are about process, not product. + +Monitor for edge cases across different codebases. Languages, frameworks, and coding patterns vary within a team. Phase 2 surfaces these variations before org-wide deployment. + +### Decision Gate + +Stable merge rate across team repos, positive developer feedback (survey or informal), no unresolved incidents. If the gate is not met, diagnose the issue before expanding -- do not push forward on momentum alone. + +## Phase 3: Org Unit + +### Security Leader Planning Track + +Multi-team coordination is the primary challenge in Phase 3. Different teams may use different scanner stacks and languages. Align Pixee metrics with compliance reporting requirements. Define the support model: who handles developer questions and escalations. + +Build the executive reporting dashboard for Phase 4 approval. Present triage reduction, merge rate trends, MTTR improvement, and compliance acceleration across all enrolled teams. + +### Security Engineer Execution Track + +Scale repository configuration across teams using PIXEE.yaml. Verify language coverage across the org unit (see [Languages > Overview](/languages/overview)). Integrate Pixee reporting with existing CI/CD pipelines and dashboards. Set up observability (see [Observability](/enterprise/observability)) if running a self-hosted deployment. + +### Decision Gate + +Consistent metrics across all enrolled teams, compliance team sign-off on audit evidence, support processes validated and documented. + +## Phase 4: Enterprise Rollout + +### Security Leader Planning Track + +Executive sign-off requires presenting Phase 3 results with the metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success): merge rate, triage reduction, MTTR, and compliance window adherence. + +Make enterprise deployment model decisions at this stage -- cloud SaaS, embedded cluster, Helm, or air-gapped based on compliance requirements. See [Deployment Options](/enterprise/deployment). + +### Security Engineer Execution Track + +Configure SSO and access control for enterprise-wide access. Set up reporting and dashboards for ongoing operations. Establish the maintenance cadence for upgrades (approximately every two weeks for Pixee Enterprise). + +## Rollback Plan + +Pixee is additive. If any phase does not meet success criteria, disabling Pixee is straightforward and carries zero risk to existing code. + +| Action | What Happens | +| -------------------------- | ------------------------------------------------------------------------------ | +| **Disable per-repository** | Pixee stops opening PRs for that repository. Existing code is unchanged. | +| **Disable per-team** | Team-level rollback without affecting other teams. | +| **Disable entirely** | All Pixee PRs stop. No existing code changes. No runtime dependency to remove. | +| **Data preservation** | All triage decisions and fix history persist even if Pixee is paused. | + +Disabling Pixee at any phase does not affect existing code. Previously merged fixes remain as standard code in your repositories. There is no runtime dependency on Pixee for code that has been merged. + +## Identifying Internal Champions + +A champion is a developer who actively uses Pixee PRs during the pilot phase and can support other teams during expansion. Typical indicators: merges Pixee PRs early, reviews PR descriptions and quality scores in detail, and asks about framework coverage. + +**Enablement:** Share the [Languages > Overview](/languages/overview) page (coverage matrix) and this rollout guide. Provide access to the metrics from [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success). + +## Multi-Business-Unit Rollout + +Organizations with multiple business units face a sequencing decision: which BU goes first? Starting with the most mature BU -- the one with the strongest security practices and most engaged developers -- typically produces the cleanest pilot data for evaluating expansion. + +**Different scanner stacks per BU are not a problem.** Pixee handles multiple scanners simultaneously. If one BU runs Checkmarx and another runs Veracode, each BU's scanner connects independently through the same triage and remediation pipeline. No configuration conflicts, no scanner migration required. + +**Per-BU configuration via PIXEE.yaml.** Each business unit can maintain its own PIXEE.yaml with different severity thresholds, excluded directories, and PR volume settings. A conservative BU can start with critical-only findings while a more mature BU runs full scope -- both within the same Pixee deployment. + +**Expansion timeline.** After the first BU completes Phase 1 and Phase 2, budget 2-4 weeks per additional business unit. Each subsequent BU benefits from the configuration playbook and PIXEE.yaml templates the first BU established. + +## PIXEE.yaml Configuration for Phased Rollout + +PIXEE.yaml controls the scope of triage and remediation per repository or business unit. Use these example configurations to match each rollout phase. + +**Conservative (Phase 1 pilot):** Critical findings only, exclude test directories. + +```yaml +# Conservative (Phase 1 pilot): Critical findings only, exclude tests +severity: + minimum: CRITICAL +exclude: + paths: + - "**/test/**" + - "**/tests/**" + - "**/*Test.java" +``` + +**Moderate (Phase 2 expansion):** Critical and high findings, all directories included. + +```yaml +# Moderate (Phase 2 expansion): Critical + High, all directories +severity: + minimum: HIGH +``` + +**Full scope (Phase 3+):** All severities, no exclusions. + +```yaml +# Full scope (Phase 3+): All severities +severity: + minimum: LOW +``` + +Each business unit or team can use a different configuration during rollout. As confidence builds, adjust the severity threshold downward and remove directory exclusions. See [PIXEE.yaml Reference](/configuration/pixee-yaml) for the complete configuration reference. + +## Frequently Asked Questions + +### How long does it take to roll out Pixee across an enterprise? + +Most teams complete a single-repo pilot in one week and reach org-unit deployment in 30-45 days. Full enterprise rollout depends on team size, approval processes, and deployment model. The phased approach lets you move at your organization's pace with evidence at each step. + +### What if Pixee does not work for a specific repository or team? + +Pixee is additive -- disabling it means PRs stop being opened. No existing code is modified. You can disable Pixee per-repository or per-team without affecting other deployments. All historical triage and fix data is preserved. + +### What merge rate should I expect in Phase 1? + +Most pilots see merge rates above 50% in the first week, trending higher as developers become familiar with the PR format. See [Fix Safety](/how-it-works/fix-safety) for production metrics. Initial rates vary by team, language, and fix complexity. + +### What metrics inform the expansion decision? + +The metrics tracked in [Measuring Success](/enterprise/overview#measuring-success) -- merge rate, triage reduction, MTTR, and compliance window adherence -- are collected during each phase. + +### Do I need enterprise deployment for the pilot? + +No. Phase 1 can run on cloud SaaS. Enterprise deployment (self-hosted, air-gapped) is typically introduced in Phase 3 or Phase 4 based on compliance requirements. diff --git a/docs/enterprise/security-architecture.md b/docs/enterprise/security-architecture.md new file mode 100644 index 00000000..9f1cdf6c --- /dev/null +++ b/docs/enterprise/security-architecture.md @@ -0,0 +1,189 @@ +--- +title: Security Architecture +slug: /enterprise/security-architecture +track: leader +content_type: conceptual +seo_title: Security Architecture - Data Flow, Access Control, and AI Governance +description: "Pixee security architecture: data flow controls, access management, AI governance, SSO integration, credential handling, and network security." +sidebar_position: 7 +--- + +Pixee's security architecture is built on three principles: minimize data exposure (send only relevant code snippets to LLM inference, never entire repositories), preserve human authority (PR-only workflow, never direct commits), and isolate analysis (stateless inference calls that cannot persist or affect other analyses). This page details data flow, access control, credential management, and AI governance for enterprise deployments. + +Security teams evaluating Pixee should read this page alongside [Compliance](/enterprise/compliance). Together, they cover the technical architecture and the compliance mapping that enterprise reviews require. + +## Security Principles + +Five design decisions govern Pixee's security architecture: + +1. **Minimum data exposure.** Only security-relevant code context is sent to LLM inference. Not entire repositories. Not entire files (for large files). No absolute filesystem paths, repository URLs, git metadata, commit hashes, author information, or CI/CD details are included. + +2. **No full repository access by LLM.** File paths are relative to the project root. No git metadata or author information is sent. The LLM sees only what it needs to analyze the specific vulnerability. + +3. **Stateless inference.** Each analysis is an isolated inference call. A single analysis cannot modify the model, persist data across analyses, or affect other applications. This is fundamental to how the system operates. + +4. **PR-only workflow.** Every code change is delivered as a pull request. This is an architectural constraint, not an optional setting. There is no mode, configuration, or override that allows direct commits. + +5. **Human authority preserved.** Pixee adds validation layers before changes reach your existing review process. Developers and their teams always have final approval. Your branch protection rules, required reviewers, CI/CD pipelines, and SAST re-scanning all apply to Pixee changes exactly as they apply to human-written code. + +## Data Flow Architecture + +The following describes how data flows through a self-hosted Pixee deployment: + +1. **SCM events** (push, PR creation, scanner upload) arrive at the Pixee platform via webhook +2. **Pixee platform** extracts the relevant code context for the vulnerability being analyzed +3. **Code context** is sent to the customer's LLM provider (only vulnerability-relevant snippets) +4. **LLM response** is processed by the evaluation layer (independent inference call) +5. **Approved fixes** are delivered as pull requests back to the customer's SCM +6. **Triage decisions** are persisted with timestamp, classification, and LLM justification + +For cloud SaaS, steps 2-4 run on Pixee-managed infrastructure. For all self-hosted models, every step runs within the customer's network. + +### Data Classification Table + +This table is the single most important reference for security review. It specifies what data each component accesses. + +| Data Type | What Pixee Platform Sees | What LLM Sees | What Is Persisted | +| ----------------------- | ------------------------------ | -------------------------------------------- | ---------------------------------------------------------------- | +| **Source code** | Relevant vulnerability context | Relevant code snippets only (not full repos) | Triage outcome and fix content, not source code | +| **Scanner findings** | Full SARIF/finding data | Finding metadata only | Classification + justification | +| **Fix proposals** | Full proposed diff | Generated by LLM | PR content + quality scores (safety, effectiveness, cleanliness) | +| **Repository metadata** | Repo name, language, branch | Not sent | Analysis metadata | +| **Developer identity** | PR author for attribution | Never sent | Anonymized in telemetry (if telemetry is enabled) | +| **File paths** | Relative to project root | Relative to project root | Relative paths only | +| **Git metadata** | Not accessed | Not sent | Not persisted | + +### Data Flow by Deployment Model + +| Data Type | Cloud SaaS | Self-Hosted (Embedded/Helm) | Air-Gapped | +| -------------------- | ------------- | --------------------------- | ---------------------------- | +| Source code snippets | Pixee cloud | Customer network | Customer network | +| Scanner findings | Pixee cloud | Customer network | Customer network | +| LLM inference | Pixee-managed | Customer's provider | Customer's private endpoint | +| Triage records | Pixee cloud | Customer network | Customer network | +| License validation | Pixee cloud | Pixee cloud (proxyable) | Pixee cloud (proxy required) | + +## Authentication and Access Control + +| Mechanism | Implementation | +| ---------------------- | ------------------------------------------------------------------------------------- | +| **SSO** | Google Workspace, Microsoft Entra ID, Okta (direct login), or embedded Authentik OIDC | +| **Role-based access** | Admin, Security Lead, Member roles via `pixee_roles` scope | +| **SCM authentication** | GitHub App (private key), GitLab PAT, Azure DevOps PAT, Bitbucket API tokens | +| **Credential storage** | Kubernetes secrets with `existingSecret` support for external secret managers | +| **Session management** | RP-Initiated Logout, token splitting, recovery flows | + +**Embedded Authentik OIDC** runs inside the customer cluster for self-hosted deployments -- no external IdP dependency for login availability. It federates to the customer's upstream corporate IdP (Google Workspace, Microsoft Entra ID, Okta, or any OIDC source) with auto-redirect and direct login. + +**Authentication modes** are selected at install time: evaluation mode (no auth), embedded OIDC, or direct corporate IdP login. Production deployments should use SSO. + +## Credential Management + +Pixee handles four categories of credentials. None are stored in Helm values -- all use Kubernetes secrets. + +| Credential Type | Storage | External Manager Support | +| ------------------------------------------------------------------------- | --------------------------------- | ------------------------------------------------------------- | +| **SCM tokens** (GitHub App key, GitLab PAT, ADO PAT, Bitbucket API token) | Kubernetes secret | `existingSecret` (Vault, External Secrets Operator, SOPS) | +| **LLM API keys** | Kubernetes secret | `existingSecret` | +| **Database credentials** (if BYO PostgreSQL) | Kubernetes secret | `existingSecret` | +| **Object store credentials** (if BYO S3/Blob/GCS) | Kubernetes secret or pod identity | IRSA (AWS), Workload Identity (GCP), Managed Identity (Azure) | + +**Key points for security review:** + +- Customer owns all LLM API keys. Pixee never has access to customer LLM credentials. +- LLM traffic routes through the customer's account with the customer's billing. +- Pod identity support eliminates static credentials for cloud-native deployments. +- SCM tokens require minimum scopes -- documented per platform in the installation guide. + +## Network Security + +| Requirement | Detail | +| -------------------------- | --------------------------------------------------------------------------------------------------- | +| **Outbound connections** | License validation (proxyable). LLM provider (customer-controlled). Telemetry (opt-in, toggleable). | +| **Inbound connections** | SCM webhooks on port 443 only | +| **Proxy support** | `httpProxy`, `httpsProxy`, `noProxy` with per-provider endpoint overrides | +| **TLS options** | Upload certificate, self-signed, Let's Encrypt, cert-manager | +| **TLS-intercepting proxy** | CA cert injection supported for environments with SSL inspection | + +Self-hosted deployments require no inbound connections except SCM webhooks. All other communication is outbound and proxyable. + +## AI Governance + +For security leaders evaluating AI risk, Pixee's AI governance architecture addresses common concerns: + +**Input scope limitation.** Only vulnerability-relevant code is sent to the LLM. No customer proprietary patterns, business logic context, or secrets are included in prompts. + +**No training on customer data.** Customer code is used only for the specific analysis request. Azure OpenAI and equivalent providers offer contractual guarantees that customer data is not used for model training. Pixee does not retain customer code after analysis completion. + +**Provider-family-aware prompting.** Pixee uses provider-specific prompt structures (Anthropic gets Anthropic-optimized prompts, not a one-size-fits-all approach). This is a quality measure, not a security measure -- but it indicates the system is purpose-built for each provider, not a generic wrapper. + +**Independent evaluation.** The evaluator runs as a separate inference call from the generator. The generator cannot grade its own work. Fixes that fail evaluation are suppressed entirely. + +**Responsible AI documentation.** The architecture provides concrete, verifiable answers to governance committee questions. See [Security & Trust](/platform/security) for the full trust framework. + +## Adversarial Input Protection + +Code analyzed by an LLM-based system is itself a potential attack vector. Malicious code embedded in analyzed files could attempt to manipulate the LLM through prompt injection -- crafted comments or string literals designed to alter the model's behavior. Pixee addresses this risk through defense in depth across five layers: + +**Input scope limitation.** Only vulnerability-relevant code snippets are sent to the LLM, not full repositories or entire files. This limits the attacker's surface area for embedding adversarial payloads -- most of the codebase never reaches the model. + +**Output validation via independent evaluator.** The structurally independent evaluation layer (separate context window, separate system prompt, separate scoring rubric) acts as a second opinion on every generated fix. Malicious or anomalous outputs that deviate from expected security fix patterns are caught and suppressed by this independent check. + +**Narrow generation scope.** Fixes are constrained to known security patterns drawn from OWASP and SANS remediation guidance, not open-ended code generation. The model operates within a bounded solution space, making it harder for adversarial inputs to steer output toward arbitrary code execution or data exfiltration. + +**Deterministic-first routing.** The majority of fixes use zero-LLM deterministic codemods. Vulnerabilities handled by codemods never reach an LLM at all, eliminating prompt injection risk entirely for those fix types. This reduces the overall attack surface to only the subset of fixes that require AI generation. + +**PR-only delivery.** Even in the unlikely event that a manipulated fix passed evaluation, it would arrive as a pull request subject to developer review, CI/CD pipeline execution, and SAST re-scanning. No code reaches production without human approval. + +Defense in depth reduces the risk of adversarial input attacks. No system can guarantee zero adversarial success against a sufficiently motivated attacker -- but the combination of limited input scope, independent validation, constrained generation, deterministic routing, and human review creates multiple independent barriers that an adversarial payload would need to defeat simultaneously. + +## Network Architecture + +Pixee Enterprise runs as a set of Kubernetes pods with defined communication paths between components: + +- **Platform service** -- receives webhooks from the SCM, serves the dashboard UI, and coordinates analysis requests. This is the entry point for all external communication. +- **Analysis service** -- processes scanner findings, runs triage logic, and generates remediation patches. Operates on finding data passed internally from the platform service. +- **LLM proxy** -- routes inference requests to the configured model endpoint(s). Supports OpenAI, Azure AI Foundry, Anthropic, and Azure Anthropic providers. All LLM traffic passes through this proxy for consistent audit logging and provider abstraction. +- **Database** -- PostgreSQL for triage decisions, finding metadata, quality scores, and audit records. Stores the persistent state that powers the dashboard and compliance reporting. + +**Inter-pod communication** uses the internal cluster network only. No pod-to-pod traffic is exposed externally. Service discovery is handled through standard Kubernetes DNS. + +**Inbound traffic:** HTTPS on port 443 from SCM webhooks and dashboard users. No other inbound ports are required. + +**Outbound traffic:** HTTPS to the SCM API for PR creation and status updates. HTTPS to the configured LLM endpoint for inference requests. HTTPS to the Pixee license server for validation (can be routed through a corporate proxy). No other outbound connections are required. + +No component requires privileged Kubernetes access. All pods run with standard security contexts. Network policies can further restrict inter-pod communication to only the defined paths above. + +## Data Retention + +Pixee retains the following data categories, each with distinct lifecycle controls: + +**Triage decisions** are retained for the lifetime of the deployment. Retained artifacts include finding metadata, classification verdict, justification prose, and timestamp. These records support audit defensibility and compliance reporting. + +**Fix artifacts** include PR metadata and quality scores (Safety, Effectiveness, Cleanliness). Source code diffs are stored in Git history under customer control -- Pixee does not maintain a separate copy of fixed source code. + +**LLM interaction logs** (prompts and responses) are retained for audit and debugging purposes. Enterprise customers can configure the retention period to match their organization's data governance policies. + +**Data purge** follows standard Kubernetes PVC lifecycle. Customers control retention and deletion through their infrastructure configuration. For cloud SaaS deployments, data deletion requests are handled through standard support channels. + +## Frequently Asked Questions + +### Does Pixee send my source code to an LLM? + +Pixee sends only the code relevant to each specific vulnerability -- not entire repositories. For smaller files, the full file is sent for proper context; for larger files, only the vulnerable region plus surrounding context. No absolute paths, repository URLs, git metadata, commit hashes, author information, or CI/CD details are included. + +### How does Pixee handle data residency? + +In self-hosted deployments, all data stays in your network. LLM inference uses your chosen provider in your chosen region. The only outbound connection is license validation, which can be proxied. See [Deployment Options](/enterprise/deployment) for the full data flow table. + +### Can a compromised analysis affect other repositories? + +No. Each analysis is an isolated, stateless inference call. A single analysis cannot modify the model, persist across analyses, or affect other applications. + +### Does Pixee use my code to train AI models? + +No. Customer code is used only for the specific analysis request. Azure OpenAI and equivalent providers offer contractual guarantees that customer data is not used for model training. Pixee does not retain customer code after analysis completion. + +### What credentials does Pixee need? + +Pixee requires SCM access tokens (GitHub App, GitLab PAT, Azure DevOps PAT, or Bitbucket API token) and LLM provider API keys. All credentials are stored in Kubernetes secrets and support external secret manager integration via `existingSecret`. diff --git a/docs/enterprise/troubleshooting.md b/docs/enterprise/troubleshooting.md new file mode 100644 index 00000000..4ad4d442 --- /dev/null +++ b/docs/enterprise/troubleshooting.md @@ -0,0 +1,103 @@ +--- +title: Enterprise Troubleshooting +slug: /enterprise/troubleshooting +track: leader +content_type: reference +seo_title: Enterprise Troubleshooting - Common Deployment and Operational Issues +description: "Troubleshoot common Pixee enterprise deployment issues: installation failures, scanner connectivity, LLM configuration, SSO, and performance." +sidebar_position: 11 +--- + +This page covers the most common issues encountered during Pixee Enterprise deployment and operation. Each entry describes the symptom, likely cause, and resolution steps. Issues are organized by deployment phase: installation, scanner connectivity, LLM configuration, authentication, and day-two operations. If your issue is not listed here, contact Pixee solutions engineering. + +## Installation Issues + +| Symptom | Likely Cause | Resolution | +| ------------------------------------------- | ------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Embedded cluster install hangs or times out | Insufficient system resources | Verify minimum requirements: 8 vCPU, 32 GB RAM, 100 GB+ SSD/NVMe with under 10 ms write latency. Check disk I/O performance. | +| Helm install fails with image pull errors | Container registry access not configured | Verify image pull secrets are created in the Pixee namespace and the cluster can reach the container registry. | +| Air-gapped install fails to start | Missing container images in local registry | Verify all required images have been transferred to the local registry and are tagged correctly. Compare against the image manifest. | +| KOTS admin console is inaccessible | Port forwarding or firewall rules | Verify port 30000 is accessible from your browser. Check firewall rules and any network policies that may block the admin console port. | +| Install completes but UI is unreachable | TLS configuration mismatch | Verify the domain and TLS configuration in the admin console matches your DNS and certificate setup. Self-signed certificates require browser trust or exception. | + +**Minimum Requirements Quick Check:** Before troubleshooting any installation issue, confirm: 8 vCPU, 32 GB RAM, 100 GB+ SSD/NVMe disk, ports 443 and 30000 open (embedded cluster) or port 443 open (Helm). Most installation failures trace back to insufficient resources or network access. + +For detailed setup procedures, see [Embedded Cluster](/enterprise/embedded-cluster), [Helm / BYO Kubernetes](/enterprise/helm), or [Air-Gapped Deployment](/enterprise/air-gap). + +## Scanner Connectivity + +| Symptom | Likely Cause | Resolution | +| --------------------------------------- | ------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | +| Scanner findings not appearing in Pixee | SARIF file format mismatch or upload path error | Verify the scanner output conforms to the SARIF 2.1.0 specification and the upload endpoint is correctly configured. | +| Partial findings ingestion | Scanner output exceeds size limits or contains unsupported rule IDs | Check the scanner output for unsupported finding types. Verify the scanner is producing complete SARIF output. | +| Duplicate findings after re-scan | Deduplication key mismatch between scan runs | Verify the scanner configuration produces consistent finding identifiers across runs. | +| Findings appear but no fixes generated | Scanner findings are in an unsupported language or CWE category | Check the [Languages Overview](/languages/overview) for supported language and finding type coverage. | + +For scanner-specific setup guides, see [Integrations Overview](/integrations/overview). For custom scanner configuration, see the [Universal SARIF](/integrations/sarif-universal) guide. + +## LLM Configuration + +| Symptom | Likely Cause | Resolution | +| ----------------------------------------- | ----------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Fixes not generating | LLM endpoint unreachable or credentials invalid | Verify the LLM endpoint URL is correct and the API key is valid. Run the preflight check from the admin console to test connectivity. | +| Slow fix generation | LLM provider rate limits or network latency | Check your provider's rate limit status. Verify the network path between the Pixee cluster and the LLM endpoint has acceptable latency. | +| Air-gapped LLM not responding | Private LLM endpoint misconfigured | Verify the endpoint is accessible from within the cluster network namespace. Check proxy configuration if the endpoint requires proxy access. | +| Triage decisions seem inaccurate | LLM model capability insufficient | The quality of triage and remediation depends on the model at the configured endpoint. Lower-capability models produce lower accuracy. Review the model assigned to the Reasoning tier. | +| Preflight check fails during installation | Endpoint URL, API key, or network path error | Read the preflight error message carefully -- it specifies whether the issue is authentication, connectivity, or configuration. | + +For LLM provider setup details, see [Bring Your Own Model](/enterprise/byom). + +## Authentication and Access + +| Symptom | Likely Cause | Resolution | +| -------------------------------------------- | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| SSO login fails | OIDC configuration mismatch | Verify the issuer URL, client ID, and callback URL match between Pixee and your identity provider configuration. | +| Users can log in but cannot see repositories | SCM permissions not synced | Re-sync repository access from the SCM platform. Verify the service account or GitHub App has access to the expected repositories. | +| Role assignment not working | RBAC misconfiguration | Check user role assignments in the admin console. Verify the identity provider is sending the expected role claims. | +| SSO redirect loop | Callback URL mismatch | Verify the callback URL configured in Pixee matches the redirect URI registered with your identity provider exactly, including protocol and trailing slashes. | + +For SSO configuration details, see [Security Architecture](/enterprise/security-architecture). + +## Day-Two Operations + +| Symptom | Likely Cause | Resolution | +| ----------------------------------------- | -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | +| High disk usage | Log retention or metrics storage growing unbounded | Adjust log retention settings in the admin console. Configure metric pruning intervals. Review support bundle log size limits. | +| Grafana dashboards not loading | Observability subchart disabled or misconfigured | Verify the Grafana subchart is enabled. If using BYO observability, verify telemetry is flowing to your platform. | +| Upgrade fails | Helm values conflict with new version | Review release notes for breaking changes before upgrading. Back up your values file before running the upgrade. | +| Support bundle is too large | Default log collection scope too broad | Configure support bundle log size and age limits before generating. Narrow the collection scope to the relevant time window. | +| Analysis queue growing without processing | LLM endpoint degraded or rate limited | Check LLM endpoint health and rate limit status. Review the error rate in the observability dashboard. | + +For monitoring configuration, see [Observability](/enterprise/observability). + +## Getting Help + +If your issue is not covered on this page: + +1. **Generate a support bundle** from the KOTS admin console (embedded cluster) or using the support bundle tool (Helm). Configure log size and age limits before generation to control bundle size. + +2. **Contact Pixee solutions engineering** with: + - Deployment model (embedded cluster, Helm, air-gapped) + - Pixee version (visible in admin console or Helm release) + - Symptom description and when it started + - Support bundle (attached) + +3. **For critical issues** affecting production analysis, escalate through your enterprise support channel for priority response. + +## Frequently Asked Questions + +### How do I troubleshoot a failed Pixee Helm installation? + +Check three things in order: (1) image pull secrets are configured and the cluster can reach the container registry, (2) minimum resource requirements are met (8 vCPU, 32 GB RAM), and (3) Helm values match your environment (LLM endpoint, SCM credentials, SSO configuration). Check pod status and logs for specific error messages. + +### Why are scanner findings not appearing in Pixee? + +The most common cause is a SARIF format mismatch. Verify your scanner output matches the SARIF 2.1.0 specification and that the upload path is correct. Check the [Integrations Overview](/integrations/overview) for scanner-specific configuration requirements. + +### How do I generate a support bundle for Pixee? + +Use the KOTS admin console (embedded cluster) or the support bundle tool (Helm) to generate a diagnostic bundle. Configure log size and age limits before generation to control bundle size. Include the bundle with your support request to Pixee solutions engineering. + +### What do I do if LLM-based fixes stop generating? + +Verify the LLM endpoint is reachable from within the cluster, API credentials are valid, and rate limits have not been exceeded. For air-gapped deployments, confirm the private LLM endpoint is accessible on the configured network path. See [Bring Your Own Model](/enterprise/byom) for provider-specific configuration. diff --git a/docs/faq/_category_.json b/docs/faq/_category_.json new file mode 100644 index 00000000..8cebef83 --- /dev/null +++ b/docs/faq/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "FAQ", + "position": 10, + "collapsible": true, + "collapsed": false, + "link": { + "type": "doc", + "id": "faq/faq-general" + } +} diff --git a/docs/faq/faq-enterprise.md b/docs/faq/faq-enterprise.md new file mode 100644 index 00000000..2343411c --- /dev/null +++ b/docs/faq/faq-enterprise.md @@ -0,0 +1,99 @@ +--- +title: Enterprise Technical FAQ +slug: /faq/enterprise +track: both +content_type: faq +seo_title: Enterprise Technical FAQ -- Pixee Docs +description: Enterprise FAQ covering deployment, compliance, data residency, BYOM LLM configuration, and AI governance. +sidebar_position: 2 +--- + +This page covers enterprise deployment, compliance, data residency, AI governance, and security architecture questions. If your question is not here, check the [General FAQ](/faq/general) for product capabilities or the [Troubleshooting FAQ](/faq/troubleshooting) for operational issues. + +## Deployment and Infrastructure + +### Does Pixee support self-hosted deployment? + +See [Deployment Options](/enterprise/deployment) for details on all three self-hosted models (embedded cluster, Helm, air-gapped) and their architecture diagrams. + +### Can Pixee run in an air-gapped environment? + +See [Air-Gapped Deployment](/enterprise/air-gap) for details on capabilities, requirements, and known limitations in disconnected environments. + +### What are the infrastructure requirements for self-hosted Pixee? + +See [Deployment Options](/enterprise/deployment) for infrastructure requirements, sizing guidance, and deployment timelines per model. + +### Does Pixee support multiple SCM platforms simultaneously? + +Yes. A single Pixee Enterprise deployment supports GitHub, GitLab, Azure DevOps, and Bitbucket at the same time — 4 platforms from one instance. You do not need separate deployments per platform. Each SCM connection is configured independently through the admin console, and Pixee delivers the same triage and remediation capabilities across all of them. + +### How does Pixee handle high availability and disaster recovery? + +Pixee Enterprise runs on Kubernetes with standard HA patterns: pod replication, persistent volume claims, and configurable backup. The embedded cluster includes built-in backup and restore capabilities through the KOTS admin console. Helm deployments leverage your existing Kubernetes HA infrastructure — EKS, GKE, and AKS all have documented storage-class configurations. All triage decisions and fix history persist independently of the analysis pipeline, so operational state survives pod restarts and cluster failovers. The bundled observability stack (metrics, logs, traces, dashboards) provides visibility into platform health without requiring a separate monitoring purchase. + +### What is Pixee's upgrade process? + +Embedded cluster: upgrades via the KOTS admin console with one-click apply — no Kubernetes expertise required. Helm: standard `helm upgrade` with release notes documenting breaking changes. Air-gapped: new image bundles transferred to your registry, then the standard upgrade path applies. Pixee has shipped approximately 25 releases in 6 months, reflecting active development and rapid iteration. Each release includes documented changes, version-specific migration notes where applicable, and subchart version bumps for the bundled observability stack. The upgrade cadence means security coverage and triage accuracy improve continuously without requiring customer-side code changes. + +## Data Handling and Residency + +### How does Pixee handle data residency requirements? + +See [Security Architecture](/enterprise/security-architecture) for the full data flow table by deployment model. Self-hosted deployments keep all data in your network. Air-gapped deployments have zero outbound data transmission. For cloud SaaS, contact Pixee for data handling details. + +### Does Pixee access or store my source code? + +Pixee analyzes code to generate fixes but does not store full repositories. Code snippets relevant to a specific finding are sent to your configured LLM provider — in self-hosted and air-gapped deployments, this traffic stays within your network. Only the vulnerable function and surrounding context are sent, not entire files or repositories. For dataflow findings, the taint flow steps are included. File paths sent to LLM providers are relative to the project root only. No absolute filesystem paths, repository URLs, git metadata, commit hashes, author information, CI/CD details, or scanner-specific identifiers are sent to LLM providers. Triage decisions store finding metadata, not source code. The audit trail references commits and PRs, not code content. Each analysis is a stateless inference call — no data persists across analyses at the LLM provider. + +### What data does Pixee send to LLM providers? + +Pixee sends code snippets — the vulnerable function and surrounding context — to the configured LLM provider for fix generation. For dataflow findings, the taint flow steps are included. In self-hosted and air-gapped deployments, this traffic stays within your network. Pixee does not send repository names, organizational metadata, or CI/CD configuration to LLM providers. Bring Your Own Model (BYOM) means you control the provider, the model, the endpoint, and the data path. + +### Can I control which LLM provider Pixee uses? + +Yes. Bring Your Own Model (BYOM) supports OpenAI, Azure AI Foundry, Anthropic, and Azure Anthropic. You choose the provider, the model, and the endpoint. For air-gapped deployments, you host the model entirely within your network. Pixee does not default to any external LLM — you configure the provider during deployment. Per-provider preflight checks validate the LLM connection at install time, not at first analysis, so misconfiguration is caught before any code is analyzed. Provider-family-aware prompting ensures optimal results for each provider rather than a lowest-common-denominator approach. Customer owns the keys, picks the vendor, keeps the bill. + +## Compliance and Certification + +### Is Pixee SOC 2 Type II certified? + +Contact Pixee for current SOC 2 certification status and audit report availability. Pixee's architecture supports the controls required for SOC 2 Type II — including audit-ready evidence trails with timestamped triage justifications, role-based access control with SCM permission inheritance, and change management documentation through PR-based fix delivery with full diff tracking and quality scores. Enterprise customers can request compliance documentation through their account team. + +### How does Pixee help with SOC 2 compliance? + +See [Compliance](/enterprise/compliance) for the full framework mapping table covering SOC 2, HIPAA, FedRAMP, PCI-DSS, NIST 800-53, and ISO 27001. + +### Does Pixee support FedRAMP requirements? + +Pixee supports FedRAMP-relevant controls through air-gapped deployment (no source code leaves your network), audit event logging (AU-2), configuration change documentation (CM-3), and account management (AC-2). Air-gapped deployment with a private LLM eliminates all external data transmission. Contact Pixee for current FedRAMP authorization status and for details on how specific control families are addressed. + +### How does Pixee map to HIPAA, PCI-DSS, and NIST 800-53? + +See [Compliance](/enterprise/compliance) for the full framework mapping table with specific control references per framework. + +### What audit trail does Pixee provide? + +See [Compliance](/enterprise/compliance) for the full audit evidence breakdown including export formats, evidence types, and framework mapping. + +### How does Pixee handle AI governance requirements? + +Pixee is designed for AI governance committee review. Every AI-generated fix passes through documented validation layers before delivery -- constrained generation that limits the AI to established security patterns, independent evaluation by a separate model (not self-critique from the generator), and your existing code review process. The PR-based workflow ensures human-in-the-loop approval for every change. No AI output bypasses existing governance gates. Deterministic codemods use zero LLM involvement -- a significant portion of fixes carry no AI risk whatsoever. All decisions are auditable with persisted reasoning. See [Security Architecture](/enterprise/security-architecture) for the full AI governance architecture. + +## Security Architecture + +### How does Pixee authenticate users? + +See [Security Architecture](/enterprise/security-architecture) for authentication options (SSO via Google Workspace, Microsoft Entra ID, Okta, embedded Authentik OIDC) and RBAC details. + +### What is Pixee's security architecture? + +See [Security Architecture](/enterprise/security-architecture) for data flow diagrams, access control details, credential management, AI governance, and network security. + +### Has Pixee undergone third-party security assessment? + +Contact Pixee for details on third-party security assessments, penetration test reports, and security audit results. Enterprise customers can request this documentation through their account team or during the evaluation process. Pixee's architecture is designed for security scrutiny — every code change is auditable, every AI decision is traceable, and every data path is documented. The self-hosted deployment model means your own security team can assess the platform running within your infrastructure using your standard evaluation methodology. + +### How does Pixee handle secrets and credentials? + +See [Security Architecture](/enterprise/security-architecture) for credential management details, including `existingSecret` support for Vault, External Secrets Operator, and SOPS. diff --git a/docs/faq/faq-general.md b/docs/faq/faq-general.md new file mode 100644 index 00000000..dfbf9962 --- /dev/null +++ b/docs/faq/faq-general.md @@ -0,0 +1,107 @@ +--- +title: General FAQ +slug: /faq/general +track: both +content_type: faq +seo_title: General FAQ -- Pixee Docs +description: "Common questions about Pixee: how automated triage and remediation work, fix safety, merge rates, and getting started." +sidebar_position: 1 +--- + +This page answers the questions we hear most from security leaders, security engineers, and developers evaluating automated vulnerability remediation. Every answer draws from production data and customer experience. If your question is not here, check the [Enterprise Technical FAQ](/faq/enterprise) for deployment and compliance questions or the [Troubleshooting FAQ](/faq/troubleshooting) for operational issues. + +## How It Works + +### What is automated vulnerability remediation? + +Automated vulnerability remediation is the process of programmatically fixing security findings without requiring a developer to manually write the patch. Pixee generates fixes as pull requests that go through your existing review and CI/CD pipeline. Fixes are created using two approaches: deterministic codemods -- rule-based transformations where the same input always produces the same output -- and constrained AI generation for patterns where deterministic rules do not reach. Every fix passes a multi-layer validation pipeline before delivery. Nothing reaches a developer that has not been independently evaluated for safety, effectiveness, and cleanliness. The typical fix changes 1-5 lines of code, applying established OWASP/SANS security patterns rather than generating novel logic. See [Codemodder](/open-source/codemodder) for the full codemod catalog. + +### How does automated vulnerability triage work? + +Automated triage analyzes scanner findings for exploitability and contextual relevance before any human review. Pixee's triage engine uses reachability analysis (can an attacker reach the vulnerable code?), data-flow analysis (does untrusted data flow to the vulnerability?), and context signals (is there an upstream security control the scanner missed?) to classify findings as true positive, false positive, or won't-fix. Every classification includes a structured justification — not a confidence score, but an auditable investigation trail. This significantly reduces the volume of findings requiring manual review. See [Triage Engine](/how-it-works/triage-engine) for production metrics. + +### What is the difference between vulnerability detection and remediation? + +Detection tools (SAST, SCA, DAST) find potential security issues. Remediation tools fix them. Most organizations have invested heavily in detection but still fix vulnerabilities manually. Pixee automates the remediation step, turning scanner output into merged fixes. + +### What is a codemod? + +A codemod is a deterministic code transformation rule that rewrites source code from a vulnerable pattern to a safe pattern. "Deterministic" means the same input always produces the same output -- no randomness, no variation between runs. Pixee ships codemods across Java, Python, JavaScript/TypeScript, .NET, Go, and PHP. Codemods handle the predictable fix patterns (SQL injection parameterization, XSS output encoding, insecure API replacement). Constrained AI generation handles the patterns where deterministic rules cannot reach. See [Codemodder](/open-source/codemodder) for the full catalog. + +### What scanners does Pixee work with? + +Pixee integrates natively with 12 scanners: CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, GitLab SAST, Trivy, DefectDojo, and Fortify. Any scanner that produces SARIF output can also connect through the Universal SARIF integration. Pixee is scanner-agnostic — it consumes findings from your existing tools and generates fixes regardless of which scanner identified the issue. You do not need to change your detection stack. + +### Does Pixee replace my existing scanners? + +No. Pixee sits downstream of your existing SAST, SCA, and DAST tools. It consumes their findings, triages them to separate real threats from false positives, and produces validated fixes for confirmed vulnerabilities. + +## Safety and Trust + +### Does automated remediation break existing code? + +Every fix goes through a multi-layer validation pipeline -- constrained generation that limits what the AI can modify, independent evaluation by a separate model that scores safety, effectiveness, and cleanliness, and your existing CI/CD pipeline and code review process. Fixes that do not pass validation are not delivered. Nothing is merged without developer approval. See [Fix Safety](/how-it-works/fix-safety) for production metrics. + +### How accurate are AI-generated security fixes? + +Pixee uses constrained AI generation, not free-form code suggestion. The AI operates within defined transformation boundaries -- it can modify the vulnerability pattern but cannot restructure surrounding code. Most fixes apply established OWASP/SANS remediation patterns to SAST-identified issues, typically changing 1-5 lines. A separate AI evaluator -- running as a distinct inference call, not self-critique from the same model -- independently scores every fix on safety, effectiveness, and cleanliness before delivery. Fixes that fail evaluation are automatically rejected and never shown to users. The constraint is deliberate: narrow scope means lower risk. See [Fix Safety](/how-it-works/fix-safety) for production metrics. + +### What happens if an automated fix introduces a bug? + +Every Pixee fix is delivered as a pull request, not a direct commit. There is no mode, setting, or override that allows Pixee to commit directly to a branch. The fix runs through your existing CI/CD pipeline — tests, linters, build checks — before any human sees it. If CI fails, the developer sees the failure and rejects the PR. If CI passes but the developer identifies an issue during review, they reject or modify the PR like any other code change. Standard `git revert` applies if a merged change needs to be undone. There is no runtime dependency on Pixee for previously merged code — if you removed Pixee entirely, all merged fixes remain as standard code in your repository. Closing an unmerged PR discards the proposed change with zero impact. Pixee never bypasses your existing quality gates. + +### What is a good merge rate for automated security fixes? + +Merge rate is the percentage of automated pull requests that developers merge after human review. This metric spans all supported languages, fix types, and customer environments. Individual teams may see higher or lower rates depending on their review cadence and codebase complexity. See [Fix Safety](/how-it-works/fix-safety) for production metrics. + +### How does Pixee handle false positives from scanners? + +Pixee's triage engine reduces false positives before fixes are generated. It uses reachability analysis (can an attacker reach the vulnerable code?), data-flow analysis (does untrusted data flow to the vulnerability?), and context signals (is there an upstream sanitizer or security control the scanner missed?) to classify findings. Each classification includes a structured justification — the specific code paths and evidence that drove the decision, not just a confidence score. Findings classified as false positives are surfaced with this reasoning so your team can validate the classification and override if they disagree. A significant portion of findings that would have required manual triage can be automatically classified. See [Triage Engine](/how-it-works/triage-engine) for production metrics on false positive reduction. + +### Is automated vulnerability remediation safe for production code? + +Yes, when implemented with proper guardrails. Pixee's safety model has three layers: constrained generation that limits what the AI can modify to established OWASP/SANS security patterns, independent evaluation where a separate model scores every fix on safety, effectiveness, and cleanliness before delivery, and your existing code review and CI/CD pipeline. Deterministic codemods use zero LLM involvement -- zero hallucination risk on those fixes. Fixes that use AI pass independent evaluation before reaching a PR. The same SAST tools that found the original vulnerability also scan the proposed fix; if the fix introduces new findings, those appear in the PR. No fix touches production without developer approval. This is fundamentally different from general-purpose AI code generation where the user is the sole quality gate. See [Fix Safety](/how-it-works/fix-safety) for production metrics. + +## Getting Started and Adoption + +### How long does it take to set up Pixee? + +Cloud SaaS setup takes minutes: install the GitHub App, GitLab integration, Azure DevOps extension, or Bitbucket connector and Pixee begins analyzing your repositories immediately. No code changes, no SDK, no CI/CD modifications. Self-hosted deployment — either the turnkey embedded cluster (single Linux VM with 8 vCPU, 32 GB RAM, no Kubernetes expertise needed) or the standard Helm chart for existing Kubernetes clusters (EKS, GKE, AKS) — typically completes in under one hour. Air-gapped deployment takes longer due to private LLM configuration and image transfer. See the [Getting Started](/) guide for platform-specific setup instructions. + +### Does Pixee require code changes to install? + +No. Pixee installs as a GitHub App, GitLab integration, Azure DevOps extension, or Bitbucket connector — 4 platforms supported from a single deployment. No code changes, no agents in your CI/CD pipeline, no SDK to add. Pixee reads your scanner results and opens PRs — that is the entire integration surface. You do not need to modify your build system, add dependencies, or change your deployment pipeline. Developers interact with Pixee through standard pull requests in their existing workflow. No new tools to learn, no context-switching required. + +### How long does it take to see results from automated remediation? + +Most teams see their first automated fix within hours of connecting a scanner with existing findings. Triage results appear even faster -- Pixee begins classifying findings as soon as scanner data is available. Developers interact with Pixee through standard PRs in their existing platform, so there is no adoption curve or behavioral change required from the development team. + +### Can Pixee fix vulnerabilities across multiple languages? + +Yes. Pixee supports 6 languages: Java, Python, JavaScript/TypeScript, .NET, Go, and PHP. Each language has dedicated codemods for SAST and SCA findings. Java and Python have the deepest codemod libraries, with JavaScript/TypeScript close behind. Coverage varies by language and finding type. See the [Language Support Overview](/languages/overview) for the full coverage matrix. + +### What is the difference between Pixee and GitHub Copilot Autofix? + +Copilot Autofix is limited to GitHub Advanced Security (CodeQL) findings on GitHub. Pixee works with 12 natively integrated scanners across GitHub, GitLab, Azure DevOps, and Bitbucket -- 4 platforms, not one. Pixee also provides triage automation, which Copilot Autofix does not offer. Both capabilities -- triage and remediation -- work across your full scanner stack, not just one tool on one platform. Pixee uses deterministic codemods alongside constrained AI, while Copilot Autofix relies on general-purpose AI code generation. Pixee also supports self-hosted and air-gapped deployment with Bring Your Own Model (BYOM) -- requirements common in financial services, healthcare, and government environments that Copilot Autofix does not address. + +## Platform Capabilities + +### What programming languages does Pixee support? + +Java, Python, JavaScript/TypeScript, .NET, Go, and PHP -- 6 languages total. Each language has dedicated codemods for SAST and SCA findings. Java and Python have the most comprehensive coverage. See the [Language Support](/languages/overview) pages for per-language details including supported finding types and scanner coverage. + +### Does Pixee support SCA (software composition analysis) remediation? + +Yes. Pixee handles transitive dependency resolution, breaking change detection, and dependency upgrade testing. SCA fixes are more complex than SAST fixes because changing a dependency can cascade across the dependency tree — a single upgrade can ripple through dozens of transitive dependencies. Pixee's SCA pipeline validates compatibility before proposing upgrades and delivers the result as a standard PR for developer review. Both triage and remediation apply to SCA findings, so vulnerable dependencies are classified for exploitability before fix effort is invested. + +### Can I customize which vulnerabilities Pixee fixes? + +Yes. PIXEE.yaml configuration lets you control which finding types Pixee addresses, which repositories are active, and what approval workflows apply. You can exclude specific files, directories, or finding categories. You can also disable specific codemods by ID for fine-grained control. This is useful during phased rollouts — many teams start with a subset of repositories and finding types, then expand as confidence builds. See the [PIXEE.yaml Reference](/configuration/pixee-yaml) for configuration syntax and examples. + +### What happens when a Pixee PR conflicts with another PR? + +Pixee PRs are standard Git pull requests. Merge conflicts are handled the same way as any other PR -- rebase, merge the conflicting PR first, or close the Pixee PR. Pixee regenerates the fix on its next analysis cycle if the finding still exists. + +### What happens when two findings affect the same code block? + +Pixee generates separate PRs for separate findings. If fixes overlap on the same lines, the second PR may have a merge conflict after the first is merged. Close the conflicting PR and Pixee will regenerate it with the updated code context. diff --git a/docs/faq/faq-troubleshooting.md b/docs/faq/faq-troubleshooting.md new file mode 100644 index 00000000..325f2b1d --- /dev/null +++ b/docs/faq/faq-troubleshooting.md @@ -0,0 +1,132 @@ +--- +title: Troubleshooting FAQ +slug: /faq/troubleshooting +track: both +content_type: faq +seo_title: Troubleshooting FAQ -- Pixee Docs +description: "Troubleshooting common Pixee issues: setup problems, scanner connectivity, PRs not appearing, CI failures, and triage questions." +sidebar_position: 3 +--- + +This page covers the most common issues users encounter with Pixee: setup problems, scanner connectivity, PRs not appearing, fixes failing CI, and configuration questions. Each answer provides the most likely cause and step-by-step resolution. For enterprise deployment issues (Helm, air-gapped, embedded cluster), see [Enterprise Troubleshooting](/enterprise/troubleshooting). For product capability questions, see the [General FAQ](/faq/general). + +## Setup and Installation + +### Why is Pixee not analyzing my repository? + +Most likely cause: the repository has not been enabled in Pixee's settings after installing the SCM app. Pixee supports 4 platforms (GitHub, GitLab, Azure DevOps, Bitbucket), and each requires platform-specific configuration. + +1. Verify the GitHub App, GitLab integration, Azure DevOps extension, or Bitbucket connector is installed on the correct organization. +2. Check that the specific repository is enabled in Pixee's repository management settings — installing the app does not automatically enable all repositories. +3. Verify Pixee has the required permissions: read code, read pull requests, write pull requests. +4. For GitLab, confirm the service account has the required scopes (`api`, `read_user`, `read_repository`, `read_api`, `write_repository`). +5. For Azure DevOps, verify the PAT is active and the webhook is configured. + +If all steps check out, see the [Getting Started](/) guide for platform-specific setup. + +### How do I verify Pixee is installed correctly? + +Check three things in order: + +1. The SCM app or integration appears in your platform's installed apps list (GitHub Settings > Applications, GitLab Admin > Applications, etc.). +2. Pixee shows the repository in its dashboard with a connected status. +3. Pixee has opened at least one PR or triage result within 24 hours of connecting a repository with existing scanner findings. + +If none of these are true, reinstall the integration following the [Getting Started](/) guide for your platform. + +### Pixee installed but I do not see any activity. What is wrong? + +Most likely cause: no scanner findings exist for the connected repository. Pixee needs scanner findings to generate fixes and triage results — if no scanner is connected or no findings exist, Pixee has nothing to act on. This is the most common misunderstanding during initial setup. + +1. Connect at least one scanner. Pixee integrates natively with 12 scanners (CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, GitLab SAST, Trivy, DefectDojo, Fortify). See the [Integrations Overview](/integrations/overview). +2. Verify the scanner has produced findings for the repository. No findings means no triage results and no fixes. +3. For custom or unsupported scanners, check that findings are in SARIF 2.1.0 format and are being uploaded correctly. + +Pixee begins analyzing findings as soon as scanner data is available. Most teams see their first results within hours. + +### Can I use Pixee with a private or internal GitHub Enterprise instance? + +Yes, with self-hosted deployment. Pixee Enterprise (embedded cluster, Helm, or air-gapped) runs within your network and connects to your internal SCM instance. Cloud SaaS connects to GitHub.com, GitLab.com, Azure DevOps, and Bitbucket Cloud. See [Deployment Options](/enterprise/deployment) for self-hosted setup. + +## Scanner Connection Issues + +### Why are scanner findings not showing up in Pixee? + +Three common causes, in order of likelihood: + +1. **Integration not configured.** The scanner has not been set up in Pixee's settings. Each scanner requires its own integration configuration — check the integration page for your specific scanner. +2. **Format mismatch.** Scanner output does not match the expected specification. For native integrations, verify the scanner version is compatible. For custom scanners, verify SARIF 2.1.0 compliance. +3. **Upload path incorrect.** Scanner results are not being delivered to the correct endpoint or location. Check the integration documentation for the expected delivery method (webhook, file upload, API). + +### Pixee is showing findings from one scanner but not another. Why? + +Each of the 12 natively supported scanners requires its own integration configuration. Verify for the missing scanner: + +1. It is listed as connected in Pixee's integration settings. +2. It is producing output in the expected format. +3. Results are being delivered to the correct location. +4. It is not excluded by a rule in PIXEE.yaml. + +Some scanners require explicit enablement in [PIXEE.yaml](/configuration/pixee-yaml). See the [Integrations Overview](/integrations/overview) for per-scanner setup requirements. + +### My scanner findings appear in Pixee but no fixes are generated. Why? + +Not all findings have available fixes. Pixee generates fixes when three conditions are met: + +1. A codemod or AI generation path exists for the vulnerability pattern (see [Codemodder](/open-source/codemodder) for supported patterns). +2. The code context is sufficient for safe fix generation. +3. The fix passes the multi-layer validation pipeline. + +Findings without available fixes still receive triage classification — Pixee will still tell you whether the finding is a true positive, false positive, or won't-fix. Check the [Language Support](/languages/overview) pages for coverage of your specific finding types. + +### How do I connect a scanner that is not in Pixee's supported list? + +Any scanner that produces SARIF 2.1.0 output can connect to Pixee via the Universal SARIF integration. Convert your scanner's output to SARIF format and upload it to Pixee. Pixee is scanner-agnostic — it generates fixes and triage classifications regardless of which scanner produced the finding. See the [Universal SARIF](/integrations/sarif-universal) page for format requirements and upload methods. + +## PR and Fix Issues + +### Why is Pixee not opening PRs on my repository? + +Check in order: + +1. **Repository enabled and permissions set.** Pixee has write PR permissions for the repository. +2. **Scanner findings exist.** At least one scanner has produced findings for the repository. +3. **Fixes available.** Codemods or AI generation paths exist for the finding types present (not all finding types have available fixes). +4. **Configuration not blocking.** PIXEE.yaml is not excluding the relevant files, directories, or finding types. +5. **Scheduling not delaying.** Scheduling configuration has not deferred PR creation to a future window. + +If all five check out, contact Pixee support with your repository name and the finding types you expect fixes for. + +### Pixee opened a PR but it failed CI. What should I do? + +Review the CI failure and distinguish between two scenarios: + +**If the failure is in Pixee's fix** -- the change breaks a test or introduces a build error -- close the PR. Pixee's fixes are validated before delivery through a multi-layer pipeline, but they cannot account for every CI environment configuration. Some fixes require adjustment for specific environments. Closing a PR with zero impact is the intended workflow for fixes that do not fit your context. + +**If the failure is unrelated to Pixee's change** — a pre-existing flaky test, infrastructure issue, or unrelated build break — re-run CI. The fix itself may be correct. Check whether the CI failure also appears on other PRs to confirm it is not Pixee-specific. + +### A Pixee fix does not match our code style. Can I adjust this? + +Pixee's deterministic codemods follow standard language conventions. If your team uses specific formatting rules, your existing linters and formatters (Prettier, Black, google-java-format, etc.) will reformat the fix when CI runs. Pixee's fix is functionally correct — it addresses the security vulnerability with established OWASP/SANS patterns, typically in 1-5 lines. Formatting is handled by your existing toolchain as part of the standard PR pipeline. This is the same workflow you use for any other code change — the fix arrives as a PR and your formatting tools apply automatically. + +### How do I prevent Pixee from fixing certain types of vulnerabilities? + +Use [PIXEE.yaml](/configuration/pixee-yaml) to exclude specific finding types, files, or directories. You can also disable specific codemods by ID. This gives you granular control over what Pixee addresses without disabling it entirely. Common use cases: excluding test directories, deferring certain vulnerability categories to manual review, or limiting Pixee to specific repositories during a phased rollout. See the [PIXEE.yaml Reference](/configuration/pixee-yaml) for configuration syntax and examples. + +### A Pixee PR conflicts with another PR. How do I resolve this? + +Pixee PRs are standard Git pull requests. Resolve conflicts the same way you would for any other PR: rebase, merge the conflicting PR first, or close the Pixee PR. If you close the PR, Pixee will re-analyze the repository and open a new PR with updated context on its next analysis run. + +## Triage Issues + +### Why does Pixee classify a finding as false positive when I think it is real? + +Pixee's triage classification includes the reasoning behind every decision — the specific code paths, security controls, or context signals that drove the classification. Review the structured justification provided with the classification. Common reasons Pixee classifies a finding as false positive include: an upstream sanitizer or security control the scanner missed, the vulnerable code is unreachable from any application entry point, or untrusted data does not actually flow to the vulnerable function. If you disagree with the classification after reviewing the evidence, override it. Pixee surfaces the reasoning precisely so your team can make the final call. Overrides help calibrate triage accuracy for your specific codebase context over time. + +### Triage results are not appearing for some findings. Why? + +Triage requires sufficient code context to perform reachability and data-flow analysis. If the finding metadata from your scanner does not include enough context — file path, line number, rule ID — triage may not produce a classification. Verify your scanner output includes complete finding metadata. For custom SARIF scanners, ensure the `results` array includes `locations` with `physicalLocation` data. Pixee's triage engine significantly reduces findings requiring manual review when scanner metadata is complete. + +### How do I export triage decisions for compliance reporting? + +Pixee exports triage decisions via CSV, JSON, and API. Each export includes timestamp, finding metadata, classification (true positive / false positive / won't-fix), structured LLM justification, and any analyst overrides. For GRC platform integration, use the API for automated evidence collection. See the [Reporting](/configuration/operations) page for export procedures, format details, and integration examples. diff --git a/docs/faqs.md b/docs/faqs.md deleted file mode 100644 index d046c1ec..00000000 --- a/docs/faqs.md +++ /dev/null @@ -1,204 +0,0 @@ ---- -sidebar_position: 8 ---- - -# FAQs - -### What are Pixee's AI features? - -We utilize Large Language Models (LLMs) in some context-aware code fixes and to add code-specific comments, helping developers understand why a change is being recommended. Our triage features use LLMs to gather facts about the vulnerable code flow, wider technical context, in combination with deterministic analysis, to feed an expert recommendation system that produces our results. - -### What is Pixee's AI policy? - -At Pixee, we take your data privacy and security seriously. We want you to have peace of mind, knowing that your data will never be used to train AI models. - -### How does Pixee handle my data? - -Pixee is a platform focused on helping developers deliver higher quality code and places the utmost importance on our own security, including secure software development practices, IT practices, corporate controls and partner assessments. In case anyone asks, yes -- all data is encrypted in transit and at rest, and guaranteed to be destroyed. - -As an aside, many of us have been in security our whole careers, and we're quite passionate about it! We document all of this and more in our [Security and Trust Center](https://trust.pixee.ai/). - -### How will my information (i.e. code, projects, etc.) be used? - -Each party agrees to hold data and confidential information of the other party in confidence and not to disclose, retain, or distribute such information to third parties or to use such information for any purpose whatsoever. Please take a look at our full [Privacy Policy](https://www.pixee.ai/privacy) for more detail. - -### How do I know Pixee made changes? - -Pixee works directly with your repositories through pull/merge requests, so you decide when and if you want to accept changes suggested by Pixee. You can find suggestions made by Pixee in the [Pixee Dashboard](https://app.pixee.ai/) as well as your repository's GitHub.com pull requests page. Also, Pixee [cryptographically signs every commit](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work), which means changes suggested by Pixee are guaranteed to have come from Pixee, were not modified after the fact and are [verified by GitHub](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification). - -### You said Pixee supports rule X for language Y, but I don't see a fix available. What gives? - -Some "shapes" of vulnerable code may not be fixable in a safe way, or recognized by our remediation logic. Please file a ticket if this happens and you think we should fix it! Providing an anonymized code sample and security finding will help us a lot. - -### Where can I learn more and discuss Pixee? - -Users can join the Pixee community [on Slack](https://join.slack.com/t/openpixee/shared_invite/zt-1pnk7jqdd-kfwilrfG7Ov4M8rorfOnUA). This channel can be used to engage with peers who are also interested in Pixee. Feel free to email us at help@pixee.ai with any questions or comments. - -### Why does pixee sometimes add new dependencies to my project? - -We always prefer to use existing controls built into a language, or a control from a well-known and trusted community dependency. When this is not an option, we add our own open source dependency to the project to ensure maximum readability and maintainability. All dependencies utilize permissive open-source licenses. - -Learn more about the [Java Security Toolkit (io.github.pixee.java-security-toolkit) on Maven Central](https://central.sonatype.com/artifact/io.github.pixee/java-security-toolkit/overview). - -Learn more about the [Python security package on PyPI](https://pypi.org/project/security/). - -### How do automatically assign GitHub PR reviewers? - -To automatically assign **reviewers** to Pixee PRs, consider [setting up a `CODEOWNERS` file](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners). - -To automatically assign **users** to Pixee PRs, consider creating a GitHub action. Below is an example action that will assign all Pixee PRs to the user Octocat: - -```yaml -on: - pull_request: - types: [opened, reopened, ready_for_review] - -jobs: - auto-assign: - runs-on: ubuntu-latest - if: github.actor == 'pixeebot[bot]' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Assign PR to Collaborators - uses: actions/github-script@v7 - with: - script: | - const collaborators = ['octocat']; // Replace with actual GitHub usernames - github.rest.issues.addAssignees({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - assignees: collaborators - }) -``` - -### Configuring Automatic Formatting - -Many projects enforce a consistent code style by using automatic code formatters. This section contains instructions for configuring GitHub Actions to automatically format PRs that are created by Pixee. - -#### Python - -The most popular Python code formatter is [Black](https://black.readthedocs.io/en/stable/). To automatically format PRs created by Pixee using Black, add the following GitHub action workflow to your repository: - -```yaml -name: Format Pixeebot PRs - -on: - pull_request: - types: [opened, synchronize] - -jobs: - apply-black: - if: github.event.pull_request.user.login == 'pixeebot[bot]' - runs-on: ubuntu-latest - permissions: - contents: write - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: "3.12" - - - name: Install black - run: pip install black - - - name: Apply black formatting - run: black . - - - name: Commit and push changes - uses: stefanzweifel/git-auto-commit-action@v5 - with: - commit_message: ":art: Apply formatting" -``` - -This action can be added to your repository by creating a `.github/workflows/pixeebot-autoformat-black.yml` file with the above content. - -Note that it may be necessary to pin the version of Black to ensure that the formatting is consistent with your project's style. Depending on your project's configuration it may also be necessary to pass additional arguments to the `black` command to ensure that the correct settings are used. - -#### Java - -For Java projects it is common to use a tool such as [Spotless](https://github.com/diffplug/spotless) to enforce code formatting. To automatically format PRs created by Pixee using Gradle to apply Spotless, add the following GitHub action workflow to your repository: - -```yaml -name: Format Pixeebot PRs - -on: - pull_request: - types: [opened, synchronize] - -jobs: - spotless-apply: - if: github.event.pull_request.user.login == 'pixeebot[bot]' - runs-on: ubuntu-latest - permissions: - contents: write - - steps: - - uses: actions/checkout@v4 - - - name: "Setup JDK" - uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: "17" - - - name: 🐘Setup Gradle - uses: gradle/actions/setup-gradle@v3 - - - name: 🎨 Run spotless via Gradle - run: ./gradlew spotlessApply - - - name: Commit and push changes - uses: stefanzweifel/git-auto-commit-action@v5 - with: - commit_message: ":art: Apply formatting" -``` - -### How do I configure Lockfile Updates? - -Some Pixee fixes add dependencies to your project. For package managers that rely on lockfiles, it is important to update the lockfile after adding dependencies. We recommend using a GitHub Action to automatically update lockfiles for Pixee PRs. - -#### Python: Poetry - -[Poetry](https://python-poetry.org/) is a popular Python package manager that uses a `pyproject.toml` file to manage dependencies. To automatically update the Poetry lockfile for Pixee PRs that add dependencies, add the following GitHub action workflow to your repository: - -```yaml -name: Update Poetry Lockfile - -on: - pull_request: - paths: - - "pyproject.toml" - -jobs: - update-lock-file: - if: github.event.pull_request.user.login == 'pixeebot[bot]' - runs-on: ubuntu-latest - steps: - - name: Check out repository - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: "3.11" # Specify your Python version here - - - name: Install Poetry - run: pip install poetry - - - name: Generate lock file - run: poetry update - - - name: Commit and push changes - uses: stefanzweifel/git-auto-commit-action@v5 - with: - commit_message: ":lock: Update Poetry lock file" -``` diff --git a/docs/getting-started/_category_.json b/docs/getting-started/_category_.json new file mode 100644 index 00000000..d60f115a --- /dev/null +++ b/docs/getting-started/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Getting Started", + "position": 1, + "collapsible": true, + "collapsed": false, + "link": { + "type": "doc", + "id": "getting-started/getting-started" + } +} diff --git a/docs/getting-started/azure-devops.md b/docs/getting-started/azure-devops.md new file mode 100644 index 00000000..8fc5bfa8 --- /dev/null +++ b/docs/getting-started/azure-devops.md @@ -0,0 +1,84 @@ +--- +title: Azure DevOps Setup +slug: /getting-started/azure-devops +track: dev +content_type: tutorial +seo_title: "Set Up Pixee for Azure DevOps | Automated Security PRs" +description: Install Pixee for Azure DevOps to receive automated vulnerability triage and remediation as pull requests in Azure Repos. +sidebar_position: 4 +--- + +Install Pixee for Azure DevOps to receive automated vulnerability triage and remediation as standard pull requests in Azure Repos. Connect your Azure DevOps organization, select your projects, and Pixee begins delivering fixes that developers review and complete using the same PR workflow they already use. Works with Azure Pipelines for CI/CD integration. No new tools, no separate interface to learn. + +## Prerequisites + +Before you start, confirm the following: + +- **Azure DevOps permissions.** You need Project Administrator or Project Collection Administrator permissions on the target projects. Organization-level settings may require Organization Administrator access. +- **Azure DevOps instance.** Azure DevOps Services (cloud, dev.azure.com) or Azure DevOps Server (on-premises). For on-premises, see [Azure DevOps Server (On-Premises)](#azure-devops-server-on-premises) below. +- **Supported language.** At least one repository in Azure Repos with code in Java, Python, JavaScript/TypeScript, .NET, Go, or PHP. +- **Scanner results (optional).** If you run scanners through Azure Pipelines (CodeQL, Checkmarx, SonarQube, or others), Pixee can ingest those results. This is additive — Pixee also runs its own analysis. + +No extensions to install from the Visual Studio Marketplace. No pipeline YAML changes needed to start. + +## Setup + +Create an Azure DevOps personal access token for a dedicated service account with a custom scope that includes full _Code_ access (not "Full access" — that grants more than needed). Connect it in Pixee's Azure DevOps integration settings, along with your organization name. Webhook user/password credentials are optional and enable real-time event delivery. See [Azure DevOps Integration → Authentication](/integrations/scms/azure-devops#authentication) for the full credential reference. For step-by-step install instructions, see the [installation guide](https://app.pixee.ai/docs/setup). + +After connecting, choose which projects and repositories Pixee should analyze -- at the organization, project, or individual repository level. Pixee targets the default branch of each connected repository. You can customize branch targeting and other behavior later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the repository root. + +**Scanner integration:** Pixee natively integrates with 12 scanners. If your Azure Pipelines run security scanners, Pixee can ingest findings from those pipeline runs. Any scanner producing SARIF output can also be connected through Pixee's [Integrations](/integrations/overview) page. Pixee runs its own analysis independently, so external scanners are additive, not required. + +After setup, Pixee begins its initial analysis and opens pull requests for actionable findings within the first hour. If no PRs appear, verify PAT scopes, organization-level admin consent, and supported language coverage. + +## What You'll See + +When Pixee identifies a fixable vulnerability, it opens a standard pull request in Azure Repos. Here is what the PR contains: + +**PR title:** Describes the vulnerability type and location — for example, `Fix insecure deserialization in ApiHandler.cs`. + +**PR description includes:** + +| Section | What It Contains | +| --------------------- | ---------------------------------------------------------------- | +| Vulnerability details | CVE or CWE reference, severity, and the scanner that detected it | +| Triage justification | Why Pixee classified this as a true positive worth fixing | +| Fix explanation | What the code change does and why it resolves the vulnerability | +| Quality scores | Safety, effectiveness, and cleanliness ratings for the fix | +| Linked work items | Work item reference if configured during setup | +| Diff | Standard Azure Repos diff showing 1-5 lines changed | + +**How to review:** Open the PR in Azure Repos and read the diff like any other pull request. Pixee fixes are typically 1-5 lines. + +**How to complete:** Standard Azure DevOps completion flow — approve, set merge type (merge, squash, rebase), and complete. Pixee PRs respect your existing branch policies, required reviewers, and build validation pipelines. + +**How to abandon:** Abandon the PR with a comment. Pixee does not recreate abandoned PRs for the same finding. + +**Build validation:** Pixee-generated PRs trigger your existing Azure Pipelines build validation policies like any other PR. If your branch policies require a successful build before completion, the Pixee fix branch goes through the same gates. + +For merge rate data, see [Fix Safety](/how-it-works/fix-safety). + +## What Data Leaves Your Network + +Pixee's cloud SaaS deployment works as follows: + +- **Code access.** Pixee reads repository contents through the personal access token's authorized API access. Code is processed for analysis and is not stored after the analysis completes. +- **Scanner findings.** Pixee reads findings from connected scanners through pipeline results or direct integration. These findings are used to generate fixes. +- **PRs.** Pixee writes pull requests back to Azure Repos through the API. PR content (diffs, descriptions) lives in your Azure DevOps instance. +- **No pipeline secrets, no service connections, no deployment data.** Pixee does not access Azure Pipelines variable groups, service connections, key vaults, or deployment gate configurations. + +For teams that require code to remain within their own infrastructure, Pixee offers [self-hosted deployment options](/enterprise/deployment) including embedded cluster, Helm / BYO Kubernetes, and air-gapped configurations. + +## Azure DevOps Server (On-Premises) + +Azure DevOps Server is supported. See [Azure DevOps Integration → Azure DevOps Server (On-Premises)](/integrations/scms/azure-devops#azure-devops-server-on-premises) for the connection model and Entra ID notes, and [Enterprise Deployment Options](/enterprise/deployment) for air-gapped and on-prem Pixee deployments. + +## Frequently Asked Questions + +### Does Pixee work with Azure Pipelines? + +Yes. Pixee-generated pull requests trigger your existing Azure Pipelines build validation policies like any other PR. You can also configure Pixee to ingest scanner results from your pipeline runs — no changes to your pipeline YAML required. + +### Does Pixee require pipeline secrets? + +No. Pixee does not access Azure Pipelines variable groups, service connections, key vaults, or deployment gate configurations. The PAT scopes are limited to code, pull requests, work items (when linking is configured), and project metadata. diff --git a/docs/getting-started/bitbucket.md b/docs/getting-started/bitbucket.md new file mode 100644 index 00000000..8d31a55e --- /dev/null +++ b/docs/getting-started/bitbucket.md @@ -0,0 +1,89 @@ +--- +title: Bitbucket Setup +slug: /getting-started/bitbucket +track: dev +content_type: tutorial +seo_title: "Set Up Pixee for Bitbucket | Automated Security PRs" +description: Install Pixee for Bitbucket to receive automated vulnerability triage and remediation as pull requests. +sidebar_position: 5 +--- + +Install Pixee for Bitbucket to receive automated vulnerability triage and remediation as standard pull requests in your existing Bitbucket workflow. Connect your Bitbucket workspace, select your repositories, and Pixee begins delivering fixes that developers review and merge using the same PR process they already use. Works with Bitbucket Cloud and Bitbucket Server. No separate tools, no new dashboards to learn. + +## Prerequisites + +Before you start, confirm the following: + +- **Bitbucket permissions.** You need Admin permissions on the target workspace (Bitbucket Cloud) or Project Admin permissions (Bitbucket Server). +- **Bitbucket instance.** Bitbucket Cloud (bitbucket.org) or Bitbucket Data Center / Server. See [Bitbucket Data Center / Server](#bitbucket-data-center--server) below for on-premises details. +- **Supported language.** At least one repository with code in Java, Python, JavaScript/TypeScript, .NET, Go, or PHP. +- **Scanner results (optional).** If you run scanners through Bitbucket Pipelines or a separate CI system (Snyk, SonarQube, Checkmarx, or others), Pixee can ingest those findings. This is additive — Pixee also runs its own analysis. + +No Bitbucket app marketplace installs required. No `bitbucket-pipelines.yml` changes needed to start. + +## Setup + +Create a Bitbucket Cloud API token for a dedicated service account ([Atlassian instructions](https://support.atlassian.com/bitbucket-cloud/docs/create-a-repository-access-token/)), then connect it in Pixee's Bitbucket integration settings. You will provide three values: the service account's **username** (used for Git operations), its **email address** (used for API authentication — Bitbucket API tokens require email, not username), and the **API token** itself. The token needs six scopes: `read:user:bitbucket`, `read:workspace:bitbucket`, `read:repository:bitbucket`, `read:pullrequest:bitbucket`, `write:repository:bitbucket`, `write:pullrequest:bitbucket`. See [Bitbucket Integration → Authentication](/integrations/scms/bitbucket#authentication) for the full credential reference. For step-by-step install instructions, see the [installation guide](https://app.pixee.ai/docs/setup). + +After connecting, choose which repositories Pixee should analyze -- all repositories in the workspace or specific repositories. Pixee analyzes the default branch (typically `main` or `master`) of each connected repository. You can customize branch targeting and other behavior later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the repository root. + +**Scanner integration:** Pixee natively integrates with 12 scanners. If your Bitbucket Pipelines include security scanner steps, Pixee can ingest findings from those pipeline runs. Any scanner producing SARIF output can also be connected through Pixee's [Integrations](/integrations/overview) page. Pixee runs its own analysis independently, so external scanners are additive, not required. + +After setup, Pixee begins its initial analysis and opens pull requests for actionable findings within the first hour. If no PRs appear, verify API token permissions, workspace-level admin approval, and supported language coverage. + +## What You'll See + +When Pixee identifies a fixable vulnerability, it opens a standard Bitbucket pull request. Here is what the PR contains: + +**PR title:** Describes the vulnerability type and location — for example, `Fix XSS vulnerability in TemplateRenderer.py`. + +**PR description includes:** + +| Section | What It Contains | +| --------------------- | ---------------------------------------------------------------- | +| Vulnerability details | CVE or CWE reference, severity, and the scanner that detected it | +| Triage justification | Why Pixee classified this as a true positive worth fixing | +| Fix explanation | What the code change does and why it resolves the vulnerability | +| Quality scores | Safety, effectiveness, and cleanliness ratings for the fix | +| Diff | Standard Bitbucket diff showing 1-5 lines changed | + +**How to review:** Open the PR in Bitbucket and read the diff like any other pull request. Pixee fixes are typically 1-5 lines. No new dependencies are introduced unless the fix requires it. + +**How to merge:** Standard Bitbucket merge flow. Merge commit, squash, or fast-forward — whatever your repository settings require. Pixee PRs respect your existing merge checks and required approvals. + +**How to decline:** Decline the PR with a comment. Pixee does not reopen declined PRs for the same finding. + +**Pipeline behavior:** Pixee-generated PRs trigger your existing Bitbucket Pipelines like any other pull request. If your pipeline includes security scans, tests, or linting steps, those run against the Pixee fix branch automatically. + +For merge rate data, see [Fix Safety](/how-it-works/fix-safety). + +## What Data Leaves Your Network + +Pixee's cloud SaaS deployment works as follows: + +- **Code access.** Pixee reads repository contents through the API token's authorized access. Code is processed for analysis and is not stored after the analysis completes. +- **Scanner findings.** Pixee reads findings from connected scanners through pipeline results or direct integration. These findings are used to generate fixes. +- **PRs.** Pixee writes pull requests back to your Bitbucket workspace through the API. PR content (diffs, descriptions) lives in your Bitbucket instance. +- **No pipeline variables, no deployment settings, no SSH keys.** Pixee does not access Bitbucket Pipelines variables, deployment environments, or SSH key configurations. + +For teams that require code to remain within their own infrastructure, Pixee offers [self-hosted deployment options](/enterprise/deployment) including embedded cluster, Helm / BYO Kubernetes, and air-gapped configurations. + +## Bitbucket Data Center / Server + +Bitbucket Server (formerly Data Center) is a separate Atlassian product from Bitbucket Cloud, with different credential and configuration mechanics. See [Bitbucket Integration → Bitbucket Server / Data Center](/integrations/scms/bitbucket#bitbucket-server--data-center) for the supported connection model and [Enterprise Deployment Options](/enterprise/deployment) for air-gapped and on-prem Pixee deployments. + +## Jira Integration + +If your team uses Jira alongside Bitbucket, Pixee PRs can reference Jira issue keys in their descriptions when configured. This allows Jira to automatically link the Pixee-generated PR to the relevant security issue, keeping your Atlassian workflow intact. + +For Jira integration details, see [Integrations Overview](/integrations/overview). + +## Frequently Asked Questions + +### What scanners work with Pixee on Bitbucket? + +Pixee natively integrates with 12 scanners including Snyk, SonarQube, Checkmarx, and any scanner producing SARIF output. Scanner results can be ingested via Bitbucket Pipelines or direct integration. Pixee also runs its own analysis independently. + +### Do I need to modify my `bitbucket-pipelines.yml` to use Pixee? + +No. Pixee connects through an API token and operates independently of your pipeline configuration. No changes to `bitbucket-pipelines.yml` are required to start. If you want Pixee to ingest scanner results from your pipeline, that configuration is handled in the Pixee integration settings, not in your pipeline file. diff --git a/docs/getting-started/ci-cd.md b/docs/getting-started/ci-cd.md new file mode 100644 index 00000000..2ec24cbf --- /dev/null +++ b/docs/getting-started/ci-cd.md @@ -0,0 +1,239 @@ +--- +title: CI/CD Integration +slug: /getting-started/ci-cd +track: dev +content_type: tutorial +seo_title: "Pixee CI/CD Integration | Automated Security Fixes in Your Pipeline" +description: How Pixee fits into a CI/CD pipeline. Covers SCM-driven ingestion, SARIF upload patterns, and platform-specific examples. +sidebar_position: 7 +--- + +Pixee fits into your CI/CD pipeline without adding a runtime fix step. Scanners run as they always have; their findings are ingested by the Pixee platform via your SCM integration (or via a SARIF upload to the SCM's code-scanning API), and Pixee opens fix pull requests asynchronously. Your pipeline does not block on Pixee, and your existing scanner steps, build steps, and deployment gates are untouched. + +## How Pixee Fits in Your Pipeline + +``` +[Build] → [Scan (SAST/SCA)] → [Deploy gate] + ↓ + Findings ingested by Pixee (via SCM integration) + ↓ + Triage + Fix PR opened on the repository (async) +``` + +Your scanner runs as it always has. Findings flow to Pixee through one of two paths: + +- **SCM-native ingestion.** Pixee's GitHub App, GitLab integration, Azure DevOps integration, or Bitbucket connector reads scanner findings from the platform's code-scanning surface (GHAS Code Scanning, GitLab Security Dashboard, etc.). No additional CI step is required. +- **SARIF upload.** For scanners that don't write to the platform's code-scanning surface, upload SARIF to the SCM's code-scanning API as a CI step. Pixee then ingests it through the SCM integration like any other finding. + +Pixee processes findings on the platform, not in your pipeline. Fix generation runs asynchronously and arrives as pull requests. Your existing branch protection rules, code review process, and CI checks apply to every Pixee PR exactly as they do to any human-authored change. + +**Pipeline time impact:** Zero or one additional step. If your scanner already publishes to the SCM's code-scanning API, no Pixee-specific step is needed. If you upload SARIF as a separate CI step, that step typically runs in seconds. + +## What Data Leaves Your Network + +This is the question teams ask first, and the answer depends on your deployment model. + +| Data Type | SaaS (Cloud) | Self-Hosted (Embedded Cluster / Helm) | Air-Gapped | +| ----------------------- | --------------------------------------------------- | ---------------------------------------------------------- | ----------------------------------------- | +| Scanner results (SARIF) | Sent to Pixee's service for triage | Stays in your cluster | Stays in your network | +| Source code context | Accessed via SCM integration (read-only) | Stays in your cluster | Stays in your network | +| Generated fixes | Created on Pixee's infrastructure, delivered as PRs | Created and delivered within your cluster | Created and delivered within your network | +| LLM inference | Pixee-managed | Your chosen provider (OpenAI, Azure AI Foundry, Anthropic) | Customer-hosted LLM endpoint | +| Telemetry | Anonymized usage metrics (opt-out available) | Configurable | None | + +**SaaS deployment.** Pixee's service accesses your repositories through the SCM integration (GitHub App, GitLab PAT, etc.) with read-only code access and write access limited to creating PRs. Scanner results are transmitted for triage analysis. Source code is not stored after analysis completes. + +**Self-hosted and air-gapped.** All data stays within your infrastructure. You control the LLM provider, the network boundary, and the storage. See [Enterprise Deployment Options](/enterprise/deployment) for embedded cluster, Helm, and air-gapped setup guides. + +## Integration Comparison + +| Platform | Common Pattern | Setup Time | Prerequisites | +| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | ---------------------------------------------------------------------------------- | +| **GitHub Actions** | Scanner publishes SARIF to GitHub Code Scanning; GHAS-native scanners (CodeQL) need no extra step | ~5 min | Pixee GitHub App installed ([setup guide](/getting-started/github)) | +| **GitLab CI** | GitLab SAST + Dependency Scanning are ingested natively; external scanners upload SARIF to GitLab's vulnerability API | ~10 min | GitLab integration configured ([setup guide](/getting-started/gitlab)) | +| **Azure Pipelines** | Scanner runs in pipeline; SARIF is uploaded via Azure DevOps Code Scanning or directly to Pixee | ~10 min | Azure DevOps integration configured ([setup guide](/getting-started/azure-devops)) | +| **Bitbucket Pipelines** | Scanner runs in pipeline; SARIF is uploaded to Pixee | ~10 min | Bitbucket connector configured ([setup guide](/getting-started/bitbucket)) | +| **Jenkins / other CI** | Scanner runs anywhere; the SCM-native path still applies if your scanner publishes to GitHub Code Scanning, GitLab Security Dashboard, etc. | varies | One of the four SCM integrations configured | + +Setup times are wall-clock time from "I have a pipeline" to "Pixee is processing scanner results." This does not include scanner setup — that is your existing infrastructure. + +## GitHub Actions + +Most teams add no Pixee-specific step. Scanners that publish to GitHub Code Scanning (CodeQL, Semgrep with the GitHub uploader, third-party scanners with `github/codeql-action/upload-sarif`) are ingested by Pixee through the GitHub App. + +```yaml +name: Security Scan + +on: + push: + branches: [main] + pull_request: + +jobs: + scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + # Your existing scanner step. + - name: Run CodeQL + uses: github/codeql-action/analyze@v3 +``` + +CodeQL writes findings directly to GitHub Code Scanning. Pixee's GitHub App reads them through the GHAS API and opens fix PRs. + +For scanners that don't write to Code Scanning natively, upload the SARIF afterwards: + +```yaml +- name: Run my scanner + run: my-scanner --format sarif > results.sarif + +- name: Upload SARIF to GitHub Code Scanning + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results.sarif +``` + +**Prerequisites:** Install the Pixee GitHub App ([GitHub Setup](/getting-started/github)). + +## GitLab CI + +GitLab SAST and Dependency Scanning are ingested natively — Pixee reads findings from GitLab's vulnerability API, no extra CI step is required: + +```yaml +include: + - template: Security/SAST.gitlab-ci.yml + - template: Security/Dependency-Scanning.gitlab-ci.yml + +stages: + - build + - test + - scan +``` + +For external scanners, run them in CI and emit GitLab-compatible reports (or upload SARIF to GitLab's security dashboard via the security report artifacts). Pixee picks them up through the same GitLab integration. + +**Prerequisites:** Configure the GitLab integration with a service-account PAT ([GitLab Setup](/getting-started/gitlab)). + +**Self-hosted GitLab:** supported. Configure the custom base URI in the Pixee integration settings. + +## Azure Pipelines + +Run your scanner as a pipeline task and emit SARIF. The exact ingestion path depends on which scanner: scanners with Azure DevOps Code Scanning support publish there; others can upload SARIF directly to Pixee. + +```yaml +trigger: + - main + +pool: + vmImage: "ubuntu-latest" + +steps: + - task: UsePythonVersion@0 + inputs: + versionSpec: "3.11" + + # Your existing scanner step. + - script: | + pip install semgrep + semgrep --config auto --sarif -o $(Build.ArtifactStagingDirectory)/results.sarif . + displayName: "Run Scanner" +``` + +After the scanner publishes results to your repository's code-scanning surface (or to Pixee directly), the Pixee Azure DevOps integration ingests them and opens fix PRs. + +**Prerequisites:** Configure the Azure DevOps integration ([Azure DevOps Setup](/getting-started/azure-devops)). + +**Work-item linking:** If your organization requires linked work items on PRs, configure the work item ID in the Pixee integration settings. + +## Bitbucket Pipelines + +Run your scanner as a pipeline step and emit SARIF. Pixee's Bitbucket connector ingests SARIF results uploaded via the connector's reporting endpoint. + +```yaml +pipelines: + default: + - step: + name: Build and Test + script: + - npm install + - npm test + + - step: + name: Security Scan + script: + - pip install semgrep + - semgrep --config auto --sarif -o results.sarif . + artifacts: + - results.sarif +``` + +After the scan step, the SARIF file is available to the Pixee Bitbucket connector. Configuration of the upload step depends on your scanner — check the per-scanner integration page for specifics. + +**Prerequisites:** Configure the Bitbucket connector ([Bitbucket Setup](/getting-started/bitbucket)). Supports Bitbucket Cloud and Bitbucket Server. + +## Jenkins and Other CI Systems + +Pixee does not require a specific CI system. As long as the scanner can run _somewhere_ in your CI and findings reach the Pixee platform via one of the four SCM integrations, the rest of the pipeline is unchanged. + +Two common patterns: + +1. **Scanner writes to the SCM's code-scanning surface.** A Jenkins job runs the scanner, then uploads SARIF to GitHub Code Scanning / GitLab Security Dashboard / etc. via that platform's API. Pixee picks up the findings through the SCM integration. +2. **Scripted upload to Pixee.** A pipeline step uploads SARIF directly to the Pixee API. The [Pixee CLI](/getting-started/cli)'s `pixee api` subcommand can POST a SARIF body, or you can use any HTTP client. + +```bash +# Example: upload SARIF directly to Pixee using the CLI in any CI environment. +brew tap pixee/pixee && brew install pixee # one-time, on a runner with brew +export PIXEE_TOKEN="$PIXEE_TOKEN" +export PIXEE_SERVER="https://pixee.example.com" + +pixee api /api/v1/scans \ + --method POST \ + --input results.sarif +``` + +Discover the exact upload endpoint for your deployment via HAL link traversal: `pixee api /api/v1` lists the available resources, and each resource's `_links` lead to its upload routes. + +**Prerequisites:** A Pixee API token (`PIXEE_TOKEN`) and the deployment URL (`PIXEE_SERVER`). For background on the CLI, see [Pixee CLI](/getting-started/cli). + +## Scanner Result Ingestion + +Pixee accepts scanner results through three paths: + +1. **SCM-native APIs.** GitHub Code Scanning, GitLab vulnerability reports, Azure DevOps Code Scanning, Bitbucket reports. Pixee reads findings through the SCM integration. +2. **Direct SARIF upload to Pixee.** Use the [Pixee CLI](/getting-started/cli) (`pixee api`) or an HTTP client. Useful when your CI system doesn't have a clean upload path to the SCM. +3. **Native scanner integrations.** For 13 named scanners (CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy) Pixee uses dedicated handlers that extract scanner-specific metadata for richer triage. See the per-scanner pages under [Integrations](/integrations/overview). + +**Universal SARIF.** Any SARIF 2.1.0–producing scanner works through the universal SARIF integration. See [Universal SARIF Integration](/integrations/sarif-universal). + +## Troubleshooting + +**Scanner findings not reaching Pixee.** Verify the SCM integration's read access to code-scanning results. For GitHub, confirm the App has `code_scanning_alerts: read`. For GitLab, confirm the PAT has `read_api`. For Azure DevOps and Bitbucket, confirm the credentials authorize reading the security/reports endpoints. + +**SARIF parsing errors.** Confirm the SARIF file conforms to SARIF 2.1.0 and is valid JSON. Most scanner export options include a SARIF format flag — check your scanner's documentation. + +**Fix PRs not appearing.** Check that the Pixee integration has write access to the target repository. For GitHub, the App needs `pull_requests: write`. Fix generation is asynchronous — allow a few minutes after findings are ingested. + +**`pixee api` returns exit code 2.** Authentication failed. Run `pixee auth status` to confirm the configured server and token, or reset both with `pixee auth login`. See [Pixee CLI](/getting-started/cli) for credential resolution rules. + +## Frequently Asked Questions + +### Does adding Pixee require a new pipeline step? + +Not always. If your scanner writes to the SCM's code-scanning surface (GHAS, GitLab vulnerability reports, etc.), Pixee ingests findings through the SCM integration with no pipeline change. A new step is only required when uploading SARIF directly to Pixee or to the SCM's code-scanning API. + +### Does Pixee slow down my CI/CD pipeline? + +No. Pixee processes findings on the platform asynchronously, not in your pipeline. The pipeline itself sees only the time to invoke any SARIF upload step (seconds), not the time to generate fixes. + +### Does Pixee require code changes to my application? + +No code changes to your application. You configure the SCM integration once; pipeline definition files are unchanged or gain a single SARIF upload step depending on your scanner. + +### Can I control which findings Pixee fixes? + +Yes. Use [PIXEE.yaml](/configuration/pixee-yaml) to configure which finding types, languages, or severity levels Pixee should address. You can also scope fixes to specific directories or exclude paths. + +### Where does the `pixee` CLI fit? + +The CLI is a client for the Pixee REST API — useful for managing workflows, querying scan history, or scripting SARIF uploads. It does not run scanners or generate fixes locally. See [Pixee CLI](/getting-started/cli). diff --git a/docs/getting-started/cli.md b/docs/getting-started/cli.md new file mode 100644 index 00000000..ec596deb --- /dev/null +++ b/docs/getting-started/cli.md @@ -0,0 +1,173 @@ +--- +title: Pixee CLI +slug: /getting-started/cli +track: dev +content_type: tutorial +seo_title: "Pixee CLI | Command-Line Client for the Pixee Platform" +description: Install the Pixee CLI to authenticate against a Pixee deployment and drive the REST API from your terminal, scripts, or coding agents. +sidebar_position: 6 +--- + +The Pixee CLI (`pixee`) is the command-line client for the Pixee platform. It authenticates against a Pixee deployment, exposes dedicated subcommands for the most common operations (listing repositories, inspecting scans, configuring workflows), and provides a generic `pixee api` passthrough for any other REST endpoint. The CLI is intended for Pixee customers — it talks _to_ a Pixee deployment, it does not run analysis or generate fixes locally. Source distribution: [github.com/pixee/pixee-cli](https://github.com/pixee/pixee-cli). + +## When to Use the CLI + +The CLI complements the SCM integrations (GitHub App, GitLab, Azure DevOps, Bitbucket); it does not replace them. Triage and remediation continue to run on the Pixee platform, triggered by your SCM integration. Use the CLI when you need to: + +- **Query platform state from scripts.** List registered repositories, fetch scan history, inspect workflows. +- **Configure workflows from the command line.** Create, update, or delete schedule / new-scan / pull-request-scan workflows on a repository. +- **Drive the API from a coding agent.** Bundled `skills.sh`-formatted skills teach Claude Code, OpenAI Codex, and other agents how to use the CLI safely. +- **Hit any REST endpoint without writing curl.** The `pixee api` subcommand handles authentication, pagination, and HAL link traversal. + +## Installation + +### Homebrew (macOS and Linux) + +```bash +brew tap pixee/pixee +brew install pixee +``` + +### Direct download + +Pre-compiled binaries for `linux-x64`, `darwin-arm64`, and `windows-x64` are published as assets on every [GitHub Release](https://github.com/pixee/pixee-cli/releases/latest). Download the archive, extract `pixee`, place it on your `PATH`. + +Verify: + +```bash +pixee --version +``` + +## Authenticate + +You need a Pixee API token (generated from the admin console's **API Tokens** page) and the URL of your Pixee deployment. + +```bash +# Interactive login — stores token + server in a platform-appropriate config file. +pixee auth login --server https://pixee.example.com --token pixee_xxx + +# Stdin form — keeps the token off the command line and out of shell history. +echo -n "$PIXEE_TOKEN" | pixee auth login --server https://pixee.example.com --token - + +# Confirm. +pixee auth status +# Logged in to https://pixee.example.com as api-token +# Token: valid +``` + +The token is written with `0600` permissions on Unix; Windows inherits the per-user directory's NTFS ACL. + +**Credential resolution.** For every subcommand except `pixee auth login`, the CLI resolves credentials in this order: + +- **Token:** `PIXEE_TOKEN` env var → stored config. +- **Server:** `--server` flag → `PIXEE_SERVER` env var → stored config. + +Setting `PIXEE_TOKEN` and `PIXEE_SERVER` is the standard CI/CD path — no `pixee auth login` step is required in pipelines. + +## Common Commands + +| Command | What It Does | +| ------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | +| `pixee repo list` | List repositories registered with the platform. Filter with `--name `. | +| `pixee scan list --repo ` | List scans for a repository. Filter with `--branch`, `--tool`, `--analysis-state`, `--has-analysis`. | +| `pixee scan get ` | Fetch a single scan by UUID. | +| `pixee workflow list --repo ` | List workflows on a repository. | +| `pixee workflow create schedule --repo --cadence weekly ...` | Create a schedule workflow. Sibling subcommands: `new-scan`, `pull-request-scan`. | +| `pixee workflow update ...` | Update an existing workflow (partial-update semantics). | +| `pixee workflow delete ` | Remove a workflow. | +| `pixee api /api/v1/repositories --paginate` | Send an authenticated GET to any endpoint, walking pagination. | +| `pixee api /api/v1/ --method POST --input body.json` | POST a JSON body. | +| `pixee --help` | Show all available commands. | +| `pixee --help` | Show command-specific flags. | + +The dedicated subcommands cover the common cases. `pixee api` is the escape hatch — use it when a dedicated subcommand does not yet exist, or when a coding agent needs to compose multi-step operations directly. + +## Output Format + +All subcommands accept `--output text` (default — flat, line-oriented, suitable for `grep`/`awk`) or `--output json` (machine-readable, pipe to `jq`). The `--json` shorthand is equivalent to `--output json`. + +```bash +pixee repo list --json | jq '.[] | select(.type == "github") | .full_name' +``` + +## Exit Codes + +Scripts and agents can branch on these without parsing stderr: + +| Code | Meaning | +| ---- | ------------------------------------------------------------------------- | +| 0 | Success | +| 1 | General error | +| 2 | Authentication failure (token missing, expired, invalid, or wrong server) | +| 3 | Resource not found | + +Errors from the Pixee API are returned as `application/problem+json`. With `--output text`, the CLI renders the problem document in compact human-readable form; with `--output json` the raw document passes through unchanged. + +## HAL Discovery via `pixee api` + +The Pixee REST API is a HAL (Hypertext Application Language) API. Every response includes `_links` to related resources. Start at `/api/v1` and follow links rather than hardcoding paths: + +```bash +# Inspect the root. +pixee api /api/v1 + +# Follow the "repositories" link. +pixee api /api/v1/repositories --paginate + +# Drill into a specific repository — its _links lead to scans, workflows, etc. +pixee api /api/v1/repositories/ +``` + +## Coding-Agent Skills + +The CLI ships [skills.sh](https://skills.sh)-formatted skills that teach coding agents (Claude Code, OpenAI Codex, and others) how to drive the CLI without you re-explaining the conventions every time. Skills cover global flags and exit codes (`pixee-shared`), authentication (`pixee-auth`), the `pixee api` escape hatch (`pixee-api`), and each command group (`pixee-repo`, `pixee-scan`, `pixee-workflow`). + +```bash +# Install all skills. +npx skills add pixee/pixee-cli --all + +# Or pick interactively. +npx skills add pixee/pixee-cli +``` + +The skills are licensed separately under Apache 2.0 and live in the [`skills/`](https://github.com/pixee/pixee-cli/tree/main/skills) directory of the CLI repo. + +## CLI in CI/CD + +The CLI is well-suited to running inside CI: set `PIXEE_TOKEN` and `PIXEE_SERVER` as secrets, install the binary, and call any subcommand. Common patterns: + +```bash +# Inspect platform state during a release pipeline. +pixee scan list --repo "$REPO" --branch main --tool codeql --json + +# Create or update a workflow as part of repository provisioning. +pixee workflow create new-scan --repo "$REPO" --tool codeql ... +``` + +The CLI does not run analysis or generate fixes — those happen on the platform, triggered by your SCM integration. See [CI/CD Integration](/getting-started/ci-cd) for the end-to-end pipeline patterns. + +## Frequently Asked Questions + +### Does the Pixee CLI generate fixes locally? + +No. The CLI is a client for the Pixee platform. Triage and remediation run on the platform; the CLI lets you inspect, query, and configure that platform from the command line. + +### Do I need a Pixee account to use the CLI? + +Yes. The CLI authenticates against a specific Pixee deployment using an API token. It is intended for Pixee customers. + +### Where is the source code? + +The distributed binaries are published from [github.com/pixee/pixee-cli](https://github.com/pixee/pixee-cli). Source code lives in a private repository (`pixee-cli-private`); the public repo distributes the compiled binaries, the container image, and the coding-agent skills. + +### How do I authenticate in CI without storing a config file? + +Set `PIXEE_TOKEN` and `PIXEE_SERVER` as environment variables. The CLI resolves credentials from env vars before falling back to the stored config file, so no `pixee auth login` step is required in pipelines. + +### What happens when I get exit code 2? + +Exit code 2 means authentication failed. Run `pixee auth status` to see which server and token are configured. If the server is wrong, re-run `pixee auth login --server `. If the token is invalid, generate a new one in the admin console. + +### Is there a Docker image? + +Yes. The `pixee/pixee-cli` container image is published alongside each release; pull `pixee/pixee-cli:latest` or pin to a specific version tag. diff --git a/docs/getting-started/first-fix.md b/docs/getting-started/first-fix.md new file mode 100644 index 00000000..3efcfc71 --- /dev/null +++ b/docs/getting-started/first-fix.md @@ -0,0 +1,122 @@ +--- +title: Your First Fix +slug: /getting-started/first-fix +track: dev +content_type: tutorial +seo_title: "Your First Pixee Fix | From Install to Merged PR in Minutes" +description: "Walk through your first automated security fix from Pixee: PR contents, diff review, and merge workflow." +sidebar_position: 8 +--- + +Your first Pixee fix arrives as a pull request in your existing code review tool. Open the PR, read the description, review the diff, and merge. Most teams see their first fix within an hour of installation. This page walks through exactly what that PR looks like and how to evaluate it. + +## What to Expect + +After installing Pixee ([GitHub](/getting-started/github), [GitLab](/getting-started/gitlab), [Azure DevOps](/getting-started/azure-devops), or [Bitbucket](/getting-started/bitbucket)), the platform connects to your repositories, ingests findings, and begins triaging. For confirmed vulnerabilities with available fixes, Pixee opens a pull request. + +First PRs are not random. Pixee prioritizes high-confidence, low-risk fixes for initial pull requests — deterministic codemods with predictable behavior. The first fix establishes trust through a clear, reviewable change, not through volume. + +## Anatomy of a Pixee Fix PR + +Every Pixee PR includes a descriptive title, a structured description, and the diff. + +**PR Title:** Identifies the vulnerability type and affected file. Example: `Pixee fix: Parameterize SQL query in UserRepository.java` + +**PR Description — four parts:** + +1. **The vulnerability** — What was found, which scanner flagged it, severity, CWE, and OWASP category. +2. **The fix** — What Pixee changed and why this approach was chosen. +3. **Safety evidence** — Why the fix is safe. For codemods: rule-based transformation with no behavioral change. For MagicMods: validation scores from the fix evaluation pipeline. +4. **References** — CWE definitions, OWASP documentation, scanner rule links. + +**The Diff:** Typically 1-5 lines in a single file. One vulnerability per PR — no bundled changes or surrounding refactors. + +## Reviewing the Fix + +Review a Pixee PR the same way you review any other code change: + +**Step 1: Read the PR description.** Understand the vulnerability and how the fix resolves it. + +**Step 2: Review the diff.** Confirm the code change is correct for your application. + +**Step 3: Check CI results.** Your existing tests, linters, and scanners run against the fix automatically. If tests pass, the fix does not break existing behavior. + +**Step 4: Decide:** + +| Action | When | +| ------------------- | ------------------------------------------------------------------------------------- | +| **Merge** | The fix is correct, tests pass, and the change resolves the vulnerability | +| **Request changes** | The fix is directionally correct but needs modification for your codebase conventions | +| **Close** | The fix is not appropriate for your codebase or the finding is acceptable risk | + +Pixee proposes. You decide. This is assisted remediation through your existing review process. + +## Common First-Fix Scenarios + +**SQL injection fix:** Pixee replaces string concatenation with a parameterized query. + +```java +// Before +String query = "SELECT * FROM users WHERE id = '" + userId + "'"; +Statement stmt = conn.createStatement(); +ResultSet rs = stmt.executeQuery(query); + +// After (Pixee fix) +String query = "SELECT * FROM users WHERE id = ?"; +PreparedStatement stmt = conn.prepareStatement(query); +stmt.setString(1, userId); +ResultSet rs = stmt.executeQuery(); +``` + +**Dependency upgrade (SCA fix):** Pixee bumps a vulnerable dependency to a patched version. The change is a single line in your manifest file (`pom.xml`, `requirements.txt`, `package.json`). Pixee checks for breaking changes before proposing the upgrade. + +**Hardcoded secret removal:** Pixee extracts a hardcoded credential into an environment variable reference. The code changes from a string literal to an environment variable lookup, and the PR description notes which variable to set. + +## After You Merge + +Once you merge, the vulnerability is resolved. Your scanner confirms remediation on its next run, your backlog shrinks by one, and Pixee continues generating fixes for other findings. No dashboard to update, no ticket to close. The merged PR is the record. + +**Metrics to watch:** + +| Metric | What It Tells You | +| ----------------- | -------------------------------------------------------------------------------------------------------------- | +| Merge rate | What percentage of Pixee PRs your team accepts. See [Fix Safety](/how-it-works/fix-safety) for benchmark data. | +| Time to merge | How quickly your team reviews and merges fixes | +| Backlog reduction | How fast your open vulnerability count decreases | + +## What If No Fix Arrives? + +If you do not see a PR within an hour of installation: + +1. **Verify the integration is connected.** Check that Pixee has access to the repositories you selected during setup. +2. **Confirm supported languages are present.** Pixee supports Java, Python, JavaScript/TypeScript, .NET, Go, and PHP. Repositories in other languages will not generate fixes. +3. **Connect a scanner.** Pixee generates more fixes when it has scanner findings to work from. Connect CodeQL, Semgrep, SonarQube, or any SARIF-producing scanner via [CI/CD Integration](/getting-started/ci-cd). +4. **Check for fixable findings.** Your repositories may have findings that Pixee cannot currently remediate. This does not mean the integration is broken — it means the specific vulnerability types present do not yet have available codemods or MagicMod coverage. + +## From First Fix to Full Value + +The first merged fix proves the workflow: setup takes minutes, fixes arrive without manual effort, and developers stay in their existing tools. + +- **Connect additional scanners** to expand coverage. Pixee works with 12 natively integrated scanners and any SARIF-producing tool. +- **Roll out to more repositories** as confidence builds. +- **Track your merge rate.** See [Fix Safety](/how-it-works/fix-safety) for merge rate data. + +For scaling from a single repository to organization-wide deployment, see the [Phased Rollout Guide](/enterprise/phased-rollout). For technical depth on fix methodology, see [Fix Generation](/how-it-works/fix-generation) and [Fix Safety and Validation](/how-it-works/fix-safety). + +## Frequently Asked Questions + +### How do I get my first automated fix from Pixee? + +Install Pixee for your platform ([GitHub](/getting-started/github), [GitLab](/getting-started/gitlab), [Azure DevOps](/getting-started/azure-devops), or [Bitbucket](/getting-started/bitbucket)), connect at least one repository, and wait for your first pull request. Most teams receive their first fix within an hour of installation. + +### How long does it take to review a Pixee fix? + +Most fixes change 1-5 lines and take seconds to minutes to review. The PR description explains the vulnerability, the fix approach, and why it is safe. + +### What if I disagree with a Pixee fix? + +Close the PR or leave a comment requesting changes — the same workflow as any other code review. Pixee proposes fixes; your team decides which to merge. You maintain full control over your codebase. + +### Are Pixee fixes deterministic or AI-generated? + +Both. Pixee uses deterministic codemods for well-understood vulnerability patterns -- these produce identical, predictable output every time. For complex, codebase-specific scenarios, Pixee uses MagicMods (AI-generated fixes) that pass through a validation pipeline scoring Safety, Effectiveness, and Cleanliness before reaching your PR queue. See [Fix Generation](/how-it-works/fix-generation) for details on the codemod library. diff --git a/docs/getting-started/getting-started.md b/docs/getting-started/getting-started.md new file mode 100644 index 00000000..816029cb --- /dev/null +++ b/docs/getting-started/getting-started.md @@ -0,0 +1,104 @@ +--- +title: Welcome to Pixee +slug: / +track: dev +content_type: tutorial +seo_title: "Get Started with Pixee | Automated Security Remediation" +description: Install Pixee and connect your repositories for automated vulnerability triage and remediation via pull requests. +sidebar_position: 1 +--- + +Pixee automates vulnerability triage and remediation directly inside your existing pull request workflow. Install the GitHub App, GitLab integration, Azure DevOps extension, or Bitbucket connector, and Pixee starts delivering fixes as standard PRs your developers already know how to review and merge. No new dashboards. No new interfaces. Setup takes under five minutes, and most teams see their first automated fix within the hour. + +Pixee is not a scanner. It works downstream of your existing SAST, SCA, and DAST tools — ingesting their findings, triaging them for exploitability, and generating validated fixes. + +## What Pixee Does + +Pixee provides two co-equal capabilities: + +**Triage Automation** reduces false positives by up to 95%. Each scanner finding passes through exploitability analysis that determines whether the vulnerability is actually reachable and triggerable in your codebase — not just whether it matches a pattern. Findings classified as false positives include a structured justification explaining why, so your security team can audit the decision. + +**Remediation Automation** generates context-aware code fixes and delivers them as pull requests. Developers review and merge these PRs like any other code change. Across production deployments, 76% of Pixee-generated fixes are merged by development teams after human review. + +Both capabilities work together. Triage eliminates the noise. Remediation fixes what remains. The combination reduces vulnerability backlog resolution time. + +| Capability | What It Does | Proof Point | +| ----------- | ------------------------------------------------------------- | ---------------------------------------- | +| Triage | Exploitability analysis across 12 native scanner integrations | Up to 95% false positive reduction | +| Remediation | Context-aware fixes as pull requests | 76% merge rate on production deployments | +| Delivery | Standard PRs in GitHub, GitLab, ADO, Bitbucket | Native platform integration | + +## Choose Your Platform + +| Platform | Setup Time | Guide | +| ---------------- | ---------- | ----------------------------------------------------- | +| **GitHub** | ~3 minutes | [GitHub Setup →](/getting-started/github) | +| **GitLab** | ~5 minutes | [GitLab Setup →](/getting-started/gitlab) | +| **Azure DevOps** | ~5 minutes | [Azure DevOps Setup →](/getting-started/azure-devops) | +| **Bitbucket** | ~5 minutes | [Bitbucket Setup →](/getting-started/bitbucket) | + +Already running CI/CD pipelines? See [CI/CD Integration](/getting-started/ci-cd) for pipeline-level setup. + +Want to drive the platform from the command line — query scans, configure workflows, hit the API? See [Pixee CLI](/getting-started/cli). + +Need enterprise deployment (self-hosted, air-gapped, BYOM)? Start with [Enterprise Deployment Options](/enterprise/deployment). + +## What Happens After Install + +1. Pixee connects to your repositories and ingests findings from your connected scanners. +2. The triage engine classifies each finding as true positive, false positive, or won't-fix — with a structured justification for every decision. +3. For confirmed vulnerabilities with available fixes, Pixee opens a pull request containing the fix, the vulnerability context, and quality scores. +4. Your developers review the PR in their normal workflow — same code review process, same CI/CD pipeline, same branch protection rules. +5. Developers merge, modify, or close the PR. No special tooling required. + +There is no Pixee dashboard you need to monitor. The PR is the interface. + +## Developer Journey + +This Getting Started section walks you through a complete path: + +**Install** → **Connect scanners** → **Review your first fix** → **Merge** + +| Step | Page | Time | +| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | +| 1. Install the platform integration | [GitHub](/getting-started/github), [GitLab](/getting-started/gitlab), [ADO](/getting-started/azure-devops), or [Bitbucket](/getting-started/bitbucket) | 3-5 min | +| 2. Connect your scanner (optional) | [CI/CD Integration](/getting-started/ci-cd) | 5-10 min | +| 3. Review and merge your first fix | [Your First Fix](/getting-started/first-fix) | 5 min | + +Total time to first merged fix: under 30 minutes for most teams. + +## Prerequisites + +- A GitHub, GitLab, Azure DevOps, or Bitbucket account with at least one repository +- Code in a supported language: Java, Python, JavaScript/TypeScript, .NET, Go, or PHP +- Existing scanner findings recommended for immediate triage and remediation results. Without connected scanner results, Pixee can apply proactive security hardening codemods to common vulnerability patterns. + +No agents to install. No CLI required for the standard workflow. No configuration files needed to start. + +## Large Backlogs (10,000+ Findings) + +Pixee handles large vulnerability backlogs without overwhelming your development team. Findings are prioritized by severity -- Critical and High findings are processed first, so the most dangerous vulnerabilities get addressed before lower-priority items. + +PR creation is batched, not instantaneous. Expect a steady stream of fixes delivered over days, not a flood of hundreds of PRs at once. This pacing keeps code review manageable and avoids overwhelming CI/CD pipelines. + +Use a [PIXEE.yaml](/configuration/pixee-yaml) file to scope initial remediation to specific severity levels, vulnerability types, or repository paths. This gives your team control over the rollout pace and lets you focus on the findings that matter most. + +For organizations managing hundreds of repositories or millions of findings, the [Phased Rollout Guide](/enterprise/phased-rollout) covers rollout strategy for large estates -- including recommended phasing, success metrics per phase, and organizational change management. + +## Frequently Asked Questions + +### How do I install Pixee? + +Choose your platform (GitHub, GitLab, Azure DevOps, or Bitbucket), authorize the app, select your repositories, and Pixee begins analyzing findings automatically. Setup takes under five minutes. See the platform-specific guides linked above. + +### How long does it take to see results? + +Most teams see their first automated fix within one hour of installation. Triage results appear as soon as scanner findings are ingested. The timeline depends on how many findings your scanners have already produced. + +### Does Pixee require code changes to install? + +No. Pixee installs as a platform integration (GitHub App, GitLab webhook, Azure DevOps extension, Bitbucket connector) and requires zero code changes, CLI installs, or configuration files to start. + +### Do developers need to learn a new tool? + +No. Developers interact with Pixee exclusively through pull requests in their existing platform. There is no new interface, no new CLI, no new dashboard. Reviewing a Pixee PR is identical to reviewing any other code change. diff --git a/docs/getting-started/github.md b/docs/getting-started/github.md new file mode 100644 index 00000000..c00e1c27 --- /dev/null +++ b/docs/getting-started/github.md @@ -0,0 +1,133 @@ +--- +title: GitHub Setup +slug: /getting-started/github +track: dev +content_type: tutorial +seo_title: "Set Up Pixee for GitHub | Automated Security Fixes in PRs" +description: Install the Pixee GitHub App for automated vulnerability triage and remediation delivered as pull requests. +sidebar_position: 2 +--- + +Install the Pixee GitHub App to receive automated vulnerability triage and remediation as standard pull requests in your existing repositories. Authorize the app, select which repositories to connect, and Pixee begins analyzing your code and scanner results immediately. Developers review and merge fixes the same way they handle any other PR. No CLI installs, no config files, no new dashboards. + +## Prerequisites + +Before you start, confirm the following: + +- **GitHub permissions.** You need admin or owner permissions on the target repositories, or organization-level install permissions for org-wide deployment. +- **Supported language.** At least one repository with code in Java, Python, JavaScript/TypeScript, .NET, Go, or PHP. +- **Scanner results (optional).** If you already run CodeQL, Semgrep, Snyk Code, Checkmarx, SonarQube, or another scanner that uploads SARIF to GitHub Code Scanning, Pixee ingests those results automatically. This is additive — Pixee also runs its own analysis without any external scanner. + +No agents to install. No CLI required. No configuration files needed to start. + +## Setup + +Install the Pixee GitHub App from the GitHub Marketplace, select your organization, and choose which repositories to connect. The app requests permissions for repository contents, pull requests, code scanning alerts, checks, webhooks, and metadata; it does not request access to secrets, environments, Actions workflows, or deployment configurations. See [GitHub Integration → Required Permissions](/integrations/scms/github#required-permissions) for the full table and rationale. For step-by-step install instructions, see the [installation guide](https://app.pixee.ai/docs/setup). + +Pixee analyzes the default branch of each connected repository. Branch targeting and other behavior can be customized later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the repository root. + +**Scanner integration:** Pixee natively integrates with 12 scanners. If you use GitHub Code Scanning (which includes CodeQL, Semgrep via SARIF upload, and others), Pixee ingests those results automatically. For scanners outside the GitHub Code Scanning ecosystem, connect them through Pixee's [Integrations](/integrations/overview) page. Pixee also runs its own analysis independently, so external scanners are additive, not required. + +After installation, Pixee begins its initial analysis. Within the first hour, Pixee opens pull requests for any actionable findings it identifies. If no PRs appear, the repository may have no actionable findings, or you may need to verify repository access and supported language coverage. + +## Public Repositories Without an Existing Scanner + +If you are setting up Pixee on a public GitHub repository that does not yet have a scanner configured, you can stand up the full pipeline in three steps using free tooling. CodeQL through GitHub Advanced Security (GHAS) and SonarQube Cloud are both free for public repositories. + +### 1. Enable GitHub Issues for the dashboard view + +Pixee can publish a status dashboard as a GitHub Issue in your repository. To enable it: + +1. In your repository, go to **Settings → General**. +2. Under **Features**, check **Issues**. + +You can disable Issues later if you prefer the Pixee dashboard at [app.pixee.ai](https://app.pixee.ai). + +### 2. Connect a scanner + +Pick either CodeQL via GHAS or SonarQube Cloud. Both are free for public repositories and integrate with Pixee through GitHub Code Scanning. + +**Option A: CodeQL via GitHub Advanced Security** + +1. In your repository, go to **Settings → Code security**. +2. Under **Tools → CodeQL analysis**, click **Set up**, then choose **Default**. +3. Wait for the first CodeQL run to finish. You can watch progress in the **Actions** tab. + +For deeper detail on what Pixee extracts from CodeQL findings, see [CodeQL Integration](/integrations/scanners/codeql). + +**Option B: SonarQube Cloud** + +Follow the [SonarQube Cloud GitHub setup instructions](https://docs.sonarsource.com/sonarqube-cloud/getting-started/github/). Logging in with your GitHub identity is the simplest path. SonarQube Cloud is free for public repositories. + +For Pixee's handling of SonarQube findings, see [SonarQube Integration](/integrations/scanners/sonarqube). + +### 3. Install Pixeebot + +Once the scanner has finished its first run: + +1. Go to the [Pixeebot GitHub App page](https://github.com/apps/pixeebot/). +2. Click **Install** (or **Configure** if it is already installed) and follow the prompts. +3. After installation, you are redirected to the Pixee dashboard. + +Pixee processes the scanner output for the default branch and, within a few minutes, opens pull requests for any actionable findings. If you enabled Issues in step 1, a Pixee status issue is also created with a summary of fixes available, in progress, and applied. + +## What You'll See + +When Pixee identifies a fixable vulnerability, it opens a standard GitHub pull request. Here is what the PR contains: + +**PR title:** Describes the vulnerability type and location — for example, `Fix SQL injection in UserController.java`. + +**PR description includes:** + +| Section | What It Contains | +| --------------------- | ---------------------------------------------------------------- | +| Vulnerability details | CVE or CWE reference, severity, and the scanner that detected it | +| Triage justification | Why Pixee classified this as a true positive worth fixing | +| Fix explanation | What the code change does and why it resolves the vulnerability | +| Quality scores | Safety, effectiveness, and cleanliness ratings for the fix | +| Diff | Standard GitHub diff showing 1-5 lines changed | + +**How to review:** Read the diff like any other pull request. The fix is typically 1-5 lines. Pixee does not restructure your code or introduce new dependencies unless the fix requires it (for example, adding an input validation library). + +**How to merge:** Standard GitHub merge flow. Squash, merge commit, or rebase — whatever your branch protection rules require. + +**How to reject:** Close the PR with a comment. Pixee does not reopen closed PRs for the same finding. + +For merge rate data, see [Fix Safety](/how-it-works/fix-safety). + +## What Data Leaves Your Network + +Pixee's cloud SaaS deployment works as follows: + +- **Code access.** Pixee reads repository contents through the GitHub App's authorized API access. Code is processed for analysis and is not stored after the analysis completes. +- **Scanner findings.** If you use GitHub Code Scanning, Pixee reads SARIF results through the Checks API. These findings are used to generate fixes. +- **PRs.** Pixee writes pull requests back to your repository through the GitHub API. PR content (diffs, descriptions) lives in your GitHub instance. +- **No secrets, no env vars, no deployment data.** Pixee does not access GitHub Actions secrets, environment variables, or deployment configurations. + +For teams that require code to remain within their own infrastructure, Pixee offers [self-hosted deployment options](/enterprise/deployment) including embedded cluster, Helm / BYO Kubernetes, and air-gapped configurations. + +## Repository Configuration + +Pixee works with sensible defaults — no configuration file is needed to start. When you want to customize behavior, create a `PIXEE.yaml` file in the repository root. + +Common customizations include: + +- Excluding specific paths or files from analysis +- Adjusting which fix categories Pixee generates PRs for +- Configuring branch targeting + +See the full [PIXEE.yaml Reference](/configuration/pixee-yaml) for all options. + +## GitHub Enterprise Server (GHES) + +GHES is supported via Pixee Enterprise (self-hosted) — not on the cloud SaaS. See [GitHub Integration → GitHub Enterprise Server](/integrations/scms/github#github-enterprise-server) for the connection model and network requirements, and [Enterprise Deployment Options](/enterprise/deployment) for infrastructure setup. + +## Frequently Asked Questions + +### Does Pixee require code changes to install on GitHub? + +No. Pixee installs as a standard GitHub App. You authorize it, select repositories, and it begins working. No code changes, no config files required to start. You can optionally add a `PIXEE.yaml` for customization later. + +### What scanners work with Pixee on GitHub? + +Pixee natively integrates with 12 scanners including CodeQL, Semgrep, Checkmarx, Snyk Code, SonarQube, and any scanner that produces SARIF output via GitHub Code Scanning. Pixee also runs its own analysis independently, so external scanners are additive, not required. diff --git a/docs/getting-started/gitlab.md b/docs/getting-started/gitlab.md new file mode 100644 index 00000000..8c2f38cc --- /dev/null +++ b/docs/getting-started/gitlab.md @@ -0,0 +1,87 @@ +--- +title: GitLab Setup +slug: /getting-started/gitlab +track: dev +content_type: tutorial +seo_title: "Set Up Pixee for GitLab | Automated Security Merge Requests" +description: Install Pixee for GitLab to receive automated vulnerability triage and remediation as merge requests. +sidebar_position: 3 +--- + +Install Pixee for GitLab to receive automated vulnerability triage and remediation as standard merge requests in your existing GitLab workflow. Connect your GitLab instance, select your projects, and Pixee begins delivering fixes that developers review and merge using the same MR process they already use. Works with GitLab SaaS and self-managed instances. No new interfaces, no separate dashboard. + +## Prerequisites + +Before you start, confirm the following: + +- **GitLab permissions.** You need Maintainer or Owner role on the target projects. For group-level setup, you need Owner on the parent group. +- **GitLab instance.** GitLab SaaS (gitlab.com) or a self-managed GitLab instance. For self-managed, you will provide your instance URL during setup. +- **Supported language.** At least one project with code in Java, Python, JavaScript/TypeScript, .NET, Go, or PHP. +- **Scanner results (optional).** If you run GitLab SAST, Semgrep, Checkmarx, or other scanners through GitLab CI, Pixee can ingest those findings. This is additive — Pixee also runs its own analysis. + +No agents to install. No runner configuration changes. No `.gitlab-ci.yml` edits needed to start. + +## Setup + +Create a GitLab personal access token for a dedicated service account, then connect it in Pixee's GitLab integration settings. The token needs `api`, `read_user`, `read_repository`, `read_api`, and `write_repository` scopes. See [GitLab Integration → Authentication](/integrations/scms/gitlab#authentication) for the full scope table and rationale, including the `member_projects_only` toggle. For step-by-step install instructions, see the [installation guide](https://app.pixee.ai/docs/setup). + +After connecting, choose which GitLab projects Pixee should analyze -- all projects, member projects only, or specific projects. Pixee analyzes the default branch of each connected project. You can customize branch targeting and other behavior later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the project root. + +**Scanner integration:** Pixee natively integrates with 12 scanners. If your `.gitlab-ci.yml` includes the GitLab SAST template, Pixee ingests those findings directly. Third-party scanners producing SARIF output can be connected through Pixee's [Integrations](/integrations/overview) page. Pixee also runs its own analysis independently, so external scanners are additive, not required. + +After setup, Pixee begins its initial analysis and opens merge requests for actionable findings within the first hour. If no MRs appear, verify PAT scopes, network connectivity (for self-managed instances), and supported language coverage. + +## What You'll See + +When Pixee identifies a fixable vulnerability, it opens a standard GitLab merge request. Here is what the MR contains: + +**MR title:** Describes the vulnerability type and location — for example, `Fix path traversal in FileService.java`. + +**MR description includes:** + +| Section | What It Contains | +| --------------------- | ---------------------------------------------------------------- | +| Vulnerability details | CVE or CWE reference, severity, and the scanner that detected it | +| Triage justification | Why Pixee classified this as a true positive worth fixing | +| Fix explanation | What the code change does and why it resolves the vulnerability | +| Quality scores | Safety, effectiveness, and cleanliness ratings for the fix | +| Diff | Standard GitLab diff showing 1-5 lines changed | + +**How to review:** Read the diff like any other merge request. Pixee fixes are typically 1-5 lines. No new dependencies are introduced unless the fix requires it. + +**How to merge:** Standard GitLab merge flow. If your project has merge request approval rules or CI pipeline requirements, Pixee MRs go through the same gates as any developer-authored MR. + +**How to reject:** Close the MR with a comment. Pixee does not reopen closed MRs for the same finding. + +**CI pipeline behavior:** Pixee-generated MRs trigger your existing GitLab CI pipeline like any other merge request. If your pipeline includes SAST, tests, or linting stages, those run against the Pixee fix branch automatically. + +For merge rate data, see [Fix Safety](/how-it-works/fix-safety). + +## What Data Leaves Your Network + +Pixee's cloud SaaS deployment works as follows: + +- **Code access.** Pixee reads repository contents through the personal access token's authorized API access. Code is processed for analysis and is not stored after the analysis completes. +- **Scanner findings.** Pixee reads findings from GitLab SAST reports or connected third-party scanners. These findings are used to generate fixes. +- **MRs.** Pixee writes merge requests back to your GitLab instance through the API. MR content (diffs, descriptions) lives in your GitLab instance. +- **No CI secrets, no variables, no deployment data.** Pixee does not access CI/CD variables, runner tokens, or deployment configurations. + +For teams that require code to remain within their own infrastructure, Pixee offers [self-hosted deployment options](/enterprise/deployment) including embedded cluster, Helm / BYO Kubernetes, and air-gapped configurations. + +## Self-Managed GitLab + +Self-managed GitLab is supported. See [GitLab Integration → Self-Hosted GitLab](/integrations/scms/gitlab#self-hosted-gitlab) for the connection model and network requirements, and [Enterprise Deployment Options](/enterprise/deployment) for air-gapped and on-prem Pixee deployments. + +## Frequently Asked Questions + +### Does Pixee work with GitLab CI/CD? + +Yes. Pixee-generated merge requests run through your existing GitLab CI pipeline like any other MR — including SAST stages, test suites, and approval rules. You can also configure Pixee to ingest scanner results produced by your CI pipeline. + +### What scanners does Pixee support on GitLab? + +Pixee natively integrates with 12 scanners including GitLab SAST, Semgrep, Checkmarx, Snyk Code, SonarQube, and any scanner producing SARIF output. Pixee triages findings from these scanners and generates fixes for confirmed vulnerabilities. + +### Do I need to modify my `.gitlab-ci.yml` to use Pixee? + +No. Pixee connects through a personal access token and operates independently of your CI pipeline configuration. No changes to `.gitlab-ci.yml` are required to start. If you want Pixee to ingest scanner results from your pipeline, that configuration is handled in the Pixee integration settings, not in your CI file. diff --git a/docs/how-it-works/_category_.json b/docs/how-it-works/_category_.json new file mode 100644 index 00000000..159aad94 --- /dev/null +++ b/docs/how-it-works/_category_.json @@ -0,0 +1,9 @@ +{ + "label": "How It Works", + "position": 3, + "collapsible": true, + "collapsed": false, + "link": { + "type": "generated-index" + } +} diff --git a/docs/how-it-works/context-intelligence.md b/docs/how-it-works/context-intelligence.md new file mode 100644 index 00000000..70b274c7 --- /dev/null +++ b/docs/how-it-works/context-intelligence.md @@ -0,0 +1,111 @@ +--- +title: "Context & Intelligence" +slug: /how-it-works/context-intelligence +track: both +content_type: guide +seo_title: "Context & Intelligence | Beyond Reachability Analysis" +description: How Pixee evaluates dataflow quality, production vs. test context, security controls, and severity signals on every vulnerability finding. +sidebar_position: 6 +--- + +Pixee's context-aware intelligence layer evaluates multiple dimensions of code context to determine whether a vulnerability is actually exploitable -- not just whether it is reachable. The system assesses dataflow quality on a four-tier scale, classifies code as production or test, detects security controls in the code path, filters intentionally-vulnerable projects, and adjusts severity based on all available signals. This shared intelligence substrate enriches both triage verdicts and remediation context. See [Triage Capabilities](/platform/triage) for false positive reduction data. + +Context intelligence is the shared layer underneath both of Pixee's co-equal capabilities: [Triage Automation](/how-it-works/triage-engine) and [Remediation Automation](/how-it-works/fix-generation). The same analysis that makes triage verdicts accurate also makes generated fixes higher quality. + +## Why Reachability Is Not Enough + +Reachability analysis checks whether a vulnerable function is reachable from an entry point. This is a useful first filter -- it removes dead code and internal utilities from consideration. However, reachability alone is not sufficient for accurate triage. + +Reachability tells you whether code CAN be reached. It does not tell you whether a vulnerability is actually exploitable in context. Four categories of noise survive basic reachability: + +**1. Protected but reachable.** A function may be reachable but sits behind a WAF rule, a framework-provided sanitizer, or an input validation layer. Reachability says "yes, reachable." Exploitability analysis says "yes, reachable, but the input is validated before it arrives -- this is a false positive." + +**2. Test code that looks like production.** Test fixtures often exercise the same code paths as production. Reachability analysis treats test code the same as production code. Exploitability analysis classifies code context and adjusts severity. + +**3. Weak dataflow evidence.** Some scanner findings are based on pattern matches with no clear taint propagation from source to sink. Reachability does not assess the quality of the evidence. Exploitability analysis does -- weak evidence gets lower confidence, preventing marginal findings from consuming engineering attention. + +**4. Severity misalignment.** A "critical" finding in a CTF demo project is not the same as a "critical" finding in a production payment service. Reachability does not adjust severity for deployment context. Exploitability analysis does. + +Pixee evaluates all of these dimensions to close the gap between reachability and exploitability. + +## Dataflow Quality Assessment + +Not all findings have equal evidence. Pixee classifies the strength of dataflow evidence on every finding using a four-tier scale: + +| Tier | Description | Confidence Impact | Gathering Strategy | +| ---------------------- | ------------------------------------------------------- | ------------------------------------------ | --------------------------------------------------------------------- | +| **Strong Multi-File** | High-confidence taint propagation across multiple files | Highest confidence in verdicts | Traces full cross-file dataflow; includes all files in the taint path | +| **Strong Single-File** | High-confidence dataflow within a single file | High confidence | Full file context with highlighted vulnerable region | +| **Weak** | Partial or low-confidence dataflow information | Reduced confidence; may downgrade findings | Targeted excerpts around the flagged location | +| **Single-Location** | Only the flagged line, no dataflow available | Lowest confidence | Surrounding context with heuristic file matching | + +**How this affects triage:** Higher dataflow quality increases confidence in true positive verdicts. Weak evidence can downgrade findings that basic reachability would flag as critical. A scanner that reports a SQL injection but provides only a single-location match with no dataflow evidence gets a lower confidence score than the same rule backed by a full source-to-sink trace across multiple files. + +**How this affects remediation:** The same classification drives the context gathering strategy for fix generation. Strong multi-file dataflow means the LLM sees the full cross-file taint path. Single-location findings get targeted context with heuristic file matching. Better context means better fixes at lower cost. + +## Production vs. Test Classification + +A SQL injection pattern in a production API endpoint is critical. The same pattern in a test fixture is not. + +The system identifies code context -- production services, test fixtures, integration tests, development utilities -- and adjusts severity accordingly. This means executive dashboards reflect real exploit risk instead of raw rule counts. + +This classification is particularly valuable for organizations with large test suites. Test code exercises the same code paths and triggers the same scanner rules as production code, but carries fundamentally different risk. Without production vs. test classification, every test fixture vulnerability inflates the backlog with findings that no one should fix. + +## Security Control Detection + +When a sanitizer, validator, or framework-specific protection exists between a source and a sink, the system identifies it and uses it as evidence for the triage verdict. + +This is the difference between "this function is reachable" and "this function is reachable but the input is sanitized before it arrives." + +**How it works:** + +- Identifies sanitizers (input validation functions, encoding routines) +- Detects validators (schema validation, type checking) +- Recognizes framework-specific protections (CSRF tokens, Content Security Policy headers, parameterized query builders) +- Every triage verdict includes code snippets showing the relevant controls + +Security control detection is what allows the triage engine to confidently classify findings as false positives when a control exists in the code path. Without it, the system would need to escalate every reachable finding for human review. + +## Intentionally-Vulnerable Project Filtering + +Demo applications, CTF challenges, and security training repositories generate permanent scanner noise. These projects are deliberately insecure -- they exist to teach or test, not to run in production. + +The system detects these projects and filters them from the triage pipeline. This prevents wasted triage capacity on findings that are designed to be vulnerable and should never be remediated. + +## Severity Adjustment + +When context signals indicate that a finding's real-world risk differs from its raw scanner severity, the system adjusts: + +- True positive on high-quality dataflow in production stays critical +- Same rule on a weak match in a test fixture gets downgraded +- A finding behind a validated security control may be reclassified as won't-fix + +Every severity adjustment includes an audit trail showing why the adjustment was made. Auditors can verify the reasoning. This means compliance teams can explain to auditors why a "critical" scanner finding was downgraded -- the triage verdict includes the specific code signals that justified the decision. + +## How Context Feeds Remediation + +The context intelligence layer serves double duty. The same analysis that drives triage accuracy also drives fix quality. + +**For fix generation:** + +- Dataflow quality determines how much code context the LLM sees. Strong multi-file dataflow means the model sees the full taint path. Weak evidence means targeted excerpts. +- Token-budget optimization: targeted excerpts for large files, full files for small ones. Merges consecutive vulnerable regions in the same file to reduce cost. +- Fuzzy file matching finds related files not explicitly named in the dataflow trace. + +**Why this matters:** LLM fix quality is bounded by what the model can see. Too little context produces wrong fixes. Too much context wastes tokens and confuses the model. The context intelligence layer solves both problems by adapting the gathering strategy to the finding's dataflow quality. + +Better context means better fixes at lower cost. This is the component that caps per-call resource usage without sacrificing fix quality. + +## Frequently Asked Questions + +### What is exploitability analysis in application security? + +Exploitability analysis determines whether a scanner-reported vulnerability can actually be triggered in a specific codebase. It goes beyond reachability to evaluate dataflow quality, security control presence, production vs. test classification, and the strength of evidence supporting an attack path. Pixee evaluates all of these dimensions on every finding, producing auditable verdicts with code-level evidence. + +### How does Pixee go beyond basic reachability analysis? + +While reachability checks whether a function can be reached from an entry point, Pixee additionally evaluates dataflow quality on a four-tier scale, detects security controls between source and sink, classifies code as production or test, filters intentionally-vulnerable projects, and adjusts severity based on all available context signals. These additional dimensions close the gap between "is this code reachable?" and "is this vulnerability actually dangerous?" + +### Does context analysis work across all scanners? + +Yes. The context-aware intelligence layer operates across any SARIF-producing scanner. Whether findings come from CodeQL, Semgrep, Checkmarx, or custom internal tools, the same exploitability analysis applies to all findings through a unified pipeline. Triage accuracy scales with the richness of metadata each scanner provides, but every scanner gets context-aware analysis. diff --git a/docs/how-it-works/fix-generation.md b/docs/how-it-works/fix-generation.md new file mode 100644 index 00000000..0cea46b4 --- /dev/null +++ b/docs/how-it-works/fix-generation.md @@ -0,0 +1,157 @@ +--- +title: Fix Generation +slug: /how-it-works/fix-generation +track: both +content_type: guide +seo_title: "How Fix Generation Works | Codemods + AI Remediation" +description: "How Pixee generates security fixes: deterministic codemods for known patterns, AI-powered MagicMods for novel scenarios, and independent quality evaluation." +sidebar_position: 2 +--- + +Pixee generates security fixes through a hybrid-intelligence engine: 120+ deterministic codemods handle known vulnerability patterns with zero AI variance, while AI-powered MagicMods handle novel and complex scenarios using dataflow-bounded context and per-rule knowledge base guidance. Every fix -- deterministic or AI-generated -- passes through an independent quality evaluation scoring Safety, Effectiveness, and Cleanliness before reaching a pull request. Developers see only pre-validated fixes. See [Fix Safety](/how-it-works/fix-safety) for merge rate data. + +Remediation is one of two co-equal capabilities in Pixee's Agentic Security Engineering Platform. The other is [Triage Automation](/how-it-works/triage-engine), which classifies findings as true or false positives with structured evidence. Together they close the loop from "scanner found something" to "vulnerability is fixed." + +## Fix Generation Pipeline + +Every scanner finding that passes triage as a true positive enters the same fix pipeline, regardless of which scanner detected it or whether the fix uses deterministic or AI-powered generation. + +**End-to-end flow:** + +1. **Context gathering** -- classifies dataflow quality on a four-tier scale, follows taint propagation across files, highlights vulnerable regions with inline markers, and adapts context windows to file size +2. **Route decision** -- known pattern routes to a deterministic codemod; novel or complex pattern routes to an AI-powered MagicMod +3. **Fix planning** (complex/multi-file fixes) -- specialized agents decompose the fix into coordinated manifest changes, source file edits, and declaration updates +4. **Fix generation** -- codemod applies an AST or regex transformation (deterministic); MagicMod generates a fix with dataflow-bounded context and per-rule guidance +5. **Fix evaluation** -- a separate inference call scores the fix on Safety, Effectiveness, and Cleanliness. Fixes that fail are retried with structured feedback or suppressed +6. **PR creation** -- the validated fix plus metadata, diff rationale, and quality scores are delivered as a pull request + +The same evaluation gate applies regardless of whether the fix was deterministic or AI-generated. The pipeline handles both SAST and [SCA findings](/how-it-works/sca-pipeline). + +## Deterministic Codemods + +Codemods are pre-built, rule-based code transformations encoding OWASP/SANS security patterns. No LLM is involved. Same input, same output, every time. + +**Scale:** 120+ codemods across Java and Python. The open-source engines -- codemodder-java (51 core codemods) and codemodder-python (60+ core codemods) -- are publicly inspectable on GitHub, with additional JavaScript/TypeScript coverage. + +**Fix types covered:** + +- SQL injection parameterization +- SSRF prevention +- Insecure deserialization (PyYAML hardening, defused XML) +- Weak cryptography (secure random, JWT decode verification) +- Insecure temp file handling +- SSL/TLS protocol upgrades +- Security hardening patterns from OWASP/SANS + +**Why deterministic matters:** + +- **Zero hallucination risk.** The transformation is a fixed rule, not a generated response. There is no variance between runs. +- **Auditor-inspectable.** The open-source codemod engines let customers and auditors read the transformation rules before deployment. +- **Cost-effective at scale.** Codemods run in sub-second time with zero inference cost. This keeps per-finding cost bounded, leaving AI budget for genuinely novel cases. + +Codemods handle known, solved patterns without AI involvement. + +## AI-Powered MagicMods + +MagicMods fire when no deterministic codemod matches the finding. They handle the scenarios that rule-based systems cannot reach: custom framework wrappers, multi-file dataflow vulnerabilities, context-dependent sanitization, and novel patterns. + +**MagicMod architecture:** + +- **Dataflow-bounded context.** The LLM receives only the code relevant to the vulnerability's dataflow path. This precision controls token cost and provides focused context. +- **Per-rule knowledge base guidance.** Each scanner rule has associated remediation knowledge. The LLM receives rule-specific security advice, not generic guidance. +- **Per-project PIXEE.yaml policy.** MagicMods respect project-level configuration files specifying your coding conventions, preferred imports, and framework choices. AI-generated fixes match your team's style. +- **Scanner-aware dispatchers.** Dispatchers for 8+ scanner types (Semgrep, CodeQL, Sonar, Snyk, AppScan, Polaris, DefectDojo, Trivy) understand each tool's output format and rule semantics. A Semgrep finding is processed differently than a Checkmarx finding because the available metadata differs. + +Every MagicMod fix passes through the same independent evaluation gate that all fixes pass. + +## Context Gathering + +Fix quality is bounded by what the LLM can see. Context gathering is the engineering that controls this boundary. + +**4-tier dataflow quality classification:** + +| Tier | Description | Gathering Strategy | +| ---------------------- | ------------------------------------------------------- | --------------------------------------------------------------------- | +| **Strong Multi-File** | High-confidence taint propagation across multiple files | Traces full cross-file dataflow; includes all files in the taint path | +| **Strong Single-File** | High-confidence dataflow within a single file | Full file context with highlighted vulnerable region | +| **Weak** | Partial or low-confidence dataflow information | Targeted excerpts around the flagged location | +| **Single-Location** | Only the flagged line, no dataflow available | Surrounding context with heuristic file matching | + +**Key capabilities:** + +- Follows SARIF-based taint propagation across files +- Highlights the vulnerable region with inline markers so the LLM knows exactly where the problem is +- Adapts between whole-file and targeted excerpts based on file size +- Merges consecutive vulnerable regions in the same file to reduce token cost +- Fuzzy file matching finds related files not explicitly named in the dataflow + +This context layer is shared between triage and remediation paths. The same classification that drives triage verdict accuracy also drives fix quality. + +## Multi-Agent Fix Planning + +Some security fixes span multiple files. A vulnerable dependency may require upgrading the library version in a manifest file, updating import statements in source files, and refactoring call sites that use changed APIs -- all as a single, atomic change. + +Pixee decomposes complex fixes across specialized agents rather than cramming everything into a single AI prompt: + +- **Version decision logic** -- determines which library version resolves the vulnerability while maintaining compatibility +- **Source file identification** -- uses the vulnerability's dataflow evidence to identify which source files need edits +- **Manifest declaration updates** -- locates the exact line in the manifest file that needs to change + +**Iterative refinement:** The fix plan is evaluated for quality before execution begins. Plans that are incomplete or inconsistent receive structured feedback and are refined. Plans that cannot reach acceptable quality are not executed. + +**Why this matters:** Multi-file security fixes are where single-pass AI code generation consistently fails. The model forgets the manifest, bumps the dependency without updating imports, or edits the wrong file. Structured planning with specialized agents prevents these failure modes. + +The result is an atomic PR: manifest change plus source-file refactoring plus declaration updates in a single pull request. No "upgrade succeeded, tests broken" half-states. + +## Fix Evaluation + +Every generated fix passes through an independent quality gate before a developer sees it. Bad fixes are rejected, not shipped. + +**Three-dimension rubric:** + +| Dimension | What It Checks | Failure Example | +| ----------------- | ----------------------------------------------------------------- | ---------------------------------------------------------- | +| **Safety** | No breaking changes, no regressions, no unintended side effects | Fix changes the API signature, breaking callers | +| **Effectiveness** | Correctly resolves the security vulnerability | Fix adds validation but misses the actual injection point | +| **Cleanliness** | Proper formatting, no extraneous changes, preserves existing code | Fix reformats the entire file or removes existing comments | + +**Architectural independence:** The evaluator runs as a separate inference call -- the generator does not grade its own work. This is not self-critique from the same model. The separation prevents the "grading your own homework" failure mode. + +**Retry and suppression:** Fixes that fail receive specific reasoning and suggestions. The generator uses this feedback to produce a better fix. If a fix still cannot pass after retries, it is suppressed with an explanation -- the developer never sees it. + +For the full trust analysis, see [Fix Safety and Validation](/how-it-works/fix-safety). + +## What Developers See + +The end product is a standard pull request in GitHub, GitLab, Azure DevOps, or Bitbucket. There is no new tool to learn and no context-switching. + +**A typical Pixee PR includes:** + +- **Code diff** -- usually 1-5 lines adding input validation, parameterized queries, or safe API calls +- **Vulnerability context** -- what the scanner found and why it matters +- **Quality scores** -- Safety, Effectiveness, and Cleanliness scores from the evaluation gate +- **Fix rationale** -- why this specific remediation approach was chosen + +Developers review, modify, reject, or merge like any other code change. Standard git revert applies to any merged change. There is no runtime dependency on Pixee for merged code -- if Pixee were removed, all previously merged fixes remain as standard code in the repository. + +## Frequently Asked Questions + +### How do AI-generated code fixes get validated before merging? + +Every fix passes through an independent quality evaluation scoring three dimensions: Safety (no breaking changes), Effectiveness (resolves the vulnerability), and Cleanliness (code quality). The evaluator runs as a separate inference call -- the generator does not grade its own work. Fixes that fail are retried with structured feedback or suppressed entirely. Developers see only fixes that have passed this gate. + +### What is a good merge rate for automated security fixes? + +Merge rate reflects the combined quality of deterministic codemods (zero variance on known patterns), AI-generated fixes (constrained generation with independent evaluation), and the suppression of fixes that cannot pass quality gates. See [Fix Safety](/how-it-works/fix-safety) for current merge rate data. + +### What is the difference between codemods and AI-generated fixes? + +Deterministic codemods are pre-built, rule-based transformations that produce identical output every time with zero AI involvement. They handle known patterns like SQL injection parameterization and SSRF prevention. AI-powered MagicMods handle novel patterns where deterministic rules cannot reach, using LLM-based generation with dataflow-bounded context and independent quality evaluation. The system routes each vulnerability to the appropriate mode automatically. + +### Does Pixee respect my team's coding conventions? + +Yes. AI-generated fixes use per-project PIXEE.yaml policy files that specify coding conventions, preferred imports, and framework choices. Deterministic codemods follow OWASP/SANS standard patterns. All fixes can be modified by developers before merging -- they are standard PRs with full diff visibility. + +### What is the failure mode for AI-generated fixes? + +When an AI-generated fix does not meet quality standards, it is retried with structured feedback from the evaluator. If it still cannot pass after retries, it is suppressed with an explanation -- the developer never sees it. No fix reaches a pull request without passing the independent evaluation gate. Developers always have final authority: they can modify, reject, or revert any merged change through standard Git operations. diff --git a/docs/how-it-works/fix-safety.md b/docs/how-it-works/fix-safety.md new file mode 100644 index 00000000..96c7fc56 --- /dev/null +++ b/docs/how-it-works/fix-safety.md @@ -0,0 +1,129 @@ +--- +title: "Fix Safety & Validation" +slug: /how-it-works/fix-safety +track: both +content_type: guide +seo_title: "Fix Safety & Validation | How Pixee Prevents Bad Fixes" +description: Deterministic codemods, independent AI evaluation, and PR-only delivery. How Pixee validates fixes before they reach developers. +sidebar_position: 3 +--- + +Pixee uses a deterministic-first, AI-second architecture with independent quality evaluation to ensure automated fixes do not break your code. Most fixes come from pre-built codemods that produce identical, zero-variance output every time. See [Fix Generation](/how-it-works/fix-generation) for the full codemod library. Fixes that require AI generation pass through a separate evaluation scoring Safety, Effectiveness, and Cleanliness before any developer sees them. Every change ships as a pull request -- never a direct commit -- preserving your existing code review, CI/CD, and SAST re-scanning gates. The measured result: a 76% merge rate on production deployments. + +## How Fix Safety Works + +Pixee's fix safety rests on independent validation layers, narrow scope by design, and preserved human authority at every stage. + +## Deterministic vs. Probabilistic Fixes + +This distinction is the single most important concept on this page. When technical evaluators understand it, the concern about AI-generated fixes fundamentally changes. + +**Deterministic codemods:** Pre-built, rule-based code transformations encoding OWASP/SANS security patterns. Same input, same output, every time. Zero LLM involvement. Zero hallucination risk. The open-source codemod engines (codemodder-java, codemodder-python) are publicly inspectable -- your security team or auditors can read the transformation rules before deployment. + +**AI-generated MagicMods:** Handle novel patterns where deterministic rules cannot reach -- custom framework wrappers, multi-file dataflow vulnerabilities, context-dependent sanitization. Every AI-generated fix earns its way through the evaluation pipeline. + +| Dimension | Deterministic Codemods | AI-Generated MagicMods | +| ------------------------------- | ------------------------------------------------------------------------------ | --------------------------------------------------------------------- | +| **Input/output predictability** | Identical output every time | Output varies based on context; constrained by dataflow-bounded input | +| **Scope** | Known vulnerability patterns (SQL injection, XSS, SSRF, deserialization, etc.) | Novel, custom, and multi-file patterns | +| **Hallucination risk** | Zero | Mitigated by independent evaluation and retry/suppression | +| **Validation requirement** | Pre-validated by design; open-source engines inspectable | Mandatory independent evaluation gate | +| **LLM involvement** | None | Constrained generation with per-rule knowledge base guidance | + +Deterministic codemods carry zero AI risk. AI-generated fixes receive additional validation through the independent evaluation pipeline. Routing between modes is automatic -- no manual configuration. + +## Independent Fix Evaluation + +Every AI-generated fix passes through an independent quality gate before a developer sees it. This is the concrete mechanism behind the 76% merge rate. + +**Separate inference call, not self-critique.** The evaluator runs as a structurally independent inference call -- separate context window, separate system prompt, separate scoring rubric -- not the same process that generated the fix. This prevents the "grading your own homework" failure mode that undermines single-pass AI systems. + +**Three-dimension rubric:** + +| Dimension | What It Checks | Why It Matters | +| ----------------- | ----------------------------------------------------------------- | ----------------------------------------------------------- | +| **Safety** | No breaking changes, no regressions, no unintended side effects | Prevents the fix from creating new problems | +| **Effectiveness** | Correctly resolves the security vulnerability | Prevents cosmetic changes that leave the vulnerability open | +| **Cleanliness** | Proper formatting, no extraneous changes, preserves existing code | Prevents unnecessary diff noise that frustrates reviewers | + +**All three dimensions must pass.** This is not an aggregate score where a dangerous fix slides through because it scored well on formatting. A fix that fails Safety is rejected regardless of Effectiveness and Cleanliness scores. + +**Structured feedback loop:** Fixes that fail evaluation receive specific reasoning and suggestions. The generator uses this feedback to produce a better fix. If a fix still cannot pass after retries, it is suppressed entirely -- with an explanation logged for debugging. The developer never sees a fix that failed the gate. + +**Quality scores are visible.** When a fix passes evaluation and reaches the PR, the Safety, Effectiveness, and Cleanliness scores are included. Transparency builds trust over time. + +## Your Existing Gates Still Apply + +Fix evaluation is additional validation that happens before the PR reaches your existing quality controls. Pixee does not replace your gates -- it adds layers in front of them. + +**What happens after Pixee creates the PR:** + +1. **Code review** by the development team -- the same review process you apply to human-written code +2. **CI/CD pipeline execution** -- tests, builds, and any other automated checks you have configured +3. **SAST re-scanning** by the same tools that found the original vulnerability -- if the fix introduces new findings, they appear in the PR +4. **Branch protection rules** and merge requirements you have configured + +Every Pixee change flows through your full approval pipeline. There is no mode, setting, or override that allows Pixee to commit directly to a branch. PR-only delivery is an architectural constraint, not an optional configuration. + +Pixee does not replace your quality gates -- it adds validation layers before changes reach your existing review process. + +## The 76% Merge Rate in Context + +This number is measured merge behavior on production pull requests. It reflects developer trust -- engineers review the fix and choose to merge it. + +**What it means:** Three out of four Pixee-authored fixes are accepted by development teams after human review. + +**What it does not mean:** That 24% of fixes are harmful. Rejected fixes include cases where developers had a different preferred approach, the fix was correct but the team chose to address the issue differently, or the finding was deprioritized. A rejected PR has zero impact -- closing it discards the change. + +**Why this number is trustworthy:** It reflects the combined output of deterministic reliability on common patterns (zero variance) plus validated AI generation on complex ones (independent evaluation gate). Fixes that cannot pass quality standards are suppressed before they reach a PR, so the 76% measures developer acceptance of pre-validated fixes -- not raw AI output. + +## Narrow Scope, Lower Risk + +Pixee fixes SAST-identified security issues. The typical fix is 1-5 lines of code adding input validation, parameterized queries, or safe API calls. + +**What Pixee does:** Applies established OWASP/SANS remediation patterns to known vulnerability types. + +**What Pixee does not do:** Write features. Generate business logic. Create new functionality. Refactor architectures. Perform open-ended code completion. + +Security controls do not alter legitimate application behavior -- they block attacker traffic only. This narrow scope makes both independent evaluation and human review tractable. + +## Rollback and Reversibility + +- **Standard git revert.** Every Pixee change is a normal Git commit within a pull request. Standard git revert undoes any merged change. No special tooling required. +- **Full traceability.** All fixes are stored in Git history with complete context about what vulnerability was addressed and why the specific remediation was chosen. +- **No lock-in dependency.** If Pixee were removed entirely, all previously merged fixes remain as standard code in the repository. There is no runtime dependency on Pixee for merged code. +- **Pre-merge rejection is trivial.** Closing a PR without merging discards the proposed change with zero impact on the codebase. + +## Audit Defensibility + +For regulated industries, every Pixee fix creates a defensible audit record: + +- Typed triage verdict (true positive, false positive, won't fix, suspicious) with code-level evidence +- Fix quality scores (Safety, Effectiveness, Cleanliness) on every PR +- Full Git history showing what changed, when, and why +- SAST re-scanning confirmation that the fix does not introduce new findings +- Developer approval recorded in the merge event + +Compliance teams reviewing automated code changes need to see that the change was validated by independent evaluation, reviewed by a human, tested by CI/CD, and re-scanned by the same tools that found the original issue. Pixee's pipeline provides all four. + +## Frequently Asked Questions + +### Does automated remediation break existing code? + +Pixee uses multiple independent validation layers to prevent breaking changes. Most fixes come from deterministic codemods with zero AI variance. AI-generated fixes pass independent evaluation scoring Safety, Effectiveness, and Cleanliness. Every change ships as a PR through your existing code review, CI/CD, and SAST re-scanning gates. Fixes that cannot pass quality standards are suppressed before developers see them. + +### What happens if an automated fix introduces a bug? + +Every Pixee change is a standard Git commit within a pull request. Standard git revert undoes any merged change -- no special tooling needed. Fixes are typically 1-5 lines, making review straightforward. There is no runtime dependency on Pixee for merged code, and closing a PR before merge discards the change with zero impact. + +### How accurate are AI-generated security fixes? + +Pixee achieves a 76% merge rate on production PRs -- three out of four fixes are accepted by development teams after human review. Many fixes use deterministic codemods with zero AI variance. AI-generated fixes pass an independent evaluation gate scoring Safety, Effectiveness, and Cleanliness. Fixes that cannot pass quality standards are suppressed, never shipped to developers. + +### Is automated vulnerability remediation safe for production code? + +Yes. Pixee's fixes are narrow-scope security changes (1-5 lines) applying established OWASP/SANS patterns, not general-purpose code generation. They pass multi-layer validation before reaching a PR, and your existing CI/CD, SAST re-scanning, and code review gates all apply. The PR-only delivery model is an architectural constraint -- there is no mode that allows direct commits. + +### What is the confidence level on these fixes? + +Every fix includes quality scores visible on the PR. Fixes must pass a three-dimension rubric (Safety, Effectiveness, Cleanliness) via an independent evaluation process before reaching developers. All three dimensions must pass independently -- a dangerous fix cannot slide through on aggregate scoring. Fixes that cannot meet standards after retries are suppressed with an explanation. diff --git a/docs/how-it-works/sca-pipeline.md b/docs/how-it-works/sca-pipeline.md new file mode 100644 index 00000000..70bd68fa --- /dev/null +++ b/docs/how-it-works/sca-pipeline.md @@ -0,0 +1,116 @@ +--- +title: SCA Pipeline +slug: /how-it-works/sca-pipeline +track: both +content_type: guide +seo_title: "How the SCA Pipeline Works | Dependency Vulnerability Fix" +description: How Pixee verifies CVE exploitability in your codebase and delivers atomic dependency upgrade PRs with code-level fixes. +sidebar_position: 4 +--- + +Pixee's SCA pipeline determines whether flagged CVEs are actually exploitable in your specific codebase, then delivers atomic dependency upgrade PRs that include both manifest version bumps and downstream source-file refactoring. The pipeline combines external CVE research with internal code analysis to produce evidence-based classifications -- not just version matching. Confirmed vulnerabilities get coordinated fixes across Python, Java, JavaScript, and .NET manifests, with fix evaluation before any PR is created. + +SCA findings flow through the same co-equal triage and remediation pipeline that handles SAST findings. Pixee applies the same exploitability analysis and fix generation methodology to third-party dependency vulnerabilities that it applies to first-party code findings. + +## How the SCA Pipeline Works End to End + +1. **SCA scanner** (Snyk, Trivy, or any SARIF-producing tool) flags a CVE in a dependency +2. **CVE research** -- gathers CVE details, changelogs, patches, and release notes to identify the specific conditions required for exploitation +3. **Verification cache lookup** -- checks whether this CVE+dependency combination has already been verified, avoiding redundant analysis +4. **Triage synthesis** -- combines external CVE research with internal code analysis, secure coding guidelines, historical triage decisions, and cross-tool context +5. **Classification output** -- Exploitable or Not Exploitable, with evidence, context-adjusted severity, and a transparent verification report +6. **Dependency remediation** (if exploitable) -- identifies the target version, locates the manifest file, coordinates source-file refactoring, and evaluates the fix +7. **Atomic PR** -- manifest bump plus source-file changes in a single reviewable diff + +## CVE Exploitability Verification + +Pixee determines whether a flagged CVE can actually be triggered in your code, rather than only checking whether a vulnerable version is present. + +**How it works:** + +**External research.** The system gathers CVE details, changelogs, patches, and release notes to identify the specific exploitation conditions -- for example, "requires WebFlux, Spring static resource handling, and a non-permitAll security rule." + +**Internal analysis.** The system examines how the library is actually used in your code: which APIs are called, which configurations are active, and whether attacker-controlled input can reach the vulnerable function. + +**Evidence-based classification.** Each verdict includes: + +- The specific conditions the CVE requires +- Analysis of each condition against your code +- Code snippets demonstrating why conditions are or are not met +- A defensible conclusion (e.g., "2 of 3 conditions are not met") + +The following table summarizes the three approaches to SCA analysis: + +| Approach | What It Tells You | What It Misses | +| --------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | +| **Version matching** (legacy SCA) | "This dependency version has a known CVE" | Whether anyone calls the vulnerable function, whether exploitation conditions are met, whether security controls mitigate the risk | +| **Basic reachability** | "The vulnerable function is reachable from your code" | Exploitation preconditions, input validation, configuration states | +| **Exploitability verification** (Pixee) | "This CVE requires conditions X, Y, Z. Your code meets/does not meet each one. Here is the evidence." | -- | + +## Verification Cache + +Verified CVE+dependency combinations are cached for reuse across repositories. Organizations with many repositories sharing common dependencies verify once, not N times. + +- Significant cost reduction for repeated CVE analysis -- the same library-CVE pair analyzed once accelerates every subsequent encounter +- Cache remains valid until CVE data or dependency context changes +- Particularly valuable for large enterprises where dozens of repositories import the same libraries + +## Transitive Dependency Handling + +Transitive dependencies require chain analysis. A vulnerability four layers deep through an unused code path carries different risk than a direct exposure. + +Pixee traces the full dependency chain from the application root through every intermediate library to the vulnerable package: + +- **TID (Taint Introducing Dependency):** The direct dependency in your manifest that begins the chain to the vulnerable transitive dependency. This tells developers exactly which dependency to upgrade. +- **TCD (Taint Consuming Dependency):** The package that actually contains the vulnerable code. +- **Severity calibration by depth and usage:** Risk is adjusted based on the depth and nature of the dependency chain. A vulnerability in a direct dependency with proven reachability is higher risk than the same CVE four layers deep through an unused code path. +- **Blast radius analysis:** When multiple taint-initiating dependencies lead to the same vulnerable transitive dependency, Pixee surfaces the combined blast radius. + +This matters because developers need to know which direct dependency to upgrade in their manifest to resolve a transitive vulnerability. Pixee provides that answer directly. + +## Dependency Remediation + +When an SCA finding is confirmed as exploitable, Pixee generates a justified upgrade -- not a blind version bump. + +**Multi-manifest support:** + +| Language | Supported Manifests | +| -------------- | -------------------------------------------------------------- | +| **Python** | requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg | +| **Java** | pom.xml, build.gradle | +| **JavaScript** | package.json | +| **.NET** | .csproj, packages.config | + +**How the fix pipeline works for SCA:** + +- **Justified upgrades only.** The system only bumps a version when a verified vulnerability and exploitable path justify the change. No blind version bumping. +- **Version selection with compatibility analysis.** Not "upgrade to latest." The system uses framework compatibility, runtime constraints, and historical upgrade patterns to select the right version. +- **Atomic PRs.** A single PR contains the manifest bump AND downstream source-file changes the upgrade requires. No "upgrade succeeded, tests broken" half-states. +- **Fix evaluation.** The same three-dimension rubric (Safety, Effectiveness, Cleanliness) that validates SAST fixes also validates dependency upgrades before PR creation. + +## Cross-Tool Intelligence + +The SCA pipeline benefits from Pixee's unified platform architecture. SAST and SCA findings share context and inform each other: + +| Intelligence Source | What It Provides | +| ------------------------------- | ----------------------------------------------------------------------------------------------------------------- | +| **SAST results** | Inform SCA risk scoring -- a dependency vulnerability in code that also has SAST findings carries compounded risk | +| **Historical triage decisions** | Prevent re-triaging the same CVEs across repositories | +| **Secure coding guidelines** | Team preferences in natural language enrich SCA analysis | +| **GitHub PRs and Jira tickets** | Previous SCA upgrade context provides upgrade history | + +Because SAST and SCA findings share context in the same pipeline, cross-tool signals are available during analysis. + +## Frequently Asked Questions + +### What is reachability analysis for SCA findings? + +Basic reachability checks whether a vulnerable function in a dependency is reachable from your code. Pixee goes further with exploitability analysis -- determining whether the specific conditions required to trigger the CVE are actually met in your codebase, including data flow analysis and exploitation precondition verification. Each classification includes transparent evidence showing which conditions are met and which are not. + +### How does Pixee handle transitive dependencies? + +Pixee traces the full dependency chain from your application through every intermediate library to the vulnerable package. It identifies exactly which direct dependency in your manifest to upgrade (TID -- Taint Introducing Dependency) and coordinates the manifest change with downstream source-file refactoring in a single atomic PR. Severity is calibrated based on dependency depth and actual usage patterns. + +### Does Pixee just bump dependency versions? + +No. Pixee only upgrades when a verified vulnerability justifies the change. Each upgrade PR includes both the manifest version bump and any downstream source-file changes the upgrade requires. Fix evaluation validates the complete change before creating the PR. Version selection considers framework compatibility and historical upgrade patterns, not just "latest available." diff --git a/docs/how-it-works/scanner-integration.md b/docs/how-it-works/scanner-integration.md new file mode 100644 index 00000000..05d58e68 --- /dev/null +++ b/docs/how-it-works/scanner-integration.md @@ -0,0 +1,129 @@ +--- +title: Scanner Integration +slug: /how-it-works/scanner-integration +track: both +content_type: guide +seo_title: "How Scanner Integration Works | 12+ Native Scanners" +description: How Pixee ingests findings from 12 natively integrated scanners and any SARIF-producing tool. Two-tier integration architecture and metadata extraction. +sidebar_position: 5 +--- + +Pixee integrates with 12 natively supported scanners and any SARIF-producing tool through a two-tier architecture. Dedicated handlers extract scanner-specific metadata from tools like CodeQL, Semgrep, and Checkmarx for maximum triage accuracy. Universal SARIF ingestion handles everything else -- including proprietary and internal scanners -- with zero pre-built integration required. Findings from all scanners flow into the same triage and remediation pipeline, so heterogeneous scanner stacks get unified resolution through one platform. + +Pixee does not replace your scanners. It sits downstream of them. Your existing SAST tools continue to scan your code exactly as they do today. Pixee consumes each tool's output, triages every finding, and delivers remediation as pull requests for confirmed vulnerabilities. + +## Two-Tier Integration Architecture + +**Tier 1 -- Native (Dedicated) Handlers.** For the most widely deployed SAST tools, Pixee has dedicated handlers that extract scanner-specific metadata. Each handler understands the idiosyncrasies of that tool's SARIF output -- where rule descriptions live, whether dataflow traces are available, and what metadata the scanner includes or omits. Richer metadata extraction means higher triage accuracy. + +**Tier 2 -- Universal SARIF Ingestion.** For any scanner that produces SARIF output (the OASIS open standard for static analysis results), Pixee ingests findings automatically. No pre-built integration required. The system dynamically adapts its handling strategy based on whatever metadata the SARIF contains. + +Both tiers feed into the same downstream [triage](/how-it-works/triage-engine) and [remediation](/how-it-works/fix-generation) pipeline. The dedicated handlers provide richer context where available; the universal path ensures nothing is locked out. + +## Deep Scanner Integrations + +### CodeQL (GitHub Advanced Security) + +CodeQL is a deep integration with dedicated SARIF parsing that extracts the full richness of CodeQL output: + +- Extracts **codeFlows** -- multi-step source-to-sink dataflow traces that give the triage engine full dataflow context, not just the final finding location +- Handles CodeQL's non-standard SARIF behavior where rule metadata is stored on `tool.extensions` rather than `driver` +- Extracts `help.markdown` from rule metadata for rich vulnerability descriptions +- Pre-configured handlers for common CodeQL rules + +CodeQL is commonly used via GitHub Advanced Security. Pixee triages CodeQL findings through the same pipeline as all other scanners. + +### Semgrep + +Dedicated handler with Semgrep-specific metadata extraction: + +- Extracts `fullDescription.text` for rule explanations used in triage context +- Supports both Semgrep OSS and Semgrep Pro rule output + +Supports both Semgrep OSS and Semgrep Pro rule output. Findings are classified with structured justification. + +### Checkmarx + +Dedicated handler with an adaptive strategy for metadata-poor SARIF: + +- Compensates for Checkmarx's sparse SARIF output (minimal rule descriptions, no codeFlows) +- Uses a rule-ID-only prompting strategy that routes findings to the adaptive triage pipeline, which re-derives context directly from the codebase +- Includes 3 Checkmarx-specific remediation codemods (SQL parameterization for .NET and JavaScript, NoSQL parameterization for JavaScript) + +Checkmarx SARIF exports contain minimal metadata. Pixee's handler compensates for the metadata gap by re-deriving context from the codebase. + +## Standard Scanner Integrations + +| Scanner | Status | Integration Method | +| -------------------------- | ------ | ----------------------------------------------------------- | +| **Veracode** | GA | SARIF pipeline with tool-specific identification | +| **Snyk Code** | GA | SARIF pipeline with MagicMod dispatcher support | +| **SonarQube / SonarCloud** | GA | SARIF pipeline with dedicated prompt builders | +| **HCL AppScan** | GA | SARIF ingestion pipeline | +| **Polaris (Synopsys)** | GA | SARIF ingestion pipeline | +| **GitLab SAST** | GA | SARIF pipeline with dedicated namespace | +| **Trivy** | GA | SARIF pipeline with MagicMod dispatcher support | +| **DefectDojo** | GA | SARIF pipeline (aggregates findings from multiple scanners) | + +All 12 named scanners are GA. See individual scanner integration pages for per-tool setup guides and full capability details. + +## Universal SARIF Support + +Any scanner that produces SARIF output works with Pixee -- no pre-built integration required. + +**SARIF** (Static Analysis Results Interchange Format) is the OASIS open standard for static analysis results. Most modern SAST, SCA, and secret-scanning tools produce SARIF output natively or via converters. + +**What this means for your organization:** + +- Internal and proprietary scanners that output SARIF work out of the box +- New commercial scanners are supported on day one if they produce SARIF +- You are never locked to a specific tool list +- The system dynamically adapts its handling strategy based on available metadata +- Resilient processing degrades gracefully on malformed or novel tool output + +**Key principle:** Bring whatever you have that outputs SARIF. Pixee handles it. + +## What Metadata Matters + +Triage accuracy scales with the richness of metadata each scanner includes in its SARIF output. Pixee adapts its strategy based on what is available: + +| Metadata Type | Which Scanners Provide It | How Pixee Uses It | +| ----------------------------------- | ------------------------------------------------------ | ------------------------------------------------------------------------------------------------ | +| **codeFlows** (dataflow paths) | CodeQL (multi-step source-to-sink) | Full dataflow context for triage -- traces from source to sink, not just the final location | +| **Rule descriptions** | Semgrep (fullDescription.text), CodeQL (help.markdown) | Enriches triage context with rule semantics and vulnerability explanation | +| **Severity ratings** | Most scanners | Input to context-aware severity adjustment (may be upgraded or downgraded based on code context) | +| **Language tags** | Most scanners | Routes to language-specific codemods and analysis strategies | +| **Rule ID only** (minimal metadata) | Checkmarx, some internal tools | Triggers adaptive triage that re-derives context from the codebase | + +Rich-metadata scanners get deep extraction. Sparse-metadata scanners get compensatory strategies. No scanner is left behind. + +## Platform Integrations + +| Platform | SARIF Ingestion | Native CodeQL/GHAS | Notes | +| ---------------- | --------------- | ------------------ | -------------------------------------------- | +| **GitHub** | Full support | Deep integration | CodeQL findings via GHAS API or SARIF upload | +| **GitLab** | Full support | Via SARIF upload | GitLab SAST has dedicated namespace | +| **Azure DevOps** | Full support | Via SARIF upload | Standard SARIF pipeline | +| **Bitbucket** | Full support | Via SARIF upload | Standard SARIF pipeline | + +All scanner integrations are available across SaaS and Enterprise Server deployment models. + +**[See all integrations](/integrations/overview)** | [Platform architecture](/platform/architecture) + +## Frequently Asked Questions + +### What scanners does Pixee support? + +Pixee natively integrates with 12 scanners: CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, GitLab SAST, Trivy, and DefectDojo. Any additional scanner that produces SARIF output works automatically through universal SARIF ingestion -- including proprietary and internal tools. + +### Does Pixee support SARIF format? + +Yes. Pixee's universal SARIF engine processes any SARIF-conforming output, including from proprietary and internal scanners. No pre-built integration is required. SARIF is the OASIS open standard for static analysis results, and most modern security tools produce it natively or via converters. + +### Can I use Pixee with multiple scanners at the same time? + +Yes. Findings from all connected scanners flow through the same triage and remediation pipeline. + +### Does this lock me into Pixee's ecosystem? + +No. Pixee sits downstream of your existing scanners -- it does not replace them. Your detection tools continue running exactly as they do today. Pixee adds triage and remediation on top. If you remove Pixee, your scanners, your code, and all previously merged fixes remain intact. The scanner-agnostic architecture means you can change your detection stack at any time without affecting the resolution layer. diff --git a/docs/how-it-works/triage-engine.md b/docs/how-it-works/triage-engine.md new file mode 100644 index 00000000..ca4486c2 --- /dev/null +++ b/docs/how-it-works/triage-engine.md @@ -0,0 +1,145 @@ +--- +title: Triage Engine +slug: /how-it-works/triage-engine +track: both +content_type: guide +seo_title: "How the Triage Engine Works | Pixee Technical Guide" +description: "Three-tier progressive triage architecture: deterministic analysis, agentic investigation, and adaptive analyzer generation." +sidebar_position: 1 +--- + +Pixee's triage engine routes every vulnerability finding through a three-tier progressive architecture that applies the cheapest sufficient intelligence to each finding. Tier 1 uses 15+ deterministic analyzers for sub-second verdicts with zero LLM cost. Tier 2 deploys AI agents that dynamically investigate the codebase. Tier 3 generates custom analyzers on the fly for novel vulnerability types and caches them for reuse. The result: up to 95% false positive reduction with structured, auditable evidence on every verdict. + +Triage is one of two co-equal capabilities in Pixee's Agentic Security Engineering Platform. The other is [Remediation Automation](/how-it-works/fix-generation), which generates validated code fixes for confirmed vulnerabilities. Together they close the loop from "scanner found something" to "vulnerability is fixed." + +## How Triage Works End to End + +Every finding follows the same pipeline regardless of which scanner produced it. The system routes automatically based on finding characteristics and confidence signals -- no customer configuration required. + +**Progressive fallback flow:** + +1. **Finding arrives** from any SARIF-producing scanner via one of 12 native scanner integrations +2. **Tier 1 attempt** -- the system checks for a matching deterministic analyzer. If one exists and reaches a high-confidence verdict, triage completes in sub-second time +3. **Tier 2 escalation** -- if Tier 1 lacks a matching analyzer or yields insufficient confidence, the finding routes to AI-powered investigation +4. **Tier 3 escalation** -- if agentic investigation cannot resolve the finding (typically a novel rule type), the adaptive tier generates a custom analyzer on the fly +5. **Structured verdict** -- regardless of which tier resolved it, every finding exits with the same outcome format: typed status, adjusted severity, justification, code evidence, and confidence score + +A single pipeline handles findings from all SARIF-producing scanners. A [context-aware intelligence layer](/how-it-works/context-intelligence) enriches every tier with dataflow quality assessment, production vs. test classification, and security control detection. + +## Tier 1 -- Deterministic Analysis + +Tier 1 runs 15+ structured analyzers for common vulnerability classes. These produce sub-second, reproducible verdicts without invoking an LLM. + +**Vulnerability classes covered:** SQL injection, XSS, command injection, path traversal, and 12+ additional common SAST vulnerability types. Each has a dedicated analyzer with class-specific logic. + +**Why deterministic matters:** + +- **Sub-second latency.** No LLM call means no inference cost and no wait. This is the fastest path through the system. +- **Reproducible.** Same input always produces the same output. Compliance teams and auditors require deterministic, auditable results -- Tier 1 delivers exactly that. +- **High-confidence patterns only.** Tier 1 handles the vulnerability classes where deterministic analysis is reliable. These common patterns make up the bulk of scanner noise. When a pattern is ambiguous, the finding falls through to Tier 2. + +Most findings resolve at Tier 1. This means the majority of triage volume incurs zero LLM cost and completes in under one second. + +## Tier 2 -- Agentic Investigation + +When deterministic rules cannot reach a high-confidence verdict, an AI agent dynamically investigates the finding. This happens with novel frameworks, custom security controls, or context-dependent patterns that do not match a known template. + +**How it works:** The agent runs a reasoning-and-acting loop -- observe the finding, select an investigative tool (code search, dataflow tracing, security-control detection), execute it, evaluate the result, and iterate until sufficient evidence exists to emit a verdict. + +**What it adds over Tier 1:** + +- **Dynamic investigation.** Instead of matching against pre-built patterns, the agent explores the codebase the way a senior security engineer would -- following dataflow, checking for sanitizers, verifying framework protections. +- **Readable investigation trail.** The agent produces a step-by-step reasoning trace: "Searched for the sanitizer, found it on line X, it validates input type Y, therefore this is a false positive." This trail is the artifact that makes triage auditable and defensible. +- **No pre-configuration required.** The agentic tier adapts to whatever codebase it encounters. No per-framework setup, no rule tuning, no onboarding configuration. + +Every Tier 2 verdict includes the full investigation trail -- every code search, every control check, and the reasoning chain that led to the conclusion. + +## Tier 3 -- Adaptive Analysis + +Tier 3 handles the long tail: vulnerability types the system has never encountered before. When a finding reaches Tier 3, the system generates a custom triage analyzer on the fly, then caches it so subsequent findings with the same rule skip the generation step. + +**When it kicks in:** Proprietary SAST tools, custom Semgrep rules, internal CodeQL queries, or niche scanners that produce rules outside of standard vulnerability taxonomies. + +**How it works:** A multi-stage workflow analyzes the unknown rule's semantics and the finding's context, generates a custom triage analyzer tailored to that specific rule type, runs the generated analyzer against the finding, emits a verdict with justification, and caches the analyzer for future reuse. + +**Why this matters:** + +- **Self-extending.** Every novel rule type the system encounters becomes a cached analyzer. Coverage grows automatically as customers connect new scanners. +- **Zero manual configuration.** Customers running heterogeneous scanner stacks (CodeQL + Semgrep + internal custom rules) get triage coverage across all of them without requesting vendor integrations. +- **Handles the true long tail.** While Tier 1 covers common patterns and Tier 2 investigates ambiguous cases, Tier 3 handles the genuinely novel. + +## Comparing the Three Tiers + +| Dimension | Tier 1: Deterministic | Tier 2: Agentic | Tier 3: Adaptive | +| ----------------- | --------------------------------- | ------------------------------- | --------------------------------------------------- | +| **Speed** | Sub-second | Seconds to minutes | Minutes (first encounter), near-Tier-2 on cache hit | +| **LLM cost** | Zero | Per-finding inference | Per-finding generation (first), zero on cache hit | +| **Coverage** | 15+ common vulnerability classes | Any finding in known categories | Any SARIF rule, including never-before-seen types | +| **Auditability** | Fully deterministic, reproducible | Readable investigation trail | Generated analyzer + verdict justification | +| **Configuration** | None | None | None | + +## Context-Aware Intelligence + +A shared intelligence layer enriches all three tiers with codebase context. + +**Context signals evaluated on every finding:** + +- **Dataflow quality** -- classified on a four-tier scale: strong multi-file, strong single-file, weak, and single-location. Higher dataflow quality increases confidence in true positive verdicts. Weak evidence can downgrade findings that basic reachability would flag as critical. +- **Production vs. test classification** -- a SQL injection in a production API endpoint is critical. The same pattern in a test fixture is not. The system identifies code context and adjusts severity accordingly. +- **Security control detection** -- sanitizers, validators, and framework-specific protections between source and sink are identified and factored into the verdict. This is the difference between "reachable" and "reachable but the input is sanitized before it arrives." +- **Intentionally-vulnerable project filtering** -- demo applications, CTF challenges, and security training repositories generate permanent scanner noise. The system detects these projects and removes them from the triage pipeline. +- **Severity adjustment** -- when context signals indicate real-world risk differs from raw scanner severity, the system adjusts up or down, with a full audit trail showing why. + +For the full technical detail on context analysis, see [Context and Intelligence](/how-it-works/context-intelligence). + +## Triage Outcomes + +Every triage verdict is a structured, machine-processable artifact. Every decision includes the evidence that drove it. + +| Status | Meaning | Recommended Action | +| ------------------ | ----------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------- | +| **True Positive** | The finding is a real, exploitable vulnerability in this code context | Escalate for remediation -- Pixee can generate a fix automatically, or flag for human review | +| **False Positive** | The scanner fired on a pattern that is not exploitable in this context | Suppress from developer view; remove from backlog noise | +| **Won't Fix** | Technically real but not worth fixing given the context (test code, acceptable risk, compensating controls) | Deprioritize; document the rationale for auditors | +| **Suspicious** | Insufficient evidence for a definitive verdict | Route to a security engineer for manual assessment with the available evidence | + +**What ships with every verdict:** + +- Typed status (one of the four above, not a numeric score) +- Adjusted severity based on context signals +- Justification prose explaining why this verdict was reached +- Code snippets showing the specific evidence (sanitizer location, dataflow path, framework control) +- Confidence score +- Investigation trail (Tier 2 and Tier 3 verdicts) + +**Override capability.** Security engineers can disagree with a verdict and override it. The full evidence is visible, so overrides are informed decisions rather than blind overrules. + +**Machine-processable for downstream systems.** Typed statuses (not freeform text) mean dashboards, workflows, and SLA tracking tools can consume verdicts programmatically. + +## Triage and Remediation: Closing the Loop + +When the triage engine classifies a finding as a true positive, the finding flows directly into Pixee's [fix generation pipeline](/how-it-works/fix-generation). Triage determines what is real. Remediation fixes what is real. Neither capability works at full value without the other. + +Auditable triage verdicts support compliance requirements. Structured investigation trails replace manual finding review. Fixes arrive as pull requests in GitHub, GitLab, Azure DevOps, or Bitbucket. See [Fix Safety](/how-it-works/fix-safety) for merge rate data. + +## Frequently Asked Questions + +### How does automated vulnerability triage reduce false positives? + +Pixee routes each finding through a three-tier system. Tier 1 applies deterministic rules for known patterns. Tier 2 uses AI agents to dynamically investigate the codebase. Tier 3 generates custom analyzers for novel rules. Each tier evaluates exploitability in context -- checking dataflow paths, security controls, and production vs. test classification -- to separate real threats from noise. The result is up to 95% false positive reduction across supported scanners. Results vary by workload composition. Known vulnerability patterns handled by deterministic analyzers see the highest reduction rates. Mixed workloads that include novel patterns and custom scanner rules typically see 70-80% reduction as the baseline, with 95% achievable on well-characterized vulnerability classes. + +### What is exploitability analysis in application security? + +Exploitability analysis determines whether a scanner-reported vulnerability can actually be triggered in a specific codebase. It goes beyond reachability to assess dataflow quality, security control presence, code deployment context, and the strength of evidence supporting an attack path. Pixee evaluates all of these dimensions on every finding, producing auditable verdicts with code-level evidence. + +### How do I reduce SAST false positives? + +Pixee's triage engine reduces SAST false positives by up to 95% through three mechanisms: deterministic pattern analysis for known vulnerability types, AI-powered investigation for ambiguous cases, and context-aware intelligence that factors in security controls, dataflow quality, and production vs. test classification. Every suppressed finding includes a structured justification for audit defensibility. + +### Does the triage system handle custom scanner rules? + +Yes. Tier 3 adaptive analysis generates custom triage analyzers on the fly for any rule the system has not encountered before -- including proprietary scanners, custom Semgrep rules, and internal CodeQL queries. Generated analyzers are cached so subsequent findings with the same rule resolve at near-Tier-2 speed. The system's coverage grows automatically as customers connect new scanners. + +### How do I know the triage classification is accurate? + +Every verdict includes structured evidence: the typed status, justification prose, code snippets showing the specific signals that drove the decision, and a confidence score. Tier 2 and Tier 3 verdicts include a full investigation trail showing every search and reasoning step. Security engineers can review this evidence and override any verdict they disagree with. Your existing SAST re-scanning also applies to validated fixes, closing the verification loop. diff --git a/docs/installing.md b/docs/installing.md deleted file mode 100644 index 2fade116..00000000 --- a/docs/installing.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -sidebar_position: 2 ---- - -# Installing - -Pixee connects to your repositories and scanning tools through the [Pixee platform](https://app.pixee.ai). -Installation steps vary depending on the SCM and code scanning tools in use. - -## Self-Hosted - -Pixee Enterprise Server enables self-hosted deployment for organizations with additional security or compliance requirements. Documentation is available upon request. To learn more about self-hosted solutions, please [contact us](https://pixee.ai/demo-landing-page). - -## Tool connections - -Pixee fixes problems detected by [your existing code scanning tools and services](/code-scanning-tools/overview). - -If you use GitHub Advanced Security (GHAS), then installing the Pixeebot GitHub App is sufficient for connecting Pixee to your GHAS results. - -Otherwise, you will need to connect Pixee to your code scanning tools and services, before Pixee can send fixes. If your repository does not use any code scanning tools and services, but you still want to try Pixee, see our guide for [adding Semgrep CLI and Pixee to your GitHub repository.](https://docs.pixee.ai/code-scanning-tools/semgrep) - -## Repository access - -During installation, you’ll need to specify which of your repositories Pixee can access. This can be done in one of two ways: - -- **All repositories -** By selecting this option, Pixee will monitor all your existing and future repositories. -- **Select repositories -** Opting for this choice will present you with a list of your current repositories. From there, you can choose the specific repositories Pixee can access. - -## Updating repository access - -To update repository access for Pixee: - -**From Pixee Dashboard:** - -- To add a new repository, navigate to your Repositories page, and click the "+Connect new" button to choose a repository connection method. - -Demo of Connect New button in the Pixee platform - -**From GitHub:** - -- Go to your GitHub homepage. -- Navigate to Settings > Integrations > Applications. -- Select "pixeebot" from the list of applications. -- Click the configure button to access Pixee settings. - -Repository access selection can be managed at any time by adjusting settings through either of these paths. diff --git a/docs/integrations/_category_.json b/docs/integrations/_category_.json new file mode 100644 index 00000000..c4a7a059 --- /dev/null +++ b/docs/integrations/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Integrations", + "position": 4, + "collapsible": true, + "collapsed": false, + "link": { + "type": "doc", + "id": "integrations/integrations-overview" + } +} diff --git a/docs/integrations/integrations-overview.md b/docs/integrations/integrations-overview.md new file mode 100644 index 00000000..39da4294 --- /dev/null +++ b/docs/integrations/integrations-overview.md @@ -0,0 +1,104 @@ +--- +title: "Integrations Overview & Coverage Matrix" +slug: /integrations/overview +track: both +content_type: guide +seo_title: "Pixee Integrations: Scanners, SCMs, and Universal SARIF" +description: Coverage matrix for Pixee integrations. 13 named scanners, 4 SCM platforms, and universal SARIF support. +sidebar_position: 1 +--- + +# Integrations Overview & Coverage Matrix + +Pixee integrations fall into two categories. **Scanning Tools** are the SAST, SCA, IAST, and aggregation platforms that produce findings — Pixee triages each finding and generates fixes. **Source Control** platforms are where Pixee delivers those fixes as pull requests or merge requests. Pixee does not replace your scanners or your SCM; it sits downstream of detection and inside your existing review workflow. + +One triage-and-remediation pipeline spans every scanner in your stack, regardless of vendor. Pixee adds the resolution layer; the rest of your stack stays as it is. + +## Source Control Coverage + +Pixee delivers remediation as pull requests (or merge requests) on the four major development platforms. All four support cloud and self-hosted/on-premises deployments via Pixee Enterprise Server. + +| Platform | PR/MR Delivery | Authentication | Setup Guide | +| ----------------------------------------------- | --------------------- | --------------------- | -------------------------------------------- | +| [GitHub](/integrations/scms/github) | Native pull requests | GitHub App | [Get started](/getting-started/github) | +| [GitLab](/integrations/scms/gitlab) | Native merge requests | Personal access token | [Get started](/getting-started/gitlab) | +| [Azure DevOps](/integrations/scms/azure-devops) | Native pull requests | PAT + webhooks | [Get started](/getting-started/azure-devops) | +| [Bitbucket](/integrations/scms/bitbucket) | Native pull requests | API token | [Get started](/getting-started/bitbucket) | + +## Scanner Coverage Matrix + +Pixee provides 13 named scanner integrations plus universal SARIF support for any other tool. Every scanner's findings flow through the same triage and remediation pipeline; the only difference is the depth of metadata extraction. + +| Scanner | Integration Tier | Finding Types | Triage | Remediation | Input Method | +| --------------------------------------------------------------------- | ---------------- | -------------- | ------ | ----------- | ---------------- | +| [CodeQL](/integrations/scanners/codeql) | Deep | SAST | Yes | Yes | GHAS API / SARIF | +| [Semgrep](/integrations/scanners/semgrep) | Deep | SAST | Yes | Yes | SARIF | +| [Checkmarx](/integrations/scanners/checkmarx) | Deep | SAST | Yes | Yes | SARIF | +| [Veracode](/integrations/scanners/veracode) | Native | SAST | Yes | Yes | SARIF | +| [Snyk Code](/integrations/scanners/snyk-code) | Native | SAST | Yes | Yes | SARIF | +| [SonarQube / SonarCloud](/integrations/scanners/sonarqube) | Native | SAST | Yes | Yes | SARIF | +| [HCL AppScan](/integrations/scanners/appscan) | Native | SAST | Yes | Yes | SARIF | +| [Polaris / Black Duck (Coverity)](/integrations/scanners/polaris) | Native | SAST | Yes | Yes | SARIF | +| [Fortify](/integrations/scanners/fortify) | Native | SAST | Yes | Yes | SARIF | +| [Contrast Security](/integrations/scanners/contrast) | Native | IAST | Yes | Yes | SARIF | +| [GitLab SAST](/integrations/scanners/gitlab-sast) | Native | SAST | Yes | Yes | GitLab API | +| [GitLab SCA (Dependency Scanning)](/integrations/scanners/gitlab-sca) | Native | SCA | Yes | Yes | GitLab API | +| [Trivy](/integrations/scanners/trivy) | Native | SAST, SCA, IaC | Yes | Yes | SARIF | +| [DefectDojo](/integrations/scanners/defectdojo) | Aggregator | Aggregated | Yes | Yes | SARIF | +| [Any SARIF-producing scanner](/integrations/sarif-universal) | Universal | Varies | Yes | Yes | SARIF | + +**Integration tiers explained:** + +- **Deep:** Dedicated handler with scanner-specific metadata extraction. Extracts dataflow paths, rule descriptions, and scanner-specific context for higher triage accuracy. +- **Native:** Recognized scanner with tool identification and standard SARIF processing. Findings are fully triaged and remediated through the standard pipeline. +- **Aggregator:** Vulnerability management platforms that consolidate findings from many scanners. Pixee adds triage and remediation on top. +- **Universal SARIF:** Any tool that produces SARIF output works automatically. No pre-built integration required. + +All tiers feed into the same downstream triage and remediation pipeline. Deep integrations provide richer context; universal SARIF ensures no scanner is locked out. + +## How Scanner Integration Works + +Pixee's scanner integration follows a two-tier architecture that balances depth with breadth. + +**Tier 1 — Native Handlers.** For the most widely deployed scanners, Pixee has dedicated handlers that extract scanner-specific metadata. Each handler understands the idiosyncrasies of that tool's SARIF output — where rule descriptions live, whether dataflow traces (codeFlows) are available, and what metadata the scanner includes or omits. Better metadata extraction means higher triage accuracy. + +**Tier 2 — Universal SARIF.** For any scanner that produces SARIF (the OASIS standard for static analysis results), Pixee's universal SARIF engine ingests findings automatically. No pre-built integration required. The system dynamically adapts its handling strategy based on whatever metadata the SARIF contains. + +Both tiers feed into the same downstream pipeline: + +``` +Scanner runs > SARIF output > Pixee ingests > Triage pipeline > TP / FP / WONT_FIX > Remediation PRs +``` + +The result: one triage and remediation pipeline across every scanner in your stack, from CodeQL to your internal proprietary scanner — all through the same workflow. + +**Why SARIF matters.** SARIF (Static Analysis Results Interchange Format) is the OASIS open standard for static analysis results. Most modern SAST, SCA, and secret-scanning tools produce SARIF output natively or via converters. By standardizing on SARIF as the ingestion format, Pixee ensures that any scanner — commercial, open source, or proprietary — can feed into the triage and remediation pipeline without custom integration work. + +**What this means in practice:** + +- Internal or proprietary scanners that output SARIF work on day one +- New commercial scanners are supported immediately if they produce SARIF +- You are never locked to a specific tool list +- Adding or removing a scanner from your stack does not require any Pixee configuration changes + +## FAQ + +### What scanners does Pixee support? + +Pixee supports 13 named scanners — CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube/SonarCloud, HCL AppScan, Polaris/Black Duck, Fortify, Contrast, GitLab SAST, GitLab SCA (Dependency Scanning), and Trivy — plus DefectDojo as an aggregation platform and any tool that produces SARIF output. See the coverage matrix above for integration-tier details. + +### What SCMs does Pixee support? + +GitHub, GitLab, Azure DevOps, and Bitbucket — including their self-hosted/on-premises variants (GitHub Enterprise Server, self-hosted GitLab, Azure DevOps Server, Bitbucket Server) via Pixee Enterprise Server. + +### Can I use Pixee with multiple scanners at the same time? + +Yes. Pixee's scanner-agnostic architecture processes findings from all your scanners through one unified triage and remediation pipeline. There is no limit on the number of scanners. Findings from every scanner are triaged and remediated through the same workflow. + +### Does Pixee support SARIF format? + +Yes. Any scanner that produces SARIF output works with Pixee automatically, including proprietary and internal tools. SARIF (Static Analysis Results Interchange Format) is the OASIS open standard supported by most modern SAST, SCA, and secret-scanning tools. + +### Do I need to replace my current scanner to use Pixee? + +No. Pixee complements your existing scanners. It sits downstream, consuming their output and delivering triage and remediation. Your existing scanners continue running as configured. diff --git a/docs/integrations/sarif-universal.md b/docs/integrations/sarif-universal.md new file mode 100644 index 00000000..a574ccac --- /dev/null +++ b/docs/integrations/sarif-universal.md @@ -0,0 +1,133 @@ +--- +title: Universal SARIF Integration +slug: /integrations/sarif-universal +track: both +content_type: guide +seo_title: Universal SARIF Integration with Pixee +description: Connect any SARIF-producing scanner to Pixee for automated triage and remediation. Covers SARIF 2.1.0 requirements and upload methods. +sidebar_position: 2 +--- + +# Universal SARIF Integration + +Pixee's Universal SARIF integration accepts findings from any security scanner that produces SARIF 2.1.0 output. This means you are not limited to Pixee's 12 natively integrated scanners — if your tool can export SARIF, Pixee can triage and remediate its findings. Universal SARIF is how Pixee stays scanner-agnostic: your choice of detection tools is independent of your choice of resolution platform. + +This page covers the SARIF format requirements, upload methods, what metadata Pixee extracts, and the differences between Universal SARIF and native integrations. + +## When to Use Universal SARIF + +Use Universal SARIF when: + +- Your scanner is not in Pixee's [native integration list](/integrations/overview) +- You use a proprietary or custom-built scanner +- You aggregate findings from multiple tools through a central platform that exports SARIF +- You want to evaluate Pixee with a scanner before requesting a native integration + +Use a native integration when available — native integrations extract richer metadata and provide deeper triage context than Universal SARIF. + +## SARIF 2.1.0 Requirements + +Pixee supports SARIF version 2.1.0 (the OASIS standard). Your SARIF file must include: + +### Required Fields + +| Field | Path | Description | +| -------------- | ---------------------------------------- | -------------------------------------- | +| Schema version | `$schema` | Must reference SARIF 2.1.0 schema | +| Tool info | `runs[].tool.driver.name` | Scanner name | +| Results | `runs[].results[]` | Array of findings | +| Rule ID | `results[].ruleId` | Unique identifier for the finding type | +| Message | `results[].message.text` | Human-readable finding description | +| Location | `results[].locations[].physicalLocation` | File path and line number | + +### Optional But Recommended + +| Field | Path | Impact on Pixee | +| --------------- | --------------------------------- | ------------------------------------------------- | +| Rule metadata | `runs[].tool.driver.rules[]` | Enables richer triage justifications | +| Code flows | `results[].codeFlows[]` | Enables source-to-sink dataflow triage | +| Severity | `results[].level` | Informs triage prioritization | +| Help text | `runs[].tool.driver.rules[].help` | Provides vulnerability context for fix generation | +| Tags/properties | `results[].properties` | Custom metadata for organization-specific context | + +The more metadata your SARIF contains, the better Pixee's triage and remediation quality. Scanners that produce minimal SARIF (rule ID + location only) still work, but triage justifications are less detailed. + +## Upload Methods + +### CI/CD Pipeline Upload + +Upload SARIF as a step in your CI/CD pipeline after your scanner runs: + +```yaml +# Example: GitHub Actions +- name: Upload SARIF to Pixee + run: | + curl -X POST \ + -H "Authorization: Bearer $PIXEE_TOKEN" \ + -H "Content-Type: application/sarif+json" \ + -d @results.sarif \ + https://api.pixee.ai/v1/sarif/upload +``` + +### Platform-Native Upload + +If your scanner integrates with GitHub Code Scanning, GitLab Security Dashboard, or Azure DevOps, Pixee can ingest SARIF through the platform's native security findings API. + +### Manual Upload + +For evaluation or one-time use, upload SARIF files through the Pixee dashboard. + +## What Pixee Extracts from SARIF + +| SARIF Element | What Pixee Does With It | +| ---------------------------- | ---------------------------------------------------------- | +| `ruleId` | Maps to known vulnerability patterns for codemod selection | +| `message.text` | Provides context for AI-powered triage and fix generation | +| `physicalLocation` | Identifies the file and line to analyze and fix | +| `codeFlows` | Enables source-to-sink exploitability analysis | +| `level` (error/warning/note) | Informs triage prioritization | +| `rules[].help` | Provides vulnerability description for fix context | +| `properties` | Custom metadata (e.g., CWE, CVSS) for enriched triage | + +## Native vs. Universal SARIF + +| Dimension | Native Integration | Universal SARIF | +| ------------------- | ------------------------------------------------------- | ----------------------------------------------------- | +| Metadata extraction | Scanner-specific handler extracts maximum context | Relies on what SARIF contains | +| Triage depth | Full exploitability analysis with scanner-aware context | Exploitability analysis with available SARIF metadata | +| Fix coverage | Scanner-specific codemod dispatchers | Generic codemod matching by rule ID and CWE | +| Setup | One-click via platform integration | SARIF upload configuration required | +| Maintenance | Pixee maintains handler compatibility | You maintain SARIF export compatibility | + +**Recommendation:** Use native integrations when available. Use Universal SARIF for scanners without native support or for evaluation. + +## Supported SARIF Producers + +Any scanner producing valid SARIF 2.1.0 output works with Universal SARIF. Scanners known to produce compatible output include: + +- ESLint (with SARIF formatter) +- Psalm +- PHPStan +- Bandit (Python) +- Gosec (Go) +- Brakeman (Ruby) +- Custom scanners with SARIF export +- Security platforms with SARIF aggregation (DefectDojo, GitHub Code Scanning, etc.) + +## Frequently Asked Questions + +### Can I use any scanner with Pixee? + +Yes, if the scanner produces SARIF 2.1.0 output. Universal SARIF is Pixee's fallback integration that accepts findings from any SARIF-compatible tool. Pixee also has 12 native integrations that provide deeper triage context. + +### What if my scanner does not produce SARIF? + +Some scanners can be configured to output SARIF via plugins or converters. Check your scanner's documentation for SARIF export options. If SARIF export is not available, contact the Pixee team to discuss custom integration options. + +### Is Universal SARIF less accurate than native integrations? + +Triage and fix quality depend on the metadata available in the SARIF file. Native integrations use scanner-specific handlers that extract maximum context. Universal SARIF works with whatever metadata the SARIF contains. If your SARIF includes code flows, rule metadata, and help text, the quality difference is minimal. + +### How do I validate my SARIF file before uploading? + +Use a SARIF validator (the SARIF SDK includes validation tools) to verify your file conforms to the 2.1.0 specification before uploading. Common issues include missing required fields, incorrect schema references, and unsupported SARIF versions. diff --git a/docs/integrations/scanners/_category_.json b/docs/integrations/scanners/_category_.json new file mode 100644 index 00000000..4179a4dd --- /dev/null +++ b/docs/integrations/scanners/_category_.json @@ -0,0 +1,9 @@ +{ + "label": "Scanning Tools", + "position": 4, + "collapsible": true, + "collapsed": false, + "link": { + "type": "generated-index" + } +} diff --git a/docs/integrations/scanners/appscan.md b/docs/integrations/scanners/appscan.md new file mode 100644 index 00000000..3e0b90f9 --- /dev/null +++ b/docs/integrations/scanners/appscan.md @@ -0,0 +1,141 @@ +--- +title: HCL AppScan Integration +slug: /integrations/scanners/appscan +track: both +content_type: guide +seo_title: HCL AppScan Integration with Pixee +description: Pixee integration with HCL AppScan for automated triage and remediation, with custom trace format handling. +sidebar_position: 1 +--- + +# HCL AppScan Integration + +Pixee integrates natively with HCL AppScan to triage SAST findings and deliver remediation as pull requests. The dedicated AppScan handler includes a custom code flow mapper that preserves AppScan's unique trace format for accurate triage decisions. + +## What AppScan Detects + +HCL AppScan (formerly IBM AppScan) is an enterprise application security testing suite widely deployed in financial services, insurance, and government. HCL acquired AppScan from IBM in 2019, and the product continues to serve organizations that have standardized on it for decades. + +AppScan detects: + +- **Static Application Security Testing (SAST)** -- source code analysis for injection flaws, cross-site scripting, authentication issues, and cryptographic weaknesses +- **Dynamic Application Security Testing (DAST)** -- runtime vulnerability scanning of web applications +- **Interactive Application Security Testing (IAST)** -- combined static and dynamic approaches +- **Software Composition Analysis (SCA)** -- open-source dependency vulnerabilities +- **API security testing** + +AppScan offers on-premises (AppScan Source, AppScan Enterprise) and cloud-hosted (AppScan on Cloud) deployment models. + +## How Pixee Enhances AppScan + +### Triage + +AppScan findings are processed through Pixee's triage pipeline with dedicated handling for AppScan's unique output format. + +**Custom code flow mapper.** AppScan structures its SARIF output differently from most scanners, particularly in how it represents code traces and data flows. Pixee's AppScan handler includes a custom code flow mapper that translates AppScan's SARIF structure into the format the triage engine expects, preserving trace information that would otherwise be lost. This trace preservation is what allows the triage engine to make accurate decisions about findings that involve multi-step data flows -- which is where most false positives originate. + +AppScan-specific severity levels are extracted and mapped appropriately, ensuring that the triage engine interprets each finding's risk in the context AppScan intended. + +### Remediation + +True positive findings receive automated code fixes delivered as pull requests. AppScan has dedicated tool-specific codemods in the remediation engine, meaning fixes are generated with awareness of the specific finding types and patterns AppScan reports. + +Fixes use deterministic codemods and AI-powered MagicMods. + +## Finding Types + +| Category | Examples | Fix Mode | +| ------------------------ | ------------------------------------------------ | ------------------ | +| Injection flaws | SQL injection, command injection, LDAP injection | Deterministic + AI | +| Cross-site scripting | Reflected XSS, stored XSS | Deterministic + AI | +| Authentication issues | Broken authentication, credential exposure | AI | +| Cryptographic weaknesses | Weak algorithms, insecure key management | Deterministic | +| API security | Insecure API configurations, missing validation | AI | + +## Setup + +1. **Provision an AppScan API key** with permission to post comments on issues. The Key ID and Key Secret authorize Pixee to read findings and post triage comments back. +2. **Configure AppScan credentials** in Pixee. The fields are: AppScan Base URI (defaults to `https://cloud.appscan.com`), Key ID, Key Secret, and webhook authentication credentials. For Pixee Enterprise (Helm), values live under `platform.pixeebot.appscan.{apiKeyId, apiKeySecret, webhook.user, webhook.password}`. For embedded-cluster Enterprise, the admin console exposes these fields under **Config → Security Tool → AppScan**. +3. **Choose webhook authentication mode.** Two options: + - **Basic Auth (recommended)** — username and password for HTTP Basic auth on inbound webhook requests. Configure the username and password in Pixee, then use them when registering the webhooks in AppScan (see below). + - **Webhook secret (deprecated)** — a shared secret embedded in the webhook URL path. Supported but not recommended. +4. **Configure two webhooks in AppScan** (see [Webhook Configuration](#webhook-configuration) below) so AppScan notifies Pixee when scans complete and when patch requests are created. +5. **Connect your code repository** to Pixee (GitHub, GitLab, Azure DevOps, or Bitbucket — see [Source Control](/integrations/overview#source-control-coverage)). +6. **Pixee ingests AppScan findings** and processes them through the triage and remediation pipeline. +7. **Review and merge** Pixee-generated PRs in your normal development workflow. + +**Prerequisites:** HCL AppScan with SAST scan results, an API key with comment-posting permissions, Pixee account with connected repository. + +### Webhook Configuration + +AppScan needs two webhooks pointed at your Pixee instance: one for scan-completion events, one for patch-request events. Both are created via the AppScan Webhook API on your AppScan presence server. + +**Generate the Basic Auth header.** Encode the webhook user and password configured in Pixee: + +```bash +echo -n "username:password" | base64 +# -> dXNlcm5hbWU6cGFzc3dvcmQ= +``` + +Prepend `Basic ` to form the full header value (e.g., `Basic dXNlcm5hbWU6cGFzc3dvcmQ=`). + +**Webhook 1 — Scan Execution Completed.** Notifies Pixee when an AppScan scan finishes: + +```json +{ + "AuthorizationHeader": "Basic ", + "PresenceId": "", + "Uri": "https:///api/v1/integrations/appscan-default/webhooks/_/ScanExecutionCompleted/{SubjectId}", + "Global": true, + "AssetGroupId": "", + "Event": "ScanExecutionCompleted" +} +``` + +**Webhook 2 — New Patch Request.** Notifies Pixee when a patch is requested: + +```json +{ + "AuthorizationHeader": "Basic ", + "PresenceId": "", + "Uri": "https:///api/v1/integrations/appscan-default/webhooks/CreatePatch", + "Global": true, + "AssetGroupId": "", + "Event": "NewPatchRequest", + "RequestMethod": "POST", + "RequestBody": "{\"patch_id\": \"{SubjectId}\"}", + "ContentType": "application/json" +} +``` + +Replace the placeholders: + +- `` — the Base64 string from the encoding step above +- `` — your AppScan presence server ID +- `` — your Pixee Enterprise hostname +- `` — your AppScan asset group ID + +For details on AppScan's webhook API, see HCL's [AppScan Webhook API Documentation](https://cloud.appscan.com/swagger/index.html#/Webhooks/Webhooks_Create). + +## Common False Positive Patterns Pixee Eliminates + +- **Trace-based false positives:** AppScan's SAST traces flag data flows that are actually protected by intermediate sanitization or validation -- Pixee's custom code flow mapper preserves the full trace for accurate investigation +- **Severity inflation in low-risk contexts:** AppScan assigns high severity to findings in test code, internal APIs, and admin-only endpoints; Pixee adjusts classification based on code context +- **Framework-protected patterns:** Findings in code protected by application framework security controls that AppScan's static analysis cannot resolve +- **Duplicate findings across SAST and DAST:** When teams use both AppScan SAST and DAST, the same vulnerability may appear from both testing methods; Pixee's unified pipeline helps deduplicate + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. + +## FAQ + +### Does Pixee work with AppScan Source, AppScan Enterprise, and AppScan on Cloud? + +Pixee's AppScan integration works with SAST findings from any AppScan deployment model. The dedicated handler processes AppScan's SARIF output regardless of whether the scan originated from on-premises or cloud-hosted AppScan. + +### What is the custom code flow mapper? + +AppScan structures its SARIF trace information differently from most scanners. Pixee's dedicated handler translates AppScan's trace format into the structure the triage engine expects, preserving data flow context that is critical for accurate triage. Without this translation, multi-step data flow findings could not be triaged accurately. + +### Does Pixee handle AppScan DAST findings? + +Pixee's primary integration with AppScan focuses on SAST findings, where code-level triage and remediation are most applicable. DAST findings that map to code-level issues may also be processed through the pipeline. diff --git a/docs/integrations/scanners/checkmarx.md b/docs/integrations/scanners/checkmarx.md new file mode 100644 index 00000000..f90716a0 --- /dev/null +++ b/docs/integrations/scanners/checkmarx.md @@ -0,0 +1,105 @@ +--- +title: Checkmarx Integration +slug: /integrations/scanners/checkmarx +track: both +content_type: guide +seo_title: Checkmarx Integration with Pixee +description: Pixee integration with Checkmarx for automated triage and remediation, including adaptive handling for metadata-sparse SARIF. +sidebar_position: 2 +--- + +# Checkmarx Integration + +Pixee's Checkmarx integration triages CxSAST and CxOne findings and delivers remediation as pull requests -- even when Checkmarx SARIF exports contain minimal metadata. The dedicated Checkmarx handler compensates for sparse output by re-deriving context directly from the codebase, and includes Checkmarx-specific codemods for SQL and NoSQL injection. + +## What Checkmarx Detects + +Checkmarx (CxSAST and CxOne) is an enterprise SAST platform widely deployed in regulated industries including financial services, healthcare, and government. + +Checkmarx detects: + +- **SQL injection, XSS, path traversal, and authentication flaws** via deep static analysis +- **Broad CWE coverage** through commercial rule sets maintained by Checkmarx +- **Cross-language vulnerabilities** across many programming languages +- **Compliance-relevant findings** aligned with industry standards (OWASP, SANS, PCI DSS) + +Checkmarx is known for thorough analysis with broad CWE coverage. It is also known for high false positive rates that require extensive manual tuning -- a pain point that grows with codebase scale and scanner deployment breadth. + +## How Pixee Enhances Checkmarx + +### Triage + +Checkmarx findings are processed through Pixee's triage pipeline, which classifies each finding as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX with code-level justification. + +The dedicated Checkmarx handler addresses a challenge unique to Checkmarx: metadata-sparse SARIF output. + +**Adaptive handling for metadata-poor SARIF.** This is the key technical differentiator of the Checkmarx integration. Checkmarx's SARIF exports are notably sparse compared to other scanners -- minimal rule descriptions, no codeFlows, limited context about what the finding means or why it was flagged. Most downstream tooling struggles with this because triage accuracy depends on understanding the finding, not just its location. + +Pixee's handler compensates. When Checkmarx SARIF provides minimal metadata, the adaptive triage pipeline re-derives context directly from the codebase. Rather than relying on the scanner to explain the finding, the system examines the actual code at the finding location, understands the surrounding context, and makes a triage decision based on what the code does -- not on what the scanner's sparse output says. + +The result: Pixee's triage accuracy does not degrade when the scanner provides minimal context. Teams get the same quality of triage decisions regardless of how much metadata Checkmarx includes in its SARIF export. + +### Remediation + +True positive findings receive automated code fixes delivered as pull requests. + +Pixee includes three Checkmarx-specific remediation codemods built for the most common Checkmarx finding categories: + +| Codemod | What It Fixes | Language | +| ---------------------- | ----------------------------------------- | ---------- | +| SQL parameterization | SQL injection via parameterized queries | .NET | +| SQL parameterization | SQL injection via parameterized queries | JavaScript | +| NoSQL parameterization | NoSQL injection via parameterized queries | JavaScript | + +Beyond these dedicated codemods, Pixee's general-purpose codemod library and AI-powered MagicMods address additional vulnerability types identified by Checkmarx. + +- Fixes match your team's code conventions +- Developers review and merge Pixee PRs through their standard workflow + +## Finding Types + +| Category | Examples | Checkmarx-Specific Codemods | +| -------------------- | --------------------------------- | --------------------------- | +| SQL injection | Parameterized query fixes | .NET SQL, JavaScript SQL | +| NoSQL injection | Parameterized NoSQL fixes | JavaScript NoSQL | +| XSS | Output encoding, sanitization | General codemods | +| Path traversal | Input validation | General codemods | +| Authentication flaws | Session and auth misconfiguration | General codemods | + +## Setup + +1. **Export Checkmarx findings in SARIF format** from CxSAST or CxOne. +2. **Connect your code repository to Pixee** via the appropriate platform integration (GitHub, GitLab, Azure DevOps, or Bitbucket). +3. **Upload Checkmarx SARIF** to Pixee (via CI/CD pipeline or direct upload). +4. **Pixee ingests and processes findings** through the triage and remediation pipeline -- compensating for sparse metadata automatically. +5. **Review and merge** Pixee-generated PRs in your normal workflow. + +**Prerequisites:** Checkmarx CxSAST or CxOne license with SARIF export capability, Pixee connected to your SCM platform. + +## Common False Positive Patterns Pixee Eliminates + +- **SQL injection on parameterized code:** Findings flagged on code that already uses parameterized queries or ORM frameworks +- **XSS with framework-level encoding:** Findings where framework auto-escaping is present (React JSX, Django template engine, Angular sanitization) +- **Tuning-dependent suppressions:** Findings that would require manual Checkmarx tuning to suppress -- Pixee's triage handles this automatically with code-level justification +- **Test code at production severity:** Test fixtures and example files flagged alongside production code +- **Context-poor findings:** Findings where Checkmarx's sparse SARIF metadata makes manual review difficult -- Pixee re-derives context from the actual codebase + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. + +## FAQ + +### Does Pixee replace Checkmarx? + +No. Pixee complements Checkmarx by adding automated triage and remediation. Keep CxSAST or CxOne scanning exactly as it runs today. Pixee processes Checkmarx output and delivers classified findings and fixes. + +### How does Pixee handle Checkmarx's sparse SARIF output? + +Pixee's dedicated Checkmarx handler uses an adaptive strategy that re-derives context directly from the codebase when scanner metadata is minimal. Instead of depending on the scanner to explain the finding, Pixee examines the code itself. Triage accuracy does not degrade with sparse input. + +### What Checkmarx-specific fixes does Pixee provide? + +Pixee includes three dedicated codemods for Checkmarx findings: SQL parameterization for .NET, SQL parameterization for JavaScript, and NoSQL parameterization for JavaScript. Additional fixes are available through the general-purpose codemod library and AI-powered MagicMods. + +### Does Pixee work with both CxSAST and CxOne? + +Yes. Pixee ingests Checkmarx findings in SARIF format from both CxSAST and CxOne. The same triage and remediation pipeline processes findings regardless of which Checkmarx product generated them. diff --git a/docs/integrations/scanners/codeql.md b/docs/integrations/scanners/codeql.md new file mode 100644 index 00000000..e7dabf23 --- /dev/null +++ b/docs/integrations/scanners/codeql.md @@ -0,0 +1,92 @@ +--- +title: CodeQL Integration +slug: /integrations/scanners/codeql +track: both +content_type: guide +seo_title: CodeQL Integration with Pixee +description: Pixee integration with CodeQL for automated triage and remediation of GitHub Advanced Security findings. +sidebar_position: 3 +--- + +# CodeQL Integration + +Pixee's CodeQL integration ingests findings from GitHub Advanced Security, triages each one with code-level justification, and delivers remediation as pull requests. The dedicated CodeQL handler extracts dataflow paths (codeFlows), giving the triage engine full source-to-sink context -- not just the final finding location. + +## What CodeQL Detects + +CodeQL is GitHub's SAST engine, included with GitHub Advanced Security (GHAS). It performs deep semantic analysis to identify security vulnerabilities and code quality issues across your codebase. + +CodeQL detects: + +- **Dataflow vulnerabilities** -- SQL injection, cross-site scripting (XSS), path traversal, and other injection flaws with full source-to-sink traces +- **Security misconfigurations** -- insecure defaults, missing security headers, weak cryptographic settings +- **Code quality issues flagged as security-relevant** by CodeQL's query suites + +CodeQL supports JavaScript, TypeScript, Python, Java, C/C++, C#, Go, Ruby, and Swift. + +## How Pixee Enhances CodeQL + +### Triage + +CodeQL findings are processed through Pixee's triage pipeline, which classifies each finding as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX with a detailed, code-level justification. + +The dedicated CodeQL handler provides deeper analysis than standard SARIF ingestion. Here is what it extracts and why it matters: + +**codeFlows extraction.** CodeQL's SARIF output includes multi-step dataflow traces showing how data moves from a source (user input, external data) through intermediate steps to a sink (database query, HTML output). Pixee's handler extracts these complete codeFlows paths and passes them to the triage engine. The result: the triage decision considers the full data journey, not just the line where CodeQL flagged the finding. This distinction matters because a finding at line 47 might look dangerous in isolation but is provably safe when you see the sanitization at line 23. + +**Non-standard SARIF handling.** CodeQL stores rule metadata on `tool.extensions` rather than `driver` -- a quirk that differs from how most other scanners structure their SARIF output. Pixee's handler accounts for this automatically, extracting `help.markdown` from rule metadata for rich vulnerability descriptions. Teams do not need to preprocess or normalize CodeQL SARIF before Pixee ingests it. + +**Graceful fallback.** Real-world CodeQL output varies across versions and configurations. The handler degrades gracefully when SARIF fields like `full_description` are absent, maintaining triage coverage without manual intervention. + +Each finding receives a classification with confidence score and audit-ready reasoning trail. Security teams review the triage output, not the raw scanner noise. + +### Remediation + +True positive findings receive automated code fixes delivered as pull requests. + +Pixee generates fixes using a combination of deterministic codemods and AI-powered MagicMods for complex, codebase-specific scenarios. Every fix goes through multi-layer validation before reaching a developer's review queue. + +- Pre-configured handlers cover common CodeQL rules +- Fixes match your team's code conventions -- naming patterns, preferred libraries, existing security utilities +- Developers review and merge Pixee PRs through the standard GitHub workflow + +## Finding Types + +| Category | Examples | codeFlows Extraction | +| -------------------------------- | ---------------------------------- | --------------------------------- | +| Dataflow vulnerabilities | SQL injection, XSS, path traversal | Yes -- full source-to-sink traces | +| Security misconfigurations | Insecure defaults, missing headers | No (location-based findings) | +| Code quality (security-relevant) | CodeQL query suite findings | Varies by rule | + +## Setup + +1. **Enable CodeQL scanning** in your GitHub repository via GitHub Advanced Security. +2. **Install the Pixee GitHub App** on your organization or selected repositories. +3. **Pixee automatically ingests CodeQL findings** via the GHAS API or SARIF upload -- no manual export required. +4. **Configure triage preferences** in `PIXEE.yaml` (optional) to tune classification behavior. +5. **Review and merge** Pixee-generated PRs in your normal GitHub workflow. + +**Prerequisites:** GitHub Advanced Security license, Pixee GitHub App installed. + +## Common False Positive Patterns Pixee Eliminates + +- **Sanitized sinks:** Dataflow traces that terminate in sinks protected by framework-level sanitization (CodeQL cannot always resolve sanitization applied by middleware or security libraries) +- **Informational findings:** Security-relevant code quality findings that are informational, not exploitable in the actual runtime environment +- **Test code at production severity:** Findings in test fixtures, example code, and documentation snippets flagged at production severity levels +- **Low-precision rules in specific contexts:** Rules with high recall but low precision in certain language or framework configurations + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. + +## FAQ + +### Does Pixee replace CodeQL or GitHub Advanced Security? + +No. Pixee complements CodeQL by adding automated triage and remediation on top of your existing GHAS deployment. CodeQL continues scanning exactly as before. Pixee processes the output. + +### What is codeFlows extraction? + +CodeQL SARIF includes multi-step dataflow traces showing how data moves from source to sink. Pixee's dedicated handler extracts these traces to give the triage engine full context -- the complete data journey, not just the flagged line. This leads to more accurate triage decisions, especially for injection-class vulnerabilities. + +### Do I need to export CodeQL results manually? + +No. Pixee's GitHub integration ingests CodeQL findings automatically via the GHAS API. If you prefer, you can also upload CodeQL SARIF directly. Either path feeds into the same triage and remediation pipeline. diff --git a/docs/integrations/scanners/contrast.md b/docs/integrations/scanners/contrast.md new file mode 100644 index 00000000..9043b0e3 --- /dev/null +++ b/docs/integrations/scanners/contrast.md @@ -0,0 +1,97 @@ +--- +title: Contrast Security Integration +slug: /integrations/scanners/contrast +track: both +content_type: guide +seo_title: Contrast Security (IAST) Integration with Pixee +description: Pixee integration with Contrast Security IAST for automated triage and remediation of runtime-detected vulnerabilities. +sidebar_position: 4 +--- + +# Contrast Security Integration + +Pixee ingests Contrast Security findings, triages each one, and delivers remediation as pull requests. Contrast's runtime instrumentation produces a different signal than purely static scanners, and Pixee processes those findings through the same triage and remediation pipeline used for SAST tools. + +## What Contrast Detects + +Contrast Security uses Interactive Application Security Testing (IAST) -- runtime instrumentation that observes application behavior to identify vulnerabilities as code executes. Contrast Assess runs as an agent inside the application, watching real requests and the data flows they trigger. + +Contrast detects: + +- **Injection flaws** -- SQL injection, command injection, LDAP injection, NoSQL injection, observed against live traffic +- **Cross-site scripting (XSS)** -- reflected, stored, and DOM-based variants +- **Authentication and session weaknesses** -- including weak randomness, insecure cookies, and missing security headers +- **Insecure deserialization** +- **Path traversal** +- **Cryptographic weaknesses** -- weak algorithms, hardcoded keys, insecure modes +- **Vulnerable open-source dependencies** (via Contrast SCA) + +Because Contrast observes runtime behavior, it tends to surface findings with higher confidence than static scanners and can confirm exploitability for some classes of vulnerabilities. Contrast typically deploys in dev, QA, or staging environments where instrumentation overhead is acceptable. + +## How Pixee Enhances Contrast + +### Triage + +Contrast findings are processed through Pixee's triage pipeline alongside findings from SAST scanners. Each finding receives a classification with code-level justification. + +Runtime-confirmed findings carry a higher prior toward true-positive classification than equivalent static findings, but Pixee still validates each one in code context. Triage focuses on whether the runtime-observed vulnerability: + +- Is actually reachable in the deployed code paths (not just present) +- Lacks effective remediation upstream of the sink +- Maps to source code the team controls (versus a dependency that requires a different remediation strategy) + +The result: security teams can act on Contrast findings with the same confidence they get from Pixee's other scanner integrations. + +### Remediation + +True-positive findings receive automated code fixes delivered as pull requests, generated by Pixee's deterministic codemods and AI-powered MagicMods. Fixes match the team's code conventions and existing security utilities. + +Developers review and merge Pixee PRs through the standard development workflow. + +## Finding Types + +| Category | Examples | Fix Mode | +| --------------------------- | --------------------------------- | ------------------------------- | +| Injection flaws | SQL, command, LDAP, NoSQL | Deterministic + AI | +| Cross-site scripting | Reflected, stored, DOM-based | Deterministic + AI | +| Authentication / session | Weak randomness, insecure cookies | Deterministic | +| Insecure deserialization | Java/JS deserialization sinks | AI | +| Cryptographic weaknesses | Weak algorithms, hardcoded keys | Deterministic | +| Open-source vulnerabilities | Contrast SCA findings | Deterministic (version updates) | + +## Setup + +Pixee ingests Contrast findings via the [pixee/upload-tool-results-action](https://github.com/pixee/upload-tool-results-action) GitHub Action, which synchronizes Contrast results with Pixee. + +1. **Run Contrast** in your CI pipeline or runtime environment so findings are available. +2. **Export Contrast findings** to a Contrast-supported format (SARIF or Contrast's native JSON). +3. **Add the upload action** to your CI workflow: + - Configure with the path to your exported findings file + - Provide your Pixee API token as a secret +4. **Pixee ingests the upload** and processes each finding through the triage and remediation pipeline. +5. **Review and merge** Pixee-generated PRs in your normal development workflow. + +**Prerequisites:** Contrast Assess deployed and producing findings, Pixee account with connected repository, GitHub/GitLab/ADO/Bitbucket integration enabled. + +## Common False Positive Patterns Pixee Eliminates + +- **Test-environment-only findings:** Vulnerabilities observed in staging or QA that do not exist in code paths reachable in production +- **Findings in third-party code:** Issues that map to dependencies rather than the team's source code -- routed to SCA-style remediation rather than direct code fixes +- **Sanitized sinks:** Runtime-observed flows that terminate in sinks with framework-level sanitization Contrast does not always resolve +- **Severity inflation:** Findings flagged at high severity that are gated behind authentication, internal APIs, or otherwise reduced-impact contexts + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. + +## FAQ + +### Does Pixee replace Contrast Security? + +No. Pixee processes findings produced by Contrast and other scanners. Contrast continues running as your IAST source. Pixee adds triage and automated code fixes on top. + +### Does Pixee require a specific Contrast deployment model? + +Pixee works with findings from any Contrast Assess deployment. The integration uses the [pixee/upload-tool-results-action](https://github.com/pixee/upload-tool-results-action) to ingest exported findings -- the path Contrast takes to produce them does not matter to Pixee. + +### How does runtime-detected differ from statically-detected for triage? + +Runtime-confirmed findings carry a higher prior toward true-positive classification because the vulnerability has been observed during execution. Pixee still validates each finding in code context to confirm reachability in production paths and identify effective remediations. diff --git a/docs/integrations/scanners/defectdojo.md b/docs/integrations/scanners/defectdojo.md new file mode 100644 index 00000000..17a60391 --- /dev/null +++ b/docs/integrations/scanners/defectdojo.md @@ -0,0 +1,66 @@ +--- +title: DefectDojo Integration +slug: /integrations/scanners/defectdojo +track: both +content_type: guide +seo_title: DefectDojo Integration with Pixee +description: Pixee integration with DefectDojo for automated triage and remediation of aggregated findings from multiple scanners. +sidebar_position: 5 +--- + +# DefectDojo Integration + +Pixee integrates with DefectDojo to triage aggregated findings and deliver remediation as pull requests. DefectDojo serves as the management layer — organizing and tracking findings — but does not triage for exploitability or generate code fixes. Pixee adds those two capabilities. Your DefectDojo instance continues operating as your centralized vulnerability tracker; Pixee acts on what DefectDojo organizes. + +DefectDojo is an open-source application vulnerability management platform that consolidates findings from multiple scanners. + +## What DefectDojo Does + +- **Aggregates findings** from multiple security scanners into a single view +- **Deduplicates findings** across tools and scan runs +- **Tracks vulnerability lifecycle** (open, verified, mitigated, closed) +- **Provides vulnerability metrics** and reporting +- **Supports import from 150+ scanner formats** + +## How Pixee Enhances DefectDojo + +### Triage + +DefectDojo aggregates findings from multiple scanners, but triaging is still manual — security teams review each finding to determine whether it is a real threat. Pixee automates this step with exploitability analysis, classifying each finding as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX with structured evidence. + +### Remediation + +DefectDojo tracks vulnerability status but does not generate code fixes. Pixee delivers fixes as pull requests for confirmed vulnerabilities, moving findings from "open" to "mitigated" with actual code changes. + +## Finding Types + +| Category | Examples | Fix Mode | +| -------------------------- | --------------------------- | ----------------------------- | +| SAST findings (aggregated) | Injection, XSS, auth issues | Deterministic + AI | +| SCA findings (aggregated) | Dependency CVEs | Deterministic (version bumps) | +| Custom scanner findings | Organization-specific rules | AI | + +## Setup + +1. **Install Pixee** for your platform. +2. **Configure DefectDojo export** — export findings in SARIF format from DefectDojo. +3. **Connect to Pixee** — upload SARIF findings via Pixee's integration endpoint or configure automated export. +4. **Review and merge** — Pixee triages findings and opens PRs for remediable issues. + +**Prerequisites:** DefectDojo instance with findings imported, Pixee platform integration configured. + +## FAQ + +### Does Pixee replace DefectDojo? + +No. DefectDojo is a vulnerability management platform that tracks and organizes findings. Pixee is a resolution platform that triages and fixes them. They serve different functions and work together. + +### How do findings flow between DefectDojo and Pixee? + +Findings are exported from DefectDojo in SARIF format and ingested by Pixee for triage and remediation. When Pixee generates a fix, the resulting PR can be tracked back in DefectDojo as a mitigation action. + +### Can Pixee update DefectDojo finding status automatically? + +Integration capabilities between Pixee and DefectDojo depend on your deployment configuration. Contact the Pixee team for current webhook and API integration options. + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/fortify.md b/docs/integrations/scanners/fortify.md new file mode 100644 index 00000000..335d14d8 --- /dev/null +++ b/docs/integrations/scanners/fortify.md @@ -0,0 +1,72 @@ +--- +title: Fortify Integration +slug: /integrations/scanners/fortify +track: both +content_type: guide +seo_title: Fortify (OpenText / Micro Focus) Integration with Pixee +description: Pixee integration with Fortify SAST for automated triage and remediation. Reduces backlog burden in regulated and government environments. +sidebar_position: 6 +--- + +# Fortify Integration + +Pixee integrates with Fortify to triage SAST findings and deliver remediation as pull requests. Fortify is widely deployed in government, defense, and regulated industries where long-standing contracts make it the entrenched SAST tool — and where finding backlogs frequently accumulate faster than manual triage can keep pace. Pixee classifies findings by exploitability and generates the code fixes Fortify does not produce. Your Fortify scans continue running as configured. + +> Fortify has changed corporate hands over the years (HP → HPE → Micro Focus → OpenText). Pixee works with Fortify regardless of which logo is on your license agreement. + +## What Fortify Detects + +- OWASP Top 10 and CWE categories across 25+ programming languages +- Dataflow vulnerabilities with source-to-sink taint analysis +- Security misconfigurations +- Quality and reliability issues flagged as security-relevant +- Custom rule support for organization-specific patterns + +Fortify produces SARIF output via its FPR-to-SARIF conversion tools, enabling integration with downstream platforms. + +## How Pixee Enhances Fortify + +### Triage + +Fortify findings in government and financial services environments often accumulate into large backlogs because manual triage cannot keep pace with scan volume. Pixee's triage pipeline classifies each finding by exploitability, reducing the manual review burden. + +Fortify's rich dataflow analysis provides source-to-sink traces that Pixee's triage engine can leverage for more accurate exploitability assessment. When the SARIF output includes those traces, the triage decision considers the full data journey, not just the line where Fortify flagged the finding. + +### Remediation + +Fortify identifies vulnerabilities but does not generate automated code fixes. Pixee delivers remediation as pull requests, applying deterministic codemods for known vulnerability patterns and AI-powered generation for complex scenarios. + +## Finding Types + +| Category | Examples | Fix Mode | +| ------------------------- | ------------------------------------- | ------------------ | +| Injection vulnerabilities | SQL injection, XSS, command injection | Deterministic | +| Authentication weaknesses | Insecure session management | Deterministic + AI | +| Cryptographic issues | Weak algorithms, hardcoded keys | Deterministic | +| Dataflow vulnerabilities | Taint propagation across functions | AI | + +## Setup + +1. **Install Pixee** for your platform. +2. **Export Fortify findings as SARIF** — use Fortify's FPR-to-SARIF conversion or export from Fortify Software Security Center (SSC). +3. **Upload SARIF to Pixee** via CI pipeline integration or the Pixee API endpoint. +4. **Pixee triages findings** and opens PRs for remediable issues. +5. **Review and merge.** + +**Prerequisites:** Fortify SCA or SSC with findings, SARIF export capability, Pixee platform integration configured. + +## FAQ + +### Does Pixee work with Fortify on-premises deployments? + +Yes. Pixee ingests Fortify findings via SARIF export, which works regardless of whether Fortify runs on-premises or in the cloud. For on-premises Pixee deployments, no data leaves your network. + +### How do I export Fortify findings in SARIF format? + +Fortify supports SARIF export via FPR-to-SARIF conversion tools and Fortify Software Security Center (SSC). Check your Fortify version documentation for the specific export method available. + +### Can Pixee leverage Fortify's dataflow traces? + +When Fortify findings include source-to-sink dataflow information in the SARIF output, Pixee's triage engine uses this context for more accurate exploitability assessment. + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/gitlab-sast.md b/docs/integrations/scanners/gitlab-sast.md new file mode 100644 index 00000000..3d3b6406 --- /dev/null +++ b/docs/integrations/scanners/gitlab-sast.md @@ -0,0 +1,75 @@ +--- +title: GitLab SAST Integration +slug: /integrations/scanners/gitlab-sast +track: both +content_type: guide +seo_title: GitLab SAST Integration with Pixee +description: Pixee integration with GitLab SAST for automated triage and remediation of findings from multiple analyzers. +sidebar_position: 7 +--- + +# GitLab SAST Integration + +Pixee integrates with GitLab SAST to triage findings from GitLab's built-in static analysis and deliver remediation as merge requests. GitLab SAST uses multiple underlying analyzers (Semgrep, SpotBugs, Gosec, Bandit, and others), each with different false positive rates and metadata quality. Pixee normalizes these heterogeneous findings into a single triage workflow and generates fixes that GitLab SAST does not provide. Your GitLab SAST configuration continues running exactly as it does today. + +## What GitLab SAST Detects + +GitLab SAST is the built-in SAST capability in GitLab Ultimate. It runs as part of CI/CD pipelines using a collection of open-source analyzers orchestrated by GitLab's framework: + +- OWASP Top 10 and common injection flaws via Semgrep (multi-language) +- Java vulnerabilities via SpotBugs +- Go vulnerabilities via Gosec +- Python vulnerabilities via Bandit +- Ruby vulnerabilities via Brakeman +- JavaScript/TypeScript vulnerabilities via NodeJsScan +- Security misconfigurations across frameworks + +## How Pixee Enhances GitLab SAST + +### Triage + +GitLab SAST aggregates findings from multiple analyzers, each with different severity scales, rule naming conventions, and false positive rates. Pixee's triage pipeline normalizes these findings into consistent classifications with structured justifications. + +This solves a specific problem: teams using GitLab SAST receive findings from 5+ different analyzers with inconsistent metadata quality. Pixee applies the same exploitability analysis regardless of which underlying analyzer produced the finding, providing a unified view of what is real and what is noise. + +Each finding is classified as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX with code-level evidence. + +### Remediation + +GitLab shows SAST findings in the merge request security widget and vulnerability management dashboard but does not generate automated code fixes. Pixee closes this gap by delivering fixes as merge requests directly in GitLab. + +GitLab SAST findings often lack the contextual detail needed for efficient manual remediation. Pixee's fix generation adds the missing context — vulnerability explanation, fix rationale, and quality scores — directly in the MR. + +## Finding Types + +| Category | Examples | Analyzers | +| -------------------------- | ------------------------------------------- | ----------------------- | +| Injection vulnerabilities | SQL injection, XSS, command injection | Semgrep, SpotBugs | +| Authentication weaknesses | Insecure session handling, weak credentials | Semgrep, Bandit | +| Security misconfigurations | Insecure defaults, missing headers | Multiple analyzers | +| Language-specific patterns | Java deserialization, Python eval() | SpotBugs, Bandit, Gosec | + +## Setup + +1. **Connect GitLab to Pixee** — follow the [GitLab Setup](/getting-started/gitlab) guide to install the Pixee integration +2. **Ensure GitLab SAST is enabled** — GitLab SAST runs via CI/CD pipeline templates. Verify your `.gitlab-ci.yml` includes the SAST template +3. **Pixee ingests findings automatically** — when GitLab SAST runs in your pipeline, Pixee receives the findings via the GitLab API +4. **Review triage results and merge fixes** — Pixee opens MRs for remediable findings in your existing GitLab workflow + +**Prerequisites:** GitLab Ultimate license (for SAST), Pixee GitLab integration installed + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. + +## Frequently Asked Questions + +### Does Pixee replace GitLab SAST? + +No. GitLab SAST continues running in your CI/CD pipeline exactly as configured. Pixee sits downstream, triaging the findings and generating fixes. You keep GitLab SAST for detection; Pixee adds triage and remediation. + +### How does Pixee handle findings from different GitLab SAST analyzers? + +Pixee normalizes findings from all GitLab SAST analyzers (Semgrep, SpotBugs, Gosec, Bandit, etc.) into a single triage workflow. Each finding is classified with the same structured evidence format regardless of which analyzer produced it. + +### Do I need GitLab Ultimate for this integration? + +GitLab SAST requires GitLab Ultimate. If you use GitLab Free or Premium, you can still use Pixee with other scanners that produce SARIF output. See [Universal SARIF](/integrations/sarif-universal). diff --git a/docs/integrations/scanners/gitlab-sca.md b/docs/integrations/scanners/gitlab-sca.md new file mode 100644 index 00000000..6f76c7e5 --- /dev/null +++ b/docs/integrations/scanners/gitlab-sca.md @@ -0,0 +1,91 @@ +--- +title: GitLab SCA Integration +slug: /integrations/scanners/gitlab-sca +track: both +content_type: guide +seo_title: GitLab Dependency Scanning (SCA) Integration with Pixee +description: Pixee integration with GitLab Dependency Scanning for automated triage and remediation of open-source dependency vulnerabilities. +sidebar_position: 8 +--- + +# GitLab SCA Integration + +Pixee integrates with GitLab Dependency Scanning (GitLab's built-in SCA) to triage findings and deliver remediation as merge requests. GitLab Dependency Scanning identifies known vulnerabilities in your project's open-source dependencies via the Gemnasium analyzer; Pixee classifies each finding by exploitability and opens MRs that bump dependency versions to fixed releases. Your GitLab Dependency Scanning configuration continues running exactly as it does today. + +> "Dependency Scanning" is GitLab's name for SCA. The terms are interchangeable — `gemnasium-dependency_scanning` is the analyzer that produces the findings. + +## What GitLab Dependency Scanning Detects + +GitLab Dependency Scanning runs as part of CI/CD pipelines and surfaces known vulnerabilities (CVEs) in your project's direct and transitive dependencies. Coverage spans the major package ecosystems: + +- **Java / JVM** — Maven, Gradle (`pom.xml`, `build.gradle`) +- **Python** — pip, Poetry, Pipenv (`requirements.txt`, `Pipfile.lock`, `poetry.lock`) +- **JavaScript / TypeScript** — npm, Yarn, pnpm (`package-lock.json`, `yarn.lock`, `pnpm-lock.yaml`) +- **.NET** — NuGet (`packages.lock.json`) +- **Go** — Go modules (`go.sum`) +- **Ruby** — Bundler (`Gemfile.lock`) +- **PHP** — Composer (`composer.lock`) +- **Rust** — Cargo (`Cargo.lock`) +- **Conan** — C/C++ Conan packages + +Findings are reported with CVE identifiers, severity, affected version ranges, and (where available) the version that fixes the vulnerability. + +## How Pixee Enhances GitLab Dependency Scanning + +### Triage + +GitLab Dependency Scanning surfaces every CVE in every dependency — direct and transitive — without distinguishing whether the vulnerable code path is actually reachable in your project. The result is high finding volume, much of it not exploitable in context. Pixee's triage pipeline classifies each finding as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX based on whether the vulnerable function is actually called and reachable in your codebase. + +This is the core SCA-noise problem: a CVE in a transitive dependency is only meaningful if your code (directly or via the dependency tree) actually exercises the vulnerable code path. Pixee's reachability analysis is what separates the small set of dependency CVEs that matter from the large set that do not. + +Each finding is classified with code-level evidence — what calls the vulnerable function, what does not, and why. + +### Remediation + +GitLab shows dependency findings in the merge request security widget and vulnerability management dashboard but does not automatically open MRs to bump versions. Pixee closes this gap by delivering version-bump merge requests directly in GitLab for findings that are reachable and have a fixed version available. + +Pixee's SCA remediation is deterministic: for each TRUE_POSITIVE with a fix available, Pixee opens an MR that updates the dependency to the lowest version in the fixed range, runs lockfile updates, and includes the CVE rationale in the MR description. Multi-vulnerability fixes can be batched per dependency to minimize MR churn. + +## Finding Types + +| Category | Examples | Fix Mode | +| -------------------------- | ------------------------------------------------------ | ----------------------------- | +| Direct dependency CVEs | Known vulnerability in a top-level declared dependency | Deterministic (version bump) | +| Transitive dependency CVEs | Vulnerable package pulled in by another dependency | Deterministic (lockfile bump) | +| Multi-CVE per dependency | Multiple CVEs fixed by the same target version | Deterministic (batched) | +| No-fix CVEs | CVEs without a published fixed version | WONT_FIX with rationale | + +## Setup + +1. **Connect GitLab to Pixee** — follow the [GitLab Setup](/getting-started/gitlab) guide to install the Pixee integration. +2. **Ensure Dependency Scanning is enabled** — verify your `.gitlab-ci.yml` includes the `Dependency-Scanning.gitlab-ci.yml` template (or your own equivalent that runs `gemnasium-dependency_scanning`). +3. **Pixee ingests findings automatically** — when Dependency Scanning runs in your pipeline, Pixee receives the findings via the GitLab API. +4. **Review triage results and merge fixes** — Pixee opens MRs for remediable findings in your existing GitLab workflow. + +**Prerequisites:** GitLab Ultimate license (Dependency Scanning is part of GitLab's Secure category, which requires Ultimate), Pixee GitLab integration installed. + +See the [SCA pipeline](/how-it-works/sca-pipeline) for details on how Pixee handles dependency findings end-to-end. + +## FAQ + +### Does Pixee replace GitLab Dependency Scanning? + +No. GitLab Dependency Scanning continues running in your CI/CD pipeline and continues populating the GitLab vulnerability dashboard. Pixee sits downstream, triaging the findings for reachability and opening fix MRs for the ones that matter. + +### Do I need GitLab Ultimate? + +GitLab Dependency Scanning requires GitLab Ultimate (it is part of GitLab's Secure tier). If you use GitLab Free or Premium, you can still get SCA coverage with Pixee by running an external SCA scanner (e.g., Trivy) and uploading SARIF — see [Trivy Integration](/integrations/scanners/trivy) and [Universal SARIF](/integrations/sarif-universal). + +### How does Pixee decide which dependency CVEs are reachable? + +Pixee's reachability analysis examines whether your code (directly or via the dependency graph) actually calls the vulnerable function or class identified by the CVE. CVEs in dependencies whose vulnerable code paths are never exercised in your codebase are classified FALSE_POSITIVE with an explanation. + +### What happens for CVEs without a fixed version? + +Findings without a published fix are classified WONT_FIX (no remediation possible without an upstream fix) along with the CVE details so your team can track and apply mitigations manually if needed. + +### Does Pixee batch multiple CVE fixes into one MR? + +When several CVEs in the same dependency can be resolved by a single version bump, Pixee batches them into one MR rather than opening one MR per CVE. + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/polaris.md b/docs/integrations/scanners/polaris.md new file mode 100644 index 00000000..0b70cab2 --- /dev/null +++ b/docs/integrations/scanners/polaris.md @@ -0,0 +1,76 @@ +--- +title: Polaris Integration +slug: /integrations/scanners/polaris +track: both +content_type: guide +seo_title: Polaris (Synopsys / Black Duck Coverity) Integration with Pixee +description: Pixee integration with Polaris (Synopsys / Black Duck Coverity) for automated triage and remediation of dataflow and code-quality findings. +sidebar_position: 9 +--- + +# Polaris Integration + +Pixee integrates with Polaris to triage findings from the Coverity SAST engine and deliver remediation as pull requests. Polaris's strength is thorough, conservative dataflow analysis; that thoroughness produces high finding volumes that mix security vulnerabilities, code quality, and lower-severity patterns. Pixee classifies each finding by exploitability and generates code fixes Polaris does not produce. Your Polaris scans continue running as configured. + +> Polaris is the unified application security platform from Synopsys / Black Duck. Note: Synopsys divested its Software Integrity Group, which now operates under the Black Duck Software brand. Polaris remains the unified platform name; Coverity remains the SAST engine name. Pixee works with Polaris regardless of the branding on your license. + +## What Polaris Detects + +- **SAST via the Coverity engine** — deep dataflow analysis, buffer overflows, injection flaws, concurrency issues, and taint tracking across multiple languages +- **SCA via Black Duck** — open-source license compliance and vulnerability detection +- **Rapid Scan** — lightweight SAST designed for CI/CD integration (faster analysis with narrower rule coverage than full Coverity) +- **API security issues** +- **Infrastructure misconfigurations** + +## How Pixee Enhances Polaris + +### Triage + +The Coverity engine is known for thorough, conservative analysis. This thoroughness produces high volumes of findings that mix security vulnerabilities, code quality issues, and lower-severity patterns. Pixee's triage pipeline classifies each finding as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX with a code-level justification, accounting for framework protections, sanitization logic, and deployment context that Coverity's conservative analysis may not resolve. + +### Remediation + +Polaris provides findings and remediation guidance but does not generate automated code fixes or pull requests. Pixee closes this gap. True positive findings are automatically fixed using deterministic codemods and AI-powered MagicMods. Fixes are delivered as pull requests matching the team's code conventions. + +## Finding Types + +| Category | Examples | Fix Mode | +| ---------------------------------- | --------------------------------------- | ------------------ | +| Dataflow vulnerabilities | SQL injection, XSS, path traversal | Deterministic + AI | +| Buffer overflows and memory safety | Buffer overruns, use-after-free (C/C++) | AI | +| Concurrency issues | Race conditions, deadlocks | AI | +| Cryptographic issues | Weak algorithms, insecure random | Deterministic | +| Security misconfigurations | Insecure defaults, missing headers | Deterministic | + +## Setup + +1. **Run Polaris** on your repository (via Polaris CLI or CI/CD integration). +2. **Export results in SARIF format** from Polaris. +3. **Upload SARIF to Pixee** via API, UI, or CI integration. +4. **Pixee processes findings** through the triage and remediation pipeline. +5. **Review and merge** Pixee-generated PRs. + +**Prerequisites:** Polaris account with Coverity SAST scan results, Pixee account with connected repository. + +## Common False Positive Patterns Pixee Eliminates + +- **Conservative analysis flagging unlikely conditions:** Coverity flags potential issues even when exploitation requires multiple unlikely conditions to align +- **Code quality findings mixed with security:** Polaris reports reliability bugs, code quality issues, and security vulnerabilities in the same output; Pixee separates security from non-security +- **Buffer overflow false positives in managed languages:** Coverity rules designed for C/C++ may produce findings in managed-language code (Java, C#) where memory management is handled by the runtime +- **Test and example code at production severity:** Findings in non-production code flagged at production severity levels + +## FAQ + +### Does Pixee work with both Coverity SAST and Black Duck SCA through Polaris? + +Pixee's Polaris integration focuses on SAST findings from the Coverity engine. For SCA-specific remediation (dependency version updates), see the [SCA pipeline](/how-it-works/sca-pipeline) documentation. + +### I see findings from Coverity, Black Duck, and Rapid Scan in Polaris -- does Pixee handle all of them? + +Pixee processes Polaris findings exported in SARIF format. Coverity SAST findings are the primary input for the triage and remediation pipeline. Rapid Scan results that overlap with Coverity finding types are also handled. + +### Is the brand Synopsys, Black Duck, or Polaris? + +Synopsys divested its Software Integrity Group, which now operates under the Black Duck Software brand. Polaris remains the unified platform name. Coverity remains the SAST engine name. Pixee works with Polaris regardless of the branding on your license agreement. + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/semgrep.md b/docs/integrations/scanners/semgrep.md new file mode 100644 index 00000000..d75944ca --- /dev/null +++ b/docs/integrations/scanners/semgrep.md @@ -0,0 +1,99 @@ +--- +title: Semgrep Integration +slug: /integrations/scanners/semgrep +track: both +content_type: guide +seo_title: Semgrep Integration with Pixee +description: Pixee integration with Semgrep for automated triage and remediation of OSS and Pro rule findings. +sidebar_position: 11 +--- + +# Semgrep Integration + +Pixee's Semgrep integration processes findings from both Semgrep OSS and Semgrep Pro through automated triage and remediation. The dedicated Semgrep handler extracts rule metadata for accurate classification, then delivers fixes as pull requests. + +## What Semgrep Detects + +Semgrep is a lightweight, fast SAST scanner with a large and growing rule library. Teams adopt it for its speed, pattern-based rule syntax, and developer-friendly workflow. + +Semgrep detects: + +- **OWASP Top 10 vulnerabilities** -- injection, broken authentication, XSS, insecure deserialization, and more +- **Language-specific security rules** from both OSS and Pro rule sets +- **Custom organizational rules** written in Semgrep's pattern syntax for team-specific security policies +- **Code quality issues with security implications** -- hardcoded secrets, weak cryptographic usage, deprecated API calls + +Semgrep supports Python, JavaScript/TypeScript, Java, Go, Ruby, C#, PHP, Kotlin, Swift, and more. Rules run via Semgrep CLI (open source) or Semgrep Code (cloud platform). + +## How Pixee Enhances Semgrep + +### Triage + +Semgrep findings are processed through Pixee's triage pipeline, which classifies each finding as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX with code-level justification and a confidence score. + +The dedicated Semgrep handler provides scanner-specific metadata extraction: + +**Rule metadata extraction.** Pixee's handler extracts `fullDescription.text` rule metadata from Semgrep's SARIF output, giving the triage engine the rule explanation alongside the finding. This context helps the triage pipeline distinguish between high-severity exploitable findings and informational warnings that share the same rule ID. + +**OSS and Pro rule support.** The handler processes findings from both Semgrep OSS and Semgrep Pro rule sets. Whether your team uses the community rules, the commercial Pro rules, or a mix, findings flow through the same triage pipeline. + +**Custom rule support.** Custom Semgrep rules that produce SARIF output work with Pixee automatically. Your organization's custom security policies are triaged and remediated through the same pipeline as standard rules -- no additional configuration required. + +Each finding receives a classification with reasoning trail suitable for audit documentation. Security teams can review the triage decisions, not just the raw output. + +### Remediation + +True positive findings receive automated code fixes delivered as pull requests. + +Pixee generates fixes using deterministic codemods and AI-powered MagicMods. The deterministic codemods handle standard security patterns with zero LLM dependency. MagicMods address complex, codebase-specific scenarios where the fix requires understanding your application's architecture and conventions. + +- Fixes match your team's code conventions -- Pixee generates fixes that use your existing libraries and follow your patterns +- Semgrep identifies what is wrong; Pixee delivers the fix as a PR +- Developers review Pixee PRs through the same workflow they use for all code changes + +## Finding Types + +| Category | Examples | Coverage | +| -------------------------------- | ----------------------------------------- | ---------------------- | +| OWASP Top 10 | SQL injection, XSS, broken authentication | OSS + Pro rules | +| Language-specific security | Framework misuse, insecure defaults | Per-language rule sets | +| Custom organizational rules | Team-specific patterns and policies | Custom Semgrep rules | +| Code quality (security-relevant) | Hardcoded secrets, weak crypto | OSS + Pro rules | + +## Setup + +1. **Run Semgrep** on your repository via Semgrep CLI, CI/CD integration, or Semgrep Code (cloud). +2. **Export results in SARIF format** using `semgrep --sarif` (CLI) or configure SARIF export in Semgrep Code. +3. **Connect your code repository to Pixee** via the appropriate platform integration (GitHub, GitLab, Azure DevOps, or Bitbucket). +4. **Pixee ingests Semgrep SARIF** and processes findings through the triage and remediation pipeline. +5. **Review and merge** Pixee-generated PRs in your normal workflow. + +**Prerequisites:** Semgrep installed or Semgrep Code account, Pixee connected to your SCM platform. + +## Common False Positive Patterns Pixee Eliminates + +- **Low-severity OSS rules on common patterns:** Rules that fire on widespread coding patterns without evaluating whether the specific instance is exploitable +- **Per-file duplication noise:** The same rule firing on multiple locations across files without prioritization or deduplication +- **Framework-mitigated findings:** Code protected by middleware, security libraries, or framework-level controls that Semgrep's pattern matching cannot resolve +- **Test code flagged at production severity:** Test fixtures, example code, and mock data triggering rules intended for production code +- **Stale API warnings:** Generic rules that lack language-version awareness, flagging deprecated API usage on code that has already been migrated + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. + +## FAQ + +### Does Pixee replace Semgrep? + +No. Pixee complements Semgrep by adding automated triage and remediation. Keep running Semgrep exactly as you do today. Pixee processes Semgrep's output and delivers classified findings and fixes. + +### Does Pixee work with both Semgrep OSS and Semgrep Pro? + +Yes. Pixee's dedicated Semgrep handler supports both Semgrep OSS and Pro rule output. Findings from either rule set are processed through the same triage and remediation pipeline. + +### What about my custom Semgrep rules? + +Custom Semgrep rules that produce SARIF output work with Pixee automatically. Findings from custom rules are triaged and remediated through the same pipeline as standard rules. No additional configuration is needed. + +### How does Pixee handle Semgrep's high-volume output? + +Pixee's triage engine classifies each finding with a code-level justification and confidence score. Findings classified as false positives or won't-fix are separated from true positives, so developers see only actionable findings with fixes ready for review. The volume problem becomes a solved problem. diff --git a/docs/integrations/scanners/snyk-code.md b/docs/integrations/scanners/snyk-code.md new file mode 100644 index 00000000..45440096 --- /dev/null +++ b/docs/integrations/scanners/snyk-code.md @@ -0,0 +1,86 @@ +--- +title: Snyk Code Integration +slug: /integrations/scanners/snyk-code +track: both +content_type: guide +seo_title: Snyk Code Integration with Pixee +description: Pixee integration with Snyk Code for automated triage and remediation of SAST findings. +sidebar_position: 12 +--- + +# Snyk Code Integration + +Pixee integrates with Snyk Code to triage SAST findings and deliver remediation as pull requests. Snyk Code continues scanning as it does today -- Pixee sits downstream, providing independent triage verification and automated fixes. More importantly, Pixee triages Snyk Code findings alongside findings from every other scanner in your portfolio through one pipeline, eliminating per-tool review silos. + +## What Snyk Code Detects + +Snyk Code is the SAST component of the Snyk platform, built on the DeepCode acquisition. It provides real-time static analysis designed for developer workflows, with IDE integrations, CLI scanning, and CI/CD pipeline support. Snyk Code is known for speed and lower false positive rates compared to traditional SAST tools, with strong adoption among cloud-native engineering teams. + +Snyk Code detects: + +- **Injection flaws** -- SQL injection, cross-site scripting, command injection, and other injection-class vulnerabilities +- **Authentication and cryptographic weaknesses** -- broken authentication, insecure cryptographic usage +- **Code quality issues with security implications** -- patterns that could lead to security vulnerabilities +- **Hardcoded secrets and credentials** +- **Data flow taint tracking** -- tracing untrusted data from sources to sinks + +Language coverage includes JavaScript/TypeScript, Python, Java, Go, Ruby, C#, PHP, Swift, and Kotlin. + +## How Pixee Enhances Snyk Code + +### Triage + +Snyk Code already produces lower false positive rates than traditional SAST tools. Pixee's value for Snyk Code users centers on two areas: + +**Independent verification.** Each Snyk Code finding is processed through Pixee's triage pipeline, which classifies it as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX with a detailed justification and confidence score. The classification provides audit-ready evidence for compliance workflows. + +**Cross-scanner unification.** Most teams run Snyk Code alongside other scanners -- SCA tools, container scanners, infrastructure-as-code analyzers. Pixee triages findings from all of them through one pipeline with consistent classification logic. No more switching between the Snyk dashboard, the GHAS dashboard, and the SonarQube portal to review findings from each tool in isolation. + +### Remediation + +Snyk's "DeepCode AI Fix" provides remediation suggestions within the Snyk UI. Pixee delivers a different outcome: complete, context-aware fixes as pull requests that developers review and merge through their standard code review workflow. + +Fixes are generated using deterministic codemods and AI-powered MagicMods for complex scenarios. Every fix matches the team's code conventions -- naming patterns, preferred libraries, and existing security utilities. + +## Finding Types + +| Category | Examples | Fix Mode | +| ------------------------- | ------------------------------------------------ | ------------------ | +| Injection flaws | SQL injection, XSS, command injection | Deterministic + AI | +| Authentication issues | Broken authentication, session weaknesses | AI | +| Cryptographic weaknesses | Weak algorithms, insecure random, hardcoded keys | Deterministic | +| Secrets detection | Hardcoded credentials, API keys, tokens | Deterministic | +| Data flow vulnerabilities | Taint tracking findings, unsanitized inputs | Deterministic + AI | + +## Setup + +1. **Run Snyk Code scan** on your repository (via Snyk CLI, CI/CD integration, or Snyk UI). +2. **Export results in SARIF format** from Snyk Code. +3. **Upload SARIF to Pixee** via API, UI, or CI integration. +4. **Pixee processes findings** through the triage and remediation pipeline. +5. **Review and merge** Pixee-generated PRs in your normal development workflow. + +**Prerequisites:** Snyk account with Snyk Code enabled, Pixee account with connected repository. + +## Common False Positive Patterns Pixee Eliminates + +- **Framework-protected endpoints:** Snyk Code flags injection risks in code protected by middleware-level input validation or framework security features +- **Sanitized data in multi-file flows:** Data flows where sanitization occurs upstream in a different file, beyond Snyk Code's analysis scope +- **Test code at production severity:** Intentionally vulnerable test fixtures, mock data, or example code flagged as production security issues +- **Context-dependent findings:** Findings that depend on runtime configuration or deployment context that static analysis cannot determine + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. + +## FAQ + +### Does Pixee replace Snyk Code? + +No. Pixee complements Snyk Code by adding unified triage and automated remediation. Snyk Code continues scanning as before. Pixee processes the output alongside findings from all your other scanners through one pipeline. + +### If Snyk Code already has low false positive rates, why add Pixee triage? + +Two reasons. First, Pixee provides independent verification with audit-ready justification trails -- valuable for compliance. Second, and more importantly, Pixee triages Snyk Code findings alongside every other scanner in your portfolio through one pipeline. The unified view across all tools is the primary value for teams running Snyk Code alongside other scanners. + +### How does Pixee compare to Snyk's DeepCode AI Fix? + +DeepCode AI Fix provides remediation suggestions within the Snyk UI. Pixee delivers complete fixes as pull requests through your standard code review workflow. Pixee also provides independent triage classification before remediation -- sorting findings before fixing them. diff --git a/docs/integrations/scanners/sonarqube.md b/docs/integrations/scanners/sonarqube.md new file mode 100644 index 00000000..49037750 --- /dev/null +++ b/docs/integrations/scanners/sonarqube.md @@ -0,0 +1,137 @@ +--- +title: SonarQube Integration +slug: /integrations/scanners/sonarqube +track: both +content_type: guide +seo_title: SonarQube Integration with Pixee +description: Pixee integration with SonarQube and SonarCloud for automated triage and remediation, including security hotspot classification. +sidebar_position: 13 +--- + +# SonarQube Integration + +Pixee integrates natively with SonarQube and SonarCloud to triage findings and deliver remediation as pull requests. SonarQube's security hotspots require manual review -- Pixee automates that review with code-level justification and generates fixes for confirmed vulnerabilities. + +## What SonarQube Detects + +SonarQube (self-hosted) and SonarCloud (SaaS) are the most widely deployed code quality and security analysis platforms in the industry. Often the first analysis tool adopted by engineering teams, SonarQube combines SAST with code quality, technical debt, and coverage analysis across 30+ languages. + +SonarQube detects: + +- **Static Application Security Testing (SAST)** -- OWASP Top 10, CWE coverage, injection flaws, cross-site scripting, authentication issues +- **Security hotspots** -- code patterns that require manual security review before being classified as safe or vulnerable +- **Code quality issues** -- bugs, code smells, and technical debt +- **Code coverage analysis** -- test coverage tracking +- **Duplication detection** -- identifying copy-paste patterns across the codebase + +## How Pixee Enhances SonarQube + +### Triage + +SonarQube's security hotspot system explicitly requires manual review -- a developer or security engineer must investigate each hotspot and classify it as safe or vulnerable. For teams with hundreds or thousands of hotspots, this manual process creates a permanent backlog. + +Pixee automates that review. Each SonarQube finding -- including security hotspots -- is processed through Pixee's triage pipeline, which classifies it as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX with a code-level justification. The triage engine investigates the actual codebase to determine whether a hotspot represents a genuine risk. + +For teams managing SonarQube's high-volume output, where security findings mix with code quality findings and hotspots in a single dashboard, Pixee separates what matters from what does not. + +### Remediation + +SonarQube shows what is wrong but does not generate fixes. Pixee fills this gap by delivering remediation as pull requests. True positive findings from SonarQube are automatically fixed using deterministic codemods and AI-powered MagicMods for complex scenarios. Dedicated prompt builders in the remediation engine handle SonarQube-specific finding formats. + +Fixes match your team's code conventions. + +## Finding Types + +| Category | Examples | Fix Mode | +| -------------------------------- | -------------------------------------------------------------- | ------------------ | +| Security vulnerabilities | SQL injection, XSS, path traversal, insecure crypto | Deterministic + AI | +| Security hotspots | Hardcoded credentials, weak hashing, CSRF-related patterns | AI | +| Code quality (security-relevant) | Null pointer dereferences, resource leaks with security impact | AI | + +## Supported Languages + +Pixee remediates SonarQube findings for these languages: + +| Language | Deterministic Codemods | AI-Powered Fixes | SonarQube Rules Covered | +| --------------------- | ---------------------- | ---------------- | ---------------------------------------------- | +| Java | Yes (51+) | Yes | Injection, XSS, crypto, auth, hotspots | +| Python | Yes (60+) | Yes | Injection, XSS, hardcoded secrets, hotspots | +| JavaScript/TypeScript | Expanding | Yes | XSS, injection, auth patterns | +| .NET | Expanding | Yes | Injection, crypto, configuration | +| PHP | Expanding | Yes | Injection, XSS | +| Go | — | — | Not currently supported for SonarQube findings | + +If your primary SonarQube backlog is in Go, Pixee cannot remediate those findings today. Go support for SonarQube findings is on the roadmap. + +## Setup + +### Prerequisites + +- SonarQube 9.x or later (self-hosted) or SonarCloud (SaaS) with existing scan results +- A Pixee account with at least one repository connected ([Getting Started](/)) +- A SonarQube user token with **Browse** and **Administer** project permissions (not a global analysis token) + +Connect SonarQube by providing your instance URL and a user token with Browse and Administer project permissions. Pixee queries SonarQube directly via API -- no SARIF export needed. SonarQube projects are mapped to code repositories using the project key; if your project keys match your repository names, mapping is automatic. For enterprise self-hosted deployments, configure SonarQube credentials in your Helm values. For step-by-step configuration, see the [installation guide](https://app.pixee.ai/docs/setup). + +### What Happens with Large Backlogs + +If your SonarQube instance has thousands of findings, Pixee does not open thousands of PRs simultaneously. Findings are prioritized by severity (Critical and High first), and PR creation is controlled by your configured batch settings. See [Operations](/configuration/operations) for PR volume controls. + +## SonarQube Finding Examples + +### Example 1: SQL Injection (java:S3649) + +**SonarQube finding:** `Change this code to not construct SQL queries directly from user-controlled data.` + +**Before (vulnerable):** + +```java +String query = "SELECT * FROM users WHERE id = " + request.getParameter("id"); +ResultSet rs = statement.executeQuery(query); +``` + +**Pixee fix (deterministic codemod):** + +```java +String query = "SELECT * FROM users WHERE id = ?"; +PreparedStatement ps = connection.prepareStatement(query); +ps.setString(1, request.getParameter("id")); +ResultSet rs = ps.executeQuery(); +``` + +### Example 2: Hardcoded Credentials (java:S2068) + +**SonarQube finding:** `Remove this hard-coded password.` + +**Before:** `private static final String DB_PASSWORD = "admin123";` + +**Pixee fix (AI-powered):** Moves the credential to an environment variable reference and adds documentation for the required configuration change. + +### Example 3: Security Hotspot — CSRF (java:S4502) + +**SonarQube hotspot:** `Make sure disabling Spring Security's CSRF protection is safe here.` + +**Pixee triage result:** `FALSE_POSITIVE — This endpoint is a REST API consumed by a mobile client using Bearer token authentication. CSRF protection is not applicable to token-authenticated APIs. The Spring Security configuration correctly disables CSRF for the /api/** path only.` + +## Common False Positive Patterns Pixee Eliminates + +- **Security hotspots that are actually safe:** Pixee's triage engine investigates the actual code context and determines whether the flagged pattern is exploitable -- automating the manual review SonarQube requires +- **Code quality findings conflated with security:** SonarQube mixes code smells, bugs, and security findings in one dashboard; Pixee distinguishes genuine security issues from code quality noise +- **Framework-mitigated injection patterns:** Findings where the application framework provides protection (parameterized queries via ORM, CSRF tokens via framework middleware) +- **Test code at production severity:** SonarQube scans test directories by default; Pixee adjusts classification for non-production code + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. + +## FAQ + +### Does Pixee work with both SonarQube and SonarCloud? + +Yes. Pixee's SonarQube integration works with both self-hosted SonarQube and SonarCloud (SaaS). The same triage and remediation pipeline processes findings from either deployment. + +### How does Pixee handle SonarQube security hotspots? + +SonarQube security hotspots require manual review -- someone must investigate the code and classify the hotspot as safe or vulnerable. Pixee automates this review by investigating the actual code context and classifying each hotspot with a detailed justification. This eliminates the manual review bottleneck. + +### Does Pixee fix code quality issues from SonarQube, or only security findings? + +Pixee focuses on security-relevant findings -- vulnerabilities and security hotspots. Code quality issues like code smells and technical debt remain in SonarQube's domain. When a code quality finding has security implications, Pixee's triage pipeline evaluates it and may generate a fix. diff --git a/docs/integrations/scanners/trivy.md b/docs/integrations/scanners/trivy.md new file mode 100644 index 00000000..eb9cfd49 --- /dev/null +++ b/docs/integrations/scanners/trivy.md @@ -0,0 +1,70 @@ +--- +title: Trivy Integration +slug: /integrations/scanners/trivy +track: both +content_type: guide +seo_title: Trivy Integration with Pixee +description: Pixee integration with Aqua Trivy for automated triage and remediation across container, dependency, IaC, and secret findings. +sidebar_position: 14 +--- + +# Trivy Integration + +Pixee integrates with Trivy to triage findings and deliver remediation as pull requests. Trivy's breadth — container images, dependencies, IaC, secrets — produces high-volume output. A single container base image can have hundreds of known CVEs, most of which are not exploitable in your application's context. Pixee's exploitability analysis classifies each finding so teams can focus on what is actually reachable and fixable. Trivy continues scanning as configured; Pixee adds the triage and fix layer it does not provide. + +Trivy is Aqua Security's open-source scanner, widely adopted in cloud-native and DevSecOps environments. + +## What Trivy Detects + +- **Container image vulnerabilities** — OS packages and application dependencies +- **SCA** — open-source dependency vulnerabilities +- **Infrastructure as Code (IaC) misconfigurations** — Terraform, CloudFormation, Kubernetes manifests, Dockerfiles +- **Secret detection** — hardcoded credentials, API keys +- **License compliance issues** +- **SBOM generation** — CycloneDX and SPDX formats + +Trivy produces SARIF output natively, making it highly interoperable with downstream tools. + +## How Pixee Enhances Trivy + +### Triage + +Trivy's breadth is its strength and its challenge. Container image scans can surface hundreds of CVEs in OS packages, most of which are not exploitable in the application's context. Pixee's triage pipeline classifies each finding by exploitability and actionability, separating real threats from noise. For code-level findings and IaC misconfigurations, the triage engine investigates the actual codebase to determine whether the finding represents a real risk. + +### Remediation + +Trivy identifies vulnerabilities but does not generate code fixes. Pixee delivers fixes as pull requests — updating dependency versions, fixing IaC misconfigurations, and remediating code-level findings using both deterministic codemods and AI-powered generation. + +## Finding Types + +| Category | Examples | Fix Mode | +| -------------------------- | ----------------------------------------------------- | ----------------------------- | +| Dependency vulnerabilities | CVEs in direct and transitive dependencies | Deterministic (version bumps) | +| IaC misconfigurations | Insecure Dockerfile directives, K8s security contexts | Deterministic + AI | +| Code-level SAST findings | Injection, XSS (via Trivy's fs scanning) | Deterministic + AI | +| Secret detection | Hardcoded credentials, API keys | AI | + +## Setup + +1. **Install Pixee** for your platform ([GitHub](/getting-started/github), [GitLab](/getting-started/gitlab), [Azure DevOps](/getting-started/azure-devops), or [Bitbucket](/getting-started/bitbucket)). +2. **Configure Trivy to output SARIF** — add `--format sarif` to your Trivy command or CI pipeline step. +3. **Upload SARIF to Pixee** — configure SARIF upload in your CI pipeline or use the Pixee integration endpoint. +4. **Review and merge** — Pixee triages findings and opens PRs for remediable issues. + +**Prerequisites:** Trivy installed in your CI pipeline or locally, Pixee platform integration configured. + +## FAQ + +### Does Pixee work with Trivy's container image scanning? + +Yes. Pixee ingests Trivy's SARIF output from container image scans and triages the findings by exploitability. For dependency vulnerabilities found in container images, Pixee can generate dependency update fixes where the dependency is managed in your source code. + +### How does Pixee reduce noise from Trivy scans? + +Trivy container scans often surface hundreds of CVEs in OS packages. Pixee's triage engine classifies each by exploitability — whether the vulnerable code path is actually reachable in your application — reducing the volume requiring human review. + +### Does Trivy need to output SARIF for this integration? + +Yes. Configure Trivy with `--format sarif` to produce SARIF 2.1.0 output. Pixee also supports Trivy's native JSON format through the dedicated Trivy handler. + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/veracode.md b/docs/integrations/scanners/veracode.md new file mode 100644 index 00000000..cd39f702 --- /dev/null +++ b/docs/integrations/scanners/veracode.md @@ -0,0 +1,85 @@ +--- +title: Veracode Integration +slug: /integrations/scanners/veracode +track: both +content_type: guide +seo_title: Veracode Integration with Pixee +description: Pixee integration with Veracode for automated triage and remediation of SAST findings. +sidebar_position: 15 +--- + +# Veracode Integration + +Pixee integrates natively with Veracode to triage SAST findings and deliver remediation as pull requests. Pixee sits downstream, classifying each finding as true positive, false positive, or won't-fix with code-level justification, then generating fixes for confirmed vulnerabilities. + +## What Veracode Detects + +Veracode is a leading cloud-native application security platform widely deployed in regulated industries including financial services, healthcare, and government. Its centralized cloud scanning model -- code is uploaded to Veracode's cloud for analysis -- provides broad coverage without requiring local scanning infrastructure. + +Veracode detects: + +- **Static Application Security Testing (SAST)** -- broad coverage of OWASP Top 10 and CWE categories including injection flaws, cross-site scripting, authentication weaknesses, and insecure cryptography +- **Software Composition Analysis (SCA)** -- open-source dependency vulnerabilities and license risk +- **Dynamic Application Security Testing (DAST)** -- runtime vulnerability detection against deployed applications +- **Secrets detection** -- hardcoded credentials and API keys +- **Infrastructure as Code (IaC) misconfigurations** + +## How Pixee Enhances Veracode + +### Triage + +Veracode findings are processed through Pixee's triage pipeline, which classifies each finding as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX with a detailed justification and confidence score. + +The dedicated Veracode handler extracts scanner-specific metadata from Veracode's SARIF output, providing the triage engine with the context it needs for accurate classification. This reduces the manual triage burden on AppSec teams who currently review Veracode results in the Veracode portal -- a process that consumes hours of analyst time per scan cycle. + +Each classified finding includes an audit-ready justification trail explaining the reasoning behind the triage decision. + +### Remediation + +True positive findings receive automated code fixes delivered as pull requests. Pixee generates fixes using deterministic codemods and AI-powered MagicMods for complex, codebase-specific scenarios. + +Veracode's own "Veracode Fix" provides AI-assisted remediation suggestions, but it does not deliver merged pull requests at scale. Pixee closes that gap: findings move from classification to fix to developer review in one pipeline. Developers review and merge Pixee PRs through their standard workflow. + +## Finding Types + +| Category | Examples | Fix Mode | +| -------------------------- | ------------------------------------------------ | ------------------ | +| Injection flaws | SQL injection, command injection, LDAP injection | Deterministic + AI | +| Cross-site scripting | Reflected XSS, stored XSS, DOM-based XSS | Deterministic + AI | +| Authentication and session | Broken authentication, session fixation | AI | +| Cryptographic issues | Weak algorithms, hardcoded keys | Deterministic | +| Path traversal | Directory traversal, file inclusion | Deterministic + AI | +| Security misconfigurations | Insecure defaults, missing headers | Deterministic | + +## Setup + +1. **Connect Veracode credentials** in Pixee settings (Helm values for Enterprise Server, or SaaS configuration). +2. **Configure Veracode SARIF export** or use Pixee's native Veracode integration to ingest findings directly. +3. **Connect your code repository** (GitHub, GitLab, Azure DevOps, or Bitbucket). +4. **Pixee processes findings** automatically through the triage and remediation pipeline. +5. **Review and merge** Pixee-generated PRs in your normal development workflow. + +**Prerequisites:** Veracode account with SAST scan results, Pixee account with connected repository. + +## Common False Positive Patterns Pixee Eliminates + +- **Parameterized query false positives:** Veracode flags SQL injection on code that already uses parameterized APIs or ORMs -- Pixee's triage verifies the actual query construction +- **Sanitized input in complex flows:** Veracode's static analysis cannot always trace sanitization through complex control flow; Pixee investigates security controls in the actual codebase +- **Test code at production severity:** Pixee distinguishes test fixtures, example code, and documentation snippets from production code +- **Framework-mitigated findings:** Code protected by framework-level security controls (Spring Security, Django middleware) that Veracode's static analysis cannot resolve + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. + +## FAQ + +### Does Pixee replace Veracode? + +No. Pixee complements Veracode by adding automated triage and remediation on top of your existing deployment. Veracode continues scanning as before. Pixee processes the output, classifies findings, and delivers fixes as pull requests. + +### How does Pixee compare to Veracode Fix? + +Veracode Fix provides AI-assisted remediation suggestions within the Veracode UI. Pixee delivers complete, context-aware fixes as pull requests that developers review and merge through their standard code review workflow. Pixee also adds independent triage before remediation -- classifying each finding before generating a fix. + +### Does Pixee work with Veracode SCA findings as well as SAST? + +Pixee's Veracode integration processes SAST findings through the triage and remediation pipeline. For SCA-specific remediation (dependency version updates), see the [SCA pipeline](/how-it-works/sca-pipeline) documentation. diff --git a/docs/integrations/scms/_category_.json b/docs/integrations/scms/_category_.json new file mode 100644 index 00000000..56f8e9e3 --- /dev/null +++ b/docs/integrations/scms/_category_.json @@ -0,0 +1,9 @@ +{ + "label": "Source Control", + "position": 3, + "collapsible": true, + "collapsed": false, + "link": { + "type": "generated-index" + } +} diff --git a/docs/integrations/scms/azure-devops.md b/docs/integrations/scms/azure-devops.md new file mode 100644 index 00000000..8e669b2a --- /dev/null +++ b/docs/integrations/scms/azure-devops.md @@ -0,0 +1,73 @@ +--- +title: Azure DevOps Integration +slug: /integrations/scms/azure-devops +track: both +content_type: guide +seo_title: Azure DevOps Integration with Pixee +description: Pixee integration with Azure DevOps via personal access token and webhook configuration. Optional work-item linking for branch-policy compliance. +sidebar_position: 1 +--- + +# Azure DevOps Integration + +Pixee integrates with Azure DevOps through a personal access token and webhook configuration, delivering automated security triage and remediation as pull requests. Developers review and merge Pixee fixes exactly like any other PR — zero new tools, zero new interfaces. Optional work-item linking supports organizations that enforce "Require linked work item" branch policies. Works with Azure DevOps Services (cloud) and Azure DevOps Server (on-premises). + +## How Pixee Works with Azure DevOps + +Pixee connects to Azure DevOps using your organization name plus a personal access token (PAT) for API access. Optional webhook credentials authenticate inbound webhook requests from Azure DevOps to Pixee for real-time event delivery. + +**PAT-based authentication.** A PAT with full _Code_ access handles repository reads, branch operations, and pull-request management. Use a custom scope rather than "Full access" so the token grants only what the integration needs. + +**Pull request delivery.** Every remediation Pixee generates arrives as a standard Azure DevOps PR. PR descriptions include the finding context, fix explanation, triage justification, and confidence score. + +**Webhook integration (optional).** Azure DevOps can deliver repository and PR events to Pixee for low-latency response to scanner output. Configure a webhook user and password in Pixee, then point Azure DevOps webhook deliveries at the Pixee endpoint with HTTP Basic auth using those credentials. + +## Authentication + +| Credential | Purpose | +| ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | +| Organization name | Identifies your Azure DevOps organization to Pixee | +| Personal access token | A PAT with **full _Code_ access** (custom scope, not "Full access"). Authorizes repository reads, branch operations, and PR management. | +| Webhook user / password (optional) | HTTP Basic credentials Pixee uses to authenticate inbound webhook requests from Azure DevOps | + +For Pixee Enterprise (Helm), these values live under `platform.scm.azure.{organization, token, webhook.user, webhook.password}`. For SaaS, use the settings UI. For embedded-cluster Enterprise, the admin console exposes these fields under **Config → Development Platforms → Azure DevOps**. + +## Scanner Integration + +Pixee works with any scanner that produces SARIF output run from Azure Pipelines or any external CI system. No modification to existing pipeline YAML is required. Scanner findings are uploaded to Pixee via SARIF; Pixee then triages and remediates them, delivering fix PRs into the same Azure DevOps repository where the code lives. + +## Setup + +1. **Create a personal access token** in Azure DevOps with a custom scope that includes full _Code_ access. +2. **(Optional) Choose webhook credentials** — a username and password that Pixee will use to authenticate inbound webhook requests from Azure DevOps. +3. **Configure Pixee** with your organization name, the PAT, and (optionally) the webhook credentials. See [Authentication](#authentication) above for the values map. +4. **(Optional) Set up Azure DevOps webhooks** to deliver repository and PR events to your Pixee endpoint, using HTTP Basic auth with the credentials from step 2. +5. **Pixee begins monitoring** for scanner findings and generating remediation PRs. + +For the install-time walkthrough, see [Getting Started with Azure DevOps](/getting-started/azure-devops). + +## Azure DevOps Server (On-Premises) + +Pixee Enterprise Server supports both Azure DevOps Services (cloud) and Azure DevOps Server (on-premises) with the same capabilities. The same PAT and webhook integration model applies. + +For on-premises configuration, see the [enterprise deployment documentation](/enterprise/deployment). + +## FAQ + +### Does Pixee work with Azure DevOps Server (on-premises)? + +Yes. Pixee Enterprise Server connects to Azure DevOps Server via the same PAT plus webhook integration used for Azure DevOps Services. + +### What permissions does the PAT need? + +A custom scope with **full _Code_ access**. Avoid the "Full access" preset — that grants more than the integration needs. + +### Are the webhook credentials required? + +No, they are optional. Without them, Pixee operates against Azure DevOps without inbound webhook events. Configuring webhooks gives the integration lower-latency response to repository and PR events. + +### Do I need Azure Pipelines? + +No. Pixee works with any scanner that produces SARIF, regardless of where the scanner runs. Many teams use Azure Pipelines, but Jenkins or other CI systems work equally well. + +See [Integrations Overview](/integrations/overview) for the full integration coverage matrix. diff --git a/docs/integrations/scms/bitbucket.md b/docs/integrations/scms/bitbucket.md new file mode 100644 index 00000000..352288af --- /dev/null +++ b/docs/integrations/scms/bitbucket.md @@ -0,0 +1,87 @@ +--- +title: Bitbucket Integration +slug: /integrations/scms/bitbucket +track: both +content_type: guide +seo_title: Bitbucket Integration with Pixee +description: Pixee integration with Bitbucket via API token. Native pull request delivery and SARIF upload from Bitbucket Pipelines or any external CI system. +sidebar_position: 2 +--- + +# Bitbucket Integration + +Pixee integrates with Bitbucket Cloud through an API token, delivering automated security triage and remediation as pull requests. Developers review and merge Pixee fixes exactly like any other PR — zero new tools, zero new interfaces. + +## How Pixee Works with Bitbucket + +Pixee connects to Bitbucket Cloud using a workspace-scoped API token. API tokens are the current authentication method, replacing app passwords (deprecated by Atlassian). + +**Pull request delivery.** Every remediation Pixee generates arrives as a standard Bitbucket PR. PR descriptions include the finding context, fix explanation, triage justification, and confidence score. + +**Username plus email.** Bitbucket API tokens require both your account's **email address** (used for API authentication) and your **username** (used for Git operations). Configure both in Pixee — using just one will not work. We recommend using a dedicated service-account user rather than a personal user, so the integration survives team-member departures. + +## Authentication + +| Credential | Purpose | +| ------------- | --------------------------------------------------------------------- | +| Username | Git operations against the workspace's repositories | +| Email address | API authentication (Bitbucket API tokens require email, not username) | +| API token | Authorizes the workspace operations defined by the scopes below | + +**Required API token scopes:** + +| Scope | Purpose | +| ----------------------------- | ------------------------------------------------- | +| `read:user:bitbucket` | Identify the authenticated user | +| `read:workspace:bitbucket` | Discover repositories in the workspace | +| `read:repository:bitbucket` | Read code for analysis | +| `read:pullrequest:bitbucket` | Read PR state for ingestion and event correlation | +| `write:repository:bitbucket` | Push fix branches | +| `write:pullrequest:bitbucket` | Create and manage remediation PRs | + +For instructions on creating an API token, see Atlassian's [Bitbucket Cloud documentation](https://support.atlassian.com/bitbucket-cloud/docs/create-a-repository-access-token/). + +## Scanner Integration + +Bitbucket Pipelines is one option for running scanners, but many teams use Jenkins, CircleCI, GitHub Actions, or other CI systems with Bitbucket-hosted repositories. Pixee works with all of them: + +- **SARIF upload from Bitbucket Pipelines** — scanner steps in `bitbucket-pipelines.yml` can produce SARIF and upload it to Pixee. +- **SARIF upload from external CI** — Jenkins, CircleCI, GitHub Actions, or any CI system that produces SARIF can upload findings to Pixee. +- **All named scanner integrations** and the universal SARIF connector work with Bitbucket-hosted repositories. + +## Setup + +1. **Create a service-account user** in your Bitbucket workspace. +2. **Generate an API token** for the service account with the six scopes listed above. +3. **Configure Pixee** with the username, email address, and API token. For Pixee Enterprise (Helm), the values live under `platform.scm.bitbucket.{username, emailAddress, apiToken}`. For SaaS, use the settings UI. For embedded-cluster Enterprise, the admin console exposes these fields under **Config → Development Platforms → BitBucket**. +4. **Pixee begins monitoring** for scanner findings and generating remediation PRs. + +For the install-time walkthrough, see [Getting Started with Bitbucket](/getting-started/bitbucket). + +## Bitbucket Server / Data Center + +Bitbucket Server (formerly Data Center) is a separate Atlassian product from Bitbucket Cloud. The integration mechanics — credentials, scopes, and configuration paths — differ. For Bitbucket Server deployments running on Pixee Enterprise, see the [enterprise deployment documentation](/enterprise/deployment) for the supported connection model and current configuration details. + +## FAQ + +### Why does Pixee need both my username and my email address? + +Bitbucket Cloud API tokens authenticate via email address, but Git operations require the workspace username. Pixee uses both — email for API calls, username for the actual `git push` of fix branches. Configuring only one will produce authentication failures. + +### Does Pixee work with Bitbucket Server / Data Center? + +Bitbucket Server is supported on Pixee Enterprise, but the connection details differ from Bitbucket Cloud. See the [enterprise deployment documentation](/enterprise/deployment) for the current Bitbucket Server configuration model. + +### Do I need Bitbucket Pipelines? + +No. Pixee works with any scanner that produces SARIF, regardless of where the scanner runs. Many teams use Bitbucket Pipelines, but Jenkins or other CI systems work equally well. + +### Are app passwords still supported? + +API tokens are the current authentication method. App passwords are deprecated by Atlassian; we recommend API tokens for new integrations and migration for existing ones. + +### Do developers need to install anything? + +No. The integration is configured at the workspace level by an administrator. Developers interact with Pixee through standard pull requests. + +See [Integrations Overview](/integrations/overview) for the full integration coverage matrix. diff --git a/docs/integrations/scms/github.md b/docs/integrations/scms/github.md new file mode 100644 index 00000000..7b341dae --- /dev/null +++ b/docs/integrations/scms/github.md @@ -0,0 +1,158 @@ +--- +title: GitHub Integration +slug: /integrations/scms/github +track: both +content_type: guide +seo_title: GitHub Platform Integration with Pixee +description: Pixee integration with GitHub via native GitHub App. Automated triage and remediation delivered as pull requests. +sidebar_position: 3 +--- + +# GitHub Integration + +Pixee integrates with GitHub through a native GitHub App that delivers automated security triage and remediation as pull requests. Developers review and merge Pixee fixes exactly like any other PR -- zero new tools, zero new interfaces. The GitHub App handles repository access, webhook events, and PR creation automatically. Works with GitHub.com and GitHub Enterprise Server. + +> This page covers GitHub as a development platform. For CodeQL and GitHub Advanced Security scanner integration, see [CodeQL Integration](/integrations/scanners/codeql). + +## How Pixee Works with GitHub + +Pixee connects to GitHub through a first-class GitHub App -- the same integration model used by production-grade developer tools across the GitHub ecosystem. + +**GitHub App integration.** A single GitHub App installation gives Pixee access to your organization's repositories. The app handles authentication, webhook events, and PR creation through GitHub's native API. Credentials are managed through the GitHub App's private key, with support for external secret managers (Vault, External Secrets Operator, SOPS) via `existingSecret` configuration. + +**Pull request delivery.** Every remediation Pixee generates arrives as a standard GitHub pull request. PR descriptions include the finding context, fix explanation, triage justification, and confidence score. Developers see Pixee PRs in their PR queue alongside all other pull requests -- no separate dashboard, no new tool to learn. + +**Webhook integration.** Pixee receives real-time events from your repositories via GitHub webhooks. Repository changes, PR actions, and scanner output trigger Pixee's triage and remediation pipeline automatically. + +**Repository management.** Install the GitHub App on all repositories or select specific ones. Organization-level or repository-level installation gives administrators control over which repositories Pixee monitors. + +## What Developers See + +Fixes arrive as standard GitHub pull requests — no new tools, no new dashboards. Existing branch protection rules, required reviewers, and CI checks apply to Pixee PRs exactly as they would to any other PR. See [GitHub Setup → What You'll See](/getting-started/github#what-youll-see) for the full PR contents and review/merge/reject flow. + +## Scanner Integration via GitHub + +GitHub serves as both the development platform and a scanner delivery mechanism: + +- **CodeQL findings via GHAS API:** Pixee's deep integration ingests CodeQL findings directly from GitHub Advanced Security. See [CodeQL Integration](/integrations/scanners/codeql) for details. +- **SARIF upload via GitHub Code Scanning:** Any scanner that uploads SARIF to GitHub's Code Scanning API makes those findings available to Pixee. +- **Direct SARIF upload from GitHub Actions:** Scanner results from Actions workflow jobs can be sent to Pixee directly. +- **All scanner findings** -- regardless of source -- are processed through the same triage and remediation pipeline. + +## GitHub Actions Integration + +Pixee works alongside your existing GitHub Actions workflows without requiring modifications. + +Scanner results from Actions jobs are available to Pixee. If your CodeQL Action, Semgrep Action, or any SARIF-producing scanner runs in a GitHub Actions workflow, the output feeds into Pixee's pipeline automatically or via SARIF upload. + +There is no need to modify existing `.github/workflows/` files. Pixee operates alongside your CI/CD pipeline, not inside it. + +## Setup + +1. **Install the Pixee GitHub App** on your organization or selected repositories. +2. **Authorize repository access** -- choose all repositories or select specific ones. +3. **Pixee begins monitoring** for scanner findings and generating remediation PRs. +4. **Configure preferences** in `PIXEE.yaml` (optional) to tune triage behavior and fix scope. +5. **Review and merge** your first Pixee PR. + +For a detailed walkthrough, see [Getting Started with GitHub](/getting-started/github). + +### Required Permissions + +The Pixee GitHub App requests the following permissions during installation. Pixee Enterprise customers register a custom GitHub App and configure the same permissions; SaaS customers install the published Pixee App which carries these permissions pre-configured. + +**Repository permissions:** + +| Permission | Access | Purpose | +| -------------------- | -------------- | ------------------------------------------------------------- | +| Checks | Read and write | Report triage and fix-validation status on PRs | +| Code scanning alerts | Read and write | Ingest CodeQL and SARIF findings; report fix status | +| Commit statuses | Read and write | Reflect fix-pipeline state on commits | +| Contents | Read and write | Read code for analysis; create fix branches | +| Dependabot alerts | Read and write | Ingest SCA findings from Dependabot | +| Issues | Read and write | Read referenced issues; comment with triage context | +| Metadata | Read-only | Repository metadata for configuration | +| Pull Requests | Read and write | Create and manage remediation PRs | +| Workflows | Read and write | Inspect Actions workflow state for scanner-result correlation | + +**Organization permissions:** + +| Permission | Access | Purpose | +| ---------- | --------- | ---------------------------------------- | +| Members | Read-only | Resolve PR-author identities for scoping | + +**Account permissions:** + +| Permission | Access | Purpose | +| --------------- | --------- | --------------------------------------------- | +| Email addresses | Read-only | Author attribution on Pixee-generated commits | + +**Webhook events the App subscribes to:** Code scanning alert, Check run, Create, Dependabot alert, Issue comment, Issues, Pull request, Pull request review, Pull request review comment, Pull request review thread, Push, Repository. + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. + +## GitHub Enterprise Server + +GHES (and Pixee Enterprise on github.com) is supported by registering a **custom GitHub App** on your GitHub host. Pixee Enterprise then connects using that App's credentials. The mechanics are the same as a standard GitHub App; the install path differs because you control the App registration end-to-end. + +### Registering the Custom GitHub App + +In your GitHub host (github.com or your GHES instance), go to **Settings → Developer settings → GitHub Apps → New GitHub App**, then: + +1. **GitHub App name.** Choose something unique to your org (e.g., `AcmePixeebotApp`). Save the name — Pixee Enterprise needs it. +2. **Homepage URL.** Anything works (e.g., `https://pixee.ai`). You can change this later. +3. **Callback URL.** Set to `https:///api/auth/login`. +4. **Request user authorization (OAuth) during installation.** Check this box. +5. **Webhook → Active.** Check this box. +6. **Webhook URL.** Set to `https:///github-event`. +7. **Webhook secret.** Set to a randomly generated value. Save it — Pixee Enterprise needs it. +8. **Permissions.** Configure the repository, organization, and account permissions exactly as listed in [Required Permissions](#required-permissions) above. +9. **Subscribe to events.** Check the events listed in [Required Permissions](#required-permissions) above. +10. **Where can this GitHub App be installed?** Start with **Only on this account**; you can broaden later. +11. **Create GitHub App.** Save the generated **App ID**. +12. **Generate a private key** from the App's settings page. Download the `.pem` file. + +### Configuring Pixee Enterprise + +Provide the App's credentials to your Pixee Enterprise installation: + +- **Embedded cluster.** Admin console → **Config → Development Platforms → GitHub** → enter the App name, App ID, and upload the private key. For GHES, select **Custom domain** for the **GitHub domain** setting and enter your GHES hostname. +- **Helm.** Set the values under `platform.github`: + ```yaml + platform: + github: + appName: "" + appId: "" + appWebhookSecret: "" + appPrivateKey: | + -----BEGIN RSA PRIVATE KEY----- + ... + -----END RSA PRIVATE KEY----- + # For GHES on a custom domain, set the URL: + # url: "https://github.your-company.com" + ``` + +### Network and Verification + +- **Bidirectional reachability** is required between your GitHub host and the Pixee Enterprise deployment. GitHub sends webhook events to Pixee; Pixee makes API calls back to GitHub. For air-gapped environments, see [Enterprise Deployment Options](/enterprise/deployment). +- **Verify connectivity** by checking the App's event log under **Settings → Developer settings → GitHub Apps → Advanced**. Successful deliveries to the Pixee webhook URL confirm the integration is reachable end-to-end. + +For deployment-model details (embedded cluster, Helm, air-gapped), see [Enterprise Deployment Options](/enterprise/deployment). + +## FAQ + +### Does Pixee work with GitHub Enterprise Server? + +Yes. Pixee supports both GitHub.com and GitHub Enterprise Server. Pixee Enterprise Server connects to GHES via a GitHub App with the same capabilities as the cloud integration. + +### Do developers need to install anything? + +No. The GitHub App is installed at the organization level by an administrator. Developers interact with Pixee through standard pull requests. There is nothing new to install, learn, or configure on the developer side. + +### Can I control which repositories Pixee monitors? + +Yes. During GitHub App installation, you choose between all repositories or a selected set. You can modify this selection at any time through GitHub's App settings. + +### How does Pixee integrate with GitHub Actions? + +Pixee works alongside your existing Actions workflows. Scanner results from Actions jobs are available to Pixee automatically (for GHAS/CodeQL) or via SARIF upload. No modification to your workflow YAML is required. diff --git a/docs/integrations/scms/gitlab.md b/docs/integrations/scms/gitlab.md new file mode 100644 index 00000000..3fe5ceac --- /dev/null +++ b/docs/integrations/scms/gitlab.md @@ -0,0 +1,105 @@ +--- +title: GitLab Integration +slug: /integrations/scms/gitlab +track: both +content_type: guide +seo_title: GitLab Integration with Pixee +description: Pixee integration with GitLab via service-account personal access token. Native merge request delivery with optional project-membership scoping. +sidebar_position: 4 +--- + +# GitLab Integration + +Pixee integrates with GitLab through a service-account personal access token, delivering automated security triage and remediation as merge requests. Developers review and merge Pixee fixes exactly like any other MR — zero new tools, zero new interfaces. The integration handles repository access, webhook events, and MR creation automatically. Works with GitLab.com and self-hosted GitLab. + +> This page covers GitLab as a development platform. For GitLab SAST scanner integration, see [GitLab SAST](/integrations/scanners/gitlab-sast). For GitLab Dependency Scanning (SCA), see [GitLab SCA](/integrations/scanners/gitlab-sca). + +## How Pixee Works with GitLab + +Pixee connects to GitLab through a service-account personal access token (PAT) with the scopes required to read repositories, manage merge requests, and create fix branches. + +**PAT-based authentication.** A single service-account PAT gives Pixee scoped access to your GitLab projects. The token's scopes are limited to what Pixee needs — full API access for MR management, repository read/write, and user-attribution metadata. + +**Merge request delivery.** Every remediation Pixee generates arrives as a standard GitLab MR. MR descriptions include the finding context, fix explanation, triage justification, and confidence score. Developers see Pixee MRs in their MR queue alongside all other merge requests. + +**Webhook events.** Pixee receives real-time events from your projects via GitLab webhooks. Repository changes, MR actions, and scanner output trigger Pixee's triage and remediation pipeline automatically. + +**Project access control.** The `member_projects_only` toggle restricts Pixee to projects where the service account is an explicit member — a security control useful in large GitLab instances where you want Pixee scoped to a known subset of projects rather than every project the token can technically access. + +## Authentication + +The PAT requires the following scopes: + +| Scope | Purpose | +| ----------------------- | -------------------------------------------------------------- | +| `api` | Full API access for MR creation and management | +| `read_user` | Read user information for attribution | +| `read_repository` | Read repository contents for analysis | +| `read_api` | Read-only API access for discovery | +| `write_repository` | Create fix branches and commit changes | +| `ai_features` | Drive GitLab Duo / AI features used by the integration | +| `read_registry` | Read the project's container registry for image-based analyses | +| `read_virtual_registry` | Read GitLab's virtual dependency registry for SCA correlation | + +## Scanner Integration via GitLab + +GitLab serves as both the development platform and a scanner delivery mechanism: + +- **GitLab SAST findings** are ingested natively. See [GitLab SAST](/integrations/scanners/gitlab-sast). +- **GitLab Dependency Scanning** for SCA is ingested as well. See [GitLab SCA](/integrations/scanners/gitlab-sca). +- **Any SARIF scanner output** can be uploaded to Pixee from GitLab CI jobs. +- **Fortify + GitLab** is a documented enterprise deployment pattern. See [Fortify](/integrations/scanners/fortify). + +## GitLab CI + +Pixee works alongside existing GitLab CI/CD pipelines without requiring modifications. No changes to `.gitlab-ci.yml` are needed. Pixee is compatible with GitLab's security dashboard and vulnerability management features. + +## Setup + +1. **Create a service-account user** in GitLab with appropriate project membership. (Service accounts are recommended over personal accounts so the integration survives team-member departures.) +2. **Generate a personal access token** for the service account with the scopes listed above. +3. **Configure Pixee** with the PAT. For Pixee Enterprise (Helm), values live under `platform.scm.gitlab.{token, baseUri, webhookSecret}`. For SaaS, use the settings UI. For embedded-cluster Enterprise, the admin console exposes these fields under **Config → Development Platforms → GitLab**. +4. **Configure repository access** — either grant the service account access to all relevant projects, or use `member_projects_only` for explicit per-project membership. +5. **Pixee begins monitoring** projects, ingesting scanner findings, and generating remediation MRs. + +For the install-time walkthrough, see [Getting Started with GitLab](/getting-started/gitlab). + +### Webhook Configuration + +For real-time event delivery from GitLab, configure a webhook on your project (or group) pointing at: + +``` +https:///api/v1/integrations/gitlab-default/webhooks +``` + +The webhook secret you set in GitLab must match the `webhookSecret` configured in Pixee Enterprise. For setup instructions, see [GitLab's webhook documentation](https://docs.gitlab.com/user/project/integrations/webhooks/). Webhooks are optional — Pixee can still ingest findings via API polling — but recommended for low-latency response to scanner output. + +## Self-Hosted GitLab + +Pixee Enterprise Server connects to self-hosted GitLab via the same PAT integration used for GitLab.com. Capabilities are identical: MR delivery, webhook events, scanner ingestion, and project management all work the same way. + +For self-hosted GitLab configuration, see the [enterprise deployment documentation](/enterprise/deployment). + +## FAQ + +### Does Pixee work with self-hosted GitLab? + +Yes. Pixee Enterprise Server connects to self-hosted GitLab via a service-account PAT with the same capabilities as the GitLab.com integration. + +### What is `member_projects_only`? + +A configuration toggle that restricts Pixee's effective project scope to projects where the service-account user is an explicit member. This is a useful security control on large GitLab instances where the service-account token might technically have access to many more projects than you actually want Pixee monitoring. + +### Do I need GitLab Ultimate? + +No. Pixee works with GitLab Free, Premium, and Ultimate. GitLab Ultimate is required only if you want to use GitLab's built-in SAST as a scanner source — see [GitLab SAST](/integrations/scanners/gitlab-sast). Without Ultimate, Pixee still works with any other SARIF-producing scanner via the universal SARIF integration. + +### Do developers need to install anything? + +No. The integration is configured at the group/project level by an administrator. Developers interact with Pixee through standard merge requests. + +### Can Pixee link MRs to GitLab issues? + +Pixee MR descriptions can reference issues, but explicit issue-linking integration depends on configuration. Contact the Pixee team for current options. + +See [Integrations Overview](/integrations/overview) for the full integration coverage matrix. diff --git a/docs/intro.md b/docs/intro.md deleted file mode 100644 index 7cf6e4b4..00000000 --- a/docs/intro.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -sidebar_position: 1 ---- - -# Introducing Pixee 👋 - -Pixee is your automated product security engineer. - -Pixee triages and fixes issues detected by your [code scanning tools](/code-scanning-tools/overview). To make the fixes, we send you pull requests, just like your other team members. - -### How does Pixee help me? - -1. 🗃️ **Continuous Improvement:** works down your backlog of issues and keeps your codebase secure. -2. :seedling: **PR Improvement:** checks each new pull request (PR) and recommends improvements. -3. 🔎 **Triage**: identifies false positives and prioritizes issues that need fixing. - -### What types of issues can Pixee triage and fix? - -Pixee can triage and fix a wide range of security issues detected by code scanning tools. Many of these issues are common across tools and languages, such as: - -- SQL Injection -- Cross-Site Scripting (XSS) -- Insecure Deserialization -- Insecure Randomness -- XML External Entities (XXE) -- Insecure Cookie Handling -- Command Injection -- JNDI Injection -- Reflection Injection -- Insecure Configuration -- ... and many more! - -### How can I test Pixee? - -Pixee is most easily tried as a GitHub App. Reach out to us [here](https://pixee.ai/demo-landing-page) and we'll help you get setup. We provide a free tier on our cloud offering that can be installed on any public or private repository. After adding Pixee, you need to get some code scanning results to show the breadth of fixes available. To do that, try adding [SonarCloud](https://www.sonarsource.com/products/sonarcloud/) to it. This is a great way to get started with Pixee and see how it can help to harden and secure your code, and triage your code scanner alerts. - -If you need a repository to test with, we recommend trying Pixee out with a deliberately insecure application. Template repositories containing Java and Python test applications are available in PixeeSandbox: [https://github.com/PixeeSandbox](https://github.com/PixeeSandbox). - -Testing with these deliberately insecure applications can give you an idea of how Pixee works, before installing it directly on your personal or professional repositories. - -For additional details, see the [Installation](/installing) page. - -Pixee also supports self-hosted deployments for organizations that require additional security or compliance measures. To learn more about Pixee self-hosted solutions, please [contact us](https://pixee.ai/demo-landing-page). - -### What does Pixee cost? - -Please see https://www.pixee.ai/pricing. diff --git a/docs/languages.md b/docs/languages.md deleted file mode 100644 index 4c69b2e0..00000000 --- a/docs/languages.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -sidebar_position: 3 ---- - -# Language support - -Pixee has evolved to a language-agnostic platform that can triage and fix security issues across most critical programming languages. Our agentic capabilities are designed to understand and work with diverse codebases, regardless of the underlying language or framework. - -## Currently supported languages - -When triaging and fixing issues detected by code scanning tools, Pixee provides robust support for: - -### Programming Languages - -- Java -- Python -- C#/.NET -- JavaScript -- TypeScript -- Node.js -- Ruby -- Go -- PHP -- Kotlin -- Rust -- Scala -- Swift -- Objective-C - -### Infrastructure as Code - -- Terraform/HCL -- Dockerfile/Containerfile -- Kubernetes/Helm -- CloudFormation -- Ansible -- Docker Compose - -## Expanding language coverage - -Our language-agnostic architecture means we're continuously expanding support to cover more languages and frameworks. If you're working with a language not explicitly listed here, Pixee may still be able to help with security issue triage and remediation. - -For questions about specific language support or to request coverage for additional languages, please [contact us](https://pixee.ai/demo-landing-page). diff --git a/docs/languages/_category_.json b/docs/languages/_category_.json new file mode 100644 index 00000000..6d7b5d40 --- /dev/null +++ b/docs/languages/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Language Support", + "position": 7, + "collapsible": true, + "collapsed": false, + "link": { + "type": "doc", + "id": "languages/languages-overview" + } +} diff --git a/docs/languages/dotnet.md b/docs/languages/dotnet.md new file mode 100644 index 00000000..dc3291bc --- /dev/null +++ b/docs/languages/dotnet.md @@ -0,0 +1,146 @@ +--- +title: .NET +slug: /languages/dotnet +track: both +content_type: guide +seo_title: .NET Language Support -- Pixee Docs +description: "Pixee .NET support: deterministic codemods and AI-powered fixes for ASP.NET Core and Blazor." +sidebar_position: 5 +--- + +Pixee remediates .NET vulnerabilities automatically using deterministic codemods and AI-powered fixes for custom patterns. Coverage includes ASP.NET Core and Blazor applications with fixes for injection vulnerabilities, insecure cryptography, and dependency vulnerabilities. Pixee uses full AST analysis for C# source code and manages dependency upgrades across both .csproj and packages.config formats, delivering fixes as pull requests that match your codebase conventions. + +.NET support uses Pixee's full AST parsing tier, providing deep cross-file analysis on par with Java and Python. Deterministic codemod coverage is growing alongside comprehensive AI-powered MagicMod support. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). + +## What Pixee Fixes in .NET + +| Vulnerability Type | CWE | Example Fix | Fix Mode | +| -------------------------- | ------- | ------------------------------------------------------------------ | ---------------- | +| SQL Injection | CWE-89 | Parameterized query / Entity Framework Core safe patterns | Deterministic/AI | +| Cross-Site Scripting | CWE-79 | Output encoding, Razor view sanitization | AI-powered | +| Insecure Cryptography | CWE-327 | RNGCryptoServiceProvider, secure defaults | Deterministic/AI | +| SSRF | CWE-918 | HttpClient URL validation | Deterministic/AI | +| Path Traversal | CWE-22 | Canonical path validation | Deterministic/AI | +| Dependency Vulnerabilities | N/A | NuGet version upgrade in .csproj/packages.config + source refactor | Hybrid | +| Custom Framework Patterns | Various | ASP.NET-specific sanitization | AI-powered | + +## ASP.NET Core + +ASP.NET Core is the primary .NET web framework in modern enterprise development. Pixee provides framework-aware support for common ASP.NET Core security patterns. + +**What Pixee understands about your ASP.NET Core code:** + +- Controller patterns (`[ApiController]`, `[HttpGet]`, `[HttpPost]`) and action method signatures +- Middleware pipeline ordering and security middleware configuration +- ASP.NET Core Identity configuration and authentication schemes +- Entity Framework Core query patterns, including raw SQL and LINQ +- Razor view rendering and output encoding +- Dependency injection patterns and service registration + +**ASP.NET Core-specific fixes include:** + +- SQL injection remediation that converts raw SQL to Entity Framework Core parameterized queries +- Controller input validation hardening using model binding and `[FromBody]`/`[FromQuery]` attributes +- Identity configuration hardening (password policies, lockout settings, token lifetimes) +- Razor view XSS prevention through proper encoding and `@Html.Raw` audit +- Middleware ordering corrections where security middleware is registered after routing + +## Blazor + +Pixee supports Blazor Server applications with security patterns relevant to server-side component rendering. Blazor WebAssembly security considerations differ from server-side patterns; Pixee focuses on the server-side execution model where vulnerability remediation has the highest impact. + +## How It Works for .NET + +**Analysis depth:** Full AST parsing for C# source code. Pixee analyzes class hierarchies, interface implementations, and cross-file dataflow from controller actions through service layers to data access code. + +**Fix routing:** Known vulnerability patterns receive deterministic, zero-LLM-cost fixes. Novel or custom patterns route to AI-powered MagicMods with .NET-specific context including framework detection, NuGet dependency analysis, and your PIXEE.yaml configuration. + +**Dependency support:** Pixee manages vulnerable NuGet packages across both modern (.csproj with `PackageReference`) and legacy (packages.config) project formats. A single pull request contains the version bump and any required source-file refactoring. + +**Scanner compatibility:** Pixee remediates .NET findings from enterprise scanners commonly used in Microsoft-stack environments. + +## Fix Examples + +**SQL Injection (CWE-89) -- ASP.NET Core Controller** + +Before: + +```csharp +[HttpGet("users")] +public IActionResult GetUser(string userId) +{ + var query = $"SELECT * FROM Users WHERE Id = '{userId}'"; + var users = _context.Users.FromSqlRaw(query).ToList(); + return Ok(users); +} +``` + +After: + +```csharp +[HttpGet("users")] +public IActionResult GetUser(string userId) +{ + var users = _context.Users + .FromSqlRaw("SELECT * FROM Users WHERE Id = {0}", userId) + .ToList(); + return Ok(users); +} +``` + +**Dependency Upgrade -- Vulnerable NuGet Package** + +Before (.csproj): + +```xml + +``` + +After (.csproj): + +```xml + +``` + +The pull request includes any source-file changes required by the version upgrade. + +## Scanner Compatibility + +| Scanner | .NET Support | +| --------------- | ------------ | +| CodeQL | Yes | +| SonarQube | Yes | +| Checkmarx | Yes | +| Veracode | Yes | +| Fortify | Yes | +| Universal SARIF | Yes | + +Any scanner that produces SARIF output can feed .NET findings to Pixee through the [universal SARIF integration](/integrations/sarif-universal). + +## Compatibility + +| Dimension | Details | +| --------------- | ------------------------------------------------------------ | +| Package manager | NuGet | +| Project formats | .csproj (PackageReference), packages.config | +| CI/CD platforms | GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines | +| Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | +| Frameworks | ASP.NET Core, Blazor Server | + +## FAQ + +**Does Pixee support .NET?** + +Yes. Pixee remediates .NET vulnerabilities automatically using deterministic codemods and AI-powered fixes with full AST analysis for C# source code. Fixes are delivered as pull requests. + +**Does Pixee work with ASP.NET Core applications?** + +Yes. Pixee recognizes ASP.NET Core controllers, middleware, Entity Framework Core patterns, and Razor views for targeted security fixes. Fixes respect ASP.NET Core conventions and use framework-native security patterns. + +**How does Pixee handle NuGet dependency vulnerabilities?** + +Pixee upgrades vulnerable packages in .csproj and packages.config files, coordinating version bumps with required source-file changes in a single PR. + +**What .NET scanners does Pixee work with?** + +Pixee remediates findings from CodeQL, SonarQube, Checkmarx, Veracode, Fortify, and any SARIF-producing scanner. Enterprise .NET shops using Microsoft-stack tooling can connect through the universal SARIF integration. diff --git a/docs/languages/go.md b/docs/languages/go.md new file mode 100644 index 00000000..560a9385 --- /dev/null +++ b/docs/languages/go.md @@ -0,0 +1,139 @@ +--- +title: Go +slug: /languages/go +track: both +content_type: guide +seo_title: Go Language Support -- Pixee Docs +description: "Pixee Go support: Tree-sitter analysis and AI-powered fixes for standard library, Gin, and Echo applications." +sidebar_position: 6 +--- + +Pixee remediates Go vulnerabilities using Tree-sitter-based analysis and AI-powered fixes for standard library, Gin, and Echo applications. Coverage includes injection vulnerabilities, insecure cryptography, and dependency vulnerabilities in go.mod-managed projects. Go support uses lighter parsing than Pixee's full AST languages (Java, Python, JS/TS, .NET) with expanding coverage for standard security patterns and framework-specific fixes. + +Go's adoption in infrastructure and cloud-native environments makes it a strategic language for Pixee. Coverage is actively expanding. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). + +## What Pixee Fixes in Go + +| Vulnerability Type | CWE | Example Fix | Fix Mode | +| -------------------------- | ------- | ----------------------------------------- | ---------- | +| SQL Injection | CWE-89 | Parameterized query conversion | AI-powered | +| SSRF | CWE-918 | URL validation and allowlist enforcement | AI-powered | +| Insecure Cryptography | CWE-327 | crypto/rand usage, secure defaults | AI-powered | +| Path Traversal | CWE-22 | filepath.Clean validation | AI-powered | +| Dependency Vulnerabilities | N/A | go.mod version upgrades + source refactor | Hybrid | +| Custom Patterns | Various | Framework-specific sanitization | AI-powered | + +Go fixes are primarily AI-powered through MagicMods. Deterministic codemod coverage for Go is growing. AI-powered MagicMods receive Go-specific context, including knowledge of Go idioms like explicit error handling and interface patterns. + +## Frameworks + +**Go standard library:** Pixee handles security patterns in core packages including `net/http` (request handling, URL parsing), `crypto` (secure random, cipher selection, TLS configuration), and `os` (file path handling, temp file creation). + +**Gin:** Pixee recognizes Gin route handlers, middleware chains, and request binding patterns. Fixes address injection through `c.Param`, `c.Query`, and `c.PostForm` into database queries or system calls. + +**Echo:** Pixee supports Echo framework route handlers, middleware, and context parameter extraction. Security fixes address the same vulnerability categories as Gin with Echo-specific handler patterns. + +Pixee understands Go's idiomatic patterns. Fixes respect explicit error handling conventions (`if err != nil`), interface-based dependency injection, and Go module structure. + +## How It Works for Go + +**Analysis approach:** Pixee uses Tree-sitter for Go source code parsing. Tree-sitter provides reliable syntax-level analysis effective for standard vulnerability patterns. The analysis identifies function call patterns, variable flows within files, and framework-specific handler structures. + +**Comparison to full AST languages:** Java, Python, JavaScript/TypeScript, and .NET use full AST parsing with deeper cross-file dataflow analysis and larger deterministic codemod libraries. Go's Tree-sitter approach provides effective coverage for standard patterns while AI-powered MagicMods extend reach to complex, multi-file scenarios. Coverage is expanding over time. + +**Fix routing:** Go findings primarily route to AI-powered MagicMods, which receive Go-specific context including package dependency graphs, framework detection, and your PIXEE.yaml configuration. As deterministic codemod coverage grows, more patterns will route to zero-LLM-cost fixes. + +**Dependency support:** Pixee manages vulnerable dependencies in go.mod. A single pull request contains the version change and any source-file refactoring required by the upgrade. + +## govulncheck Integration + +Go developers commonly use `govulncheck` for vulnerability scanning. Pixee can remediate govulncheck findings exported in SARIF format through the [universal SARIF integration](/integrations/sarif-universal). The workflow: + +1. Run `govulncheck` on your Go project +2. Export results in SARIF format +3. Pixee consumes the SARIF findings and generates fixes +4. Fixes arrive as pull requests for your team to review and merge + +This creates a Go-native vulnerability scanning and remediation pipeline: govulncheck detects, Pixee remediates. + +## Fix Examples + +**SQL Injection (CWE-89) -- Gin Route Handler** + +Before: + +```go +func GetUser(c *gin.Context) { + userID := c.Query("id") + query := fmt.Sprintf("SELECT * FROM users WHERE id = '%s'", userID) + rows, err := db.Query(query) + // ... +} +``` + +After: + +```go +func GetUser(c *gin.Context) { + userID := c.Query("id") + rows, err := db.Query("SELECT * FROM users WHERE id = ?", userID) + // ... +} +``` + +**Dependency Upgrade -- go.mod Vulnerable Module** + +Before: + +``` +require ( + golang.org/x/crypto v0.1.0 +) +``` + +After: + +``` +require ( + golang.org/x/crypto v0.17.0 +) +``` + +The pull request includes any source-file changes required by the upgraded module version. + +## Scanner Compatibility + +| Scanner | Go Support | +| ----------------------- | ---------- | +| CodeQL | Yes | +| Semgrep | Yes | +| Snyk Code | Yes | +| govulncheck (via SARIF) | Yes | +| Universal SARIF | Yes | + +## Compatibility + +| Dimension | Details | +| --------------------- | ------------------------------------------------------------ | +| Dependency management | go.mod | +| CI/CD platforms | GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines | +| Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | +| Frameworks | Standard library, Gin, Echo | + +## FAQ + +**Does Pixee support Go?** + +Yes. Pixee remediates Go vulnerabilities using Tree-sitter analysis and AI-powered fixes for standard library, Gin, and Echo applications. Coverage is actively expanding. + +**What is the difference between Go support and Java/Python support in Pixee?** + +Java and Python use full AST parsing for deeper cross-file analysis and have larger deterministic codemod libraries (51+ and 60+ core codemods, respectively). Go uses Tree-sitter for reliable syntax parsing with expanding coverage. All three languages benefit from AI-powered MagicMods for custom patterns. + +**Does Pixee work with govulncheck?** + +Pixee remediates govulncheck findings exported in SARIF format through the [universal SARIF integration](/integrations/sarif-universal). Export your govulncheck results as SARIF, and Pixee generates remediation pull requests. + +**How does Pixee handle Go dependency vulnerabilities?** + +Pixee upgrades vulnerable dependencies in go.mod and coordinates version changes with source-file refactoring in a single pull request. diff --git a/docs/languages/java.md b/docs/languages/java.md new file mode 100644 index 00000000..23828d51 --- /dev/null +++ b/docs/languages/java.md @@ -0,0 +1,180 @@ +--- +title: Java +slug: /languages/java +track: both +content_type: guide +seo_title: Java Language Support -- Pixee Docs +description: "Pixee Java support: 51+ deterministic codemods and AI-powered fixes for Spring Boot, Jakarta EE, and Micronaut." +sidebar_position: 2 +--- + +Pixee remediates Java vulnerabilities automatically using 51+ deterministic codemods and AI-powered fixes for custom patterns. Coverage spans Spring Boot, Jakarta EE, and Micronaut applications with fixes for SQL injection, SSRF, insecure deserialization, weak cryptography, and dependency vulnerabilities. Pixee analyzes Java source code using full AST parsing for deep cross-file dataflow analysis, delivering fixes as pull requests. + +Java is Pixee's most mature language ecosystem. The open-source [codemodder-java](https://github.com/pixee/codemodder-java) engine is publicly inspectable, and deterministic codemods cover the broadest range of vulnerability types. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). + +## What Pixee Fixes in Java + +| Vulnerability Type | CWE | Example Fix | Fix Mode | +| -------------------------- | ------- | --------------------------------------------------------- | ------------- | +| SQL Injection | CWE-89 | Parameterized query conversion | Deterministic | +| SSRF | CWE-918 | URL validation and allowlist enforcement | Deterministic | +| Insecure Deserialization | CWE-502 | Safe deserialization wrappers | Deterministic | +| Weak Cryptography | CWE-327 | SecureRandom replacement, JWT verification hardening | Deterministic | +| Path Traversal | CWE-22 | Canonical path validation | Deterministic | +| Insecure Temp Files | CWE-377 | Secure temp file creation | Deterministic | +| SSL/TLS Protocol | CWE-326 | Protocol version upgrade | Deterministic | +| Cross-Site Scripting | CWE-79 | Output encoding, template sanitization | Deterministic | +| Custom Framework Patterns | Various | Framework-specific sanitization, multi-file fixes | AI-powered | +| Dependency Vulnerabilities | N/A | Version upgrade in pom.xml/build.gradle + source refactor | Hybrid | + +"Deterministic" fixes use pre-built codemods with zero LLM involvement. "AI-powered" fixes use MagicMods with dataflow-bounded context. "Hybrid" dependency fixes combine manifest changes with AI-assisted source refactoring. + +## Spring Boot + +Spring Boot applications represent the most common Java framework Pixee encounters in production. Pixee provides deep, framework-aware support: + +**What Pixee understands about your Spring Boot code:** + +- Spring Security configuration patterns and common misconfigurations +- Controller annotations (`@RestController`, `@RequestMapping`, `@GetMapping`) and request handler patterns +- Service layer conventions, including `@Service` and `@Repository` injection +- Spring Data JPA query patterns and JPQL injection risks +- Spring Boot dependency management across both pom.xml and build.gradle + +**Spring-specific fixes include:** + +- SQL injection remediation that uses Spring Data parameterized queries rather than raw JDBC +- Security configuration hardening for CSRF protection, session management, and authentication filters +- Dependency upgrades coordinated through Spring Boot's managed dependency versions (BOM alignment) +- Serialization fixes that respect Jackson configuration and Spring's `@JsonProperty` conventions + +Pixee recognizes Spring Boot idioms. Fixes use your existing Spring Security configurations and preferred libraries rather than introducing unfamiliar patterns. + +## Jakarta EE and Micronaut + +**Jakarta EE:** Pixee handles servlet-based vulnerability patterns including `HttpServletRequest` input validation, JSP/JSTL output encoding, and JNDI injection prevention. Jakarta EE dependency management follows the same pom.xml/build.gradle workflow as Spring Boot applications. + +**Micronaut:** Pixee supports Micronaut controller patterns and injection-based request handling. Micronaut applications benefit from the same deterministic codemod library as other Java frameworks, with AI-powered MagicMods extending coverage to Micronaut-specific patterns. + +## How It Works for Java + +**Codemod engine:** [codemodder-java](https://github.com/pixee/codemodder-java) is an open-source engine with 51+ core codemods. The engine uses full AST parsing for precise, structure-aware transformations. Customers and auditors can inspect every transformation rule on GitHub. + +**Analysis depth:** Full abstract syntax tree parsing enables cross-file dataflow tracking. Pixee follows taint propagation from request handlers through service layers to data access code, understanding the full path a vulnerability travels. + +**Fix routing:** When a scanner finding arrives, Pixee checks for a matching deterministic codemod. Known patterns (SQL injection parameterization, SSRF prevention, insecure deserialization) get instant, zero-LLM-cost fixes. Novel or custom patterns route to AI-powered MagicMods, which receive dataflow-bounded context and Java-specific knowledge base guidance. + +**Dependency support:** Pixee manages vulnerable dependencies in both pom.xml (Maven) and build.gradle (Gradle). A single pull request contains the version bump and any required source-file refactoring. No "upgrade the library, break the build" half-states. + +## Fix Examples + +**SQL Injection (CWE-89) -- Parameterized Query Conversion** + +Before: + +```java +String query = "SELECT * FROM users WHERE id = '" + userId + "'"; +Statement stmt = connection.createStatement(); +ResultSet rs = stmt.executeQuery(query); +``` + +After: + +```java +String query = "SELECT * FROM users WHERE id = ?"; +PreparedStatement stmt = connection.prepareStatement(query); +stmt.setString(1, userId); +ResultSet rs = stmt.executeQuery(); +``` + +**Insecure Deserialization (CWE-502) -- Safe Deserialization** + +Before: + +```java +ObjectInputStream ois = new ObjectInputStream(inputStream); +Object obj = ois.readObject(); +``` + +After: + +```java +ObjectInputFilter filter = ObjectInputFilter.Config + .createFilter("java.base/*;!*"); +ObjectInputStream ois = new ObjectInputStream(inputStream); +ois.setObjectInputFilter(filter); +Object obj = ois.readObject(); +``` + +**Dependency Upgrade -- Vulnerable Library Version Bump** + +Before (pom.xml): + +```xml + + com.fasterxml.jackson.core + jackson-databind + 2.13.1 + +``` + +After (pom.xml): + +```xml + + com.fasterxml.jackson.core + jackson-databind + 2.13.5 + +``` + +The accompanying pull request includes any source-file changes required by the version upgrade (updated method signatures, renamed classes, deprecated API replacements). + +## Scanner Compatibility + +Pixee remediates Java findings from a broad set of scanners. Java is the most widely supported language across enterprise SAST tools, and Pixee matches that breadth. + +| Scanner | Java Support | +| --------------- | ------------ | +| CodeQL | Yes | +| Semgrep | Yes | +| SonarQube | Yes | +| Checkmarx | Yes | +| Snyk Code | Yes | +| Veracode | Yes | +| Fortify | Yes | +| AppScan | Yes | +| Universal SARIF | Yes | + +Any scanner that produces SARIF output can feed Java findings to Pixee through the [universal SARIF integration](/integrations/sarif-universal). + +## Compatibility + +| Dimension | Details | +| -------------------- | ------------------------------------------------------------ | +| Build tools | Maven, Gradle | +| CI/CD platforms | GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines | +| Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | +| Dependency manifests | pom.xml, build.gradle | + +## FAQ + +**Does Pixee fix Java vulnerabilities automatically?** + +Yes. Pixee uses 51+ deterministic codemods and AI-powered MagicMods to automatically remediate Java SAST and SCA findings. Fixes are delivered as pull requests. + +**Does Pixee support Spring Boot applications?** + +Yes. Pixee recognizes Spring Boot annotations, controller patterns, and service layer conventions. Fixes use your existing Spring Security configurations and preferred libraries. + +**What Java scanners does Pixee work with?** + +Pixee remediates findings from CodeQL, Semgrep, Checkmarx, SonarQube, Snyk Code, Veracode, Fortify, AppScan, and any SARIF-producing scanner. + +**Can Pixee handle Java dependency vulnerabilities?** + +Yes. Pixee upgrades vulnerable dependencies in pom.xml and build.gradle, coordinating the version bump with any required source-file refactoring in a single PR. + +**Is the Java codemod engine open source?** + +Yes. [codemodder-java](https://github.com/pixee/codemodder-java) is open source and publicly inspectable on GitHub. Customers and auditors can review the fix rules before trusting automated changes. diff --git a/docs/languages/javascript.md b/docs/languages/javascript.md new file mode 100644 index 00000000..b4003b57 --- /dev/null +++ b/docs/languages/javascript.md @@ -0,0 +1,161 @@ +--- +title: JavaScript / TypeScript +slug: /languages/javascript +track: both +content_type: guide +seo_title: JavaScript / TypeScript Language Support -- Pixee Docs +description: "Pixee JavaScript/TypeScript support: deterministic codemods and AI-powered fixes for Express, React, and Node.js." +sidebar_position: 4 +--- + +Pixee remediates JavaScript and TypeScript vulnerabilities automatically using deterministic codemods and AI-powered fixes. Coverage spans Express, React, and Node.js applications with fixes for injection vulnerabilities, prototype pollution, insecure dependencies, and OWASP Top 10 patterns. Pixee uses full AST analysis for deep cross-file dataflow tracking and manages package.json dependency upgrades coordinated with source-file refactoring in a single pull request. + +JavaScript/TypeScript support is actively expanding. Deterministic codemod coverage is growing alongside comprehensive AI-powered MagicMod support. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). + +## What Pixee Fixes in JavaScript/TypeScript + +| Vulnerability Type | CWE | Example Fix | Fix Mode | +| ------------------------- | -------- | ------------------------------------------- | ---------------- | +| SQL Injection | CWE-89 | Parameterized query conversion | Deterministic/AI | +| Cross-Site Scripting | CWE-79 | Output encoding, template sanitization | Deterministic/AI | +| Prototype Pollution | CWE-1321 | Object.freeze, safe merge patterns | AI-powered | +| SSRF | CWE-918 | URL validation and allowlist enforcement | Deterministic/AI | +| Path Traversal | CWE-22 | Canonical path validation | Deterministic/AI | +| Weak Cryptography | CWE-327 | crypto.randomBytes, secure defaults | Deterministic/AI | +| Insecure Dependencies | N/A | npm/yarn version upgrades + source refactor | Hybrid | +| Custom Framework Patterns | Various | Framework-specific sanitization | AI-powered | + +## Node.js and Express + +Node.js applications running Express are the most common server-side JavaScript pattern Pixee encounters. Pixee provides targeted support for Express-specific security concerns. + +**What Pixee understands about your Express code:** + +- Route handler patterns (`app.get`, `app.post`, `router.use`) and parameter extraction +- Middleware chains, including authentication and validation middleware ordering +- Request object handling (`req.params`, `req.query`, `req.body`) and injection vectors +- Express-specific session management and cookie configuration + +**Express-specific fixes include:** + +- SQL injection remediation in database query builders (Knex, Sequelize, raw queries) +- Input validation for Express request parameters that flow into sensitive operations +- Middleware security hardening (helmet configuration, CORS policy, rate limiting) +- Cookie and session configuration fixes (httpOnly, secure, sameSite flags) + +**Node.js crypto module hardening:** Pixee identifies and fixes insecure cryptographic patterns including `Math.random()` for tokens (replaced with `crypto.randomBytes`), weak hash algorithms, and insecure cipher configurations. + +## TypeScript Support + +Pixee analyzes TypeScript files with full type awareness. Fixes preserve type annotations, generic type parameters, and interface contracts. When Pixee generates a fix for a TypeScript file, the result compiles cleanly with your existing `tsconfig.json` settings. + +This matters because many tools treat TypeScript as plain JavaScript and strip type annotations during fix generation. Pixee treats `.ts` and `.tsx` files as first-class targets. + +## React and Frontend Frameworks + +Pixee addresses React-specific security patterns on the server side and in server-rendered contexts: + +- **dangerouslySetInnerHTML patterns:** Pixee identifies and remediates XSS risks from unsanitized HTML injection in React components +- **Server-side rendering (SSR):** Fixes cover injection vulnerabilities in Next.js and other SSR frameworks where server-side data flows into rendered HTML +- **Client-side scope:** Pixee's primary focus is server-side vulnerabilities. Client-side-only patterns (e.g., React state management) are not in scope for automated remediation + +If your security concern is a server-side JavaScript vulnerability, Pixee covers it. Pure client-side browser security patterns are outside Pixee's current focus. + +## How It Works for JavaScript/TypeScript + +**Analysis depth:** Full AST parsing with cross-file dataflow analysis. Pixee follows taint propagation from Express route handlers through middleware chains to database calls and response rendering. + +**Fix routing:** When a scanner finding matches a deterministic codemod, the fix fires instantly with zero LLM cost. Novel or custom patterns route to AI-powered MagicMods, which receive JavaScript/TypeScript-specific context including framework detection, dependency analysis, and your PIXEE.yaml configuration. + +**Dependency support:** Pixee manages vulnerable packages in package.json (npm, yarn). A single pull request contains the version bump and any source-file changes required by the upgrade, such as updated import paths or changed API signatures. + +**Scanner compatibility:** MagicMod dispatchers for 8+ scanner types mean JavaScript/TypeScript findings from any supported scanner receive appropriate, scanner-aware context during fix generation. + +## Fix Examples + +**SQL Injection (CWE-89) -- Express Route Handler** + +Before: + +```javascript +app.get("/users", (req, res) => { + const userId = req.query.id; + db.query(`SELECT * FROM users WHERE id = '${userId}'`, (err, results) => { + res.json(results); + }); +}); +``` + +After: + +```javascript +app.get("/users", (req, res) => { + const userId = req.query.id; + db.query("SELECT * FROM users WHERE id = ?", [userId], (err, results) => { + res.json(results); + }); +}); +``` + +**Weak Cryptography (CWE-327) -- Secure Token Generation** + +Before: + +```javascript +const token = Math.random().toString(36).substring(2); +``` + +After: + +```javascript +const crypto = require("crypto"); +const token = crypto.randomBytes(24).toString("hex"); +``` + +**Dependency Upgrade -- Vulnerable npm Package** + +Pixee upgrades the vulnerable package version in package.json and includes any source-file changes required by the new version in the same pull request. If the upgrade includes breaking API changes, the PR addresses those changes across affected files. + +## Scanner Compatibility + +| Scanner | JS/TS Support | +| --------------- | ------------- | +| CodeQL | Yes | +| Semgrep | Yes | +| SonarQube | Yes | +| Snyk Code | Yes | +| Universal SARIF | Yes | + +npm audit findings can be exported in SARIF format and consumed through the [universal SARIF integration](/integrations/sarif-universal). + +## Compatibility + +| Dimension | Details | +| -------------------- | ------------------------------------------------------------ | +| Package managers | npm, yarn | +| CI/CD platforms | GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines | +| Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | +| Dependency manifests | package.json | +| Frameworks | Express, React, Next.js, Node.js standard library | + +## FAQ + +**What JavaScript/Node.js vulnerabilities can Pixee fix?** + +Pixee fixes injection vulnerabilities, prototype pollution, XSS, SSRF, insecure dependencies, and OWASP Top 10 patterns in JavaScript and TypeScript applications. Coverage is expanding with growing deterministic codemods and comprehensive AI-powered MagicMods. + +**Does Pixee support TypeScript?** + +Yes. Pixee analyzes TypeScript files with full type awareness and preserves type annotations in generated fixes. Both `.ts` and `.tsx` files are supported. + +**How does Pixee handle npm dependency vulnerabilities?** + +Pixee upgrades vulnerable packages in package.json and coordinates version bumps with source-file refactoring in a single PR. Breaking API changes from the upgrade are addressed in the same pull request. + +**Does Pixee work with Express applications?** + +Yes. Pixee recognizes Express route handlers, middleware chains, and request validation patterns for targeted security fixes. + +**What JavaScript scanners does Pixee work with?** + +Pixee remediates findings from CodeQL, Semgrep, SonarQube, Snyk Code, and any SARIF-producing scanner including npm audit. diff --git a/docs/languages/languages-overview.md b/docs/languages/languages-overview.md new file mode 100644 index 00000000..54d9fd00 --- /dev/null +++ b/docs/languages/languages-overview.md @@ -0,0 +1,134 @@ +--- +title: Language Support Overview +slug: /languages/overview +track: both +content_type: guide +seo_title: Language Support Overview -- Pixee Docs +description: Pixee supports Java, Python, JavaScript/TypeScript, .NET, Go, and PHP. Coverage matrix by language, framework, and fix type. +sidebar_position: 1 +--- + +Pixee supports six language ecosystems: Java, Python, JavaScript/TypeScript, .NET, Go, and PHP. Coverage varies by language. Java and Python have the deepest support with 120+ deterministic codemods plus AI-powered fixes for custom patterns. Each language includes framework-specific remediation (Spring Boot, Django, Express, ASP.NET) and fixes for OWASP Top 10 vulnerability categories. The coverage matrix below shows exactly what Pixee fixes in your stack. + +Language support is one half of the integration picture. Pixee also integrates with [12 native scanners](/integrations/overview) across all supported languages. + +## Coverage Matrix + +This table shows what Pixee supports across each language ecosystem. Use it to evaluate coverage for your stack, then visit individual language pages for framework details and fix examples. + +| Language | Frameworks | Fix Types | Deterministic Codemods | AI Fixes (MagicMods) | Analysis Depth | +| ---------------------------------------------- | ---------------------------------- | ---------- | ---------------------- | -------------------- | -------------- | +| [Java](/languages/java) | Spring Boot, Jakarta EE, Micronaut | SAST + SCA | 51+ core | Yes | Full AST | +| [Python](/languages/python) | Django, Flask, FastAPI | SAST + SCA | 60+ core | Yes | Full AST | +| [JavaScript/TypeScript](/languages/javascript) | Express, React, Node.js | SAST + SCA | Growing | Yes | Full AST | +| [.NET](/languages/dotnet) | ASP.NET Core, Blazor | SAST + SCA | Growing | Yes | Full AST | +| [Go](/languages/go) | Standard library, Gin, Echo | SAST + SCA | Growing | Yes | Tree-sitter | +| [PHP](/languages/php) | Laravel, Symfony | SAST + SCA | Growing | Yes | Tree-sitter | + +**Polyglot repositories:** Pixee analyzes each language independently within a single repository and generates language-appropriate fixes. No additional configuration is required for multi-language projects. + +## Vulnerability Coverage by Language + +The table below maps common vulnerability categories (by CWE) to fix availability per language. Deterministic codemods provide predictable, zero-variance fixes. AI-powered MagicMods extend coverage to custom patterns, multi-file dataflows, and framework-specific code. + +| Vulnerability Category | CWE | Java | Python | JS/TS | .NET | Go | PHP | +| -------------------------- | ----------- | ------------- | ------------- | ---------------- | ---------------- | ------ | ------ | +| SQL Injection | CWE-89 | Deterministic | Deterministic | Deterministic/AI | Deterministic/AI | AI | AI | +| Cross-Site Scripting | CWE-79 | Deterministic | Deterministic | Deterministic/AI | AI | AI | AI | +| SSRF | CWE-918 | Deterministic | Deterministic | Deterministic/AI | Deterministic/AI | AI | AI | +| Insecure Deserialization | CWE-502 | Deterministic | Deterministic | AI | AI | AI | AI | +| Path Traversal | CWE-22 | Deterministic | Deterministic | Deterministic/AI | Deterministic/AI | AI | AI | +| Weak Cryptography | CWE-327/328 | Deterministic | Deterministic | Deterministic/AI | Deterministic/AI | AI | AI | +| Insecure Temp Files | CWE-377 | Deterministic | Deterministic | AI | AI | -- | -- | +| SSL/TLS Protocol | CWE-326 | Deterministic | Deterministic | AI | AI | -- | -- | +| Dependency Vulnerabilities | SCA | Hybrid | Hybrid | Hybrid | Hybrid | Hybrid | Hybrid | + +"Deterministic" means a pre-built codemod handles the fix with zero LLM involvement. "AI" means a MagicMod generates a context-aware fix. "Hybrid" means dependency upgrades combine manifest changes with AI-assisted source refactoring. "--" means coverage is on the roadmap. + +## How Language Support Works + +Every language uses the same hybrid-intelligence architecture, but the analysis tooling and codemod depth vary by ecosystem maturity. + +**Two fix modes, routed automatically:** + +- **Deterministic codemods** are rule-based, language-specific code transformations. They apply OWASP/SANS security patterns with zero LLM involvement. Same input produces the same output every time. Java and Python have the deepest codemod libraries (51+ and 60+ core codemods, respectively). The open-source engines ([codemodder-java](https://github.com/pixee/codemodder-java), [codemodder-python](https://github.com/pixee/codemodder-python)) are publicly inspectable. + +- **AI-powered MagicMods** handle custom framework patterns, multi-file dataflow vulnerabilities, and novel vulnerability types. MagicMods use dataflow-bounded context, per-rule knowledge base guidance, and your project-level PIXEE.yaml configuration to generate fixes that match your codebase conventions. Every AI-generated fix passes through an independent quality evaluation before reaching a pull request. + +Routing is automatic. The system checks whether a deterministic codemod exists for the finding. If one does, it fires instantly at zero LLM cost. If not, a MagicMod generates a fix with the appropriate scanner-aware context. + +## Analysis Depth + +Pixee uses two parsing approaches depending on the language. Both produce working fixes, but analysis depth differs. + +| Analysis Tier | Languages | What It Means | +| --------------- | ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| **Full AST** | Java, Python, JS/TS, .NET | Deep abstract syntax tree parsing with cross-file dataflow analysis. Framework-aware transformations understand controller patterns, service layers, and dependency injection. | +| **Tree-sitter** | Go, PHP | Reliable syntax-level parsing effective for standard vulnerability patterns. Coverage is expanding. AI-powered MagicMods extend reach beyond what the parser alone covers. | + +Full AST languages benefit from deeper semantic understanding of code structure, which enables more precise deterministic codemods and richer context for AI-powered fixes. Tree-sitter languages rely more heavily on MagicMods for fix generation, with growing deterministic coverage over time. + +## Dependency Management by Language + +Pixee upgrades vulnerable dependencies in your manifest files and coordinates the version bump with downstream source-file refactoring in a single pull request. No "upgrade succeeded, tests broken" half-states. + +| Language | Manifest Formats | +| --------------------- | -------------------------------------------------------------- | +| Java | pom.xml, build.gradle | +| Python | requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg | +| JavaScript/TypeScript | package.json | +| .NET | .csproj, packages.config | +| Go | go.mod | +| PHP | composer.json | + +Python's five packaging conventions are worth calling out. Most tools handle only requirements.txt. Pixee handles all five. + +## Scanner Compatibility + +Pixee remediates findings from [12 native scanner integrations](/integrations/overview) plus any scanner that exports SARIF. Scanner compatibility applies across all supported languages, though individual scanner coverage depth varies by language. + +| Scanner | Java | Python | JS/TS | .NET | Go | PHP | +| --------------- | ---- | ------ | ----- | ---- | --- | --- | +| CodeQL | Yes | Yes | Yes | Yes | Yes | -- | +| Semgrep | Yes | Yes | Yes | Yes | Yes | Yes | +| SonarQube | Yes | Yes | Yes | Yes | -- | Yes | +| Checkmarx | Yes | Yes | -- | Yes | -- | Yes | +| Snyk Code | Yes | Yes | Yes | -- | Yes | -- | +| Veracode | Yes | -- | -- | Yes | -- | -- | +| Fortify | Yes | -- | -- | Yes | -- | -- | +| AppScan | Yes | -- | -- | -- | -- | -- | +| Universal SARIF | Yes | Yes | Yes | Yes | Yes | Yes | + +For scanner-specific details, see the [Integrations](/integrations/overview) section. + +## Roadmap + +Pixee is actively expanding language coverage. Current priorities: + +- **Go and PHP:** Growing deterministic codemod library and deeper framework-specific patterns +- **JavaScript/TypeScript:** Expanding Node.js server-side coverage and additional framework support +- **.NET:** Broadening ASP.NET Core patterns and legacy .NET Framework coverage + +If your language or framework is not listed, [contact the team](https://pixee.ai/demo) to discuss your stack. Pixee's [universal SARIF integration](/integrations/sarif-universal) can remediate findings from any scanner in any language. + +## FAQ + +**What programming languages does Pixee support?** + +Pixee supports Java, Python, JavaScript/TypeScript, .NET, Go, and PHP. Java and Python have the deepest coverage with 120+ combined deterministic codemods. All six languages also receive AI-powered MagicMod fixes for custom patterns. + +**Which language has the deepest Pixee support?** + +Java and Python. Both have mature open-source codemod engines (codemodder-java with 51+ core codemods, codemodder-python with 60+ core codemods), full AST parsing, and comprehensive framework coverage. + +**Does Pixee support polyglot repositories?** + +Yes. Pixee analyzes each language independently within a single repository and generates language-appropriate fixes. A repository containing Java, Python, and JavaScript files receives separate, correctly-scoped fixes for each language. + +**What is the difference between full AST and Tree-sitter analysis?** + +Full AST languages (Java, Python, JS/TS, .NET) receive deeper cross-file dataflow analysis and more deterministic codemods. Tree-sitter languages (Go, PHP) use syntax-level parsing with expanding coverage. Both benefit from AI-powered MagicMods. + +**Can Pixee fix vulnerabilities across multiple languages in one repository?** + +Yes. Pixee processes each language independently and generates separate, language-appropriate pull requests (or combined PRs when a fix spans multiple files within the same language). diff --git a/docs/languages/php.md b/docs/languages/php.md new file mode 100644 index 00000000..1adb0cdb --- /dev/null +++ b/docs/languages/php.md @@ -0,0 +1,110 @@ +--- +title: PHP +slug: /languages/php +track: both +content_type: guide +seo_title: PHP Language Support -- Pixee Docs +description: "Pixee PHP support: Tree-sitter analysis and AI-powered fixes for Laravel and Symfony applications." +sidebar_position: 7 +--- + +Pixee remediates PHP vulnerabilities using Tree-sitter-based analysis and AI-powered fixes for Laravel and Symfony applications. Coverage includes injection vulnerabilities, insecure cryptography, and dependency vulnerabilities managed through Composer. PHP support uses Tree-sitter parsing with expanding deterministic coverage and AI-powered fixes for custom framework patterns. Fixes are delivered as pull requests that match your codebase conventions. + +PHP powers significant enterprise web infrastructure through Laravel, Symfony, and WordPress. Pixee's PHP support ensures teams running these frameworks have automated remediation in their pipeline. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). + +## What Pixee Fixes in PHP + +| Vulnerability Type | CWE | Example Fix | Fix Mode | +| -------------------------- | ------- | ------------------------------------------- | ---------- | +| SQL Injection | CWE-89 | Parameterized queries via PDO | AI-powered | +| Cross-Site Scripting | CWE-79 | Output encoding, htmlspecialchars | AI-powered | +| Insecure Deserialization | CWE-502 | Safe unserialize patterns | AI-powered | +| Path Traversal | CWE-22 | realpath validation | AI-powered | +| Insecure Cryptography | CWE-327 | random_bytes, sodium functions | AI-powered | +| Dependency Vulnerabilities | N/A | Composer version upgrades + source refactor | Hybrid | +| Custom Framework Patterns | Various | Framework-specific sanitization | AI-powered | + +PHP fixes are primarily AI-powered through MagicMods, with growing deterministic coverage. MagicMods receive PHP-specific context including framework detection, Composer dependency analysis, and your PIXEE.yaml configuration. + +## Laravel and Symfony + +**Laravel:** Pixee recognizes Laravel-specific patterns and provides targeted fixes: + +- Eloquent ORM injection prevention (raw queries, `whereRaw`, `DB::select` with string interpolation) +- Laravel middleware security patterns and authentication guard configuration +- Blade template XSS prevention and `{!! !!}` unescaped output audit +- Mass assignment protection (`$fillable`, `$guarded` configuration) +- CSRF token verification and session configuration hardening + +**Symfony:** Pixee supports Symfony security component patterns including: + +- Doctrine DBAL and ORM query parameterization +- Twig template output encoding +- Security voter and access control patterns +- Symfony form validation and input sanitization + +## How It Works for PHP + +**Analysis approach:** Pixee uses Tree-sitter for PHP source code parsing. Tree-sitter provides reliable syntax-level analysis effective for identifying standard vulnerability patterns in PHP applications. + +**Comparison to full AST languages:** Like Go, PHP uses Tree-sitter rather than full AST parsing. This means lighter cross-file analysis compared to Java, Python, JavaScript/TypeScript, and .NET. AI-powered MagicMods compensate by providing deep, context-aware fixes for complex patterns. Deterministic codemod coverage is expanding. + +**Dependency support:** Pixee manages vulnerable packages in composer.json and composer.lock. A single pull request contains the version bump and any source-file refactoring required by the upgrade. + +**Scanner compatibility:** Pixee remediates PHP findings from common scanners used in PHP development environments. + +## Fix Example + +**SQL Injection (CWE-89) -- PDO Parameterization** + +Before: + +```php +$userId = $_GET['id']; +$stmt = $pdo->query("SELECT * FROM users WHERE id = '$userId'"); +$user = $stmt->fetch(); +``` + +After: + +```php +$userId = $_GET['id']; +$stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?"); +$stmt->execute([$userId]); +$user = $stmt->fetch(); +``` + +## Scanner Compatibility + +| Scanner | PHP Support | +| --------------- | ----------- | +| Semgrep | Yes | +| SonarQube | Yes | +| Checkmarx | Yes | +| Universal SARIF | Yes | + +Any scanner that produces SARIF output can feed PHP findings to Pixee through the [universal SARIF integration](/integrations/sarif-universal). + +## Compatibility + +| Dimension | Details | +| -------------------- | ------------------------------------------------------------ | +| Package manager | Composer | +| Dependency manifests | composer.json, composer.lock | +| CI/CD platforms | GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines | +| Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | +| Frameworks | Laravel, Symfony | + +## FAQ + +**Does Pixee support PHP?** + +Yes. Pixee remediates PHP vulnerabilities using Tree-sitter analysis and AI-powered fixes for Laravel and Symfony applications. Coverage is actively expanding with growing deterministic codemods. + +**Does Pixee work with Laravel?** + +Yes. Pixee recognizes Laravel Eloquent patterns, middleware chains, and Blade template security patterns. Fixes respect Laravel conventions and use framework-native security utilities. + +**How does Pixee handle Composer dependency vulnerabilities?** + +Pixee upgrades vulnerable packages in composer.json and coordinates version changes with required source-file refactoring in a single pull request. diff --git a/docs/languages/python.md b/docs/languages/python.md new file mode 100644 index 00000000..8c4129d8 --- /dev/null +++ b/docs/languages/python.md @@ -0,0 +1,193 @@ +--- +title: Python +slug: /languages/python +track: both +content_type: guide +seo_title: Python Language Support -- Pixee Docs +description: "Pixee Python support: 60+ deterministic codemods and AI-powered fixes for Django, Flask, and FastAPI." +sidebar_position: 3 +--- + +Pixee remediates Python vulnerabilities automatically using 60+ deterministic codemods and AI-powered fixes for custom patterns. Coverage includes Django, Flask, and FastAPI applications with fixes for SQL injection, SSRF, insecure deserialization (PyYAML hardening, defused XML), weak cryptography, and dependency vulnerabilities. Pixee uses full AST-level analysis for deep cross-file dataflow tracking and framework-aware transformations across all five Python packaging formats. + +Python is Pixee's second-deepest language ecosystem alongside Java. The open-source [codemodder-python](https://github.com/pixee/codemodder-python) engine is publicly inspectable, and support for five packaging conventions (requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg) sets Pixee apart from tools that handle only one. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). + +## What Pixee Fixes in Python + +| Vulnerability Type | CWE | Example Fix | Fix Mode | +| -------------------------- | ------- | ----------------------------------------------------------- | ------------- | +| SQL Injection | CWE-89 | Parameterized query conversion | Deterministic | +| SSRF | CWE-918 | URL validation and allowlist enforcement | Deterministic | +| Insecure Deserialization | CWE-502 | PyYAML safe_load, defused XML parsing | Deterministic | +| Weak Cryptography | CWE-327 | secrets module usage, JWT decode verification | Deterministic | +| Path Traversal | CWE-22 | Canonical path validation | Deterministic | +| Insecure Temp Files | CWE-377 | tempfile.mkstemp usage | Deterministic | +| SSL/TLS Protocol | CWE-326 | Protocol version enforcement | Deterministic | +| Cross-Site Scripting | CWE-79 | Output encoding, template sanitization | Deterministic | +| Custom Framework Patterns | Various | Framework-specific sanitization, multi-file fixes | AI-powered | +| Dependency Vulnerabilities | N/A | Version upgrade across 5 manifest formats + source refactor | Hybrid | + +## Django + +Django is the most common Python web framework in enterprise environments, and Pixee provides dedicated support for Django-specific security patterns. + +**What Pixee understands about your Django code:** + +- Django ORM query patterns and raw SQL injection risks via `extra()`, `raw()`, and `RawSQL()` +- Template injection and XSS prevention in Django templates and Jinja2 +- Django settings security hardening (SECRET_KEY exposure, DEBUG mode in production, ALLOWED_HOSTS configuration) +- Django REST Framework serializer validation patterns +- Model, view, and URL configuration conventions + +**Django-specific fixes include:** + +- ORM injection remediation that converts raw queries to parameterized Django ORM calls +- Template XSS prevention using Django's auto-escaping and `mark_safe` audit +- Settings hardening for common misconfigurations flagged by security scanners +- REST Framework input validation tightening on serializer fields +- CSRF middleware configuration fixes + +Pixee recognizes Django idioms. Fixes use Django-native security utilities (e.g., `django.utils.html.escape`, ORM parameterization) rather than introducing external libraries. + +## Flask and FastAPI + +**Flask:** Pixee handles Flask request handling patterns including `request.args`, `request.form`, and `request.json` input validation. Fixes for Flask applications address injection in Jinja2 templates, insecure session configuration, and debug mode exposure. + +**FastAPI:** Pixee supports FastAPI's dependency injection and Pydantic validation patterns. Fixes respect FastAPI's async patterns and type-annotated request handling. + +Both frameworks receive the same deterministic codemod coverage for common vulnerability types plus AI-powered MagicMods for framework-specific patterns. + +## How It Works for Python + +**Codemod engine:** [codemodder-python](https://github.com/pixee/codemodder-python) is an open-source engine with 60+ core codemods. Customers and auditors can inspect every transformation rule on GitHub. + +**Transformer strategies:** codemodder-python uses multiple rewriting approaches. LibCST handles AST-level transformations for Python source code. Regex transformers handle configuration files. XML transformers handle manifest and config files. A single codemod can target Python source, configuration files, and dependency manifests in one pass. + +**Analysis depth:** Full AST parsing via LibCST enables cross-file dataflow tracking. Pixee follows taint propagation from request handlers through business logic to database calls, understanding the full path a vulnerability travels through your Python application. + +**Fix routing:** Known vulnerability patterns (SQL injection, insecure deserialization, weak cryptography) get instant, deterministic fixes. Novel or custom patterns route to AI-powered MagicMods with Python-specific context and your PIXEE.yaml configuration. + +## Dependency Management + +Python has the most fragmented packaging ecosystem of any language Pixee supports. Pixee handles all five conventions: + +| Manifest Format | Tool | +| ---------------- | ------------------------ | +| requirements.txt | pip | +| pyproject.toml | Poetry, Flit, Hatch, pip | +| Pipfile | Pipenv | +| setup.py | setuptools | +| setup.cfg | setuptools | + +Each format has its own writer module. A single pull request contains the version bump in the correct manifest file and any downstream source-file changes required by the upgrade. If your project uses pyproject.toml with Poetry, Pixee updates pyproject.toml -- not requirements.txt. + +Most tools handle only requirements.txt. Pixee handles all five, which matters for enterprise Python projects where packaging conventions vary across teams and repositories. + +## Fix Examples + +**Insecure Deserialization (CWE-502) -- PyYAML safe_load** + +Before: + +```python +import yaml + +with open("config.yml") as f: + config = yaml.load(f) +``` + +After: + +```python +import yaml + +with open("config.yml") as f: + config = yaml.safe_load(f) +``` + +**SQL Injection (CWE-89) -- Django ORM Parameterization** + +Before: + +```python +def get_user(request): + user_id = request.GET.get("id") + users = User.objects.raw( + f"SELECT * FROM auth_user WHERE id = '{user_id}'" + ) + return render(request, "user.html", {"users": users}) +``` + +After: + +```python +def get_user(request): + user_id = request.GET.get("id") + users = User.objects.raw( + "SELECT * FROM auth_user WHERE id = %s", [user_id] + ) + return render(request, "user.html", {"users": users}) +``` + +**Weak Cryptography (CWE-327) -- Secure Random** + +Before: + +```python +import random + +token = ''.join(random.choice('abcdef0123456789') for _ in range(32)) +``` + +After: + +```python +import secrets + +token = secrets.token_hex(16) +``` + +## Scanner Compatibility + +| Scanner | Python Support | +| ------------------ | -------------- | +| CodeQL | Yes | +| Semgrep | Yes | +| SonarQube | Yes | +| Checkmarx | Yes | +| Snyk Code | Yes | +| Bandit (via SARIF) | Yes | +| Universal SARIF | Yes | + +Bandit findings can be exported in SARIF format and consumed by Pixee through the [universal SARIF integration](/integrations/sarif-universal). + +## Compatibility + +| Dimension | Details | +| -------------------- | -------------------------------------------------------------- | +| Packaging tools | pip, Poetry, Pipenv, setuptools | +| CI/CD platforms | GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines | +| Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | +| Dependency manifests | requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg | + +## FAQ + +**Can Pixee remediate Python security issues?** + +Yes. Pixee uses 60+ deterministic codemods and AI-powered MagicMods to automatically fix Python SAST and SCA findings. Fixes are delivered as pull requests. + +**Does Pixee support Django applications?** + +Yes. Pixee recognizes Django models, views, URL configurations, and REST Framework serializers. Fixes respect Django conventions and use Django-native security utilities. + +**How does Pixee handle Python dependency vulnerabilities?** + +Pixee upgrades vulnerable dependencies across all five Python packaging conventions (requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg) and coordinates version bumps with source-file refactoring in a single PR. + +**What Python scanners does Pixee work with?** + +Pixee remediates findings from CodeQL, Semgrep, SonarQube, Snyk Code, Checkmarx, and any SARIF-producing scanner including Bandit. + +**Is the Python codemod engine open source?** + +Yes. [codemodder-python](https://github.com/pixee/codemodder-python) is open source on GitHub with 60+ core codemods that customers and auditors can inspect. diff --git a/docs/open-pixee.md b/docs/open-pixee.md deleted file mode 100644 index 98cf848c..00000000 --- a/docs/open-pixee.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -sidebar_position: 5 -title: Open source ---- - -# Open Source - -Pixee believes in open source! We leverage tools from the community and strive to give back when possible. - -## Codemodder - -The fixes we make in Pixee are powered by our open source (and open format!) project called [Codemodder](https://codemodder.io) -- check it out! - -## Contributions - -We've made contributions to the following OSS projects, either directly, or as part of being Pixee free tier users: - -- [JavaParser](https://github.com/javaparser/javaparser) (we're a sponsor as well!) -- [LibCST](https://github.com/Instagram/LibCST/) -- [Quarkus](https://github.com/quarkusio/quarkus) -- [GitHub4j](https://github.com/hub4j/github-api) -- [JUnit](https://github.com/junit-team) -- [Spring Framework](https://github.com/spring-projects/spring-framework) -- [StirlingPDF](https://github.com/Stirling-Tools/Stirling-PDF) -- ... and more! diff --git a/docs/open-source/_category_.json b/docs/open-source/_category_.json new file mode 100644 index 00000000..a490c685 --- /dev/null +++ b/docs/open-source/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Open Source", + "position": 9, + "collapsible": true, + "collapsed": false, + "link": { + "type": "doc", + "id": "open-source/oss-overview" + } +} diff --git a/docs/open-source/codemodder.md b/docs/open-source/codemodder.md new file mode 100644 index 00000000..c98738aa --- /dev/null +++ b/docs/open-source/codemodder.md @@ -0,0 +1,157 @@ +--- +title: Codemodder Framework +slug: /open-source/codemodder +track: dev +content_type: guide +seo_title: Codemodder Framework -- Pixee Docs +description: Codemodder open source framework for building security-focused code transformations. Supports Java and Python. +sidebar_position: 2 +--- + +# Codemodder Framework + +Codemodder is an open source framework created by Pixee for building language-specific, security-focused code transformations called codemods. Each codemod encodes a specific security remediation pattern -- SQL injection parameterization, insecure deserialization hardening, cryptography upgrades -- as a deterministic, testable rule. Codemodder currently supports Java via [codemodder-java](https://github.com/pixee/codemodder-java) (51+ codemods) and Python via [codemodder-python](https://github.com/pixee/codemodder-python) (60+ codemods), with every codemod publicly inspectable on GitHub. + +## What Codemods Are + +A security codemod is a deterministic rule that transforms insecure code into secure code. "Deterministic" means same input produces the same output every time. No LLM, no variance, no hallucination. Codemods encode decades of OWASP and SANS best practices into testable, repeatable rules. + +For example, a codemod might detect raw SQL string concatenation and transform it into parameterized queries. The fix is the same whether you run it today, tomorrow, or a year from now. That predictability is what makes codemods suitable for automated remediation in production codebases. + +## Architecture + +Codemodder has three layers: + +**Framework layer.** Core abstractions for codemod registration, file discovery, transformation execution, and output generation. This layer defines how codemods are built, configured, and run regardless of target language. + +**Language engines.** Language-specific implementations that plug into the framework: + +- **codemodder-java** uses ParseAndGo-based AST transformations. Codemods register into a default codemod set and operate on Java abstract syntax trees. +- **codemodder-python** supports three transformer strategies: LibCST for AST-level transformations, regex for pattern-based changes, and XML for configuration files. A single Python codemod can target source files, config files, or dependency manifests. + +**Output format.** All engines produce CodeTF (Code Transformation Format) output -- a structured JSON description of every change made, including what was modified, where, and the security rationale. CodeTF is machine-readable, making it straightforward to integrate codemod results into CI/CD pipelines or review workflows. + +## How Codemods Work + +The transformation pipeline follows a consistent flow from scanner finding to structured output: + +1. **Scanner produces a finding.** A SAST or SCA tool flags a vulnerability and emits a SARIF report identifying the file, line, and rule that triggered. + +2. **Codemodder matches a codemod rule.** The engine checks whether a registered codemod handles the finding type (e.g., CWE-89 for SQL injection maps to the SQL parameterization codemod). + +3. **The codemod analyzes the vulnerable code.** Using AST parsing (ParseAndGo for Java, LibCST for Python), regex matching, or XML parsing, the codemod identifies the exact code pattern that needs to change. + +4. **The transformation applies the security fix.** The codemod rewrites the code deterministically. For SQL injection, this means converting string concatenation to parameterized queries. For insecure deserialization, it means adding type validation or switching to a safe loader. + +5. **CodeTF output describes the result.** The engine writes a structured report of what changed and why. This output is both human-readable and machine-parseable. + +6. **Developer reviews the change.** In the Pixee platform, the fix becomes a pull request. With the standalone engine, you review the CodeTF output and the modified files directly. + +## codemodder-java + +The Java engine provides 51+ core codemods using ParseAndGo-based AST transformations. + +**Fix categories covered:** + +- SQL injection parameterization +- SSRF prevention +- Insecure deserialization hardening +- Weak cryptography replacement (secure random, algorithm upgrades) +- Insecure temp file handling +- SSL/TLS protocol upgrades +- Security hardening patterns from OWASP/SANS + +**Running codemodder-java:** + +```bash +# Clone and build +git clone https://github.com/pixee/codemodder-java.git +cd codemodder-java +./gradlew build + +# Run against a target project +./gradlew run --args="--source /path/to/project --output results.json" + +# Run specific codemods only +./gradlew run --args="--source /path/to/project --codemod-include pixee:java/sql-parameterizer --output results.json" +``` + +## codemodder-python + +The Python engine provides 60+ core codemods with three distinct transformer strategies. + +**Transformer strategies:** + +| Strategy | Target | Use Case | +| -------- | ---------------------------- | ---------------------------------------------------------------------- | +| LibCST | Python source files | AST-level transformations (function calls, imports, class definitions) | +| Regex | Config and source files | Pattern-based replacements where AST parsing is unnecessary | +| XML | Dependency manifests, config | XML configuration files and dependency declarations | + +A single codemod can combine strategies. For example, a PyYAML hardening codemod might use LibCST to change `yaml.load()` calls to `yaml.safe_load()` in source files while also updating a requirements file via regex. + +**Fix categories covered:** + +- SQL injection parameterization +- SSRF prevention +- PyYAML safe loading +- Defused XML parsing +- Weak cryptography replacement (secure random, JWT decode verification) +- Security hardening patterns from OWASP/SANS + +**Running codemodder-python:** + +```bash +# Install +pip install codemodder + +# Run against a target project +codemodder /path/to/project --output results.json + +# Run specific codemods only +codemodder /path/to/project --codemod-include pixee:python/secure-random --output results.json + +# Exclude directories +codemodder /path/to/project --path-exclude tests/ vendor/ --output results.json +``` + +## Relationship to the Pixee Platform + +Codemodder powers the deterministic remediation layer of the Pixee platform. The platform extends Codemodder with: + +- **MagicMods** -- AI-powered fixes for patterns that deterministic rules cannot reach (custom framework wrappers, multi-file dataflows, context-dependent sanitization) +- **Triage Automation** -- false positive reduction before fixes are generated +- **Scanner integration** -- 12 native scanner integrations plus universal SARIF support +- **PR workflow** -- fixes delivered as pull requests through GitHub, GitLab, Azure DevOps, or Bitbucket + +Codemodder handles the known, well-understood vulnerability patterns. MagicMods extend coverage to the long tail. Both produce fixes that pass through the same quality evaluation before reaching a developer. + +## Next Steps + +- **Build your own codemod:** The [Custom Codemods](/open-source/custom-codemods) tutorial walks through building a codemod from scratch +- **Contribute to the project:** See the [Contributing](/open-source/contributing) guide for community participation +- **Explore the full platform:** The Pixee platform adds AI-powered remediation and triage on top of Codemodder -- [learn how fix generation works](/how-it-works/fix-generation) + +--- + +## Frequently Asked Questions + +### What is Codemodder? + +Codemodder is an open source framework created by Pixee for building deterministic, security-focused code transformations. It supports Java (51+ codemods) and Python (60+ codemods), with a combined 110+ codemods publicly available on GitHub. + +### What is a codemod in security? + +A security codemod is a deterministic rule that transforms insecure code into secure code. Unlike AI-generated fixes, codemods produce the same output for the same input every time. There is no LLM involved, no variance, and no hallucination risk. Each codemod encodes a specific OWASP or SANS remediation pattern. + +### Can I run Codemodder without the Pixee platform? + +Yes. Codemodder is a standalone open source tool. Run it locally or in CI/CD to apply deterministic security fixes. The Pixee platform adds AI-powered MagicMods, triage automation, scanner integration, and enterprise deployment on top of Codemodder. + +### How does Codemodder relate to the Pixee platform? + +Codemodder powers the deterministic remediation layer. The Pixee platform builds on Codemodder and adds AI-powered fixes for novel patterns, triage automation for false positive reduction, native scanner integrations, and pull request delivery through your existing code review workflow. + +### What languages does Codemodder support? + +Codemodder currently supports Java (codemodder-java, 51+ codemods using ParseAndGo AST transformations) and Python (codemodder-python, 60+ codemods using LibCST, regex, and XML transformers). diff --git a/docs/open-source/contributing.md b/docs/open-source/contributing.md new file mode 100644 index 00000000..6edd8d25 --- /dev/null +++ b/docs/open-source/contributing.md @@ -0,0 +1,146 @@ +--- +title: Contributing to Pixee Open Source +slug: /open-source/contributing +track: dev +content_type: guide +seo_title: Contributing -- Pixee Docs +description: Contribution guide for codemodder-java, codemodder-python, and related Pixee open source projects. +sidebar_position: 4 +--- + +# Contributing to Pixee Open Source + +Pixee's core remediation engine is built on open source. You can contribute codemods (deterministic security fix rules), report bugs, improve documentation, or propose new detection patterns. Contributions go to the Codemodder repositories -- [codemodder-java](https://github.com/pixee/codemodder-java) and [codemodder-python](https://github.com/pixee/codemodder-python) -- under Apache 2.0 license. This guide covers the contribution workflow, quality standards, and community guidelines. + +## What You Can Contribute + +| Contribution Type | Repositories | Impact | +| ----------------- | ---------------------------------- | ------------------------------------------------------------- | +| **New codemods** | codemodder-java, codemodder-python | Expands automated fix coverage for a vulnerability pattern | +| **Bug fixes** | Any Pixee open source repo | Fixes issues in existing codemods or framework code | +| **Documentation** | Any Pixee open source repo | Improves README, API docs, or usage examples | +| **Test cases** | codemodder-java, codemodder-python | Adds edge case coverage to existing codemods | +| **Issue reports** | Any Pixee open source repo | Identifies bugs, suggests improvements, requests new codemods | + +New codemod contributions have the highest impact. Each new codemod directly expands the number of vulnerability patterns that Codemodder can fix automatically. If you want to build a full codemod, start with the [Custom Codemods](/open-source/custom-codemods) tutorial. + +## Contribution Workflow + +### Step 1: Find or Create an Issue + +Browse open issues in [codemodder-java](https://github.com/pixee/codemodder-java/issues) or [codemodder-python](https://github.com/pixee/codemodder-python/issues). Issues tagged **`good first issue`** are specifically scoped for new contributors. Issues tagged **`help wanted`** are ready for community pickup. + +If you want to contribute a new codemod, open an issue first describing the vulnerability pattern and your proposed fix. Discuss the approach before writing code. This saves time and ensures your contribution aligns with the project direction. + +### Step 2: Fork and Branch + +Fork the repository to your GitHub account and create a feature branch from `main`: + +```bash +git clone https://github.com/YOUR-USERNAME/codemodder-java.git +cd codemodder-java +git checkout -b feat/my-new-codemod +``` + +Follow the branch naming convention: + +- `feat/codemod-name` for new codemods +- `fix/issue-number` for bug fixes +- `docs/description` for documentation improvements + +### Step 3: Implement + +For new codemods, follow the [Codemodder](/open-source/codemodder) framework patterns. The [Custom Codemods](/open-source/custom-codemods) page has step-by-step build instructions for both Java and Python. + +For bug fixes, include a test that reproduces the bug before your fix and passes after it. + +For documentation, follow the existing style and structure in the repository. + +### Step 4: Test + +Add before/after test fixtures for new codemods and run the full test suite locally: + +```bash +# Java +./gradlew test + +# Python +pytest +``` + +Verify that your changes produce correct CodeTF output by running the codemod against a sample repository. + +### Step 5: Submit a Pull Request + +Push your branch and open a pull request against `main`: + +- Reference the issue number in the PR description +- Describe what the change does and why +- Include sample before/after code if submitting a new codemod +- Ensure CI checks pass + +### Step 6: Review and Merge + +Pixee maintainers review contributions for code quality, security correctness, and test coverage. Address review feedback promptly. Once approved, maintainers merge the PR. + +Security-sensitive contributions receive additional review from the Pixee security team. This is normal and ensures the fix rules meet the same quality bar as all existing codemods. + +## Quality Standards + +Every contribution must meet these standards: + +- **Before/after test fixtures are required** for every codemod. No exceptions. +- **Test coverage must include:** the primary vulnerable pattern, at least one code style variation, and at least one edge case. +- **Codemods must be deterministic.** Same input produces the same output every time. No external API calls, no network dependencies, no randomness in codemod execution. +- **Follow existing code style.** CI linters enforce formatting and conventions automatically. +- **One codemod or fix per PR.** Keep pull requests focused. Multiple unrelated changes in a single PR slow down review. + +## Community Guidelines + +**Code of Conduct.** All contributors are expected to engage respectfully and constructively. Review the CODE_OF_CONDUCT.md in each repository. + +**Issue etiquette.** Search existing issues before opening a new one. When reporting bugs, provide reproduction steps, the codemod involved, and the CodeTF output if applicable. + +**PR etiquette.** Keep PRs focused. Respond to review feedback. If a maintainer requests changes, address them or explain your reasoning -- both are fine. + +**Communication channels:** + +- **GitHub Issues** for bugs, feature requests, and codemod proposals +- **GitHub Discussions** for questions, ideas, and general conversation + +**License.** All contributions are submitted under Apache 2.0, the same license as the project. + +## Recognition + +Contributors are credited in release notes when their changes ship. Significant contributors are listed in the project's CONTRIBUTORS file. Particularly impactful codemod contributions may be highlighted in Pixee community updates. + +## Where to Start + +If this is your first contribution to Pixee: + +1. **Browse [`good first issue`](https://github.com/pixee/codemodder-java/labels/good%20first%20issue) tags** in either repository +2. **Read the [Codemodder](/open-source/codemodder) page** to understand the framework architecture +3. **Walk through the [Custom Codemods](/open-source/custom-codemods) tutorial** to see how codemods are built and tested +4. **Pick an issue, discuss it, and submit a PR** -- the maintainers are here to help + +Every codemod contributed expands the number of vulnerabilities the community can fix automatically. Your contribution matters. + +--- + +## Frequently Asked Questions + +### How do I contribute to Pixee's open source projects? + +Fork the repository, create a feature branch, implement your change with tests, and submit a pull request. Browse issues tagged `good first issue` for beginner-friendly contributions. New codemod contributions have the highest impact on the project. + +### What license are Pixee's open source projects under? + +Pixee's open source projects (codemodder-java, codemodder-python) are licensed under Apache 2.0. All contributions must be submitted under the same license. + +### What makes a good first contribution? + +Issues tagged `good first issue` are specifically scoped for new contributors with clear requirements. Bug fixes with reproduction steps and documentation improvements are also good starting points. Building a new codemod requires more familiarity with the Codemodder framework, so review the [Custom Codemods](/open-source/custom-codemods) tutorial first. + +### Where do I ask questions about contributing? + +Use GitHub Discussions in the relevant repository for questions, ideas, and conversation. Use GitHub Issues for specific bugs, feature requests, or codemod proposals. Maintainers are active in both channels. diff --git a/docs/open-source/custom-codemods.md b/docs/open-source/custom-codemods.md new file mode 100644 index 00000000..bb64851d --- /dev/null +++ b/docs/open-source/custom-codemods.md @@ -0,0 +1,242 @@ +--- +title: Custom Codemods +slug: /open-source/custom-codemods +track: dev +content_type: tutorial +seo_title: Custom Codemods -- Pixee Docs +description: Build custom security codemods using the Codemodder framework. Step-by-step tutorial for Java and Python. +sidebar_position: 3 +--- + +# Custom Codemods + +You can build custom codemods using Pixee's open source [Codemodder](/open-source/codemodder) framework to automate security fixes specific to your organization's codebase patterns. Custom codemods are deterministic transformation rules -- same input, same output, every time. This tutorial walks through building a custom codemod from scratch: defining the detection pattern, writing the transformation, testing it, and deploying it. + +## When to Build Custom Codemods + +The built-in codemods cover common vulnerability patterns from OWASP and SANS (see [Codemodder](/open-source/codemodder) for the full catalog). Custom codemods make sense when: + +- **Your organization has internal security patterns.** You enforce coding standards that go beyond public vulnerability databases. Maybe your team requires all HTTP clients to use an internal `SecureHttpClient` wrapper, or all database access to go through a custom query builder. +- **You use internal frameworks.** Your codebase has framework-specific utilities (e.g., a custom `SafeQueryBuilder` or `AuthenticatedRequestFactory`) that the built-in codemods do not know about. +- **You want auditable, repeatable fixes.** Rather than manually fixing the same pattern across hundreds of files, a codemod applies the same transformation everywhere, consistently and testably. +- **You want to contribute back.** If the pattern is general enough, you can submit your codemod to the open source repositories for the community. + +## Prerequisites + +**For Java codemods:** + +- JDK 17 or later +- Gradle (the codemodder-java build system) +- Familiarity with Java AST concepts (abstract syntax trees) + +**For Python codemods:** + +- Python 3.10 or later +- pip for dependency management +- Familiarity with LibCST or basic regex patterns + +**For both:** + +- A working understanding of the [Codemodder](/open-source/codemodder) architecture +- The vulnerability pattern you want to detect and the fix you want to apply + +## Tutorial: Build a Custom Java Codemod + +This example builds a codemod that detects direct `Statement.execute()` calls with user-controlled input and transforms them into parameterized `PreparedStatement` queries. + +### Step 1: Set Up the Development Environment + +```bash +# Clone the repository +git clone https://github.com/pixee/codemodder-java.git +cd codemodder-java +``` + +Review the project structure. Codemods live in the `core-codemods/` directory. Each codemod is a single class that extends the framework's base codemod class and registers itself for a specific vulnerability pattern. + +### Step 2: Define the Detection Pattern + +Before writing code, define clearly what the codemod detects and what it produces. + +**Vulnerable input (before):** + +```java +String query = "SELECT * FROM users WHERE id = " + userId; +Statement stmt = connection.createStatement(); +stmt.execute(query); +``` + +**Secure output (after):** + +```java +String query = "SELECT * FROM users WHERE id = ?"; +PreparedStatement stmt = connection.prepareStatement(query); +stmt.setString(1, userId); +stmt.execute(); +``` + +The codemod needs to: + +1. Find `Statement.execute()` calls where the query string is built via concatenation +2. Replace the `Statement` with `PreparedStatement` +3. Extract concatenated variables into parameterized placeholders +4. Add the corresponding `setParameter()` calls + +### Step 3: Write the Transformation + +Implement the codemod class by extending the framework's base class. The class declares which CWE or rule ID it handles, and the `visit` method contains the transformation logic. + +The transformation uses ParseAndGo to walk the Java AST, identify `Statement.execute()` nodes, and rewrite them. The framework handles file discovery, change tracking, and CodeTF output generation. + +Refer to the [codemodder-java CONTRIBUTING guide](https://github.com/pixee/codemodder-java/blob/main/CONTRIBUTING.md) for the current base class interfaces and registration patterns. + +### Step 4: Add Tests + +Every codemod requires before/after test fixtures: + +**Test fixture: `before/SqlInjection.java`** + +```java +// Contains the vulnerable code pattern +String query = "SELECT * FROM users WHERE id = " + userId; +Statement stmt = connection.createStatement(); +stmt.execute(query); +``` + +**Test fixture: `after/SqlInjection.java`** + +```java +// Contains the expected secure code after transformation +String query = "SELECT * FROM users WHERE id = ?"; +PreparedStatement stmt = connection.prepareStatement(query); +stmt.setString(1, userId); +stmt.execute(); +``` + +The test framework automatically runs the codemod against the `before` fixture and asserts the output matches the `after` fixture. Add multiple test cases covering: + +- The primary pattern (direct string concatenation) +- Variations in code style (different variable names, multi-line queries) +- Edge cases (multiple concatenated variables, nested expressions) +- Cases where the codemod should NOT transform (already parameterized queries) + +### Step 5: Register the Codemod + +Add the codemod to the registration system so the engine discovers it at runtime. Registration maps the codemod to its CWE identifier and assigns it a unique codemod ID (e.g., `pixee:java/sql-parameterizer`). + +### Step 6: Run and Validate + +```bash +# Build the project with the new codemod +./gradlew build + +# Run against a test repository +./gradlew run --args="--source /path/to/test-repo --codemod-include pixee:java/sql-parameterizer --output results.json" +``` + +Review the CodeTF output in `results.json` to verify the changes are correct. The output describes each file modified, the lines changed, and the security rationale. + +## Tutorial: Build a Custom Python Codemod + +Python codemods follow the same pattern with different tooling. This example builds a codemod that detects `yaml.load()` without a safe loader and transforms it to `yaml.safe_load()`. + +### Step 1: Set Up the Development Environment + +```bash +# Clone the repository +git clone https://github.com/pixee/codemodder-python.git +cd codemodder-python +pip install -e ".[dev]" +``` + +### Step 2: Define the Detection Pattern + +**Vulnerable input (before):** + +```python +import yaml + +with open("config.yml") as f: + config = yaml.load(f) +``` + +**Secure output (after):** + +```python +import yaml + +with open("config.yml") as f: + config = yaml.safe_load(f) +``` + +### Step 3: Choose a Transformer Strategy + +Python codemods support three transformer strategies: + +| Strategy | When to Use | This Example | +| ---------- | ---------------------------------------------------------------------------- | ---------------------------------------------------- | +| **LibCST** | Transforming Python source code (function calls, imports, class definitions) | Yes -- rewriting `yaml.load()` to `yaml.safe_load()` | +| **Regex** | Simple pattern replacements in config files or source | Not for this example | +| **XML** | Modifying XML configuration or manifest files | Not for this example | + +For this codemod, LibCST is the right choice because we are transforming a Python function call. + +### Step 4: Write the Transformation + +The codemod class extends the Python framework's base class and uses LibCST to locate `yaml.load()` calls and replace them with `yaml.safe_load()`. The framework handles file traversal, change tracking, and output generation. + +Refer to the [codemodder-python CONTRIBUTING guide](https://github.com/pixee/codemodder-python/blob/main/CONTRIBUTING.md) for the current base class interfaces and visitor patterns. + +### Step 5: Add Tests and Register + +Create before/after test fixtures following the same pattern as Java. Register the codemod with a unique ID (e.g., `pixee:python/safe-yaml-load`). + +### Step 6: Run and Validate + +```bash +# Run against a test repository +codemodder /path/to/test-repo --codemod-include pixee:python/safe-yaml-load --output results.json +``` + +## Testing Best Practices + +Reliable codemods require thorough testing: + +- **Before/after fixtures are mandatory.** Every codemod must have at least one fixture pair demonstrating the transformation. +- **Cover style variations.** Real codebases are messy. Test with different indentation, variable naming, multi-line expressions, and comment placement. +- **Test negative cases.** Include fixtures where the codemod should NOT transform code. A codemod that triggers false positives erodes trust. +- **Edge cases matter.** What happens with nested function calls? What about files with multiple instances of the pattern? What about partial matches? +- **Run against real repositories.** After unit tests pass, run the codemod against an actual codebase to validate behavior at scale. + +## Deploying Custom Codemods + +**Local and CI/CD.** Custom codemods run anywhere Codemodder runs. Add them to your CI/CD pipeline to enforce organization-specific security patterns on every commit: + +```bash +# Example CI/CD step +codemodder $WORKSPACE --codemod-include pixee:python/safe-yaml-load --output codetf-results.json +``` + +**Sharing across teams.** Package custom codemods as a separate module that depends on the Codemodder framework. Teams can pull your codemod package alongside the core engine. + +**Contributing upstream.** If your codemod addresses a general vulnerability pattern, consider [contributing it back](/open-source/contributing) to the open source repositories so the broader community benefits. + +--- + +## Frequently Asked Questions + +### Can I write custom codemods for Pixee? + +Yes. Using the open source Codemodder framework, you can build custom deterministic codemods for your organization's specific security patterns. Both Java and Python are supported with full framework tooling for testing and validation. + +### Do I need the Pixee platform to run custom codemods? + +No. Custom codemods built on Codemodder run standalone via CLI or in CI/CD. The Pixee platform can optionally integrate custom codemods into its full remediation workflow alongside built-in codemods and MagicMods. + +### What testing is required for custom codemods? + +Each codemod should have before/after test fixtures covering the primary pattern, code style variations, negative cases (where the codemod should not fire), and edge cases. Codemodder provides a testing framework that automatically validates fixtures. + +### Can I share custom codemods with the community? + +Yes. Submit custom codemods as contributions to the codemodder-java or codemodder-python open source repositories. See the [Contributing](/open-source/contributing) guide for the submission workflow and quality standards. diff --git a/docs/open-source/oss-overview.md b/docs/open-source/oss-overview.md new file mode 100644 index 00000000..32a6a70e --- /dev/null +++ b/docs/open-source/oss-overview.md @@ -0,0 +1,105 @@ +--- +title: Open Source Overview +slug: /open-source/overview +track: dev +content_type: guide +seo_title: Open Source Overview -- Pixee Docs +description: "Pixee open source projects: codemodder-java, codemodder-python, and the Codemodder framework for security-focused code transformations." +sidebar_position: 1 +--- + +# Open Source Overview + +Pixee maintains several open source projects that form the foundation of its deterministic remediation engine. The [Codemodder](/open-source/codemodder) framework provides language-specific engines for building security-focused code transformations. [codemodder-java](https://github.com/pixee/codemodder-java) (51+ codemods) and [codemodder-python](https://github.com/pixee/codemodder-python) (60+ codemods) are publicly inspectable on GitHub. These open source engines let customers and auditors review fix rules before trusting automated remediation in their codebase. + +## Why Open Source Matters for Security Remediation + +Automated code changes demand trust. When a tool modifies your source files, you need to know exactly what it does and why. Open source engines provide that transparency in a way that proprietary black-box tools cannot. + +**Trust through transparency.** Every deterministic codemod in Pixee's open source repositories is readable. Security teams and auditors can inspect the exact transformation rules that will be applied to their code. If a codemod parameterizes SQL queries or hardens deserialization, the logic is right there in the repository. + +**Community validation.** Open source codemods benefit from review and contribution by security engineers outside Pixee. Bugs get found faster. Edge cases get covered. The fix rules improve over time because more eyes are on the code. + +**Extensibility.** Organizations can build [custom codemods](/open-source/custom-codemods) on the Codemodder framework for their own internal security patterns. The framework is designed for extension, not just consumption. + +## Pixee Open Source Projects + +| Project | Language | Codemods | Description | +| ---------------------------------------------------------------- | -------------- | -------- | ------------------------------------------------------------------------------- | +| [codemodder-java](https://github.com/pixee/codemodder-java) | Java | 51+ core | Java codemod engine with AST transformations via ParseAndGo | +| [codemodder-python](https://github.com/pixee/codemodder-python) | Python | 60+ core | Python codemod engine with LibCST, regex, and XML transformers | +| [Codemodder framework](https://github.com/pixee/codemodder-spec) | Multi-language | N/A | Core specification and framework for building language-specific codemod engines | + +All projects are licensed under Apache 2.0. + +## Open Source vs. Pixee Platform + +The open source engines and the commercial Pixee platform serve different needs. Understanding the boundary helps you choose the right tool. + +**Open source engines** provide deterministic codemods only. No AI, no triage, no scanner integration, no PR workflow. You run them locally or in CI/CD against your codebase and get structured output describing every change. + +**The Pixee platform** builds on the open source engines and adds: + +- **AI-powered MagicMods** for vulnerability patterns that deterministic rules cannot reach (custom frameworks, multi-file dataflows, context-dependent sanitization) +- **Triage Automation** with false positive reduction via exploitability analysis +- **12 native scanner integrations** that ingest findings from Semgrep, CodeQL, Sonar, Snyk, and others +- **Pull request delivery** so developers review fixes through their existing code review process +- **Enterprise deployment** options including embedded cluster, Helm, and air-gapped environments + +The open source layer is the deterministic foundation. The platform adds intelligence, automation, and enterprise workflow on top. + +## Getting Started with Open Source + +To run the open source codemod engines locally: + +**Java:** + +```bash +# Clone the repository +git clone https://github.com/pixee/codemodder-java.git + +# Build and run against your project +./gradlew run --args="--source /path/to/your/project --output codetf-output.json" +``` + +**Python:** + +```bash +# Install from PyPI +pip install codemodder + +# Run against your project +codemodder /path/to/your/project --output codetf-output.json +``` + +The engines produce [CodeTF](/api/codetf) output, a structured format describing every transformation applied, what changed, and why. + +From here: + +- Read the [Codemodder](/open-source/codemodder) page for architecture details and the full codemod catalog +- Build your own security rules with the [Custom Codemods](/open-source/custom-codemods) tutorial +- Join the community through our [Contributing](/open-source/contributing) guide + +## License + +All Pixee open source projects are released under the **Apache License 2.0**. You can use, modify, and distribute the code in both open source and commercial projects. Contributions are accepted under the same license. + +--- + +## Frequently Asked Questions + +### Is Pixee open source? + +Pixee's deterministic codemod engines (codemodder-java, codemodder-python) are open source on GitHub under Apache 2.0. The full Pixee platform -- including AI-powered MagicMods, triage automation, and enterprise features -- is a commercial product built on these open source foundations. + +### What is the Codemodder framework? + +[Codemodder](/open-source/codemodder) is Pixee's open source framework for building language-specific, security-focused code transformations (codemods). It powers codemodder-java and codemodder-python, and you can use it to build custom codemods for your own security patterns. + +### Can I use Pixee's open source codemods without the platform? + +Yes. The open source codemod engines can be run locally or in CI/CD to apply deterministic security fixes without requiring the Pixee platform. The platform adds AI-powered fixes, triage, scanner integration, and enterprise features. + +### How do I contribute to Pixee's open source projects? + +See the [Contributing](/open-source/contributing) guide for the contribution workflow, quality standards, and community guidelines. Issues tagged `good first issue` are a great starting point. diff --git a/docs/platform/_category_.json b/docs/platform/_category_.json new file mode 100644 index 00000000..59562f00 --- /dev/null +++ b/docs/platform/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Platform Overview", + "position": 2, + "collapsible": true, + "collapsed": false, + "link": { + "type": "doc", + "id": "platform/what-is-agentic-security-engineering" + } +} diff --git a/docs/platform/architecture.md b/docs/platform/architecture.md new file mode 100644 index 00000000..5c075b58 --- /dev/null +++ b/docs/platform/architecture.md @@ -0,0 +1,138 @@ +--- +title: Platform Architecture +slug: /platform/architecture +track: leader +content_type: conceptual +seo_title: "Pixee Platform Architecture | How It All Fits" +description: Three-component architecture with progressive triage, hybrid remediation, and native PR delivery. End-to-end processing flow from scanner finding to merged fix. +sidebar_position: 2 +--- + +Pixee's Agentic Security Engineering Platform uses a three-component architecture -- a Java/Quarkus backend, a Python/FastAPI analysis service, and a React/TypeScript frontend -- to process vulnerability findings from any scanner through unified triage and remediation pipelines. Findings arrive via webhook or API, pass through a progressive triage engine, and exit as validated pull requests. The system handles everything from sub-second deterministic triage to multi-agent AI fix planning without requiring you to replace any existing tools. + +This page walks through the end-to-end processing flow, from scanner finding to merged fix. + +## End-to-End Processing Flow + +Every vulnerability finding follows the same path through Pixee, regardless of which scanner produced it or which language the code is written in: + +| Stage | What Happens | Output | +| ----------------------- | ---------------------------------------------------------------------------- | --------------------------------------------------------------------------------- | +| **1. Scan Ingestion** | Finding arrives via webhook or API; normalized into a common internal format | Standardized finding with maximum available metadata | +| **2. Triage** | Three-tier progressive analysis determines exploitability | Typed verdict (true positive, false positive, won't fix) with structured evidence | +| **3. Remediation** | Hybrid engine generates a validated fix for confirmed vulnerabilities | Code change that passed independent quality evaluation | +| **4. PR Delivery** | Fix shipped as a native pull request on your platform | Reviewable diff with vulnerability context, quality scores, and description | +| **5. Developer Review** | Your team reviews, tests, and merges through existing workflow | Merged fix or feedback | + +SAST and SCA findings both flow through this same pipeline. There is no separate workflow for dependency vulnerabilities versus first-party code findings. + +## Scan Ingestion + +Findings arrive from 12 native scanner integrations or any SARIF-producing tool: + +**Native integrations with dedicated handlers:** CodeQL (GitHub Advanced Security), SonarQube/SonarCloud, Checkmarx, Veracode, Snyk, Semgrep, AppScan, Polaris, GitLab SAST, Trivy, Datadog SAST, and Arnica SAST. + +Each native integration has a tool-specific handler that extracts maximum metadata from the scanner's output format. CodeQL findings include codeFlows and help documentation. Semgrep findings carry full rule descriptions. Metadata-poor tools like Checkmarx use rule-ID-based strategies to compensate for sparse SARIF output. + +**Universal SARIF fallback:** Any scanner that produces SARIF output works through tool-agnostic processing. Over 50 scanner tools have been validated via this path. No scanner is locked out of the pipeline. + +All findings are normalized into a common internal format before downstream processing. This normalization is what makes the triage and remediation engines scanner-agnostic -- they operate on standardized findings, not raw scanner output. + +## Triage Engine + +The triage engine classifies every finding through a three-tier progressive architecture. Each tier represents a different analysis strategy, and the system routes each finding to the cheapest sufficient tier automatically. + +| Tier | Strategy | Speed | LLM Cost | Best For | +| ---------------------- | ----------------------------------------- | ------------------------- | ----------- | ---------------------------------------------------------------------- | +| **Tier 1: Structured** | 15+ deterministic analyzers | Sub-second | Zero | Known patterns (SQL injection, XSS, command injection, path traversal) | +| **Tier 2: Agentic** | AI agents dynamically search the codebase | Seconds | Per-finding | Ambiguous findings, novel frameworks, custom security controls | +| **Tier 3: Adaptive** | Generates custom analyzers on the fly | Minutes (first encounter) | Per-finding | Novel rule types, proprietary scanners, custom rulesets | + +**Progressive fallback:** The system attempts Tier 1 first. If the deterministic analyzer cannot reach a high-confidence verdict, the finding escalates to Tier 2. If the agentic investigation cannot resolve it, Tier 3 generates a custom analyzer and caches it for future reuse. Most findings resolve at Tier 1. + +A shared context-aware intelligence layer enriches every tier with codebase signals: dataflow quality, production versus test classification, security control detection, and intentionally-vulnerable project filtering. Every verdict includes a typed status, adjusted severity, justification with code snippets, and a confidence score. + +For false positive reduction data, see [Triage Capabilities](/platform/triage). + +For full triage details, see [Triage Capabilities](/platform/triage) and [How the Triage Engine Works](/how-it-works/triage-engine). + +## Remediation Engine + +The remediation engine uses a hybrid-intelligence model: deterministic codemods handle known vulnerability patterns, and AI-powered MagicMods handle everything else. + +**Deterministic codemods:** Pre-built, rule-based transformations for known OWASP/SANS security patterns. Same input, same output, every time. Zero LLM involvement. Zero hallucination risk. Open-source engines (codemodder-java, codemodder-python) are publicly inspectable. See [Fix Generation](/how-it-works/fix-generation) for the full codemod library. + +**AI-powered MagicMods:** Handle custom frameworks, multi-file dataflow vulnerabilities, and novel patterns where deterministic rules cannot reach. Scanner-aware dispatchers for 8+ tools ensure the AI receives the right context for each scanner's output format. + +**Multi-agent fix planning:** Complex fixes that span dependency manifests, source files, and configuration changes are planned before execution. Specialized agents handle version decisions, source file identification, and manifest updates independently. Plans are evaluated for quality before code changes begin. + +**Independent fix evaluation:** Every generated fix passes through a separate quality gate scoring Safety (no breaking changes), Effectiveness (resolves the vulnerability), and Cleanliness (code quality). The evaluator runs as a separate inference call -- the generator does not grade its own work. Fixes that fail evaluation are retried with structured feedback or suppressed entirely. + +For merge rate data, see [Fix Safety](/how-it-works/fix-safety). + +For full remediation details, see [Remediation Capabilities](/platform/remediation) and [How Fix Generation Works](/how-it-works/fix-generation). + +## PR Delivery + +Validated fixes are delivered as native pull requests on GitHub, GitLab, Azure DevOps, or Bitbucket. PR-only delivery is a non-negotiable architectural constraint -- there is no mode, setting, or override that allows direct commits. + +Every PR includes: + +- **Full diff** showing exactly what changed +- **Vulnerability context** explaining what the scanner found and why the fix addresses it +- **Quality scores** from the independent fix evaluation +- **Detailed description** with remediation rationale + +Your existing code review policies, CI/CD pipelines, SAST re-scanning, and branch protection rules all apply to Pixee changes exactly as they apply to human-written code. The same SAST tools that found the original vulnerability also scan the proposed fix. + +Standard `git revert` applies if any merged change needs to be undone. There is no runtime dependency on Pixee for merged code -- removing Pixee leaves all previously merged fixes intact as standard code. + +## LLM Orchestration + +Pixee uses hierarchical model routing to assign the right AI capability to each task. Fast triage queries use lightweight models. Deep reasoning tasks use more capable models. Code generation uses models optimized for that purpose. + +The platform supports multiple LLM provider families: + +| Provider Family | Deployment Context | +| ------------------------------- | -------------------------------------- | +| OpenAI | Cloud deployments | +| Azure OpenAI / Azure AI Foundry | Enterprise cloud with Azure compliance | +| Anthropic Claude | Cloud deployments | +| Azure Anthropic | Enterprise cloud with Azure compliance | +| Any OpenAI-compatible endpoint | Custom or self-hosted LLM deployments | + +Customers choose providers based on compliance requirements, cost preferences, or performance needs. Bring Your Own Model (BYOM) support means enterprises deploy the LLM provider that satisfies their AI governance policies. + +For air-gapped deployments, a customer-hosted LLM is required. No code leaves the customer's environment. The only outbound connection is license validation, which can be proxied. + +## Three-Component Stack + +| Component | Technology | Responsibility | +| -------------------- | ------------------ | -------------------------------------------------------------------------------------------- | +| **Backend Platform** | Java / Quarkus | Platform orchestration, scan ingestion, PR authoring, API layer, webhook processing | +| **Analysis Service** | Python / FastAPI | Triage analysis, remediation generation, fix evaluation, SCA processing, code transformation | +| **User Platform** | React / TypeScript | Dashboard, findings management, configuration, reporting | + +The Analysis Service handles the computationally intensive work -- triage decisions, fix generation, and quality evaluation. The Backend Platform manages the integration surface: scanner webhooks, SCM platform APIs, and PR lifecycle. The User Platform provides visibility into triage outcomes, remediation activity, and configuration. + +## Frequently Asked Questions + +### What technology stack does Pixee use? + +Pixee is built on three components: a Java/Quarkus backend for platform orchestration, a Python/FastAPI analysis service for triage and remediation, and a React/TypeScript frontend for user interaction. LLM orchestration supports OpenAI, Azure OpenAI, Anthropic Claude, and any OpenAI-compatible endpoint. + +### Can Pixee work with my existing scanners? + +Yes. Pixee ingests findings from 12 natively integrated scanners (CodeQL, Semgrep, Checkmarx, Veracode, Snyk, SonarQube, and others) plus any tool that produces SARIF output. + +### How does Pixee deliver fixes? + +Every fix is delivered as a pull request on your existing platform (GitHub, GitLab, Azure DevOps, or Bitbucket). There is no direct commit mode. Your existing code review, CI/CD, and branch protection rules all apply. + +### Can Pixee run in an air-gapped environment? + +Yes. Pixee supports fully air-gapped deployment with a customer-hosted LLM. No code leaves the customer's environment. The only outbound connection is license validation, which can be routed through a proxy. + +### What happens if I stop using Pixee? + +All previously merged fixes remain as standard code in your repositories. There is no runtime dependency on Pixee. Removing Pixee does not affect any code that has already been merged. diff --git a/docs/platform/remediation.md b/docs/platform/remediation.md new file mode 100644 index 00000000..50a0646e --- /dev/null +++ b/docs/platform/remediation.md @@ -0,0 +1,99 @@ +--- +title: Remediation Capabilities +slug: /platform/remediation +track: leader +content_type: conceptual +seo_title: "Automated Vulnerability Remediation | 76% Merge Rate" +description: How Pixee generates security fixes using deterministic codemods and AI-powered generation with independent quality evaluation. +sidebar_position: 4 +--- + +Pixee generates validated security fixes and delivers them as pull requests. The hybrid-intelligence engine routes each vulnerability to the best fix method: deterministic codemods handle known patterns with zero AI variance, while AI-powered MagicMods handle novel and complex scenarios. Every fix passes independent quality evaluation before reaching a developer, and every change ships as a standard PR through your existing code review workflow. See [Fix Safety](/how-it-works/fix-safety) for merge rate data and [Fix Generation](/how-it-works/fix-generation) for the full codemod library. + +Remediation is co-equal with [triage](/platform/triage). + +## Hybrid Intelligence Model + +Pixee uses two fundamentally different fix engines, routed automatically based on the vulnerability type: + +| Engine | How It Works | When It Fires | Risk Profile | +| -------------------------- | -------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | +| **Deterministic codemods** | Pre-built, rule-based code transformations applying OWASP/SANS patterns | Known patterns: SQL injection parameterization, SSRF prevention, insecure deserialization, weak cryptography, insecure temp files, SSL/TLS upgrades | Zero hallucination risk. Same input, same output, every time. | +| **AI-powered MagicMods** | Constrained AI generation with dataflow-bounded context and per-rule knowledge base guidance | Custom frameworks, multi-file dataflow vulnerabilities, novel patterns, context-dependent sanitization | AI-generated, but independently evaluated before reaching a PR. | + +**Routing is automatic.** The system checks whether a deterministic codemod exists for the vulnerability type. If yes, the codemod fires -- sub-second, zero LLM cost. If no deterministic rule can handle it, a MagicMod generates a fix using scanner-aware context. No manual configuration. + +**Open-source engines.** The deterministic codemod engines (codemodder-java with 51 core codemods, codemodder-python with 60+ core codemods) are publicly inspectable. Customers and auditors can read the transformation rules before trusting them. + +**Scanner-aware dispatchers.** MagicMod includes scanner-aware dispatchers for each natively integrated scanner. Each dispatcher understands the scanner's output format and rule semantics, so the AI receives the right context for each finding. + +Known vulnerability patterns use deterministic codemods. AI-powered generation handles custom framework wrappers, multi-file dataflow vulnerabilities, and context-dependent patterns that require understanding the specific codebase. + +## Fix Quality Validation + +Every generated fix passes through an independent quality evaluation before a developer ever sees it. Bad fixes are rejected, not shipped. + +**Three-dimension rubric:** + +| Dimension | What It Evaluates | +| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | +| **Safety** | Does the fix introduce breaking changes? Could it cause regressions? Does it preserve the application's existing behavior for legitimate inputs? | +| **Effectiveness** | Does the fix actually resolve the vulnerability? Will the SAST scanner stop flagging this finding after the fix is applied? | +| **Cleanliness** | Does the fix meet code quality standards? Proper formatting, no extraneous changes, preserves existing comments? | + +An independent evaluator scores every fix on Safety, Effectiveness, and Cleanliness before it reaches a PR. Fixes that fail are retried with structured feedback or suppressed entirely. Scores that pass are included in the PR description so developers can see them. See [Fix Safety](/how-it-works/fix-safety) for the full rubric and process. + +## Multi-Agent Fix Planning + +Security fixes are not always single-file, single-line changes. A vulnerable dependency may require upgrading a library version in a manifest file, updating import statements in source files, and refactoring call sites that use changed APIs -- all as a single, atomic change. + +Pixee decomposes complex fixes across specialized agents rather than cramming everything into a single AI prompt: + +- **Version decision logic** -- determines which library version to target based on the vulnerability, framework compatibility, and runtime constraints +- **Source file identification** -- uses the vulnerability's dataflow evidence to identify which source files are affected +- **Manifest declaration updates** -- locates the exact line in the manifest file that needs to change + +The fix plan itself is evaluated for quality before execution begins. If the plan is incomplete or inconsistent, it receives structured feedback and is refined. Plans that cannot reach acceptable quality are not executed. + +The result is a single pull request that contains the manifest version bump AND the downstream source-file changes. No "upgrade succeeded, tests broken" half-states. + +## Developer Experience + +Fixes ship as native pull requests on GitHub, GitLab, Azure DevOps, or Bitbucket. A typical fix is 1-5 lines. Developers review, modify, or reject like any other code change. Your code review policies, CI/CD pipelines, SAST re-scanning, and branch protection rules all apply. + +Standard `git revert` applies if any merged change needs to be undone. There is no runtime dependency -- removing Pixee leaves all previously merged fixes intact as standard code in your repository. + +## Language and Scanner Coverage + +| Coverage Type | Details | +| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | +| **Languages** | Java, Python, JavaScript/TypeScript, .NET/C#, Go, PHP | +| **Native scanner integrations** | 12 (CodeQL, SonarQube, Checkmarx, Veracode, Snyk, Semgrep, AppScan, Polaris, GitLab SAST, Trivy, Datadog SAST, Arnica SAST) | +| **Universal SARIF** | Any SARIF-producing scanner (50+ validated) | +| **Platforms** | GitHub, GitLab, Azure DevOps, Bitbucket | + +Deterministic codemod coverage is deepest for Java (51+ codemods) and Python (60+ codemods), which together cover the most common enterprise vulnerability patterns. JavaScript/TypeScript, .NET, Go, and PHP have expanding codemod libraries supplemented by AI-powered generation for patterns not yet covered by deterministic rules. + +Fixes are generated regardless of which scanner found the vulnerability. SCA findings flow through the same remediation pipeline as SAST findings -- see [SCA Capabilities](/platform/sca) for dependency-specific details. + +## Frequently Asked Questions + +### What is a good merge rate for automated security fixes? + +Merge rate is measured on production pull requests, not theoretical accuracy. The rate reflects the combined effect of deterministic codemods for known patterns, independent quality evaluation for AI-generated fixes, and context-aware fix generation that matches codebase conventions. See [Fix Safety](/how-it-works/fix-safety) for current merge rate data. + +### How do AI-generated code fixes get validated before merging? + +Every fix passes through an independent quality evaluation scoring Safety (no breaking changes), Effectiveness (resolves the vulnerability), and Cleanliness (code quality). The evaluator is a separate inference call -- it does not share context with the generator. Fixes that fail are retried with structured feedback or suppressed. Developers see only pre-validated fixes. + +### What is the scope of Pixee's fixes? + +Pixee fixes SAST-identified security issues -- typically 1-5 lines applying established OWASP/SANS patterns. It uses deterministic codemods for known patterns and AI-powered generation with independent evaluation for novel patterns. All fixes are delivered as pull requests through your existing code review process. + +### What happens when the AI generates a bad fix? + +The independent fix evaluation gate catches it. Fixes that fail the Safety, Effectiveness, or Cleanliness evaluation are retried with structured feedback. If the fix still cannot pass after retries, it is suppressed entirely -- the developer never sees it. For fixes that pass evaluation and reach a PR, developers review and decide whether to merge. Standard `git revert` applies to anything merged that needs to be undone. + +### Does Pixee fix dependency vulnerabilities too? + +Yes. SCA findings flow through the same remediation pipeline as SAST findings. Dependency upgrades include both the manifest version bump and any downstream source-file changes in a single atomic PR. See [SCA Capabilities](/platform/sca) for full details. diff --git a/docs/platform/sca.md b/docs/platform/sca.md new file mode 100644 index 00000000..f48938a9 --- /dev/null +++ b/docs/platform/sca.md @@ -0,0 +1,94 @@ +--- +title: SCA Capabilities +slug: /platform/sca +track: leader +content_type: conceptual +seo_title: "SCA Triage & Remediation | Dependency Vulnerabilities" +description: How Pixee applies exploitability analysis to dependency vulnerabilities and delivers atomic upgrade PRs with code-level fixes. +sidebar_position: 5 +--- + +Pixee applies the same triage and remediation model to third-party dependency vulnerabilities that it applies to first-party code findings. When your existing SCA tools flag a CVE, Pixee determines whether the vulnerability is actually exploitable in your specific codebase -- not just whether the version is affected. Confirmed vulnerabilities get atomic upgrade PRs that include both the manifest version bump and any downstream source-file changes. The result: 85% SCA noise reduction and 90% less triage time. + +SCA capabilities are part of Pixee's unified pipeline. SAST and SCA findings flow through the same triage and [remediation](/platform/remediation) infrastructure -- no separate tools, no context-switching between first-party and third-party vulnerabilities. + +## Version Matching vs. Exploitability + +Standard SCA tools flag every CVE associated with an affected dependency version, regardless of actual exploitability: + +- **Version matching is not vulnerability matching.** A CVE may require specific configuration or API usage that your code never exercises. +- **CVSS scores carry zero codebase context.** A CVSS 9.8 in a library where the vulnerable function is never called does not represent a 9.8 in the application. + +## Exploitability Verification for Dependencies + +Pixee answers "Can this CVE actually be triggered in this codebase?" -- not just "Is this version theoretically affected?" + +**How exploitability verification works:** + +| Step | What Happens | +| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **1. External research** | A CVE research agent gathers CVE details, changelogs, patches, and release notes to identify the specific conditions required for exploitation | +| **2. Internal analysis** | The triage agent examines how the library is actually used in your code -- which functions are called, what input reaches them, what security controls exist | +| **3. Evidence-based classification** | Every "Not Exploitable" includes the conditions the CVE requires, analysis of each condition against your code, code snippets demonstrating why conditions are or are not met, and a defensible conclusion | +| **4. Cache acceleration** | Verified CVE+dependency combinations are cached. The same analysis is not repeated across repositories sharing common dependencies | + +**Concrete example:** A scanner flags a Spring WebFlux static resource authorization bypass (CVSS 6.9). The CVE requires three conditions: WebFlux controllers, Spring static resource handling, and a non-permitAll security rule. Pixee's analysis finds no WebFlux controllers, no Spring static resource APIs, and no non-permitAll protection rules. Two of three conditions are unmet. Classification: Not Exploitable, with the evidence. + +This is the difference between reachability ("does a code path exist?") and exploitability ("can an attacker actually walk it?"). Reachability is necessary but not sufficient. Pixee layers data flow analysis and condition verification on top of call-graph analysis to answer the question that matters. + +## Dependency Remediation + +When an SCA finding is triaged as a true positive, Pixee handles the fix through the same remediation pipeline as SAST findings: + +**Justified upgrades only.** The dependency agent bumps a version only when a verified vulnerability and exploitable path justify the change. No blind version bumping. + +**Atomic PRs.** A single Pixee PR contains both the manifest version bump AND the downstream source-file changes the upgrade requires. When a major version upgrade changes an API, the import statements and call sites are updated in the same diff. No "upgrade succeeded, tests broken" half-states. + +**Multi-manifest support:** + +| Language | Supported Manifest Formats | +| ---------- | -------------------------------------------------------------- | +| Python | requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg | +| Java | pom.xml, build.gradle | +| JavaScript | package.json | +| .NET | .csproj, packages.config | + +**Fix evaluation gate.** The same three-dimension quality rubric (Safety, Effectiveness, Cleanliness) that validates SAST fixes also validates dependency upgrade PRs. The evaluator confirms the upgrade resolves the vulnerability without introducing breaking changes. + +**Multi-file coordination.** The fix planning system coordinates across manifest files, source files, and configuration. Complex dependency upgrades that require code changes alongside the version bump are handled as a single, reviewable unit of work. + +## Transitive Dependency Handling + +Modern applications have hundreds to thousands of transitive dependencies. A vulnerability four layers deep through an unused code path is not the same risk as a direct exposure. + +Pixee handles transitive dependencies through full chain analysis: + +**Full chain tracing.** Traces the dependency chain from your application root through every intermediate library to the vulnerable package. Not just "library X has CVE Y" but "your app imports A, which imports B, which imports the vulnerable function in C." + +**TID identification.** Pixee surfaces the Taint Introducing Dependency -- the direct dependency in your manifest that begins the chain to the vulnerable transitive dependency. This tells developers exactly which dependency to address. + +**Severity calibration by depth.** Risk is adjusted based on the depth and nature of the dependency chain. A vulnerability in a direct dependency with proven reachability is higher risk than the same CVE four layers deep through an unused code path. + +**Combined blast radius.** When multiple dependencies lead to the same vulnerable transitive dependency, Pixee surfaces the combined exposure so teams understand the full scope. + +## Unified Pipeline + +SCA and SAST findings flow through the same triage engine, remediation pipeline, and PR delivery. SAST results inform SCA risk scoring -- a SAST finding in code that calls a vulnerable dependency function changes the exploitability calculus. No context-switching between tools, no separate dashboards. + +## Frequently Asked Questions + +### What is reachability analysis for SCA findings? + +Reachability analysis checks whether a vulnerable function in a dependency is reachable from your application code. Pixee goes further with exploitability analysis -- determining whether the specific conditions required to trigger the CVE are actually met in your codebase, not just whether a code path exists. The difference matters: a reachable function protected by a sanitizer is reachable but not exploitable. + +### How does Pixee handle transitive dependencies? + +Pixee traces the full dependency chain from your application through every intermediate library to the vulnerable package. It identifies exactly which direct dependency in your manifest to upgrade and coordinates manifest changes with downstream source-file refactoring in a single atomic PR. + +### Does Pixee replace my existing SCA tool? + +No. Pixee sits downstream of your existing SCA tools (Snyk, Trivy, and others). Your scanners continue to detect dependency vulnerabilities. Pixee adds exploitability verification and automated remediation on top. You do not need to change your detection stack. + +### What happens when a dependency upgrade would break my code? + +Pixee's dependency agent does not blindly upgrade to the latest version. It analyzes changelog data, API changes, and framework compatibility to select the right target version. The fix planning system includes downstream source-file changes in the same PR when an upgrade changes APIs. The fix evaluation gate validates that the upgrade does not introduce breaking changes before the PR is created. diff --git a/docs/platform/security.md b/docs/platform/security.md new file mode 100644 index 00000000..2442ba4a --- /dev/null +++ b/docs/platform/security.md @@ -0,0 +1,160 @@ +--- +title: "Security & Trust" +slug: /platform/security +track: leader +content_type: conceptual +seo_title: "Security & Trust | Pixee AI Safety and Guardrails" +description: How Pixee validates AI-generated fixes, protects your code, and preserves human authority. Fix validation layers, data handling, and deployment models. +sidebar_position: 6 +--- + +Pixee applies multiple independent validation layers before any AI-generated code change reaches a developer. Every fix must pass automated quality evaluation, and every fix ships as a pull request -- never a direct commit. Your existing code review, CI/CD pipelines, and SAST re-scanning all apply to Pixee changes exactly as they do to human-written code. The result: defense-in-depth controls that Responsible AI Councils, compliance officers, and engineering leaders can verify. See [Fix Safety](/how-it-works/fix-safety) for merge rate data. + +This page details what data Pixee accesses, where it goes, what controls prevent bad output, and how the architecture differs from general-purpose AI coding tools. If you are evaluating whether AI-generated code changes can be trusted in production, this is the page to read most carefully. + +## Trust Framework + +Pixee's trust model rests on three governing principles: + +**1. Narrow scope.** Pixee fixes SAST-identified security issues -- typically 1-5 lines adding input validation, parameterized queries, or safe API calls. It does not write features, generate business logic, or create new functionality. + +**2. Defense in depth.** No single validation layer is considered sufficient. Multiple independent checks operate in sequence: constrained generation, independent evaluation, pull request review, CI/CD testing, and SAST re-scanning. If one layer misses something, the next catches it. + +**3. Human authority preserved.** Pixee adds validation layers BEFORE changes reach your existing review process. Developers always have final approval. There is no mode, setting, or override that bypasses human review. + +These three principles produce the following architecture: + +## Fix Quality Validation + +Every fix passes through three independent layers before reaching a developer: + +### Layer 1: Constrained Generation + +The AI receives only security-relevant code context alongside established OWASP/SANS remediation patterns. No customer proprietary information is used in pattern libraries -- only industry-standard security guidance. This constrains the solution space to known-good security patterns rather than open-ended code generation. + +For common vulnerability patterns, generation is entirely deterministic. Pre-built codemods apply rule-based transformations with zero LLM involvement. Same input, same output, every time. These fixes carry zero hallucination risk by design. + +### Layer 2: Independent Evaluation + +A separate inference call -- structurally independent from the generator -- scores every fix on three dimensions: + +| Dimension | What It Checks | +| ----------------- | -------------------------------------------------------------------------------------------------------------------------- | +| **Safety** | No behavior changes beyond fixing the vulnerability. No breaking API changes, missing imports, or unintended side effects. | +| **Effectiveness** | Correctly addresses the security issue. The SAST scanner should stop flagging this finding after the fix is applied. | +| **Cleanliness** | Proper formatting, indentation, no extraneous changes. Preserves existing comments and code structure. | + +A fix must pass all three dimensions. This is not an aggregate score that lets a dangerous fix through because it scored well on formatting. See [Fix Safety](/how-it-works/fix-safety) for merge rate data. + +The critical design choice: the evaluator runs as a structurally independent inference call -- separate context window, separate system prompt, separate scoring rubric -- not the same process that generated the fix. This independence prevents the generator from grading its own work. For security leaders accustomed to defense-in-depth thinking, this is a familiar pattern -- multiple independent controls, no single point of reliance. + +**What happens when a fix fails:** The evaluator produces specific reasoning and suggestions. The generator uses this feedback to produce a better fix. If the fix still cannot pass after retries, it is suppressed entirely -- the developer never sees it, and the suppression reasoning is logged. + +### Layer 3: Customer Control Integration + +All changes are delivered as pull requests. Your controls then apply: + +- Code review by your development team +- CI/CD pipeline execution (tests, builds, linting) +- SAST re-scanning of the proposed fix by the same tools that found the original vulnerability +- Branch protection rules and merge requirements you have configured + +Pixee adds validation layers before your existing gates. It does not replace or bypass any of them. + +## Hybrid Intelligence Architecture + +Pixee does not rely on AI for every fix. The system uses a hybrid model with direct trust implications: + +**Deterministic codemods** handle known vulnerability patterns -- SQL injection parameterization, SSRF prevention, insecure deserialization, weak cryptography, and more. These are pre-built, rule-based transformations with zero LLM involvement. Zero hallucination risk. Reproducible output. The open-source engines (codemodder-java, codemodder-python) are publicly inspectable -- your security team or auditors can review the transformation rules before deploying Pixee. See [Fix Generation](/how-it-works/fix-generation) for the full codemod library. + +**AI-powered MagicMods** fire only when deterministic rules cannot reach -- custom framework wrappers, multi-file dataflow vulnerabilities, novel patterns. Every MagicMod fix passes through the full independent evaluation pipeline. Deterministic codemods do not need this gate because their output is pre-validated by design. AI fixes earn their way through. + +Deterministic codemods carry zero AI risk. AI-generated fixes receive additional validation through the independent evaluation pipeline. + +## Triage and Remediation Trust Architecture + +Beyond fix validation, the triage and remediation engines each embed trust-specific design choices: + +**Triage: beyond reachability.** Many tools stop at checking whether a vulnerable function is reachable. Pixee evaluates dataflow quality, production versus test classification, security control detection, and severity adjustment. Every verdict includes code snippets showing the evidence. Auditors can see exactly why a finding was classified as it was. The three-tier progressive architecture (deterministic, agentic, adaptive) means most findings resolve at Tier 1 with zero LLM cost and reproducible, auditable verdicts. See [Triage Capabilities](/platform/triage) for full details. + +**Remediation: multi-agent fix planning.** Complex multi-file fixes are planned before execution by specialized agents handling version decisions, source file identification, and manifest updates independently. Plans are evaluated for quality before code changes begin. The result: atomic PRs with no half-done upgrades. See [Remediation Capabilities](/platform/remediation) for full details. + +## Human-in-the-Loop Design + +PR-only workflow is a non-negotiable architectural constraint, not an optional configuration: + +- **Never direct commits.** No mode, setting, or override allows direct branch commits. +- **Full diff visibility.** Developers see what changed, why, and the quality scores. +- **SAST re-scanning.** The same tools that found the vulnerability scan the fix. +- **Standard Git rollback.** `git revert` applies to any merged change. +- **No lock-in.** Removing Pixee leaves all merged fixes intact. No runtime dependency. + +## Data Handling and Privacy + +What data Pixee accesses, and what it does not: + +**Input scope limitation.** Only code relevant to the specific vulnerability is sent to AI models -- not entire repositories. File paths are relative to project root only. No absolute paths, repository URLs, git metadata, commit hashes, or author information are sent. + +**Adversarial input protection.** Code analyzed by an LLM is itself a potential attack vector -- malicious comments or string literals could attempt prompt injection. Pixee mitigates this through input scope limitation (only vulnerability-relevant snippets sent), independent output validation (separate evaluator catches anomalous fixes), narrow generation scope (constrained to OWASP/SANS patterns), and deterministic-first routing (most fixes use zero-LLM codemods). For the full treatment of adversarial input defense, see [Security Architecture -- Adversarial Input Protection](/enterprise/security-architecture#adversarial-input-protection). + +**Stateless inference.** Each analysis is isolated. A single analysis cannot modify the model, persist across analyses, or affect other applications. + +**Customer-controlled AI deployment.** Pixee uses your own AI deployment -- Azure OpenAI, Azure AI Foundry, Anthropic Claude, or any OpenAI-compatible endpoint. Your contractual terms with that provider govern data handling. + +**On-premises deployment.** Pixee deploys entirely on-premises when required. No code leaves your environment. Three deployment models: + +| Model | What It Provides | +| ------------------------- | -------------------------------------------------------------------------------------------------- | +| **Embedded cluster** | Turnkey self-hosted deployment with all infrastructure included. No Kubernetes expertise required. | +| **Helm / BYO Kubernetes** | Deploys into your existing Kubernetes infrastructure (EKS, GKE, AKS, or self-managed). | +| **Air-gapped** | Fully disconnected operation with customer-hosted LLM. Zero outbound internet after installation. | + +## Enterprise Security Concerns Addressed + +Common questions about AI-generated code changes, answered with architectural details. + +### "AI-generated code is too risky for production." + +Most common patterns use deterministic codemods with zero AI involvement. AI-generated fixes pass an independent evaluation gate before a developer sees them. The PR workflow ensures nothing reaches production without human approval. The same SAST tools that found the issue scan the fix. + +### "We cannot send proprietary code to an LLM." + +Pixee sends relevant code snippets -- not entire repositories -- to your own AI deployment. Azure OpenAI and equivalent providers guarantee customer data is not used for model training. For on-premises deployments, code never leaves your infrastructure. The only outbound connection is license validation, which can be proxied. + +### "What types of changes does the AI make?" + +Pixee fixes SAST-identified security vulnerabilities (1-5 lines, OWASP/SANS patterns). Deterministic codemods handle known patterns with zero AI involvement. AI-generated fixes pass an independent evaluation layer before reaching a PR. Fixes that fail quality evaluation are suppressed. + +### "What about data residency?" + +Pixee deploys on-premises or in your cloud. AI inference uses your deployment in your region. Only outbound connection: license validation (can be proxied). Air-gapped deployments require zero outbound internet after installation. + +### "Our Responsible AI Council needs to review this." + +Pixee is designed for exactly this scrutiny. The architecture provides concrete answers to every question a governance committee asks: + +- **What does the AI generate?** Security fixes only -- 1-5 line changes applying OWASP/SANS patterns. +- **Who validates the output?** An independent evaluation layer (separate inference call), then your developers via PR review, then your CI/CD and SAST re-scanning. +- **Can it bypass human approval?** No. PR-only delivery is an architectural constraint, not a configuration option. +- **What data does it access?** Only code relevant to the specific vulnerability. No entire repositories, no PII, no secrets. +- **What if it is wrong?** Fixes that fail quality evaluation are suppressed. Fixes that pass are reviewed by developers. Merged fixes can be reverted with standard Git operations. +- **What is the deterministic floor?** Common vulnerability patterns are fixed with zero AI involvement using publicly inspectable, open-source codemod engines. See [Fix Generation](/how-it-works/fix-generation) for the codemod library. +- **What controls exist on the AI itself?** Constrained generation with security-specific context only, independent evaluation, structured retry with feedback, suppression on failure. + +## Frequently Asked Questions + +### Is automated vulnerability remediation safe for production code? + +Every fix passes independent quality evaluation (Safety, Effectiveness, Cleanliness) before reaching a PR. Most common patterns use deterministic codemods with zero AI involvement. Your existing code review, CI/CD, and SAST re-scanning all apply. See [Fix Safety](/how-it-works/fix-safety) for merge rate data. + +### What happens if an automated fix introduces a bug? + +Standard `git revert` applies -- every Pixee change is a normal Git commit within a PR. Fixes are typically 1-5 lines. There is no runtime dependency on Pixee for merged code. + +### How does Pixee handle my proprietary code? + +Pixee sends only vulnerability-relevant code to AI models, not entire repositories. On-premises deployment keeps all code within your environment. File paths are relative to project root only -- no absolute paths, repository URLs, git metadata, or author information. + +### How accurate are AI-generated security fixes? + +Many fixes use deterministic codemods with zero AI variance. AI-generated fixes pass an independent evaluation gate structurally separate from the generator. Fixes that cannot pass are suppressed, not shipped. See [Fix Safety](/how-it-works/fix-safety) for merge rate data. diff --git a/docs/platform/triage.md b/docs/platform/triage.md new file mode 100644 index 00000000..fa06f944 --- /dev/null +++ b/docs/platform/triage.md @@ -0,0 +1,107 @@ +--- +title: Triage Capabilities +slug: /platform/triage +track: leader +content_type: conceptual +seo_title: "Triage Automation | Up to 95% False Positive Reduction" +description: How Pixee triages vulnerability findings through three progressive tiers with structured, auditable evidence on every verdict. +sidebar_position: 3 +--- + +Pixee's triage engine classifies every vulnerability finding as true positive, false positive, or won't-fix through codebase-aware exploitability analysis -- not just pattern matching or reachability checks. The three-tier progressive architecture handles known patterns at sub-second speed, investigates ambiguous cases via AI agents, and generates custom analyzers for novel vulnerability types. The result: up to 95% false positive reduction with structured evidence on every verdict, across findings from 12 native scanner integrations. + +Triage is co-equal with [remediation](/platform/remediation). + +## Three-Tier Progressive Architecture + +Pixee routes every finding through a tiered system that applies the cheapest sufficient intelligence. No customer configuration is required -- the routing is automatic. + +| Tier | Strategy | Speed | LLM Cost | Auditability | Coverage | +| ---------------------- | ------------------------------------------------------- | ---------------------------------------------------------- | ---------------------------------- | ----------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | +| **Tier 1: Structured** | 15+ deterministic analyzers | Sub-second | Zero | Reproducible -- same input, same output | Known vulnerability classes (SQL injection, XSS, command injection, path traversal, and 12+ more) | +| **Tier 2: Agentic** | AI agents dynamically search the codebase | Seconds | Per-finding | Readable investigation trail with every search and reasoning step | Ambiguous findings, novel frameworks, custom security controls | +| **Tier 3: Adaptive** | Generates custom analyzers on the fly, caches for reuse | Minutes (first encounter), near-Tier-2 speed after caching | Per-finding (first encounter only) | Generated analyzer is inspectable | Novel rule types, proprietary scanners, custom rulesets | + +**How the fallback works:** + +1. A finding arrives from any SARIF-producing scanner. +2. Tier 1 checks whether a deterministic analyzer exists for this vulnerability class. If yes and confidence is sufficient, triage completes at sub-second speed. +3. If Tier 1 cannot decide, the finding routes to Tier 2. An AI agent investigates the codebase -- searching for security controls, tracing dataflow, and building an evidence chain. +4. If Tier 2 cannot resolve the finding (typically because the rule type is novel), Tier 3 generates a custom analyzer, runs it, and caches it for future use. +5. Regardless of which tier resolved it, every finding exits with the same structured verdict. + +**Cost efficiency:** Most findings resolve at Tier 1, where there is no LLM cost. Only genuinely complex findings incur AI inference cost. This amortizes AI expense across the full finding volume. + +**Self-extending coverage:** Every novel rule type Tier 3 encounters becomes a cached analyzer. The system's coverage grows automatically as customers connect new scanners. + +## Beyond Reachability + +Reachability analysis checks whether a vulnerable function is reachable from an application entry point. This is a useful first filter, but reachability alone does not determine whether a vulnerability is actually exploitable. + +Pixee evaluates multiple context dimensions beyond reachability: + +**Dataflow quality.** The system classifies the strength of dataflow evidence on a multi-tier scale. Strong multi-file taint propagation from source to sink is treated differently than a single-location pattern match. Higher dataflow quality increases confidence in true positive verdicts. Weak evidence can downgrade findings that basic reachability would flag as critical. + +**Production versus test classification.** A SQL injection pattern in a production API endpoint is critical. The same pattern in a test fixture is not. Pixee distinguishes between these contexts and adjusts severity accordingly, so dashboards reflect real exploit risk rather than raw rule counts. + +**Security control detection.** When a sanitizer, validator, or framework-specific protection exists between a source and a sink, the system identifies it and factors it into the verdict. This is the difference between "this function is reachable" and "this function is reachable but the input is sanitized before it arrives." + +**Intentionally-vulnerable project filtering.** Demo applications, CTF challenges, and security training repositories generate permanent noise in upstream scanners. Pixee detects these projects and filters them out of the triage pipeline. + +**Severity adjustment.** When context signals indicate that a finding's real-world risk differs from its raw scanner severity, the system adjusts up or down. A true positive with strong dataflow in production stays critical. The same rule on a weak match in a test fixture gets downgraded. + +## Structured, Auditable Outcomes + +Every triage verdict is a structured, machine-processable artifact. Every decision includes the evidence that drove it. + +| Verdict Component | What It Contains | +| ---------------------------------- | ------------------------------------------------------------------------------------------------------------- | +| **Typed status** | True Positive, False Positive, Won't Fix, or Suspicious -- not a numeric score | +| **Adjusted severity** | Severity re-ranked based on context signals (production vs. test, dataflow quality, control presence) | +| **Justification prose** | Human-readable explanation of why this verdict was reached | +| **Code snippets** | Specific code evidence -- the sanitizer location, dataflow path, or framework control that drove the decision | +| **Confidence score** | Quantified confidence in the verdict | +| **Investigation trail** (Tier 2/3) | Step-by-step record of agent searches, control checks, and reasoning chain | + +**Audit defensibility.** Compliance officers and auditors see exactly why a finding was suppressed. The justification and code snippets provide a defensible record for every triage decision. + +**Developer trust.** Developers see the sanitizer or control that justified a false positive verdict. This builds trust in the system and provides visibility into the reasoning. + +**Machine processability.** Typed statuses mean downstream systems can consume verdicts programmatically -- dashboards, workflow triggers, SLA tracking, and SIEM integrations all work with structured data rather than freeform text. + +**Override capability.** Security engineers can disagree with a verdict and override it, because they can see exactly what evidence the system used and where it may have been insufficient. + +Pixee triage verdicts are advisory. Your security team retains final authority over all classification decisions and can override any verdict. When Pixee classifies a finding as FALSE_POSITIVE but your team disagrees, the override is recorded and used to improve future classifications for your codebase. + +## Scanner-Agnostic Coverage + +Triage works across any SARIF-producing scanner. Customers with heterogeneous stacks -- multiple commercial scanners plus custom rules -- get a single triage layer that handles all of it. + +- **12 native integrations** with scanner-specific metadata extraction (CodeQL, SonarQube, Checkmarx, Veracode, Snyk, Semgrep, AppScan, Polaris, GitLab SAST, Trivy, Datadog SAST, Arnica SAST) +- **Universal SARIF ingestion** for any additional scanner (50+ validated) +- **Custom rule coverage** -- proprietary Semgrep rules, internal CodeQL queries, and custom scanner rulesets are handled by Tier 2 and Tier 3 without vendor integration work +- **Cross-tool deduplication** -- when multiple scanners flag the same finding, the system eliminates duplicates + +The triage layer sits above your existing detection stack. You do not need to change, consolidate, or replace any scanners to use Pixee. + +## Frequently Asked Questions + +### How does automated vulnerability triage reduce false positives? + +Pixee analyzes each finding's exploitability in the context of your specific codebase -- checking dataflow paths, security controls, production versus test classification, and code context -- rather than relying on pattern matching alone. This context-aware approach eliminates up to 95% of false positives with structured evidence on every verdict. Results vary by workload composition. Known vulnerability patterns handled by deterministic analyzers see the highest reduction rates. Mixed workloads that include novel patterns and custom scanner rules typically see 70-80% reduction as the baseline, with 95% achievable on well-characterized vulnerability classes. + +### What is exploitability analysis in application security? + +Exploitability analysis determines whether a scanner-reported vulnerability can actually be triggered in a specific codebase. It goes beyond simple reachability to evaluate dataflow quality, security control presence, and deployment context. The result is a verdict based on real exploit risk, not theoretical pattern matches. + +### Does Pixee work with multiple scanners at the same time? + +Yes. Pixee ingests findings from 12 natively integrated scanners plus any tool that produces SARIF output, providing unified triage across your entire scanner portfolio through a single pipeline. Customers running heterogeneous stacks get a single triage layer without per-scanner configuration. + +### What happens when Pixee encounters a scanner rule it has never seen? + +Tier 3 of the triage architecture generates a custom analyzer on the fly for novel rule types. That analyzer is cached, so the next finding with the same rule resolves faster. The system's coverage extends itself as customers connect new scanners -- no manual rule authoring or vendor integration requests required. + +### How do I know the triage verdicts are accurate? + +Every verdict includes the structured evidence that drove the decision -- specific code paths, security controls, dataflow evidence, and reasoning. Security engineers can review the evidence, validate the logic, and override any verdict. Tier 1 verdicts are deterministic and reproducible: same input, same output, every time. diff --git a/docs/platform/what-is-agentic-security-engineering.md b/docs/platform/what-is-agentic-security-engineering.md new file mode 100644 index 00000000..c524e75d --- /dev/null +++ b/docs/platform/what-is-agentic-security-engineering.md @@ -0,0 +1,92 @@ +--- +title: What is Agentic Security Engineering? +slug: /platform/what-is-agentic-security-engineering +track: leader +content_type: conceptual +seo_title: "What is Agentic Security Engineering? | Pixee" +description: Agentic security engineering uses purpose-built AI agents to triage and remediate application security vulnerabilities. Definition, architecture, and processing flow. +sidebar_position: 1 +--- + +Agentic security engineering is a discipline where purpose-built AI agents autonomously triage and remediate application security vulnerabilities across the full development lifecycle. Pixee's platform combines triage automation with remediation automation across 12 native scanner integrations. See [Triage](/platform/triage) and [Fix Safety](/how-it-works/fix-safety) for details. + +Pixee sits downstream of your security scanners. It receives findings via webhook or API, determines which are exploitable, generates validated fixes, and delivers them as pull requests. + +## How Agentic Security Engineering Works + +Pixee provides two co-equal capabilities: triage automation and remediation automation. + +### Triage Automation + +Every scanner finding passes through exploitability analysis that goes beyond basic pattern matching: + +- **Reachability analysis:** Can an attacker actually reach the vulnerable code through the application's entry points? +- **Data-flow analysis:** Does untrusted data actually flow to the vulnerable function in a way that could be exploited? +- **Context signals:** Is this code in production or a test fixture? Is there a sanitizer or security control upstream that the scanner missed? + +The triage engine classifies each finding as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX. Every classification includes a structured justification — the specific code paths, security controls, or context that drove the decision. This is not a confidence score. It is an auditable investigation trail. + +See [Triage Capabilities](/platform/triage) for false positive reduction data. + +### Remediation Automation + +For confirmed vulnerabilities, the platform generates context-aware code fixes: + +- **Deterministic codemods:** Pre-built, rule-based transformations for known vulnerability patterns. Same input, same output, every time. Zero LLM involvement. Zero hallucination risk. These handle the predictable patterns -- SQL injection parameterization, XSS output encoding, insecure API replacement. + +- **AI-powered generation:** For novel or complex patterns where deterministic rules cannot reach, constrained AI generates fixes that are independently evaluated for Safety, Effectiveness, and Cleanliness before any developer sees them. + +- **Pull request delivery:** Every fix ships as a standard PR in GitHub, GitLab, Azure DevOps, or Bitbucket. Never a direct commit. Your existing code review, CI/CD pipeline, and SAST re-scanning all apply. + +See [Fix Safety](/how-it-works/fix-safety) for merge rate data and [Fix Generation](/how-it-works/fix-generation) for the full codemod library. + +## What Makes It "Agentic" + +The term "agentic" distinguishes this approach from both rule-based automation and general-purpose AI coding tools: + +**Purpose-built agents, not general-purpose assistants.** These agents are trained for security vulnerability analysis. They do not write features, generate business logic, or perform open-ended code completion. Their scope is narrow: SAST-identified security issues, typically 1-5 lines of code applying OWASP/SANS established patterns. + +**Reasoning-and-acting loop.** Agents observe a finding, select an investigative tool (code search, call-graph traversal, security-control detection), execute it, evaluate the result, and iterate until they have sufficient evidence to make a classification. This is not a single-pass classification — it is a dynamic investigation. + +**Multi-agent orchestration.** Specialized agents handle distinct tasks independently: triage analysis, fix planning, dependency resolution, and fix quality evaluation. The agent that generates a fix is not the agent that evaluates it — preventing self-grading. + +**Hybrid intelligence architecture.** The system routes each task to the cheapest sufficient method. Known patterns get deterministic rules (sub-second, zero cost). Complex patterns get AI investigation. Novel patterns generate new analyzers that are cached for future reuse. This routing happens automatically -- the user never selects a mode. + +## The Four-Layer Security Stack + +Pixee adds triage, remediation, and delivery layers on top of your existing detection tools: + +| Layer | Function | Who Provides It | +| ------------------ | ----------------------------------------- | ------------------------------------------------------------------------------------ | +| **1. Detection** | Find vulnerabilities | Your existing scanners (SonarQube, Checkmarx, Semgrep, CodeQL, Snyk, Veracode, etc.) | +| **2. Triage** | Determine which findings are real threats | Pixee -- see [Triage](/platform/triage) | +| **3. Remediation** | Generate validated code fixes | Pixee -- deterministic + AI hybrid. See [Fix Safety](/how-it-works/fix-safety) | +| **4. Delivery** | Ship fixes through existing workflow | Pixee — PRs in GitHub, GitLab, ADO, Bitbucket | + +Pixee integrates natively with 12 scanners and accepts any SARIF-producing tool. No changes to your detection stack are required. + +## Frequently Asked Questions + +### What is agentic security engineering? + +Agentic security engineering is a discipline where purpose-built AI agents autonomously triage and remediate application security vulnerabilities. These agents analyze exploitability, generate context-aware fixes, and deliver them as pull requests for developer review. The approach uses hybrid intelligence -- deterministic rules for known patterns and constrained AI for novel scenarios. + +### What is the difference between vulnerability detection and remediation? + +Detection tools (SAST, SCA, DAST scanners) find potential vulnerabilities. Remediation tools fix them. Agentic security engineering automates both triage and fix generation to close the loop between detection and resolution. + +### What is a resolution layer in application security? + +A resolution layer sits downstream of scanners and automates two tasks: triaging findings to separate real threats from false positives, and generating validated fixes for confirmed vulnerabilities. It does not replace detection tools. + +### How does automated vulnerability triage work? + +Pixee routes each finding through a progressive triage chain. Deterministic analyzers handle known patterns at sub-second speed and zero cost. AI agents dynamically investigate ambiguous findings using code search, call-graph traversal, and security-control detection. Each verdict includes structured evidence showing why the finding was classified as true positive, false positive, or won't-fix. + +### What does scanner-agnostic mean in security tools? + +A scanner-agnostic tool works with any vulnerability scanner rather than requiring a specific vendor's output. Pixee ingests findings from 12 natively integrated scanners and any SARIF-producing tool, so organizations keep their existing detection stack while adding automated triage and remediation. + +### What types of changes does Pixee make? + +Pixee fixes SAST-identified security vulnerabilities -- typically 1-5 line changes applying OWASP/SANS patterns. Deterministic codemods handle known patterns with zero AI involvement. AI-powered fixes pass independent quality evaluation. All changes are delivered as pull requests through your existing code review process. diff --git a/docs/running_on_public_github_repos.md b/docs/running_on_public_github_repos.md deleted file mode 100644 index 52eac565..00000000 --- a/docs/running_on_public_github_repos.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -sidebar_position: 2 ---- - -# For public repositories without tools - -This page describes how to help set up Pixee on a public GitHub repository that doesn't have any tools configured yet. Note that some features are only available in our enterprise offering. - -## Step 1: Choose and set up your repository - -On the repository you want to secure, enable GitHub _Issues_ so you can see the Pixee dashboard. You can always disable this later if, after you review, you prefer using our dashboard. - -1. In your repository, go to `Settings` > `General`. -2. Under the `Features`, select `Issues`. - -## Step 2: Choose CodeQL or SonarQube Cloud - -For ease of integration, we suggest picking either CodeQL (through GitHub Advanced Security) or SonarQube Cloud. Both can be used to find vulnerabilities in your code, are free for public repositories, and offer simple onboarding. CodeQL is more focused on security than quality, but Sonar has a large rule based and is trusted by developers all over the world. Both are great choices. - -### SonarQube Cloud - -[Follow these instructions](https://docs.sonarsource.com/sonarqube-cloud/getting-started/github/) for installing SonarQube Cloud (to make things easier, login with your GitHub identity). - -### CodeQL through GitHub Advanced Security (GHAS) - -1. In your repository, go to `Settings` > `Code Security`. -2. Under the `Tools` > `CodeQL analysis`, hit `Set up`, then `Default`. - -You may want to wait until the first scan finishes before moving onto the next step. You can see when it finishes by going to `Actions` and watching the progress of the recently-run CodeQL job. - -## Step 3: Install Pixeebot - -With the tool properly configured, the next step is to install Pixee. - -1. Go to our [GitHub App page](https://github.com/apps/pixeebot/). -2. Click `Install` (or `Configure`) and follow the prompts from GitHub. You'll be directed to your Pixee dashboard once the installation process is complete. - -## Step 4: See fixes available - -1. Wait a few minutes for Pixee to process the results associated with the default branch. -2. There should be a new issue that shows which fixes are currently available. - -import IssueDashboard from '/img/issue-dashboard.png'; - -Issue dashboard - -You can use this dashboard to see what fixes are available, coming soon or summon Pixee to issue the fixes. - -> Note: This GitHub-led experience will only show output from our AutoTriage AI agent when you make PRs that have security issues. To take advantage of this feature at scale, [contact us](https://pixee.ai/demo-landing-page)! diff --git a/docs/supported-scms.md b/docs/supported-scms.md deleted file mode 100644 index d032e495..00000000 --- a/docs/supported-scms.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: "Supported SCMs" -sidebar_position: 1.5 ---- - -# Supported SCMs - -

- - - - - - - - - - - - - -
GitHubGitLabAzure DevOpsBitbucket
GitHubGitLabAzure DevOpsBitbucket
-
- -
- -
- Pixee integrates with the following Source Control Management (SCM) platforms: -
- -### GitHub - -Fully supported for PR improvements, automated triage, and automated fixes in both public and private repositories. - -### GitLab - -Fully supported for PR improvements, automated triage, and automated fixes in both public and private repositories. - -### Azure DevOps - -Fully supported for PR improvements, automated triage, and automated fixes in both public and private repositories. - -### Bitbucket - -Fully supported for PR improvements, automated triage, and automated fixes in both public and private repositories. - -## Don't See Your Platform? - -Reach out to us at [hi@pixee.ai](mailto:support@pixeebot.com) to discuss support for additional SCM platforms. diff --git a/docs/using-pixeebot.md b/docs/using-pixeebot.md deleted file mode 100644 index 7ea9dcfe..00000000 --- a/docs/using-pixeebot.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -sidebar_position: 6 ---- - -# User guide - -## Continuous improvement - -After installing Pixee and connecting it to your code scanning services, Pixee will begin opening pull requests against your repositories. There is no need to summon Pixee manually - all of your improvements will come automatically at a manageable weekly cadence. - -## Summoning Pixee - -If you have merged all your Pixee pull requests and you're eager to see more recommendations, you can summon Pixee manually. Simply reply to a pull request or open an issue with the following command: - -`@pixeebot next` - -This will let Pixee know it should immediately open a new pull request with additional improvements for this repository. - -### Summon via an issue - -GitHub users can also open an issue with the summon command in the issue body: - -![Summon from issue](/img/summon1.png) - -Within a couple of minutes, Pixee will open a new pull request with additional improvements for your repository: - -![Summon from issue](/img/summon3.png) - -## Pull request reminders - -If a Pixee pull request remains open, two automatic reminders will occur over time in the form of comments on the pull request. - -If the pull request is still not merged or closed after two weeks, Pixee will close it automatically with a final comment. - -If a closed pull request indicates additional recommendations are available, Pixee can still be summoned after the pull request has been reopened. - -## Pixee status - -When a pull request is opened, Pixee will initiate its run, and you can monitor progress in the status checks section of your pull request. - -If Pixee does not have any recommendations, it will mark the check as Successful. If recommendations are found, a separate pull request will be generated, and the check will be marked as Neutral. Review the check details to access the new pull request link and additional information regarding the recommendations. If you merge the new pull request, the original check will register this and be updated to Successful. - -> Note: Pixee will only run when the pull request is first opened. If subsequent commits are introduced, Pixee will not initiate another run and the check will disappear, as progress is linked to the initial commit. - -![checks in progress](/img/checks_in_progress.png) - -## Pixee activity - -The Activity dashboard exists as a GitHub Issue and offers a holistic perspective on Pixee's functionality within your repository. Through this interface, you can conveniently monitor your open pull requests, other available recommendations, and more. The dashboard is automatically enabled upon installation, provided that GitHub Issues are also enabled for your repository. - -The issue can remain open, and the data will automatically refresh with each Pixee analysis that occurs. If the issue is closed, the feature will be disabled and the data will become stale. Reopening it will reactivate the dashboard, and resume auto-updates when Pixee runs. diff --git a/docusaurus.config.js b/docusaurus.config.js index 3f138097..1402f42b 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -70,27 +70,138 @@ const config = { "@docusaurus/plugin-client-redirects", { redirects: [ + // Old top-level pages → new IA + { from: "/intro", to: "/" }, + { from: "/installing", to: "/" }, + { from: "/faqs", to: "/faq/general" }, + { from: "/languages", to: "/languages/overview" }, + { from: "/open-pixee", to: "/open-source/overview" }, { - to: "/code-scanning-tools/overview", - from: "/integrations", + from: "/running_on_public_github_repos", + to: "/getting-started/github", }, + { from: "/supported-scms", to: "/" }, + { from: "/using-pixeebot", to: "/getting-started/github" }, + { from: "/getting-started", to: "/" }, + { + from: "/configuration/scheduling", + to: "/configuration/operations", + }, + + // Old code-scanning-tools/* → new integrations/scanners/* + { + from: "/code-scanning-tools/overview", + to: "/integrations/overview", + }, + { + from: "/code-scanning-tools/codeql", + to: "/integrations/scanners/codeql", + }, + { + from: "/code-scanning-tools/contrast", + to: "/integrations/scanners/contrast", + }, + { + from: "/code-scanning-tools/semgrep", + to: "/integrations/scanners/semgrep", + }, + { + from: "/code-scanning-tools/snyk", + to: "/integrations/scanners/snyk-code", + }, + { + from: "/code-scanning-tools/sonar", + to: "/integrations/scanners/sonarqube", + }, + { + from: "/code-scanning-tools/sonarqube", + to: "/integrations/scanners/sonarqube", + }, + + // Pre-existing /integrations/* aliases → updated to new IA + { from: "/integrations", to: "/integrations/overview" }, { - to: "/code-scanning-tools/sonar", from: "/integrations/sonar", + to: "/integrations/scanners/sonarqube", }, + + // Flat /integrations/ URLs from the prior PR → new SCM/scanner subfolders { - to: "/code-scanning-tools/codeql", from: "/integrations/codeql", + to: "/integrations/scanners/codeql", }, { - to: "/code-scanning-tools/semgrep", from: "/integrations/semgrep", + to: "/integrations/scanners/semgrep", + }, + { + from: "/integrations/snyk-code", + to: "/integrations/scanners/snyk-code", + }, + { + from: "/integrations/sonarqube", + to: "/integrations/scanners/sonarqube", }, + { + from: "/integrations/veracode", + to: "/integrations/scanners/veracode", + }, + { + from: "/integrations/checkmarx", + to: "/integrations/scanners/checkmarx", + }, + { + from: "/integrations/appscan", + to: "/integrations/scanners/appscan", + }, + { + from: "/integrations/contrast", + to: "/integrations/scanners/contrast", + }, + { + from: "/integrations/gitlab-sast", + to: "/integrations/scanners/gitlab-sast", + }, + { from: "/integrations/github", to: "/integrations/scms/github" }, - // You can add more redirects here as needed + // Removed consolidated wrappers → overview + { + from: "/integrations/commercial-scanners", + to: "/integrations/overview", + }, + { + from: "/integrations/oss-aggregator-scanners", + to: "/integrations/overview", + }, + { + from: "/integrations/scm-platforms", + to: "/integrations/overview", + }, ], }, ], + "docusaurus-plugin-llms", + ], + + headTags: [ + { + tagName: "script", + attributes: { type: "application/ld+json" }, + innerHTML: JSON.stringify({ + "@context": "https://schema.org", + "@type": "Organization", + name: "Pixee", + url: "https://pixee.ai", + logo: "https://pixee.ai/images/pixee-logo.png", + sameAs: [ + "https://github.com/pixee", + "https://www.linkedin.com/company/pixee/", + "https://twitter.com/pixaboratory", + ], + description: + "Pixee automates security vulnerability triage and remediation at scale.", + }), + }, ], themeConfig: diff --git a/migration/ASSESSMENT.md b/migration/ASSESSMENT.md new file mode 100644 index 00000000..f35154f0 --- /dev/null +++ b/migration/ASSESSMENT.md @@ -0,0 +1,284 @@ +# docs.pixee.ai Migration — Assessment & Plan + +**Date:** 2026-05-05 +**Status:** Migration executed locally on branch `redesign/v2-content` (`pixee/docs`). Three commits ready to push. Build clean, all 72 pages return 200, redirects working. Awaiting push + PR. + +--- + +## 1. The three repos and how they fit together + +| Repo | Role | +| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ | +| `pixee-resources/Pixee-Marketing-OS` | Source of the **new** docs content (PR #117, merged 2026-04-28). Lives at `10_execute_short_term/pixee_docs/`. | +| `pixee/docs` | Docusaurus 3.x **source** repo. Currently has ~9 thin pages. Migration PR target. | +| `pixee/internal-docs` | **Deploy target only.** Every commit is `Deploy website - based on `. Serves `docs.pixee.ai` via GitHub Pages. We never edit this directly. | + +**Deploy flow** (`pixee/docs/.github/workflows/deploy.yml`): + +- PR to `pixee/docs#main` → `yarn build` runs as a check (test build only, no deploy). +- Push to `pixee/docs#main` → SSH-deploys via `yarn deploy` to `pixee/internal-docs#main`. That commit is what `docs.pixee.ai` serves. + +`docusaurus.config.js` confirms: `organizationName: "pixee"`, `projectName: "internal-docs"`, `deploymentBranch: "main"`. + +--- + +## 2. What's coming from PR #117 + +Lives at `Pixee-Marketing-OS/10_execute_short_term/pixee_docs/`: + +- **71 markdown pages** in `pages/` across 10 sections: api (5), configuration (7), enterprise (11), faq (3), getting-started (8), how-it-works (6), integrations (14), languages (7), open-source (4), platform (6). + - The handoff spec says 76; on-disk has 71. PR #117 did 13→4 consolidation in some folders. **Treat on-disk as truth.** +- Frontmatter is already Docusaurus-shaped: `title`, `slug`, `track` (`dev` | `leader` | `both`), `content_type`, `seo_title`, `meta_description`. +- Filenames are prefixed with a global ordinal (`01_…65_`). **Drop on copy.** +- No JSX/MDX in body content. Only `<…>` are inside code fences (Maven XML, csproj). Conversion is essentially a copy. + +**Two data-quality issues the migration script must handle:** + +1. **Track field case is inconsistent** — values include `dev`, `DEV`, `both`, `BOTH`, `leader`, `LEADER`, plus one stray `[leader, …]` array. Normalize to lowercase string. +2. **29 of 71 pages have duplicated frontmatter keys** (e.g., `title:` and `slug:` listed twice). Dedup, keeping the last occurrence (YAML parsers vary; Docusaurus accepts the last). + +Companion artifacts in `pixee_docs/`: + +- `site_architecture.md` — IA, sidebar mockup, URL structure +- `HANDOFF_SPEC.md` — implementation checklist +- `content_briefs/` — 76 per-page SEO briefs (we may extract some metadata from these later; not in v1 scope) +- `technical/` — `llms.txt`, `schema_specs.md`, `cross_domain_linking.md`, `entity_consistency.md` +- `gated_content/`, `quality_reviews/`, `extracts/`, `research_*` — out of scope for the docs migration. + +--- + +## 3. What's there today (`pixee/docs`) + +Total: ~9 pages, 729 lines. Auto-generated sidebar from filesystem. + +``` +docs/ +├── intro.md +├── installing.md +├── faqs.md +├── languages.md +├── open-pixee.md +├── running_on_public_github_repos.md +├── supported-scms.md +├── using-pixeebot.md +└── code-scanning-tools/ + ├── overview.md + ├── codeql.md + ├── contrast.md + ├── semgrep.md + ├── snyk.md + ├── sonar.md + └── sonarqube.md +``` + +Existing redirects in `docusaurus.config.js`: + +- `/integrations` → `/code-scanning-tools/overview` +- `/integrations/sonar` → `/code-scanning-tools/sonar` +- `/integrations/codeql` → `/code-scanning-tools/codeql` +- `/integrations/semgrep` → `/code-scanning-tools/semgrep` + +These flip direction in v1: the new IA _is_ `/integrations/*`. + +--- + +## 4. Decisions + +| # | Decision | Rationale | +| --- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | +| 1 | **Drop numeric filename prefixes.** Inject `sidebar_position` from prefix into frontmatter (renumbered dense per folder). | Filenames are messy; ordering belongs in frontmatter. | +| 2 | **Autogen sidebar.** No hand-built sidebar, no swizzle. | User preference. | +| 3 | **No track badges in the sidebar.** Originally we agreed to put `[DEV]/[LEADER]/[BOTH]` badges in `_category_.json` labels. Reverted after seeing it rendered — the badges read as visual noise. The `track:` field stays in frontmatter for potential v2 use (in-page audience pill). | Cleaner sidebar; no information lost since users can still see context per page. | +| 4 | **Skip the in-page "for: Developers" badge.** | Avoids swizzling theme components. | +| 5 | **Flatten Integrations** — drop the spec's `── Deep Integrations ── / ── Scanner Integrations ── / ── Platforms ──` sub-headers. All 14 integrations sit at the same level under `/integrations/`. | Sub-headers would require either a hand-built sidebar or splitting into subfolders (which would change URLs). Flat is cleaner. | +| 6 | **Skip React components for v1.** No ``, no ``, no ``. Defer to v2. | Trim scope. | +| 7 | **Include all config-file-level SEO improvements in v1.** See §6. | "Free" wins via headTags + static files + plugins. | +| 8 | **Redirect every old URL** to its closest new equivalent. Preserve SEO regardless of traffic ranking. | With only 9 old pages, the redirect table is trivial; cost of being thorough is negligible. | +| 9 | **Create `/integrations/contrast`** as part of the migration (the new IA needs a Contrast page; PR #117 didn't include one). Drafted from the existing 4-line `contrast.md` + public Contrast Security docs, matching the new docs voice (neutral, no marketing). David reviews before merge. | Contrast must exist in the new IA. | +| 10 | **One big PR** on `pixee/docs`, branch `redesign/v2-content`. Iterate locally. | User preference. | +| 11 | **Replace the React landing page with the welcome doc at `/`.** Deleted `src/pages/index.js` + `src/components/HomepageFeatures/`. Set `slug: /` on the welcome page so `docs.pixee.ai/` IS the welcome content (matches the spec). | Two competing landings (React hero + welcome doc) was confusing; the spec puts welcome at root. | + +--- + +## 5. Redirect table + +All old URLs → new equivalents. Implemented via `@docusaurus/plugin-client-redirects` (already installed). + +| Old URL | New URL | Notes | +| --------------------------------- | ----------------------------- | -------------------------------------------------------------- | +| `/intro` | `/` | Welcome doc lives at root. | +| `/installing` | `/` | Welcome page has platform tiles. | +| `/faqs` | `/faq/general` | New IA splits FAQ into general / enterprise / troubleshooting. | +| `/languages` | `/languages/overview` | | +| `/open-pixee` | `/open-source/overview` | | +| `/running_on_public_github_repos` | `/configuration/repositories` | Verify on review — fallback `/getting-started/github`. | +| `/supported-scms` | `/` | Welcome page lists all platforms with setup links. | +| `/using-pixeebot` | `/getting-started/github` | Pixeebot is the GitHub bot. | +| `/getting-started` | `/` | Welcome page promoted to root after Decision #11. | +| `/code-scanning-tools/overview` | `/integrations/overview` | | +| `/code-scanning-tools/codeql` | `/integrations/codeql` | | +| `/code-scanning-tools/contrast` | `/integrations/contrast` | New page authored as part of this PR. | +| `/code-scanning-tools/semgrep` | `/integrations/semgrep` | | +| `/code-scanning-tools/snyk` | `/integrations/snyk-code` | | +| `/code-scanning-tools/sonar` | `/integrations/sonarqube` | Old IA had both `sonar` and `sonarqube` — collapsing. | +| `/code-scanning-tools/sonarqube` | `/integrations/sonarqube` | | +| `/integrations` | `/integrations/overview` | Was `→ /code-scanning-tools/overview`; flipped. | +| `/integrations/sonar` | `/integrations/sonarqube` | Was `→ /code-scanning-tools/sonar`; updated. | + +Total: 18 redirect rules. The pre-existing 4 redirects in `docusaurus.config.js` are repointed; everything else is net-new. + +--- + +## 6. SEO additions in v1 (config-file-only) — DONE + +All cheap, all React-free, all unblock AI crawlers and search engines. ~50 lines of config + 2 small static files. All five items below shipped. + +| Item | Where | Why | +| --------------------------------------------- | ----------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Site-wide Organization JSON-LD** ✓ | `docusaurus.config.js` → `headTags` | Standard Org schema for Google AI Overviews / Bing Copilot. | +| **`llms.txt` + `llms-full.txt`** ✓ | `docusaurus-plugin-llms@^0.4.0` | Lets Claude / ChatGPT / Perplexity index the site cleanly. The handoff spec specifically calls this out. | +| **`robots.txt` allow-list for AI crawlers** ✓ | `static/robots.txt` | Explicit allow for `GPTBot`, `ClaudeBot`, `PerplexityBot`, `Google-Extended`, etc. | +| **Sitemap** ✓ | Default in `@docusaurus/preset-classic`. Verified on new tree. | Free. | +| **Canonical URLs** ✓ | Default Docusaurus behavior. `url` + `baseUrl` confirmed correct. | Free. | + +**Explicitly deferred to v2 (require components):** + +- Per-page `FAQPage` JSON-LD (the spec's claimed 3.2x AI-Overview lift) → needs `` component +- Per-page `HowTo` JSON-LD on setup pages → needs `` component +- `` to raw `.md` → needs swizzle +- `` in-page rendering → needs swizzle +- `` thumbs-up/down → needs component + analytics endpoint +- Algolia DocSearch → defer; default search works +- HubSpot lead capture / gated content forms → out of scope for docs (marketing assets) + +--- + +## 7. Migration plan — EXECUTED + +**Branch:** `redesign/v2-content` on `pixee/docs`. Three commits ready to push: + +``` +f4a18e4 sidebar: drop track badges from category labels +7d97768 redesign: replace React landing with welcome page at root +4e3a5d5 redesign: replace docs with new IA from Pixee-Marketing-OS PR #117 +``` + +PRs only run `yarn build` — no deploy until merge — so iteration is safe. + +Phases below describe what was done. + +### Phase A — Prep ✓ + +1. Branched off `pixee/docs#main`. +2. Deleted the existing `docs/*.md` and `docs/code-scanning-tools/`. + +### Phase B — Content port ✓ + +A migration script (`migrate.py` at docswork root, ~150 lines, idempotent) walked `Pixee-Marketing-OS/10_execute_short_term/pixee_docs/pages/
/` and, for each `NN_.md`: + +1. Reads frontmatter + body. +2. **Strips numeric prefix** from filename → `.md`. +3. **Dedups frontmatter keys** (last wins). +4. **Normalizes `track:`** to lowercase string (`dev` | `leader` | `both`). +5. **Injects `sidebar_position: `** where `` is the dense rank (1, 2, 3…) of the original prefix within the folder. +6. **Removes** non-Docusaurus frontmatter fields the spec carries that we don't use (`content_type`, `seo_title`, `meta_description` stay; we'll reuse them in v2 for schema). +7. Writes to `pixee/docs/docs/
/.md`. + +For each section folder, the script writes a `_category_.json`: + +```json +{ + "label": "Getting Started", + "position": 1, + "link": { "type": "doc", "id": "" } +} +``` + +Section order and labels (track badges initially included, then dropped per Decision #3): + +| # | Folder | Label | +| --- | ------------------ | ------------------- | +| 1 | `getting-started/` | `Getting Started` | +| 2 | `platform/` | `Platform Overview` | +| 3 | `how-it-works/` | `How It Works` | +| 4 | `integrations/` | `Integrations` | +| 5 | `configuration/` | `Configuration` | +| 6 | `enterprise/` | `Enterprise` | +| 7 | `languages/` | `Language Support` | +| 8 | `api/` | `API & Reference` | +| 9 | `open-source/` | `Open Source` | +| 10 | `faq/` | `FAQ` | + +### Phase C — Author the new Contrast page ✓ + +Drafted `docs/integrations/contrast.md` modeled on the new CodeQL/Semgrep page pattern (intro, "What Contrast Detects", "How Pixee Enhances Contrast" with Triage + Remediation, Setup, Common False Positive Patterns, FAQ). Source: existing 4-line `contrast.md` + public Contrast Security docs. Flagged in PR for David's review. + +### Phase D — Config changes (`docusaurus.config.js`) ✓ + +1. Replaced the existing `redirects` array with the 18-entry table from §5. +2. Added Organization JSON-LD to `headTags`. +3. `yarn add docusaurus-plugin-llms@^0.4.0`, registered in `plugins[]` with default config. +4. Added `static/robots.txt` with AI-crawler allow-list. +5. Left navbar, footer, sitemap, GA / GTM as-is. + +### Phase E — Build & link sanity ✓ + +1. Ran `yarn install` (picked up the new plugin). +2. Ran `yarn build` — surfaced 15 broken-link patterns (consolidated pages, IA renames, one missing `/demo` cross-domain link). Fixed via `fixup_links.py` (idempotent regex pass at docswork root) plus one manual edit. Re-built clean: 72 docs, zero broken links. +3. Ran `yarn serve` and curl-probed all 72 page slugs (all 200), all 10 category landings, JSON-LD on homepage, redirect targets, and sidebar order. + +### Phase F — Homepage cleanup ✓ + +After initial verification, decided the React landing at `/` was redundant with the new welcome doc. Deleted `src/pages/index.js`, `src/pages/index.module.css`, `src/components/HomepageFeatures/`. Set `slug: /` on the welcome doc. Updated 5 internal `[](/getting-started)` references → `[](/)`. Added `/getting-started → /` redirect. Updated the three redirects that were targeting `/getting-started` (intro, installing, supported-scms) to target `/` instead. + +### Phase G — Sidebar polish ✓ + +Initial implementation included `[DEV]`/`[LEADER]`/`[BOTH]` track badges in category labels per the original spec. After eyeballing in dev preview, reverted — labels now read as plain section names. The `track:` field is still present in page frontmatter for v2 use (in-page audience pill via swizzle). + +### Phase H — Push + PR (next) + +1. Push `redesign/v2-content` to `pixee/docs`. **(David runs locally; SSH agent.)** +2. Open PR. CI runs `yarn build` test only (no deploy). +3. Iterate via force-push as review feedback comes in. +4. Merge when ready → SSH deploy to `pixee/internal-docs` → live on `docs.pixee.ai`. + +--- + +## 8. Risks / how each one resolved + +1. **`onBrokenLinks: "throw"`** — landed: 15 broken-link patterns surfaced on first build, fixed via `fixup_links.py` (27 substitutions across 9 files) + one manual `/demo` → `pixee.ai/demo` edit. ✓ +2. **Slug field consistency.** Every migrated page had an explicit `slug:` in frontmatter; all 72 slugs return 200. ✓ +3. **Images / static assets.** No image references in the migrated body content. ✓ +4. **Existing redirects flip direction.** Done — pre-existing 4 `/integrations/* → /code-scanning-tools/*` rules replaced. ✓ +5. **Old integrations not in new IA.** Contrast handled (Decision #9). No other gaps identified. ✓ +6. **Page count.** 71 (not the spec's 76). ✓ — reflected in commit message. + +--- + +## 9. Out of scope for v1 (tracked for v2) + +- React components: ``, ``, `` +- Per-page JSON-LD (FAQPage, HowTo, TechArticle, SoftwareApplication) +- Raw markdown alternates for AI agents (`.md` URL routes + ``) +- Algolia DocSearch +- HubSpot lead capture, gated PDF downloads (the spec's 4 gated assets) +- GA4 custom events (scroll depth, code copy, CTA clicks) +- Cross-domain canonical / pixee.ai linking strategy from `cross_domain_linking.md` + +--- + +## 10. Open items requiring human input before merge + +- Verify `/configuration/repositories` is the right target for the `/running_on_public_github_repos` redirect. (Read the new page first; fall back to `/getting-started/github` if not the right fit.) +- David reviews the new `/integrations/contrast` page before merge. +- David eyeballs the deployed dev preview from the PR (or `yarn start` locally) and signals if anything reads off — sidebar order, integrations flat list, homepage content, redirects. + +## 11. Tooling archived alongside this doc + +This file lives at `migration/ASSESSMENT.md` in the `pixee/docs` repo, alongside: + +- `migrate.py` — content port script that ran during the initial migration +- `fixup_links.py` — link-fixup pass that ran after `migrate.py` +- `README.md` — short orientation for anyone reading these files later + +All three are checked in for historical reference. **Do not re-run them** — `migrate.py` would wipe manually-authored pages (e.g., `docs/integrations/contrast.md`) and ignore in-repo edits made after the migration commit (e.g., `slug: /` on the welcome doc). The scripts assumed a working tree containing both `Pixee-Marketing-OS/` and `docs/` as siblings; that layout no longer exists. diff --git a/migration/README.md b/migration/README.md new file mode 100644 index 00000000..d77a2973 --- /dev/null +++ b/migration/README.md @@ -0,0 +1,31 @@ +# Migration archive + +These files document the 2026-05-05 docs redesign — replacing the previous ~9-page site with the 71-page IA from `Pixee-Marketing-OS` PR #117. + +## Contents + +| File | What it is | +| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `ASSESSMENT.md` | The planning + decision-log document. Captures the three-repo deploy flow, decisions made, redirect table, SEO additions, and what was actually executed. | +| `migrate.py` | One-shot Python script that ported content from `Pixee-Marketing-OS/10_execute_short_term/pixee_docs/pages/` into `docs/docs/`. Normalized frontmatter, dropped numeric prefixes, generated `_category_.json` files. | +| `fixup_links.py` | One-shot Python script that fixed 27 internal markdown links across 9 files (consolidated/renamed pages, IA renames). | +| `integrations_restructure.py` | Follow-up restructure that split flat `/integrations/` into `/integrations/scms/` and `/integrations/scanners/`. Captures the moves, frontmatter updates, body-link fixup, and wrapper-file deletions. | + +## Do not re-run the scripts + +These are committed for historical reference, not as a re-runnable pipeline. + +- `migrate.py` is destructive: it wipes `docs/docs/` and rewrites everything from `Pixee-Marketing-OS/`. Re-running it would delete `docs/integrations/contrast.md` (manually authored) and revert the welcome doc's `slug: /` (set after migration). +- The scripts also assume a sibling working-tree layout (`Pixee-Marketing-OS/` next to `docs/`) that no longer exists. +- For future content updates, edit `docs/` directly. `Pixee-Marketing-OS` is no longer the source of truth for these docs. + +## Why keep them + +Future-you (or future-someone) will eventually ask: + +- _Why is the file numbering weird?_ — Because `pages/` files used `NN_.md` for global ordering; we kept the order in `sidebar_position` instead. +- _Why is there a Contrast page that doesn't match the format of the others?_ — Because PR #117 dropped Contrast from the IA; we re-added it. +- _Why does the redirect table have so many rules?_ — The old `/code-scanning-tools/*` IA was inverted to `/integrations/*`. +- _Why is `track:` in frontmatter if nothing renders it?_ — Reserved for a v2 audience-badge component. + +`ASSESSMENT.md` answers all of those. diff --git a/migration/fixup_links.py b/migration/fixup_links.py new file mode 100644 index 00000000..3cfa2b18 --- /dev/null +++ b/migration/fixup_links.py @@ -0,0 +1,74 @@ +#!/usr/bin/env python3 +""" +Fix internal links in the migrated docs that reference pages consolidated/renamed +in PR #117 but still appear in body content. + +ARCHIVED — committed for historical reference. NOT INTENDED TO BE RE-RUN. +Re-running is safe (regex no-ops if patterns already replaced), but the link +shape has since drifted (e.g., /getting-started → /). See README.md. + +Originally placed at /fixup_links.py alongside migrate.py and run after it. +Idempotent: each rule is a regex that becomes a no-op once applied. +""" + +import pathlib +import re + +DOCS = pathlib.Path(__file__).parent / "docs/docs" + +# Each rule is a (regex, replacement). Patterns target markdown link bodies +# `](URL)` and `](URL#anchor)` to avoid matching the same path elsewhere. +# Order matters: prefix-matched rules must come before their parent prefixes. +RULES = [ + # Configuration: notifications + reporting were folded into operations.md + (r"\]\(/configuration/notifications(?=[)#])", "](/configuration/operations"), + (r"\]\(/configuration/reporting(?=[)#])", "](/configuration/operations"), + + # Integrations: individual scanner pages folded into bundles + (r"\]\(/integrations/defectdojo(?=[)#])", "](/integrations/oss-aggregator-scanners"), + (r"\]\(/integrations/trivy(?=[)#])", "](/integrations/oss-aggregator-scanners"), + (r"\]\(/integrations/fortify(?=[)#])", "](/integrations/commercial-scanners"), + (r"\]\(/integrations/polaris(?=[)#])", "](/integrations/commercial-scanners"), + + # SCM platforms: gitlab/azure/bitbucket folded into scm-platforms + (r"\]\(/integrations/azure-devops(?=[)#])", "](/integrations/scm-platforms"), + (r"\]\(/integrations/bitbucket(?=[)#])", "](/integrations/scm-platforms"), + (r"\]\(/integrations/gitlab(?=[)#])", "](/integrations/scm-platforms"), + + # SARIF naming + (r"\]\(/integrations/sarif(?=[)#])", "](/integrations/sarif-universal"), + (r"\]\(/integrations/universal-sarif(?=[)#])", "](/integrations/sarif-universal"), + + # Section overview links that dropped the /overview suffix + (r"\]\(/integrations(?=[)#])", "](/integrations/overview"), + (r"\]\(/languages(?=[)#])", "](/languages/overview"), + + # Typos / wrong sections + (r"\]\(/enterprise/deployment-options(?=[)#])", "](/enterprise/deployment"), + (r"\]\(/getting-started/phased-rollout(?=[)#])", "](/enterprise/phased-rollout"), +] + +COMPILED = [(re.compile(p), r) for p, r in RULES] + + +def main(): + total_changes = 0 + files_changed = 0 + for md in DOCS.rglob("*.md"): + text = md.read_text(encoding="utf-8") + original = text + file_changes = 0 + for pat, rep in COMPILED: + new_text, n = pat.subn(rep, text) + file_changes += n + text = new_text + if text != original: + md.write_text(text, encoding="utf-8") + total_changes += file_changes + files_changed += 1 + print(f" {md.relative_to(DOCS)}: {file_changes} fix(es)") + print(f"\n{total_changes} link fix(es) across {files_changed} file(s)") + + +if __name__ == "__main__": + main() diff --git a/migration/integrations_restructure.py b/migration/integrations_restructure.py new file mode 100644 index 00000000..7ed12798 --- /dev/null +++ b/migration/integrations_restructure.py @@ -0,0 +1,184 @@ +#!/usr/bin/env python3 +""" +Restructure the integrations section from a flat layout into two subcategories: + /integrations/scms/ (GitHub, GitLab, Azure DevOps, Bitbucket) + /integrations/scanners/ (CodeQL, Semgrep, Snyk Code, ... 14 total) + +ARCHIVED — committed for historical reference. NOT INTENDED TO BE RE-RUN. +This script captures the mechanical operations performed during the 2026-05-05 +restructure. The new content authored alongside it (gitlab.md, azure-devops.md, +bitbucket.md, polaris.md, fortify.md, trivy.md, defectdojo.md, gitlab-sca.md) +was written by hand, not generated here. + +Re-running would fail anyway: the source paths it expects (the old flat layout +with consolidated wrapper pages) no longer exist. + +Working tree assumed at execution time: + docs/ (the pixee/docs repo root) + └── docs/integrations/ + ├── codeql.md, semgrep.md, ... (flat scanner pages) + ├── github-platform.md (flat SCM page) + ├── commercial-scanners.md (consolidated wrapper, deleted) + ├── oss-aggregator-scanners.md (consolidated wrapper, deleted) + ├── scm-platform-reference.md (consolidated wrapper, deleted) + ├── integrations-overview.md + └── sarif-universal.md + +The script was placed at /docs/migration/integrations_restructure.py and +run with `python3 migration/integrations_restructure.py`. It performed: + + 1. mkdir docs/integrations/{scms,scanners}/ + 2. git mv github-platform.md -> scms/github.md + 3. git mv 9 scanner pages -> scanners/.md + 4. Update slugs to /integrations/scms/ and /integrations/scanners/ + 5. Update sidebar_position values (alphabetical within each subcategory) + 6. Rename github page title from "GitHub Platform Integration" to "GitHub Integration" + 7. Body-content link fixup: rewrite /integrations/ references to point at + the new /integrations/scanners/ or /integrations/scms/ paths + 8. Delete the three consolidated wrappers (their content was extracted into + individual scanner pages by hand) + +Idempotent within its assumed layout. Each step is safe to re-run; the regex +substitutions are no-ops once applied. +""" + +import pathlib +import re +import shutil +import subprocess + +REPO_ROOT = pathlib.Path(__file__).resolve().parent.parent +INTEGRATIONS = REPO_ROOT / "docs/integrations" + +# (filename to move from flat layout, target subdir, new slug, sidebar_position, optional title rewrite) +SCANNER_MOVES = [ + ("appscan.md", "scanners", "/integrations/scanners/appscan", 1, None), + ("checkmarx.md", "scanners", "/integrations/scanners/checkmarx", 2, None), + ("codeql.md", "scanners", "/integrations/scanners/codeql", 3, None), + ("contrast.md", "scanners", "/integrations/scanners/contrast", 4, None), + # defectdojo, fortify, polaris, trivy, gitlab-sca authored fresh (positions 5, 6, 9, 14, 8) + ("gitlab-sast.md", "scanners", "/integrations/scanners/gitlab-sast", 7, None), + ("semgrep.md", "scanners", "/integrations/scanners/semgrep", 11, None), + ("snyk-code.md", "scanners", "/integrations/scanners/snyk-code", 12, None), + ("sonarqube.md", "scanners", "/integrations/scanners/sonarqube", 13, None), + ("veracode.md", "scanners", "/integrations/scanners/veracode", 15, None), +] + +SCM_MOVES = [ + ("github-platform.md", "scms", "/integrations/scms/github", 3, "GitHub Integration"), +] +SCM_RENAMES = {"github-platform.md": "github.md"} # rename on move + +LINK_RULES = [ + # Removed wrappers → overview + (r"\]\(/integrations/commercial-scanners(?=[)#])", "](/integrations/overview"), + (r"\]\(/integrations/oss-aggregator-scanners(?=[)#])", "](/integrations/overview"), + (r"\]\(/integrations/scm-platforms(?=[)#])", "](/integrations/overview"), + # Flat scanner URLs → /scanners/ subfolder + (r"\]\(/integrations/codeql(?=[)#])", "](/integrations/scanners/codeql"), + (r"\]\(/integrations/semgrep(?=[)#])", "](/integrations/scanners/semgrep"), + (r"\]\(/integrations/snyk-code(?=[)#])", "](/integrations/scanners/snyk-code"), + (r"\]\(/integrations/sonarqube(?=[)#])", "](/integrations/scanners/sonarqube"), + (r"\]\(/integrations/veracode(?=[)#])", "](/integrations/scanners/veracode"), + (r"\]\(/integrations/checkmarx(?=[)#])", "](/integrations/scanners/checkmarx"), + (r"\]\(/integrations/appscan(?=[)#])", "](/integrations/scanners/appscan"), + (r"\]\(/integrations/contrast(?=[)#])", "](/integrations/scanners/contrast"), + (r"\]\(/integrations/gitlab-sast(?=[)#])", "](/integrations/scanners/gitlab-sast"), + # Flat SCM URL → /scms/ subfolder + (r"\]\(/integrations/github(?=[)#])", "](/integrations/scms/github"), +] + +WRAPPER_FILES = [ + "commercial-scanners.md", + "oss-aggregator-scanners.md", + "scm-platform-reference.md", +] + + +def update_frontmatter(md_path: pathlib.Path, slug: str, position: int, new_title: str | None): + text = md_path.read_text(encoding="utf-8") + text = re.sub(r"^slug: .*$", f"slug: {slug}", text, count=1, flags=re.M) + text = re.sub(r"^sidebar_position: .*$", f"sidebar_position: {position}", text, count=1, flags=re.M) + if new_title: + text = re.sub(r"^title: .*$", f"title: {new_title}", text, count=1, flags=re.M) + text = re.sub(r"^# .*$", f"# {new_title}", text, count=1, flags=re.M) + md_path.write_text(text, encoding="utf-8") + + +def move_files(): + (INTEGRATIONS / "scms").mkdir(exist_ok=True) + (INTEGRATIONS / "scanners").mkdir(exist_ok=True) + for filename, subdir, _, _, _ in SCANNER_MOVES + SCM_MOVES: + src = INTEGRATIONS / filename + dest_name = SCM_RENAMES.get(filename, filename) + dest = INTEGRATIONS / subdir / dest_name + if not src.exists(): + print(f" skip (already moved or absent): {filename}") + continue + # Use git mv when possible; fall back to plain rename otherwise. + try: + subprocess.run(["git", "mv", str(src.relative_to(REPO_ROOT)), str(dest.relative_to(REPO_ROOT))], + cwd=REPO_ROOT, check=True, capture_output=True) + except subprocess.CalledProcessError: + shutil.move(str(src), str(dest)) + print(f" moved {filename} -> {subdir}/{dest_name}") + + +def update_all_frontmatter(): + for filename, subdir, slug, position, new_title in SCANNER_MOVES + SCM_MOVES: + dest_name = SCM_RENAMES.get(filename, filename) + dest = INTEGRATIONS / subdir / dest_name + if not dest.exists(): + print(f" skip frontmatter (missing): {dest}") + continue + update_frontmatter(dest, slug, position, new_title) + print(f" frontmatter: {dest.name} slug={slug} pos={position}") + + +def fixup_body_links(): + docs_root = REPO_ROOT / "docs" + compiled = [(re.compile(p), r) for p, r in LINK_RULES] + total_subs = total_files = 0 + for md in docs_root.rglob("*.md"): + text = md.read_text(encoding="utf-8") + new_text = text + file_subs = 0 + for pat, rep in compiled: + new_text, n = pat.subn(rep, new_text) + file_subs += n + if new_text != text: + md.write_text(new_text, encoding="utf-8") + total_subs += file_subs + total_files += 1 + print(f" link fix: {md.relative_to(docs_root)} ({file_subs})") + print(f"\n {total_subs} link substitution(s) across {total_files} file(s)") + + +def remove_wrappers(): + for name in WRAPPER_FILES: + target = INTEGRATIONS / name + if not target.exists(): + print(f" already removed: {name}") + continue + try: + subprocess.run(["git", "rm", str(target.relative_to(REPO_ROOT))], + cwd=REPO_ROOT, check=True, capture_output=True) + except subprocess.CalledProcessError: + target.unlink() + print(f" removed: {name}") + + +def main(): + print("Step 1: move files") + move_files() + print("\nStep 2: update frontmatter") + update_all_frontmatter() + print("\nStep 3: body-content link fixup") + fixup_body_links() + print("\nStep 4: remove consolidated wrappers") + remove_wrappers() + print("\nDone.") + + +if __name__ == "__main__": + main() diff --git a/migration/migrate.py b/migration/migrate.py new file mode 100644 index 00000000..fcb92be9 --- /dev/null +++ b/migration/migrate.py @@ -0,0 +1,191 @@ +#!/usr/bin/env python3 +""" +Migrate PR #117 content from Pixee-Marketing-OS into pixee/docs. + +ARCHIVED — committed for historical reference. NOT INTENDED TO BE RE-RUN. +Re-running would wipe manually-authored pages (e.g., docs/integrations/contrast.md) +and ignore later in-repo edits like the slug change on the welcome doc. See README.md. + +Working tree assumed at execution time: + / + ├── Pixee-Marketing-OS/10_execute_short_term/pixee_docs/pages/
/NN_.md + └── docs/docs/
/.md (target, this repo) + +The script was placed at /migrate.py and run with `python3 migrate.py`. + +Behavior: walks every section, drops numeric filename prefixes, dedups frontmatter +keys (last wins), normalizes `track:` to lowercase, injects sidebar_position, +renames meta_description -> description, writes _category_.json per section. +Idempotent within its assumed layout: always rewrites the target tree from scratch. +""" + +import json +import pathlib +import re +import shutil +import sys + +ROOT = pathlib.Path(__file__).parent.resolve() +SRC = ROOT / "Pixee-Marketing-OS/10_execute_short_term/pixee_docs/pages" +DST = ROOT / "docs/docs" + +# (folder, sidebar label, position, link spec) +# link spec: ("doc", "") | ("generated-index", None) +CATEGORIES = [ + ("getting-started", "Getting Started", 1, ("doc", "getting-started/getting-started")), + ("platform", "Platform Overview", 2, ("doc", "platform/what-is-agentic-security-engineering")), + ("how-it-works", "How It Works", 3, ("generated-index", None)), + ("integrations", "Integrations", 4, ("doc", "integrations/integrations-overview")), + ("configuration", "Configuration", 5, ("doc", "configuration/config-overview")), + ("enterprise", "Enterprise", 6, ("doc", "enterprise/enterprise-overview")), + ("languages", "Language Support", 7, ("doc", "languages/languages-overview")), + ("api", "API & Reference", 8, ("doc", "api/api-overview")), + ("open-source", "Open Source", 9, ("doc", "open-source/oss-overview")), + ("faq", "FAQ", 10, ("doc", "faq/faq-general")), +] + +# Frontmatter fields we keep (and rename if needed). All other unknown keys are kept verbatim. +RENAME = {"meta_description": "description"} + +PREFIX_RE = re.compile(r"^(\d+)_(.+\.md)$") +FM_LINE_RE = re.compile(r"^([A-Za-z_][A-Za-z0-9_]*):\s*(.*)$") + + +def parse_frontmatter(text: str): + """Return (ordered list of (key, value) pairs with last-wins dedup, body).""" + if not text.startswith("---\n") and not text.startswith("---\r\n"): + return [], text + # Locate closing --- + lines = text.splitlines(keepends=True) + end_idx = None + for i in range(1, len(lines)): + if lines[i].rstrip() == "---": + end_idx = i + break + if end_idx is None: + return [], text + fm_lines = lines[1:end_idx] + body = "".join(lines[end_idx + 1:]).lstrip("\n") + + # Build ordered dict with last-wins dedup. + pairs = [] + seen = {} + for raw in fm_lines: + m = FM_LINE_RE.match(raw.rstrip("\n")) + if not m: + # Skip blank/comment lines silently. We don't expect nested YAML structures + # in this content set (verified manually); flag if assumption breaks. + if raw.strip() and not raw.lstrip().startswith("#"): + print(f" WARN: unparseable frontmatter line: {raw!r}", file=sys.stderr) + continue + key, val = m.group(1), m.group(2).strip() + # Strip surrounding quotes (single or double). + if (val.startswith('"') and val.endswith('"')) or (val.startswith("'") and val.endswith("'")): + val = val[1:-1] + if key in seen: + pairs[seen[key]] = (key, val) # last wins + else: + seen[key] = len(pairs) + pairs.append((key, val)) + return pairs, body + + +def normalize_track(val: str) -> str: + """Normalize track values like 'DEV', 'BOTH', '[leader, both]' to a lowercase string.""" + v = val.strip().strip("[]") + # Take first item if comma-separated (e.g., "leader, both") + v = v.split(",")[0].strip().strip("'\"") + return v.lower() + + +def serialize_frontmatter(pairs) -> str: + """Emit a YAML frontmatter block. Quote any value that needs quoting.""" + out = ["---"] + for k, v in pairs: + sv = str(v) + # Quote if value contains YAML-special chars or starts with whitespace. + needs_quote = ( + sv == "" or + any(c in sv for c in [':', '#', '|', '>', '"', "'", '*', '&', '!']) or + sv != sv.strip() + ) + if isinstance(v, int): + out.append(f"{k}: {v}") + elif needs_quote: + out.append(f"{k}: {json.dumps(sv)}") + else: + out.append(f"{k}: {sv}") + out.append("---") + return "\n".join(out) + + +def migrate_section(section: str, label: str, position: int, link_spec): + src_dir = SRC / section + dst_dir = DST / section + if dst_dir.exists(): + shutil.rmtree(dst_dir) + dst_dir.mkdir(parents=True, exist_ok=True) + + files = [] + for p in src_dir.glob("*.md"): + m = PREFIX_RE.match(p.name) + if not m: + print(f" WARN: no numeric prefix on {p.name}, skipping", file=sys.stderr) + continue + files.append((int(m.group(1)), m.group(2), p)) + files.sort() + + for sidebar_pos, (orig_n, slug_name, src_file) in enumerate(files, start=1): + text = src_file.read_text(encoding="utf-8") + pairs, body = parse_frontmatter(text) + + # Normalize / rename / inject. + normalized = [] + for k, v in pairs: + if k == "track": + v = normalize_track(v) + new_k = RENAME.get(k, k) + normalized.append((new_k, v)) + + # Inject sidebar_position (replace if already present). + for i, (k, _) in enumerate(normalized): + if k == "sidebar_position": + normalized[i] = ("sidebar_position", sidebar_pos) + break + else: + normalized.append(("sidebar_position", sidebar_pos)) + + out_text = serialize_frontmatter(normalized) + "\n\n" + body + (dst_dir / slug_name).write_text(out_text, encoding="utf-8") + + # _category_.json + cat = {"label": label, "position": position, "collapsible": True, "collapsed": False} + if link_spec[0] == "doc": + cat["link"] = {"type": "doc", "id": link_spec[1]} + elif link_spec[0] == "generated-index": + cat["link"] = {"type": "generated-index"} + (dst_dir / "_category_.json").write_text(json.dumps(cat, indent=2) + "\n", encoding="utf-8") + + print(f" {section}: {len(files)} pages") + + +def main(): + if not SRC.exists(): + sys.exit(f"Source not found: {SRC}") + if not DST.parent.exists(): + sys.exit(f"Target docs repo not found: {DST.parent}") + + # Wipe everything under docs/docs/ first so we start clean. + if DST.exists(): + shutil.rmtree(DST) + DST.mkdir(parents=True, exist_ok=True) + + print("Migrating sections:") + for section, label, position, link_spec in CATEGORIES: + migrate_section(section, label, position, link_spec) + + print(f"\nDone. Wrote to {DST}") + + +if __name__ == "__main__": + main() diff --git a/package.json b/package.json index fadcd8ac..cec2750d 100644 --- a/package.json +++ b/package.json @@ -19,6 +19,7 @@ "@docusaurus/core": "^3.8.1", "@docusaurus/plugin-client-redirects": "^3.8.1", "@docusaurus/preset-classic": "^3.8.1", + "docusaurus-plugin-llms": "^0.4.0", "@mdx-js/react": "^3.0.0", "clsx": "^2.0.0", "prism-react-renderer": "^2.3.1", diff --git a/src/components/HomepageFeatures/index.js b/src/components/HomepageFeatures/index.js deleted file mode 100644 index af3dbea9..00000000 --- a/src/components/HomepageFeatures/index.js +++ /dev/null @@ -1,74 +0,0 @@ -import React from "react"; -import styles from "./styles.module.css"; -import Link from "@docusaurus/Link"; - -export default function HomepageFeatures() { - const navigateToDocs = (type) => { - if (type === 1) { - window.location = "/intro"; - } else if (type === 2) { - window.location = "/code-scanning-tools/overview"; - } else if (type === 3) { - window.location = "/installing"; - } else if (type === 4) { - window.location = "/configuring"; - } else if (type === 5) { - window.location = "/running-your-own"; - } else if (type === 6) { - window.location = "/faqs"; - } else if (type === 7) { - window.location = "/using-pixeebot"; - } else { - window.location = "/release-notes"; - } - }; - return ( - <> -
-
navigateToDocs(1)}> -

- 👋 Introduction -

-

- Welcome to Pixee! Learn how Pixee can:{" "} -

    -
  • Fix security issues reported by your tools
    • -
  • Triage security tool findings
    • -
  • Harden your code
    • -
-

-
-
navigateToDocs(2)}> -

- 🛠️ Supported Tools -

-

- Learn about the code scanning tools Pixee supports and how to give - Pixee access to your tool findings. -

-
-
navigateToDocs(3)}> -

- ⬇ Get Started -

-

- Reach out to us to{" "} - learn more,{" "} - see a demo, and get a free trial. -

-
-
navigateToDocs(6)}> -

- ❓ FAQs -

-

- Addressing common topics such as data handling, our use of AI, on - premise offering, etc. -

-
-
-
-
- - ); -} diff --git a/src/components/HomepageFeatures/styles.module.css b/src/components/HomepageFeatures/styles.module.css deleted file mode 100644 index c676fd97..00000000 --- a/src/components/HomepageFeatures/styles.module.css +++ /dev/null @@ -1,98 +0,0 @@ -/* Grid style */ -.grid { - display: grid; - grid-template-columns: 1fr 1fr; - gap: 32px; - margin: 0 200px; -} - -.lastGrid { - display: grid; - grid-template-columns: 1fr; - gap: 32px; - margin: 32px 200px 72px 200px; -} - -.item { - border-radius: 16px; - border: 1px solid var(--neutral-neutral-20, #e6e4ea); - background: #fff; - padding: 24px; - cursor: pointer; -} - -.item:hover { - background: linear-gradient( - 45deg, - rgba(225, 230, 250, 1) 0%, - rgba(255, 255, 255, 1) 40%, - rgba(255, 255, 255, 1) 60%, - rgba(249, 214, 230, 1) 100% - ); - border: 1px solid var(--primary-barbie, #e80266); -} - -.grid h1, -.lastGrid h1 { - font-size: 24px; - font-style: normal; - font-weight: 700; - line-height: 32px; -} - -.grid h1 span, -.lastGrid h1 span { - font-family: "Poppins", sans-serif; - font-weight: 700; - color: var(--ifr-color-neutral-90); -} - -.grid p, -.lastGrid p { - font-size: 16px; - font-style: normal; - font-weight: 400; - line-height: 24px; - color: var(--ifr-color-neutral-90); -} - -/* Dark mode styles */ -[data-theme="dark"] .item { - border: 1px solid #ccc; - border-radius: 16px; - border: 1px solid #463b68; - background: var(--ifr-color-neutral-90); - padding: 24px; -} - -[data-theme="dark"] .grid h1 span, -[data-theme="dark"] .lastGrid h1 span, -[data-theme="dark"] .grid p, -[data-theme="dark"] .lastGrid p { - color: var(--ifr-color-neutral-10); -} - -[data-theme="dark"] .item:hover { - background: var( - --backgrounds-iris-focus, - radial-gradient(80.33% 96.88% at 84.06% -18.59%, #6000fe 0%, #2c2541 91.18%) - ); - border: 1px solid var(--primary-iris, #6000fe); -} - -/* Mobile view styles*/ -@media (max-width: 800px) { - .grid { - display: grid; - grid-template-columns: 1fr; - gap: 32px; - margin: 0 20px; - } - - .lastGrid { - display: grid; - grid-template-columns: 1fr; - gap: 32px; - margin: 32px 20px; - } -} diff --git a/src/pages/index.js b/src/pages/index.js deleted file mode 100644 index 67e893bc..00000000 --- a/src/pages/index.js +++ /dev/null @@ -1,30 +0,0 @@ -import React from "react"; -import Layout from "@theme/Layout"; -import HomepageFeatures from "@site/src/components/HomepageFeatures"; - -import styles from "./index.module.css"; - -function HomepageHeader() { - return ( -
-

PixeeDocs 🧚🤖

-

- Everything you need to know about Pixeebot, -
your automated product security engineer. -

-
- ); -} - -export default function Home() { - return ( -
- - -
- -
- -
- ); -} diff --git a/src/pages/index.module.css b/src/pages/index.module.css deleted file mode 100644 index a3a29404..00000000 --- a/src/pages/index.module.css +++ /dev/null @@ -1,61 +0,0 @@ -/** - * CSS files with the .module.css suffix will be treated as CSS modules - * and scoped locally. - */ - -.heroBanner { - padding: 72px 0 64px 0; - text-align: center; - position: relative; - overflow: hidden; -} - -.heroBanner h1 { - font-family: "Poppins", sans-serif; - font-size: 64px; - font-style: normal; - font-weight: 700; - line-height: 80px; - color: var(--ifr-color-neutral-90); -} - -.heroBanner p { - font-size: 20px; - font-style: normal; - font-weight: 400; - line-height: 32px; - color: var(--ifr-color-neutral-90); -} - -/* Dark mode styles */ -[data-theme="dark"] .heroBanner h1, -[data-theme="dark"] .heroBanner p { - color: var(--ifr-color-neutral-10); -} - -/* Mobile view styles*/ -@media (max-width: 800px) { - .heroBanner { - padding: 50px 0 50px 0; - } - - h1 { - margin-bottom: 0; - } - - .heroBanner h1 { - font-family: "Poppins", sans-serif; - font-size: 32px; - font-style: normal; - font-weight: 700; - color: var(--ifr-color-neutral-90); - } - - .heroBanner p { - font-size: 14px; - font-style: normal; - font-weight: 400; - line-height: 18px; - color: var(--ifr-color-neutral-90); - } -} diff --git a/src/pages/markdown-page.md b/src/pages/markdown-page.md deleted file mode 100644 index 9756c5b6..00000000 --- a/src/pages/markdown-page.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Markdown page example ---- - -# Markdown page example - -You don't need React to write simple standalone pages. diff --git a/static/robots.txt b/static/robots.txt new file mode 100644 index 00000000..f575a824 --- /dev/null +++ b/static/robots.txt @@ -0,0 +1,40 @@ +# docs.pixee.ai — robots.txt +# Explicit allow for AI crawlers used by ChatGPT, Claude, Perplexity, Google, etc. + +User-agent: * +Allow: / + +User-agent: GPTBot +Allow: / + +User-agent: ChatGPT-User +Allow: / + +User-agent: OAI-SearchBot +Allow: / + +User-agent: ClaudeBot +Allow: / + +User-agent: Claude-Web +Allow: / + +User-agent: anthropic-ai +Allow: / + +User-agent: PerplexityBot +Allow: / + +User-agent: Perplexity-User +Allow: / + +User-agent: Google-Extended +Allow: / + +User-agent: CCBot +Allow: / + +User-agent: Applebot-Extended +Allow: / + +Sitemap: https://docs.pixee.ai/sitemap.xml diff --git a/yarn.lock b/yarn.lock index 5881d5e0..8fab3579 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3179,6 +3179,13 @@ brace-expansion@^1.1.7: balanced-match "^1.0.0" concat-map "0.0.1" +brace-expansion@^2.0.2: + version "2.1.0" + resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-2.1.0.tgz#4f41a41190216ee36067ec381526fe9539c4f0ae" + integrity sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w== + dependencies: + balanced-match "^1.0.0" + braces@^3.0.3, braces@~3.0.2: version "3.0.3" resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789" @@ -3969,6 +3976,15 @@ dns-packet@^5.2.2: dependencies: "@leichtgewicht/ip-codec" "^2.0.1" +docusaurus-plugin-llms@^0.4.0: + version "0.4.0" + resolved "https://registry.yarnpkg.com/docusaurus-plugin-llms/-/docusaurus-plugin-llms-0.4.0.tgz#020f00d83459c7feb71c7b6e61774d864336d8ae" + integrity sha512-jYlj2HJ5+gu7oJZuJ83Hk8KlB65YlZZ/7UpHXiL7Qr+qpNBkVocmt2Molc6F3HNr5RqcfhWD/98CvgyNztg/ow== + dependencies: + gray-matter "^4.0.3" + minimatch "^9.0.3" + yaml "^2.8.1" + dom-converter@^0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/dom-converter/-/dom-converter-0.2.0.tgz#6721a9daee2e293682955b6afe416771627bb768" @@ -6354,6 +6370,13 @@ minimatch@3.1.2: dependencies: brace-expansion "^1.1.7" +minimatch@^9.0.3: + version "9.0.9" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-9.0.9.tgz#9b0cb9fcb78087f6fd7eababe2511c4d3d60574e" + integrity sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg== + dependencies: + brace-expansion "^2.0.2" + minimist@^1.2.0: version "1.2.8" resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.8.tgz#c1a464e7693302e082a075cee0c057741ac4772c" @@ -8985,6 +9008,11 @@ yallist@^3.0.2: resolved "https://registry.yarnpkg.com/yallist/-/yallist-3.1.1.tgz#dbb7daf9bfd8bac9ab45ebf602b8cbad0d5d08fd" integrity sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g== +yaml@^2.8.1: + version "2.8.4" + resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.8.4.tgz#4b5f411dd25f9544914d8673d4da7f29248e5e2e" + integrity sha512-ml/JPOj9fOQK8RNnWojA67GbZ0ApXAUlN2UQclwv2eVgTgn7O9gg9o7paZWKMp4g0H3nTLtS9LVzhkpOFIKzog== + yarn@^1.22.22: version "1.22.22" resolved "https://registry.npmjs.org/yarn/-/yarn-1.22.22.tgz" From 3ebb22413f2d1c4ebf1ce425169d4c86e8107e79 Mon Sep 17 00:00:00 2001 From: David Hafley <8880+dhafley@users.noreply.github.com> Date: Fri, 8 May 2026 14:33:58 -0400 Subject: [PATCH 02/20] docs: remove /api/codetf and all references MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Removes the CodeTF Specification page and every reference to CodeTF across the docs. Affected: - Deleted docs/api/codetf.md. - Renumbered sidebar_position on the surviving API pages: sarif (3→2), webhooks (4→3), changelog (5→4). API overview stays at 1. - Added redirect /api/codetf -> /api/overview in docusaurus.config.js. - Stripped CodeTF mentions from api-overview, sarif, webhooks (frontmatter description, intro paragraphs, endpoint table, output-format section, related-pages list, FAQ). - Stripped CodeTF mentions from oss-overview, codemodder, contributing, and custom-codemods. Replaced "CodeTF output" prose with neutral "structured JSON report" language; renamed example output filenames from codetf-output.json / codetf-results.json to results.json. Verification: zero remaining 'codetf' references in docs/ (one in docusaurus.config.js — the redirect rule). yarn build clean (75 docs, down from 76). Redirect emits meta-refresh + canonical to /api/overview. Co-Authored-By: Claude Opus 4.7 (1M context) --- docs/api/api-overview.md | 18 +- docs/api/changelog.md | 2 +- docs/api/codetf.md | 261 ---------------------------- docs/api/sarif.md | 19 +- docs/api/webhooks.md | 5 +- docs/open-source/codemodder.md | 6 +- docs/open-source/contributing.md | 4 +- docs/open-source/custom-codemods.md | 6 +- docs/open-source/oss-overview.md | 6 +- docusaurus.config.js | 1 + 10 files changed, 31 insertions(+), 297 deletions(-) delete mode 100644 docs/api/codetf.md diff --git a/docs/api/api-overview.md b/docs/api/api-overview.md index e1934aca..bb311e43 100644 --- a/docs/api/api-overview.md +++ b/docs/api/api-overview.md @@ -4,13 +4,13 @@ slug: /api/overview track: dev content_type: reference seo_title: API Overview -- Pixee Docs -description: "Pixee REST API reference: authentication, endpoints, rate limits, and CodeTF/SARIF output formats." +description: "Pixee REST API reference: authentication, endpoints, rate limits, and SARIF input format." sidebar_position: 1 --- # API Overview -Pixee provides a REST API for programmatic access to vulnerability triage and remediation workflows. The API enables querying fix status, managing repository configurations, consuming webhook events for CI/CD integration, and working with CodeTF and SARIF output formats. Authentication uses organization-scoped API tokens. This page covers available endpoints, authentication, rate limits, and links to detailed specifications. +Pixee provides a REST API for programmatic access to vulnerability triage and remediation workflows. The API enables querying fix status, managing repository configurations, consuming webhook events for CI/CD integration, and ingesting SARIF scanner output. Authentication uses organization-scoped API tokens. This page covers available endpoints, authentication, rate limits, and links to detailed specifications. ## API architecture @@ -73,7 +73,7 @@ Rate-limited responses return `429 Too Many Requests` with a `Retry-After` heade | Repositories | `GET` | `/repositories/{id}` | Get repository configuration and status | | Repositories | `PATCH` | `/repositories/{id}` | Update repository settings | | Fixes | `GET` | `/repositories/{id}/fixes` | List fix results for a repository | -| Fixes | `GET` | `/fixes/{id}` | Get fix details including CodeTF output | +| Fixes | `GET` | `/fixes/{id}` | Get fix details including diff and rationale | | Scans | `GET` | `/repositories/{id}/scans` | List scan history | | Scans | `POST` | `/repositories/{id}/scans` | Trigger a new scan | | Triage | `GET` | `/repositories/{id}/findings` | List triaged findings | @@ -143,12 +143,9 @@ for fix in fixes["data"]: print(f"{fix['codemod']} - {fix['status']} - {fix['pr_url']}") ``` -## Output formats +## Input format -The API returns fix results in two structured formats: - -- **CodeTF** -- Pixee's open specification for describing code transformations. Fix detail endpoints return CodeTF documents that capture what changed, why, and how the change was validated. See the [CodeTF Specification](/api/codetf). -- **SARIF** -- The OASIS standard for static analysis results. Pixee consumes SARIF as input from 12 native scanner integrations and any SARIF-producing tool. See the [SARIF Reference](/api/sarif). +Pixee consumes scanner output in **SARIF** -- the OASIS standard for static analysis results -- from 12 native scanner integrations and any SARIF-producing tool. See the [SARIF Reference](/api/sarif). ## SDKs and OpenAPI specification @@ -172,7 +169,6 @@ npx @openapitools/openapi-generator-cli generate \ ## Related pages -- [CodeTF Specification](/api/codetf) -- Pixee's open format for code transformations - [SARIF Reference](/api/sarif) -- How Pixee consumes SARIF from scanners - [Webhooks](/api/webhooks) -- Event-driven integration for CI/CD and automation - [Changelog](/api/changelog) -- API version history and release notes @@ -189,6 +185,6 @@ Yes. Pixee provides a REST API for programmatic access to triage and remediation Generate an API token in your Pixee dashboard under **Settings > API Tokens**. Pass it as a bearer token in the `Authorization` header: `Authorization: Bearer YOUR_API_TOKEN`. -### What output formats does the Pixee API support? +### What input format does Pixee accept from scanners? -The API supports CodeTF (Pixee's open code transformation format) for describing fixes and SARIF (the OASIS standard) for ingesting security findings. Fix detail endpoints return CodeTF documents; scan ingestion accepts SARIF input. +Pixee accepts SARIF (the OASIS standard for static analysis results) from 12 native scanner integrations and any SARIF-producing tool via the universal SARIF integration. diff --git a/docs/api/changelog.md b/docs/api/changelog.md index df0a3548..42162c8d 100644 --- a/docs/api/changelog.md +++ b/docs/api/changelog.md @@ -5,7 +5,7 @@ track: dev content_type: reference seo_title: Changelog -- Pixee Docs description: "Pixee platform changelog: new features, improvements, bug fixes, and API changes." -sidebar_position: 5 +sidebar_position: 4 --- # Changelog diff --git a/docs/api/codetf.md b/docs/api/codetf.md deleted file mode 100644 index 55f20d1d..00000000 --- a/docs/api/codetf.md +++ /dev/null @@ -1,261 +0,0 @@ ---- -title: CodeTF Specification -slug: /api/codetf -track: dev -content_type: reference -seo_title: CodeTF Specification -- Pixee Docs -description: "CodeTF (Code Transformation Format) open specification: schema definition, field reference, and integration examples." -sidebar_position: 2 ---- - -# CodeTF Specification - -CodeTF (Code Transformation Format) is an open specification created by Pixee for describing automated code changes in a structured, machine-readable format. CodeTF captures what changed, why it changed, and how the change was validated -- enabling audit trails, downstream automation, and integration with CI/CD pipelines. This page provides the complete schema definition, field reference, and integration examples. - -## What is CodeTF? - -Existing standards describe security findings (SARIF), dependencies (SBOM), and vulnerabilities (CVE/CWE). No standard existed for describing _what an automated fix actually did to your code_. CodeTF fills that gap. - -CodeTF is the output format. SARIF is the input format. A scanner produces a SARIF file describing the problem. Pixee consumes that SARIF, generates a fix, and produces a CodeTF document describing the solution. - -CodeTF is an open specification. Any tool can produce or consume CodeTF documents. The schema is publicly available on [GitHub](https://github.com/pixee/codemodder-specs). - -## CodeTF vs SARIF - -| Dimension | SARIF | CodeTF | -| ------------- | ----------------------------------- | ------------------------------------- | -| Purpose | Describes findings (problems) | Describes fixes (changes) | -| Direction | Scanner output | Remediation output | -| Content | Vulnerability location and metadata | Code diffs, rationale, and validation | -| Standard body | OASIS | Open specification by Pixee | -| Use case | Input to Pixee | Output from Pixee | -| Data model | Runs, results, locations | Run metadata, results, changesets | - -## Schema overview - -A CodeTF document has three layers: run metadata, an array of results (one per codemod applied), and changesets within each result (one per file modified). - -``` -CodeTF Document -|-- version (string) Schema version -|-- run (object) Execution metadata -| |-- vendor (string) Tool vendor -| |-- tool (string) Specific engine (e.g., "codemodder-python") -| |-- elapsed (string) Processing time -| +-- commandLine (string) Invocation command -+-- results[] (array) Transformation results - |-- codemod (string) Codemod identifier - |-- summary (string) Human-readable fix description - |-- description (string) Detailed explanation - |-- references[] (array) External references (CWE, OWASP) - |-- properties (object) Custom key-value metadata - |-- changeset[] (array) File-level changes - | |-- path (string) File path relative to repo root - | |-- diff (string) Unified diff - | |-- changes[](array) Line-level change descriptions - | | |-- lineNumber (int) Line number in modified file - | | |-- description (string) What changed at this line - | | +-- properties (object) Per-change metadata - | +-- ai (boolean) Whether AI was used for this change - |-- detectionTool (string) Scanner that found the issue - +-- fixedFindings[] (array) SARIF finding references resolved -``` - -## Field reference - -### Top-level fields - -| Field | Type | Required | Description | -| --------- | ------ | -------- | ------------------------------------------------------------------------- | -| `version` | string | Yes | Schema version. Current: `"3.0.0"` | -| `run` | object | Yes | Execution context for the transformation run | -| `results` | array | Yes | Array of transformation results. May be empty if no fixes were generated. | - -### Run object - -| Field | Type | Required | Description | -| ----------------- | ------ | -------- | --------------------------------------------------- | -| `run.vendor` | string | Yes | Vendor name (e.g., `"pixee"`) | -| `run.tool` | string | Yes | Engine identifier (e.g., `"codemodder-python"`) | -| `run.elapsed` | string | No | ISO 8601 duration or human-readable processing time | -| `run.commandLine` | string | No | Command used to invoke the transformation | - -### Result object - -| Field | Type | Required | Description | -| --------------- | ------ | -------- | ------------------------------------------------------------------------------------- | -| `codemod` | string | Yes | Unique codemod identifier (e.g., `"pixee:python/secure-random"`) | -| `summary` | string | Yes | One-line human-readable fix description | -| `description` | string | Yes | Detailed explanation of what the fix does and why | -| `references` | array | No | External references: `{"url": "https://cwe.mitre.org/...", "description": "CWE-330"}` | -| `properties` | object | No | Arbitrary key-value metadata for custom integrations | -| `changeset` | array | Yes | Array of file-level changes (at least one entry per result) | -| `detectionTool` | string | No | Scanner that detected the original finding | -| `fixedFindings` | array | No | Array of SARIF finding references this fix resolves | - -### Changeset object - -| Field | Type | Required | Description | -| --------- | ------- | -------- | -------------------------------------------------------------------------------- | -| `path` | string | Yes | File path relative to repository root | -| `diff` | string | Yes | Unified diff of the change | -| `changes` | array | No | Line-level descriptions of individual changes | -| `ai` | boolean | No | `true` if AI generated this change; `false` or absent for deterministic codemods | - -### Change object - -| Field | Type | Required | Description | -| ------------- | ------- | -------- | -------------------------------- | -| `lineNumber` | integer | Yes | Line number in the modified file | -| `description` | string | Yes | What changed at this line | -| `properties` | object | No | Additional per-change metadata | - -## Complete example - -This example shows a CodeTF document for a Python fix that replaces `random.random()` with `secrets.token_hex()` to address CWE-330 (Use of Insufficiently Random Values): - -```json -{ - "version": "3.0.0", - "run": { - "vendor": "pixee", - "tool": "codemodder-python", - "elapsed": "2.4s", - "commandLine": "codemodder-python /repo --codemod=pixee:python/secure-random" - }, - "results": [ - { - "codemod": "pixee:python/secure-random", - "summary": "Replaced insecure random with cryptographically secure alternative", - "description": "The random module produces predictable pseudo-random values unsuitable for security contexts. This fix replaces random.random() with secrets.token_hex() for generating session tokens.", - "references": [ - { - "url": "https://cwe.mitre.org/data/definitions/330.html", - "description": "CWE-330: Use of Insufficiently Random Values" - }, - { - "url": "https://owasp.org/www-community/vulnerabilities/Insecure_Randomness", - "description": "OWASP: Insecure Randomness" - } - ], - "properties": {}, - "changeset": [ - { - "path": "src/auth/token_generator.py", - "diff": "--- a/src/auth/token_generator.py\n+++ b/src/auth/token_generator.py\n@@ -1,5 +1,5 @@\n-import random\n+import secrets\n \n def generate_session_token():\n- return str(random.random())\n+ return secrets.token_hex(32)", - "changes": [ - { - "lineNumber": 1, - "description": "Replaced 'import random' with 'import secrets'" - }, - { - "lineNumber": 4, - "description": "Replaced random.random() with secrets.token_hex(32) for cryptographic randomness" - } - ], - "ai": false - } - ], - "detectionTool": "codeql", - "fixedFindings": [ - { - "id": "py/insecure-randomness", - "rule": "py/insecure-randomness" - } - ] - } - ] -} -``` - -## Consuming CodeTF in CI/CD - -Parse CodeTF output to build compliance reports, track remediation progress, or gate deployments. - -**Python: Extract fix summaries from a CodeTF document** - -```python -import json -from pathlib import Path - -codetf = json.loads(Path("codetf-output.json").read_text()) - -for result in codetf["results"]: - files_changed = len(result["changeset"]) - ai_used = any(c.get("ai", False) for c in result["changeset"]) - - print(f"Codemod: {result['codemod']}") - print(f" Summary: {result['summary']}") - print(f" Files changed: {files_changed}") - print(f" AI-generated: {ai_used}") - print(f" Detection tool: {result.get('detectionTool', 'N/A')}") - print() -``` - -**Generate a compliance audit row per fix:** - -```python -import csv -import json - -codetf = json.loads(Path("codetf-output.json").read_text()) - -with open("audit-trail.csv", "w", newline="") as f: - writer = csv.writer(f) - writer.writerow(["codemod", "summary", "files", "ai_used", "references"]) - - for result in codetf["results"]: - refs = "; ".join(r["description"] for r in result.get("references", [])) - ai = any(c.get("ai", False) for c in result["changeset"]) - writer.writerow([ - result["codemod"], - result["summary"], - len(result["changeset"]), - ai, - refs - ]) -``` - -## Versioning - -CodeTF uses semantic versioning. The current schema version is `3.0.0`. - -| Version | Status | Notes | -| ------- | --------- | ------------------------------------------------------------- | -| 3.0.0 | Current | Pydantic-modeled schema, fix-quality ratings, package actions | -| 2.0.0 | Supported | Previous schema version | - -Breaking changes between major versions are documented in the [Changelog](/api/changelog). CodeTF documents always include a `version` field so consumers can branch on schema version at parse time. - -## Open specification - -CodeTF is open source and not proprietary to Pixee. The specification, Pydantic models, and tooling are available on GitHub: - -- **Specification:** [github.com/pixee/codemodder-specs](https://github.com/pixee/codemodder-specs) -- **Python models:** [github.com/pixee/codemodder-python](https://github.com/pixee/codemodder-python) -- **Java models:** [github.com/pixee/codemodder-java](https://github.com/pixee/codemodder-java) - -Contributions and integrations from the community are welcome. - -## Related pages - -- [API Overview](/api/overview) -- Authentication and endpoint reference -- [SARIF Reference](/api/sarif) -- The complementary input format -- [How Fix Generation Works](/how-it-works/fix-generation) -- Where CodeTF is generated -- [Fix Safety and Validation](/how-it-works/fix-safety) -- CodeTF captures validation metadata -- [Webhooks](/api/webhooks) -- Event triggers that include CodeTF payloads -- [Changelog](/api/changelog) -- Schema version history - -## FAQ - -### What is CodeTF format? - -CodeTF (Code Transformation Format) is an open specification created by Pixee for describing automated code changes in a structured, machine-readable format. Each document captures the code diff, rationale, references (CWE, OWASP), and whether AI was used -- providing a complete audit trail for every automated fix. - -### How does CodeTF differ from SARIF? - -SARIF describes security findings (what is wrong). CodeTF describes security fixes (what changed and why). They are complementary: SARIF is the input to Pixee; CodeTF is the output. A typical pipeline flows from scanner to SARIF to Pixee to CodeTF to pull request. - -### Is CodeTF proprietary to Pixee? - -No. CodeTF is an open specification. The schema, Pydantic models, and reference implementations are publicly available on GitHub. Any tool can produce or consume CodeTF documents. diff --git a/docs/api/sarif.md b/docs/api/sarif.md index d2ef2152..50d6c80b 100644 --- a/docs/api/sarif.md +++ b/docs/api/sarif.md @@ -5,7 +5,7 @@ track: dev content_type: reference seo_title: SARIF Reference -- Pixee Docs description: How Pixee consumes SARIF from scanners. Field mapping, required fields, validation, and integration examples. -sidebar_position: 3 +sidebar_position: 2 --- # SARIF Reference @@ -23,13 +23,13 @@ SARIF matters to Pixee's architecture because it enables scanner-agnostic remedi ## How Pixee uses SARIF ``` -Scanner --> SARIF file --> Pixee ingestion --> Triage --> Fix --> CodeTF --> PR +Scanner --> SARIF file --> Pixee ingestion --> Triage --> Fix --> PR ``` 1. **Ingestion.** SARIF files arrive via webhook from native scanner integrations, via the Universal SARIF integration, or via API upload. 2. **Normalization.** Scanner-specific handlers extract maximum metadata from each tool's SARIF output. When a native handler does not exist, the Universal SARIF handler processes any valid SARIF document. 3. **Triage routing.** Normalized findings enter the three-tier triage engine. Findings with richer SARIF data (code flows, related locations) receive higher-quality triage and remediation. -4. **Output.** Remediation results are expressed as [CodeTF](/api/codetf) documents -- the complement to SARIF input. +4. **Output.** Remediation results are delivered as pull requests on the target repository. ## Required and optional SARIF fields @@ -62,12 +62,12 @@ These fields are not required, but significantly improve triage accuracy and fix ### Optional fields -| SARIF Field | Type | Pixee Usage | -| -------------------------------------- | ------ | ------------------------------------------------------- | -| `runs[].results[].fingerprints` | object | Finding deduplication across scans | -| `runs[].results[].partialFingerprints` | object | Fuzzy matching for findings that shift between scans | -| `runs[].results[].suppressions[]` | array | Previously suppressed findings (Pixee respects these) | -| `runs[].results[].properties` | object | Custom scanner metadata passed through to CodeTF output | +| SARIF Field | Type | Pixee Usage | +| -------------------------------------- | ------ | ------------------------------------------------------ | +| `runs[].results[].fingerprints` | object | Finding deduplication across scans | +| `runs[].results[].partialFingerprints` | object | Fuzzy matching for findings that shift between scans | +| `runs[].results[].suppressions[]` | array | Previously suppressed findings (Pixee respects these) | +| `runs[].results[].properties` | object | Custom scanner metadata preserved through the pipeline | ## Dataflow quality and fix quality @@ -186,7 +186,6 @@ For full setup guides per scanner, see [Integrations Overview](/integrations/ove ## Related pages - [API Overview](/api/overview) -- Authentication and endpoint reference -- [CodeTF Specification](/api/codetf) -- The complementary output format - [Universal SARIF Integration](/integrations/sarif-universal) -- Setup guide for SARIF ingestion - [Integrations Overview](/integrations/overview) -- All supported scanners - [How Scanner Integration Works](/how-it-works/scanner-integration) -- Technical depth on scanner normalization diff --git a/docs/api/webhooks.md b/docs/api/webhooks.md index a087a4ba..0bd5b219 100644 --- a/docs/api/webhooks.md +++ b/docs/api/webhooks.md @@ -5,7 +5,7 @@ track: dev content_type: reference seo_title: Webhooks -- Pixee Docs description: Configure Pixee webhooks for real-time notifications on fix generation, PR status, triage decisions, and remediation events. -sidebar_position: 4 +sidebar_position: 3 --- # Webhooks @@ -16,7 +16,7 @@ Pixee webhooks deliver real-time HTTP POST notifications when remediation events | Event | Trigger | Payload Includes | | ------------------ | ------------------------------------------------- | -------------------------------------------------------------------------------------- | -| `fix.generated` | A fix passes evaluation and is ready for delivery | CodeTF snippet, finding metadata, repository, codemod ID | +| `fix.generated` | A fix passes evaluation and is ready for delivery | Fix summary, finding metadata, repository, codemod ID | | `pr.opened` | A pull request or merge request is created | PR URL, fix summary, affected files, target branch | | `pr.merged` | A fix PR is merged by a developer | PR URL, merge metadata, fix details, merge timestamp | | `pr.closed` | A fix PR is closed without merging | PR URL, close reason, closed-by metadata | @@ -300,7 +300,6 @@ if event["type"] == "triage.completed": ## Related pages - [API Overview](/api/overview) -- Authentication and endpoint reference -- [CodeTF Specification](/api/codetf) -- Payload format for fix-related events - [SARIF Reference](/api/sarif) -- Input format that triggers scan events - [CI/CD Integration](/getting-started/ci-cd) -- Common webhook consumer patterns - [Changelog](/api/changelog) -- Webhook event version history diff --git a/docs/open-source/codemodder.md b/docs/open-source/codemodder.md index c98738aa..c632a72e 100644 --- a/docs/open-source/codemodder.md +++ b/docs/open-source/codemodder.md @@ -29,7 +29,7 @@ Codemodder has three layers: - **codemodder-java** uses ParseAndGo-based AST transformations. Codemods register into a default codemod set and operate on Java abstract syntax trees. - **codemodder-python** supports three transformer strategies: LibCST for AST-level transformations, regex for pattern-based changes, and XML for configuration files. A single Python codemod can target source files, config files, or dependency manifests. -**Output format.** All engines produce CodeTF (Code Transformation Format) output -- a structured JSON description of every change made, including what was modified, where, and the security rationale. CodeTF is machine-readable, making it straightforward to integrate codemod results into CI/CD pipelines or review workflows. +**Output format.** All engines produce a structured JSON report describing every change made — including what was modified, where, and the security rationale — designed to be straightforward to integrate into CI/CD pipelines or review workflows. ## How Codemods Work @@ -43,9 +43,9 @@ The transformation pipeline follows a consistent flow from scanner finding to st 4. **The transformation applies the security fix.** The codemod rewrites the code deterministically. For SQL injection, this means converting string concatenation to parameterized queries. For insecure deserialization, it means adding type validation or switching to a safe loader. -5. **CodeTF output describes the result.** The engine writes a structured report of what changed and why. This output is both human-readable and machine-parseable. +5. **The engine writes a structured report.** A JSON document describes what changed and why — both human-readable and machine-parseable. -6. **Developer reviews the change.** In the Pixee platform, the fix becomes a pull request. With the standalone engine, you review the CodeTF output and the modified files directly. +6. **Developer reviews the change.** In the Pixee platform, the fix becomes a pull request. With the standalone engine, you review the structured report and the modified files directly. ## codemodder-java diff --git a/docs/open-source/contributing.md b/docs/open-source/contributing.md index 6edd8d25..3ef1129e 100644 --- a/docs/open-source/contributing.md +++ b/docs/open-source/contributing.md @@ -68,7 +68,7 @@ Add before/after test fixtures for new codemods and run the full test suite loca pytest ``` -Verify that your changes produce correct CodeTF output by running the codemod against a sample repository. +Verify that your changes produce a correct structured report by running the codemod against a sample repository. ### Step 5: Submit a Pull Request @@ -99,7 +99,7 @@ Every contribution must meet these standards: **Code of Conduct.** All contributors are expected to engage respectfully and constructively. Review the CODE_OF_CONDUCT.md in each repository. -**Issue etiquette.** Search existing issues before opening a new one. When reporting bugs, provide reproduction steps, the codemod involved, and the CodeTF output if applicable. +**Issue etiquette.** Search existing issues before opening a new one. When reporting bugs, provide reproduction steps, the codemod involved, and the engine's output report if applicable. **PR etiquette.** Keep PRs focused. Respond to review feedback. If a maintainer requests changes, address them or explain your reasoning -- both are fine. diff --git a/docs/open-source/custom-codemods.md b/docs/open-source/custom-codemods.md index bb64851d..3e089022 100644 --- a/docs/open-source/custom-codemods.md +++ b/docs/open-source/custom-codemods.md @@ -86,7 +86,7 @@ The codemod needs to: Implement the codemod class by extending the framework's base class. The class declares which CWE or rule ID it handles, and the `visit` method contains the transformation logic. -The transformation uses ParseAndGo to walk the Java AST, identify `Statement.execute()` nodes, and rewrite them. The framework handles file discovery, change tracking, and CodeTF output generation. +The transformation uses ParseAndGo to walk the Java AST, identify `Statement.execute()` nodes, and rewrite them. The framework handles file discovery, change tracking, and structured-report generation. Refer to the [codemodder-java CONTRIBUTING guide](https://github.com/pixee/codemodder-java/blob/main/CONTRIBUTING.md) for the current base class interfaces and registration patterns. @@ -134,7 +134,7 @@ Add the codemod to the registration system so the engine discovers it at runtime ./gradlew run --args="--source /path/to/test-repo --codemod-include pixee:java/sql-parameterizer --output results.json" ``` -Review the CodeTF output in `results.json` to verify the changes are correct. The output describes each file modified, the lines changed, and the security rationale. +Review the report in `results.json` to verify the changes are correct. The output describes each file modified, the lines changed, and the security rationale. ## Tutorial: Build a Custom Python Codemod @@ -214,7 +214,7 @@ Reliable codemods require thorough testing: ```bash # Example CI/CD step -codemodder $WORKSPACE --codemod-include pixee:python/safe-yaml-load --output codetf-results.json +codemodder $WORKSPACE --codemod-include pixee:python/safe-yaml-load --output results.json ``` **Sharing across teams.** Package custom codemods as a separate module that depends on the Codemodder framework. Teams can pull your codemod package alongside the core engine. diff --git a/docs/open-source/oss-overview.md b/docs/open-source/oss-overview.md index 32a6a70e..09650661 100644 --- a/docs/open-source/oss-overview.md +++ b/docs/open-source/oss-overview.md @@ -59,7 +59,7 @@ To run the open source codemod engines locally: git clone https://github.com/pixee/codemodder-java.git # Build and run against your project -./gradlew run --args="--source /path/to/your/project --output codetf-output.json" +./gradlew run --args="--source /path/to/your/project --output results.json" ``` **Python:** @@ -69,10 +69,10 @@ git clone https://github.com/pixee/codemodder-java.git pip install codemodder # Run against your project -codemodder /path/to/your/project --output codetf-output.json +codemodder /path/to/your/project --output results.json ``` -The engines produce [CodeTF](/api/codetf) output, a structured format describing every transformation applied, what changed, and why. +The engines produce a structured JSON report describing every transformation applied, what changed, and why. From here: diff --git a/docusaurus.config.js b/docusaurus.config.js index 1402f42b..74f79a14 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -87,6 +87,7 @@ const config = { from: "/configuration/scheduling", to: "/configuration/operations", }, + { from: "/api/codetf", to: "/api/overview" }, // Old code-scanning-tools/* → new integrations/scanners/* { From c6e2f210ee693fbc22d983e445472ff9367169e8 Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 16:13:21 -0700 Subject: [PATCH 03/20] =?UTF-8?q?docs:=20Phase=202=20rewrite=20=E2=80=94?= =?UTF-8?q?=20structural=20changes=20+=20full=20content=20pass?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Merge how-it-works/ + platform/ into single platform/ section (triage, remediation, sca, security — 4 duplicate page pairs → 4 pages) - Move scanner-integration.md into platform/ - Delete how-it-works/ directory entirely - Move getting-started/ci-cd.md → integrations/ci-cd.md - Move getting-started/cli.md → api/cli.md - Consolidate 3 FAQ files → single faq/faq.md (General/Enterprise/Troubleshooting) - Delete faq-enterprise.md, faq-general.md, faq-troubleshooting.md - Strip embedded FAQ sections from all 72 content pages - Scanner connection marked REQUIRED throughout getting-started - Scanner count corrected to 13 across all pages - Fix broken how-it-works/* internal links site-wide - Remove marketing adjectives, self-referential meta-commentary - Rewrite page openings to 1-2 sentences throughout Co-Authored-By: Claude Sonnet 4.5 --- docs/REFACTOR_AUDIT.md | 333 ++++++++++++++++++ docs/api/api-overview.md | 20 +- docs/api/changelog.md | 22 +- docs/{getting-started => api}/cli.md | 29 +- docs/api/sarif.md | 22 +- docs/api/webhooks.md | 18 +- docs/configuration/ai-settings.md | 15 +- docs/configuration/config-overview.md | 23 +- docs/configuration/operations-config.md | 43 +-- docs/configuration/pixee-yaml.md | 17 - docs/configuration/repositories.md | 13 - docs/configuration/users.md | 13 - docs/enterprise/air-gap.md | 21 -- docs/enterprise/byom.md | 21 -- docs/enterprise/compliance.md | 24 +- docs/enterprise/deployment.md | 21 -- docs/enterprise/embedded-cluster.md | 17 - docs/enterprise/enterprise-overview.md | 23 +- docs/enterprise/helm.md | 17 - docs/enterprise/observability.md | 15 +- docs/enterprise/phased-rollout.md | 33 +- docs/enterprise/security-architecture.md | 21 -- docs/enterprise/troubleshooting.md | 22 +- docs/faq/_category_.json | 2 +- docs/faq/faq-enterprise.md | 99 ------ docs/faq/faq-general.md | 107 ------ docs/faq/faq-troubleshooting.md | 132 ------- docs/faq/faq.md | 191 ++++++++++ docs/getting-started/azure-devops.md | 15 +- docs/getting-started/bitbucket.md | 17 +- docs/getting-started/first-fix.md | 101 ++---- docs/getting-started/getting-started.md | 101 +++--- docs/getting-started/github.md | 15 +- docs/getting-started/gitlab.md | 19 +- docs/how-it-works/_category_.json | 9 - docs/how-it-works/context-intelligence.md | 111 ------ docs/how-it-works/fix-generation.md | 157 --------- docs/how-it-works/fix-safety.md | 129 ------- docs/how-it-works/sca-pipeline.md | 116 ------ docs/how-it-works/scanner-integration.md | 129 ------- docs/how-it-works/triage-engine.md | 145 -------- .../ci-cd.md | 33 +- docs/integrations/integrations-overview.md | 21 -- docs/integrations/sarif-universal.md | 21 +- docs/integrations/scanners/appscan.md | 18 +- docs/integrations/scanners/checkmarx.md | 20 +- docs/integrations/scanners/codeql.md | 16 +- docs/integrations/scanners/contrast.md | 16 +- docs/integrations/scanners/defectdojo.md | 16 +- docs/integrations/scanners/fortify.md | 16 +- docs/integrations/scanners/gitlab-sast.md | 16 +- docs/integrations/scanners/gitlab-sca.md | 26 +- docs/integrations/scanners/polaris.md | 16 +- docs/integrations/scanners/semgrep.md | 20 +- docs/integrations/scanners/snyk-code.md | 16 +- docs/integrations/scanners/sonarqube.md | 18 +- docs/integrations/scanners/trivy.md | 2 +- docs/integrations/scanners/veracode.md | 16 +- docs/integrations/scms/azure-devops.md | 20 +- docs/integrations/scms/bitbucket.md | 24 +- docs/integrations/scms/github.md | 19 +- docs/integrations/scms/gitlab.md | 24 +- docs/languages/dotnet.md | 19 +- docs/languages/go.md | 19 +- docs/languages/java.md | 23 +- docs/languages/javascript.md | 23 +- docs/languages/languages-overview.md | 27 +- docs/languages/php.md | 15 +- docs/languages/python.md | 23 +- docs/open-source/codemodder.md | 28 +- docs/open-source/contributing.md | 19 - docs/open-source/custom-codemods.md | 19 - docs/open-source/oss-overview.md | 17 - docs/platform/_category_.json | 2 +- docs/platform/architecture.md | 33 +- docs/platform/remediation.md | 114 +++--- docs/platform/sca.md | 110 +++--- docs/platform/scanner-integration.md | 97 +++++ docs/platform/security.md | 180 ++++------ docs/platform/triage.md | 120 +++---- .../what-is-agentic-security-engineering.md | 90 ++--- 81 files changed, 1073 insertions(+), 2697 deletions(-) create mode 100644 docs/REFACTOR_AUDIT.md rename docs/{getting-started => api}/cli.md (84%) delete mode 100644 docs/faq/faq-enterprise.md delete mode 100644 docs/faq/faq-general.md delete mode 100644 docs/faq/faq-troubleshooting.md create mode 100644 docs/faq/faq.md delete mode 100644 docs/how-it-works/_category_.json delete mode 100644 docs/how-it-works/context-intelligence.md delete mode 100644 docs/how-it-works/fix-generation.md delete mode 100644 docs/how-it-works/fix-safety.md delete mode 100644 docs/how-it-works/sca-pipeline.md delete mode 100644 docs/how-it-works/scanner-integration.md delete mode 100644 docs/how-it-works/triage-engine.md rename docs/{getting-started => integrations}/ci-cd.md (87%) create mode 100644 docs/platform/scanner-integration.md diff --git a/docs/REFACTOR_AUDIT.md b/docs/REFACTOR_AUDIT.md new file mode 100644 index 00000000..1ec3c00b --- /dev/null +++ b/docs/REFACTOR_AUDIT.md @@ -0,0 +1,333 @@ +# Pixee Docs Refactor Audit + +## Stats + +- **Current page count:** 75 .md files (excluding `migration/`) +- **Estimated total word count:** ~86,000 words +- **Pages with embedded FAQ sections:** 72 of 75 pages contain a `## Frequently Asked Questions` or `## FAQ` section appended at the end + +### Pages WITH embedded FAQ sections (72 of 75) + +Every page except the three standalone FAQ pages (`faq/faq-general.md`, `faq/faq-enterprise.md`, `faq/faq-troubleshooting.md`) has an embedded FAQ section. This includes: + +**getting-started/ (7 pages):** getting-started.md, github.md, gitlab.md, azure-devops.md, bitbucket.md, ci-cd.md, cli.md, first-fix.md + +**how-it-works/ (6 pages):** triage-engine.md, fix-generation.md, fix-safety.md, sca-pipeline.md, scanner-integration.md, context-intelligence.md + +**platform/ (6 pages):** what-is-agentic-security-engineering.md, architecture.md, triage.md, remediation.md, sca.md, security.md + +**configuration/ (6 pages):** config-overview.md, pixee-yaml.md, repositories.md, operations-config.md, users.md, ai-settings.md + +**enterprise/ (11 pages):** enterprise-overview.md, deployment.md, embedded-cluster.md, helm.md, air-gap.md, compliance.md, security-architecture.md, byom.md, observability.md, phased-rollout.md, troubleshooting.md + +**integrations/ (19 pages):** integrations-overview.md, sarif-universal.md, all 11 scanner pages, all 4 SCM pages + +**languages/ (7 pages):** languages-overview.md, java.md, python.md, javascript.md, dotnet.md, go.md, php.md + +**open-source/ (4 pages):** oss-overview.md, codemodder.md, custom-codemods.md, contributing.md + +**api/ (4 pages):** api-overview.md, sarif.md, webhooks.md, changelog.md + +--- + +## IA Evaluation + +### What Works + +1. **Integrations pages are properly scoped.** Each of the 13 scanner pages and 4 SCM pages covers a distinct integration. These are genuinely separate entities and the per-page structure is correct. + +2. **Configuration section is well-organized.** The three-level hierarchy (PIXEE.yaml → org settings → AI settings) is clearly communicated and each page has a distinct subject. + +3. **Enterprise section covers real sub-topics.** Deployment, air-gap, BYOM, observability, compliance, security-architecture, phased-rollout, and troubleshooting each address distinct subjects that justify separate pages at Tier 2 depth. + +4. **Language pages are correctly scoped.** One page per language with framework coverage, fix types, and examples. The languages-overview coverage matrix is a useful landing page. + +5. **Getting-started SCM setup pages are appropriately differentiated.** GitHub, GitLab, ADO, and Bitbucket each have platform-specific credential requirements, permission scopes, and terminology (PR vs MR) that justify separate pages. + +6. **The changelog.md is the only page with actual changelog content and no duplication problem.** It contains real versioned entries and is appropriately a reference page. + +### What Doesn't Work + +1. **The `how-it-works/` and `platform/` sections cover nearly identical ground, split arbitrarily by stated audience.** The `track` field distinguishes them (leader vs both), but the content overlap is severe enough that readers arriving at one section must also read the other to get the full picture. + +2. **72 of 75 pages end with an embedded FAQ section.** These sections overwhelmingly restate content already covered earlier in the same page. They add length without adding value and create duplication relative to the three dedicated FAQ pages. + +3. **The three dedicated FAQ pages (`faq/`) are thin and mostly redirect to other pages** rather than actually answering questions. `faq-enterprise.md` is almost entirely stub answers saying "See [page X]." This renders the section nearly useless. + +4. **Scanner count is inconsistent across the docs.** The integrations overview and several pages claim 13 named scanners (correct per the matrix: CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy + DefectDojo as aggregator). But ~26 other pages still say "12 native integrations." The changelog shows Arnica SAST was added in v5.4.11 and Datadog SAST in v5.4.15, and neither is fully reflected in the scanner pages. This is a live inconsistency. + +5. **The learning loop is almost entirely undocumented.** Marketing claims Pixee "learns from merge/reject/comment feedback over time." The only mention in the entire docs is one sentence in `platform/triage.md`: "When Pixee classifies a finding as FALSE_POSITIVE but your team disagrees, the override is recorded and used to improve future classifications for your codebase." No page explains how this learning actually works, at what scope (repo, org, global), on what cadence, or with what effect. + +6. **Dashboard and reporting capabilities are scattered.** `configuration/operations-config.md` has a Reporting section. `enterprise/enterprise-overview.md` has a Measuring Success section. `platform/architecture.md` mentions the React frontend but barely explains what it shows. There is no dedicated dashboard or reporting page despite the dashboard being a primary interface for security leads. + +7. **The `getting-started/` section has a structural gap.** `getting-started.md` (root) explains the platform well. The four SCM setup pages are good. But `ci-cd.md` and `cli.md` are more advanced topics that belong in a different section or clearly labeled as advanced/optional. They inflate the perceived complexity of "getting started." + +### Section Overlap: how-it-works vs platform + +#### Findings + +The two sections cover the same four core topics with significant content redundancy: + +| Topic | platform/ page | how-it-works/ page | Overlap assessment | +|---|---|---|---| +| Triage | `platform/triage.md` (1,444 words) | `how-it-works/triage-engine.md` (1,906 words) | ~70% content overlap. Both explain three-tier architecture, tier-by-tier breakdown, structured verdicts, context signals, scanner-agnostic coverage. `how-it-works` adds a tier comparison table and "Triage and Remediation: Closing the Loop" section. `platform/triage` adds the scanner list and a slightly different intro framing. | +| Fix generation | `platform/remediation.md` (1,201 words) | `how-it-works/fix-generation.md` (1,719 words) | ~65% overlap. Both cover deterministic vs AI, fix evaluation rubric, multi-agent planning, PR delivery. `how-it-works` adds context gathering detail and 4-tier dataflow classification. | +| SCA | `platform/sca.md` (1,137 words) | `how-it-works/sca-pipeline.md` (1,240 words) | ~60% overlap. Both cover exploitability verification, transitive dependencies, atomic PRs, multi-manifest support. `how-it-works` adds verification cache and cross-tool intelligence sections. | +| Fix safety/trust | `platform/security.md` (1,883 words) | `how-it-works/fix-safety.md` (1,586 words) | ~55% overlap. Both cover deterministic vs AI safety, independent evaluation, PR-only workflow, 76% merge rate. `platform/security` adds data handling, deployment models, and "Responsible AI Council" framing. | + +Additionally, `how-it-works/scanner-integration.md` and `how-it-works/context-intelligence.md` have no direct `platform/` counterpart, but `platform/architecture.md` summarizes both. + +The stated rationale (platform/ is for leaders, how-it-works/ is for engineers) does not hold in practice. The content in each pair is too similar to serve genuinely different audiences without significant rewriting. + +#### Proposed Resolution + +**PROPOSED:** Consolidate into a single section. Eliminate `platform/` as a separate section. Rewrite each topic as one authoritative page at Tier 2 depth (thorough, depth-friendly). The business/leadership framing that currently lives in `platform/` can be integrated into the opening paragraphs and callout boxes rather than requiring separate pages. + +Specific merges: +- Merge `platform/triage.md` + `how-it-works/triage-engine.md` → single `how-it-works/triage.md` +- Merge `platform/remediation.md` + `how-it-works/fix-generation.md` → single `how-it-works/fix-generation.md` +- Merge `platform/sca.md` + `how-it-works/sca-pipeline.md` → single `how-it-works/sca.md` +- Merge `platform/security.md` + `how-it-works/fix-safety.md` → single `how-it-works/fix-safety.md` +- Keep `platform/architecture.md` as an overview/landing page for the section (rename section to `how-it-works/`) +- Keep `platform/what-is-agentic-security-engineering.md` — move it to become the section landing page or merge into the main overview + +### Other Structural Issues + +1. **`faq/` section is structurally incoherent.** Three files exist: general, enterprise, troubleshooting. But `faq-enterprise.md` consists almost entirely of answers that say "See [page X]." It is a stub masquerading as content. `faq-troubleshooting.md` has genuinely useful step-by-step troubleshooting content. `faq-general.md` is substantive but repeats content from `how-it-works/` and `platform/`. **PROPOSED:** Remove `faq-enterprise.md` (all its questions are answered on the linked pages). Promote `faq-troubleshooting.md` content into a dedicated Troubleshooting section. Keep `faq-general.md` as a navigation/discovery page only, ruthlessly cutting answers that duplicate canonical pages. + +2. **`open-source/` section has four pages but the last three are thin.** `codemodder.md` and `oss-overview.md` cover similar ground. `contributing.md` is too short to be a standalone page. `custom-codemods.md` is a tutorial that should either live in a tutorials section or be merged with `codemodder.md`. **PROPOSED:** Merge `oss-overview.md` + `codemodder.md` → one reference page. Merge `custom-codemods.md` as a tutorial subsection. Fold `contributing.md` content into the merged page as a short section. + +3. **`api/` section is incomplete.** `api-overview.md` has authentication details and placeholder endpoint descriptions. `api/sarif.md` largely duplicates `integrations/sarif-universal.md`. `changelog.md` is the only page with real content. The API docs lack actual endpoint reference (request/response schemas). This section promises Tier 3 reference content but delivers Tier 2 overviews. + +4. **`getting-started/ci-cd.md` is misplaced.** It is a configuration/integration guide, not a getting-started page. New users do not need CI/CD pipeline examples to evaluate Pixee. **PROPOSED:** Move `ci-cd.md` to `integrations/` or `configuration/`. + +5. **`getting-started/cli.md` is misplaced.** The CLI is an advanced operational tool, not part of the initial setup path. The getting-started root explicitly states "No CLI required for the standard workflow." **PROPOSED:** Move `cli.md` to the `api/` section or create a dedicated `tools/` section. + +--- + +## Proposed IA Changes + +All items below are PROPOSED. None are implemented. + +| # | Proposal | Rationale | +|---|---|---| +| 1 | Consolidate `platform/triage.md` + `how-it-works/triage-engine.md` into one page | ~70% content overlap; same topic, same depth, different words | +| 2 | Consolidate `platform/remediation.md` + `how-it-works/fix-generation.md` into one page | ~65% content overlap | +| 3 | Consolidate `platform/sca.md` + `how-it-works/sca-pipeline.md` into one page | ~60% content overlap | +| 4 | Consolidate `platform/security.md` + `how-it-works/fix-safety.md` into one page | ~55% content overlap; trust framing can be a section, not a whole parallel page | +| 5 | Remove `faq/faq-enterprise.md` | Every answer is a redirect stub. All content exists on linked pages. | +| 6 | Move `faq-troubleshooting.md` content to a dedicated Troubleshooting section or integrate with `enterprise/troubleshooting.md` | Troubleshooting content is genuinely useful but misplaced in FAQ structure | +| 7 | Move `getting-started/ci-cd.md` to `integrations/` | CI/CD integration is not a getting-started topic | +| 8 | Move `getting-started/cli.md` to `api/` or `tools/` | CLI is an advanced operational tool, explicitly not required for standard workflow | +| 9 | Merge `open-source/oss-overview.md` + `open-source/codemodder.md` | Two pages covering same ground (what codemods are, the framework, the repos) | +| 10 | Remove embedded FAQ sections from all 72 pages | 72 pages have appended FAQ sections that restate the page content. Convert at most 2-3 per page into callout boxes where the Q&A adds genuinely new framing not in the body text. | +| 11 | Add a dedicated Learning Loop page | Core differentiator (Pixee improves from feedback) is essentially undocumented | +| 12 | Add a dedicated Dashboard & Reporting page | Reporting metrics are scattered across 4+ pages with no canonical home | +| 13 | Fix scanner count inconsistency across all pages (12 vs 13 vs current actual) | Changelog shows Arnica and Datadog SAST added; integrations overview shows 13 + DefectDojo; most pages still say 12 | +| 14 | Reconcile `api/sarif.md` with `integrations/sarif-universal.md` | Same SARIF format reference material in two places; one should link to the other | + +--- + +## Per-Section Tier Assignments + +| Section | Pages | Tier | Notes | +|---|---|---|---| +| `getting-started/getting-started.md` | 1 | Tier 1 | Landing page; currently well-scoped but has padding in the FAQ section | +| `getting-started/` SCM setup (github, gitlab, azure-devops, bitbucket) | 4 | Tier 1 | Setup pages; currently about right in length but each has an embedded FAQ that restates the setup steps | +| `getting-started/first-fix.md` | 1 | Tier 1 | Good candidate for aggressive tightening; currently repeats PR anatomy twice | +| `getting-started/ci-cd.md` | 1 | Tier 2 | Misplaced — should move to integrations/; content depth is appropriate for Tier 2 | +| `getting-started/cli.md` | 1 | Tier 2 | Misplaced — should move to api/ or tools/; content depth is appropriate for Tier 2 | +| `how-it-works/triage-engine.md` | 1 | Tier 2 | Appropriate depth; consolidation target | +| `how-it-works/fix-generation.md` | 1 | Tier 2 | Appropriate depth; consolidation target | +| `how-it-works/fix-safety.md` | 1 | Tier 2 | Appropriate depth; consolidation target | +| `how-it-works/sca-pipeline.md` | 1 | Tier 2 | Appropriate depth; consolidation target | +| `how-it-works/scanner-integration.md` | 1 | Tier 2 | Good standalone page with real technical detail | +| `how-it-works/context-intelligence.md` | 1 | Tier 2 | Solid but partially duplicated by triage-engine.md's "Context-Aware Intelligence" section | +| `platform/` (all 6 pages) | 6 | Tier 2 | Section should be eliminated/merged into how-it-works; content is appropriate Tier 2 depth but redundant | +| `configuration/pixee-yaml.md` | 1 | Tier 3 | Full schema reference; appropriate | +| `configuration/operations-config.md` | 1 | Tier 2 | Mixed content (scheduling, notifications, reporting) — may need splitting | +| `configuration/` (remaining) | 4 | Tier 2 | Appropriate depth | +| `enterprise/deployment.md` | 1 | Tier 2 | Good depth; some overlap with embedded-cluster.md and helm.md | +| `enterprise/embedded-cluster.md` | 1 | Tier 2 | Appropriate | +| `enterprise/helm.md` | 1 | Tier 2 | Appropriate | +| `enterprise/air-gap.md` | 1 | Tier 2 | Appropriate | +| `enterprise/security-architecture.md` | 1 | Tier 2 | Appropriate; partially overlaps platform/security.md | +| `enterprise/compliance.md` | 1 | Tier 2-3 | Framework mapping table is Tier 3; surrounding prose is Tier 2 | +| `enterprise/byom.md` | 1 | Tier 2 | Appropriate | +| `enterprise/observability.md` | 1 | Tier 2 | Appropriate | +| `enterprise/phased-rollout.md` | 1 | Tier 2 | Appropriate | +| `enterprise/troubleshooting.md` | 1 | Tier 3 | Reference troubleshooting tables; appropriate | +| `enterprise/enterprise-overview.md` | 1 | Tier 1 | Landing page; currently has too much detail (Measuring Success section should move to operations-config) | +| `integrations/integrations-overview.md` | 1 | Tier 2 | Coverage matrix is Tier 3; page is appropriate | +| `integrations/sarif-universal.md` | 1 | Tier 2-3 | SARIF field requirements lean Tier 3 | +| `integrations/scanners/` (13 pages) | 13 | Tier 2 | Each scanner page has appropriate depth for its audience | +| `integrations/scms/` (4 pages) | 4 | Tier 2 | Credential tables and permission scopes are appropriately detailed | +| `languages/languages-overview.md` | 1 | Tier 2 | Coverage matrix is Tier 3; combined makes this right | +| `languages/java.md`, `languages/python.md` | 2 | Tier 2 | Appropriate depth | +| `languages/javascript.md`, `languages/dotnet.md`, `languages/go.md`, `languages/php.md` | 4 | Tier 2 | Currently thinner than Java/Python pages; acceptable given less coverage | +| `faq/faq-general.md` | 1 | Tier 1 | Navigation/discovery; cut answers that duplicate canonical pages | +| `faq/faq-enterprise.md` | 1 | — | PROPOSED REMOVAL: all answers are redirect stubs | +| `faq/faq-troubleshooting.md` | 1 | Tier 2 | Good operational content; should be promoted to a real Troubleshooting section | +| `open-source/oss-overview.md` | 1 | Tier 1 | Landing page; overlaps too much with codemodder.md | +| `open-source/codemodder.md` | 1 | Tier 2 | Appropriate depth; consolidation target with oss-overview | +| `open-source/custom-codemods.md` | 1 | Tier 2 | Tutorial; could be merged into codemodder.md as a section | +| `open-source/contributing.md` | 1 | Tier 1 | Too short standalone; should be a section of codemodder.md | +| `api/api-overview.md` | 1 | Tier 3 | Promises reference content but is currently Tier 2 depth; needs expansion | +| `api/sarif.md` | 1 | Tier 3 | Duplicates integrations/sarif-universal.md; needs consolidation | +| `api/webhooks.md` | 1 | Tier 3 | Appropriate | +| `api/changelog.md` | 1 | Tier 3 | Appropriate; only page with no real content problem | + +--- + +## Top 10 Pages Needing Most Work + +Ranked by severity of problem and fix urgency: + +### 1. `platform/triage.md` — MERGE +**Problem:** Covers nearly identical ground as `how-it-works/triage-engine.md`. Both pages open with a full description of the three-tier architecture, walk through each tier, describe the structured verdict format, and list the same four context signals. The platform page adds a scanner list table that belongs on the triage page. The how-it-works page adds a tier comparison table and a closing "Triage and Remediation" section. Combined, there are 3,350 words covering one topic. +**Action:** Merge into a single definitive triage page. Start with the three-tier architecture overview, add the tier comparison table, include the context signals section, end with structured verdicts. Target: 1,600–1,800 words. Delete the platform version. + +### 2. `platform/remediation.md` — MERGE +**Problem:** Covers nearly identical ground as `how-it-works/fix-generation.md`. Both pages explain the deterministic/AI routing decision, the fix quality evaluation rubric (Safety/Effectiveness/Cleanliness), and multi-agent fix planning. The platform page has a language coverage table; the how-it-works page has the 4-tier dataflow context gathering table and MagicMod architecture details. Combined: 2,920 words, one topic. +**Action:** Merge into a single authoritative fix generation page. Preserve the dataflow context gathering table (it adds real value). Target: 1,800–2,000 words. + +### 3. `platform/security.md` + `how-it-works/fix-safety.md` — MERGE/REWRITE +**Problem:** Both pages are long (1,883 and 1,586 words) and cover the same three concepts: deterministic vs AI, independent evaluation, PR-only workflow. `platform/security.md` adds data handling and the Responsible AI Council framing; these are worth keeping. Combined there are 3,469 words of largely redundant content. +**Action:** Merge into one "Security & Trust" page. Keep the Responsible AI Council Q&A (it addresses a real evaluation concern). Keep the data handling section. Eliminate the repeated fix quality rubric (covered on the merged fix generation page). Target: 1,500–1,800 words. + +### 4. Embedded FAQ sections on 72 pages — STRIP GLOBALLY +**Problem:** Every content page ends with a `## Frequently Asked Questions` or `## FAQ` section that largely restates the page body. Examples: `platform/triage.md` FAQ asks "How does automated vulnerability triage reduce false positives?" — a question answered in the preceding 1,200 words. `how-it-works/fix-generation.md` FAQ asks "What is the difference between codemods and AI-generated fixes?" — answered with a full table earlier on the same page. These sections add 100–400 words to every page, inflating total word count by an estimated 15,000–20,000 words across the site. +**Action:** Strip embedded FAQ sections from all 72 pages. Where a question genuinely covers something not in the page body (rare), convert it to a callout box or inline summary. Do not route to the standalone FAQ pages; those should also be cut or consolidated. + +### 5. `faq/faq-enterprise.md` — REMOVE +**Problem:** Every answer in this page is a redirect to another page. Example: "Does Pixee support self-hosted deployment? See [Deployment Options](/enterprise/deployment) for details." This is not an FAQ — it is an index, and a worse index than the sidebar. The page adds zero content. +**Action:** Remove the page. Redirect the slug to `/enterprise/overview`. + +### 6. `how-it-works/context-intelligence.md` — MERGE OR DEMOTE +**Problem:** This page covers four topics (dataflow quality, production vs test, security control detection, intentionally-vulnerable project filtering) that are already summarized in `how-it-works/triage-engine.md`'s "Context-Aware Intelligence" section, which contains a table covering the same four-tier dataflow scale. The context-intelligence page adds slightly more prose but no new concepts. It then has a "How Context Feeds Remediation" section that duplicates `how-it-works/fix-generation.md`'s context gathering section. +**Action:** After the triage + fix generation merges, assess whether this page still has unique content. If the merged triage page covers the four context signals adequately, fold the unique parts of context-intelligence.md into the merged triage page and delete this page. + +### 7. `platform/what-is-agentic-security-engineering.md` — REPURPOSE OR MERGE +**Problem:** This page (the conceptual explainer for what "agentic" means) is positioned as a `platform/` page but reads like a landing page or marketing overview. After the platform/how-it-works consolidation, its role is unclear. Its "Four-Layer Security Stack" table is genuinely useful. The "What Makes It Agentic" section is good framing but exists nowhere in the consolidated architecture. +**Action:** Move this page to become the section landing page (replacing the current `platform/architecture.md` overview function) with a new slug like `/how-it-works/` or `/platform/overview`. Trim the embedded FAQ. Keep the four-layer table and the "agentic" definition section. + +### 8. `api/api-overview.md` — EXPAND +**Problem:** This page promises a REST API reference but delivers only authentication setup and a brief mention that endpoints exist. There are no actual endpoint definitions, request/response schemas, or error response examples. The `api/` section claims to be Tier 3 reference content but is currently Tier 2 at best. +**Action:** Expand the API overview to include all available endpoints with method, path, parameters, and response shape. If the full reference lives elsewhere (e.g., an OpenAPI spec), link to it prominently. Currently a user asking "how do I query my scan results via API?" gets no actionable answer from this page. + +### 9. `configuration/operations-config.md` — SPLIT OR RESTRUCTURE +**Problem:** This page covers three distinct operational areas — scheduling, notifications, and reporting — in a single 2,900-word page. The reporting section describes dashboard metrics (triage summary, fix activity, merge rate, remediation velocity) that have no other home. The scheduling section overlaps with what `configuration/config-overview.md` says about workflows. The notifications section is well-written but buries the Jira/ServiceNow webhook configuration at the end. +**Action:** Consider splitting into two pages: `operations-scheduling.md` (scheduling + notifications) and `reporting.md` (dashboard + metrics + exports + compliance exports). This would give reporting a canonical home and reduce the page's sprawl. + +### 10. Learning loop — CREATE +**Problem:** One of Pixee's three core differentiators ("Learn — improves from merge/reject/comment feedback over time") has no documentation. The only reference in the entire docs is a single sentence in `platform/triage.md`: "When Pixee classifies a finding as FALSE_POSITIVE but your team disagrees, the override is recorded and used to improve future classifications for your codebase." This cannot verify whether Pixee learns globally, per-org, per-repo, on what signal (overrides only, or also merge/reject?), at what cadence, or with measurable effect. +**Action:** Create a new page (suggested: `how-it-works/learning.md`) covering: what signals Pixee ingests (triage overrides, PR merges, PR closes, code comments), the scope of learning (org-level? global?), the cadence and mechanism, and how teams can evaluate whether learning is improving accuracy over time. This page cannot be written without consulting product/engineering to verify what actually ships. + +--- + +## Cross-Page Duplication + +### 1. Three-tier triage architecture description +**Repeated on:** `platform/triage.md`, `how-it-works/triage-engine.md`, `platform/architecture.md`, `platform/what-is-agentic-security-engineering.md`, `getting-started/getting-started.md`, `faq/faq-general.md` +**Proposed canonical location:** `how-it-works/triage.md` (post-merge). All others should summarize in 1-2 sentences and link. + +### 2. Fix quality evaluation rubric (Safety/Effectiveness/Cleanliness) +**Repeated on:** `platform/remediation.md`, `how-it-works/fix-generation.md`, `how-it-works/fix-safety.md`, `platform/security.md`, `faq/faq-general.md`, `getting-started/first-fix.md`, `getting-started/github.md`, `getting-started/gitlab.md`, `getting-started/azure-devops.md`, `getting-started/bitbucket.md` +**Proposed canonical location:** `how-it-works/fix-generation.md` (post-merge). PR description sections on SCM setup pages should say "quality scores (Safety, Effectiveness, Cleanliness)" with a link. + +### 3. "Deterministic codemods vs AI-powered MagicMods" explanation +**Repeated on:** `platform/remediation.md`, `how-it-works/fix-generation.md`, `how-it-works/fix-safety.md`, `platform/security.md`, `platform/what-is-agentic-security-engineering.md`, `configuration/ai-settings.md`, `faq/faq-general.md`, `getting-started/first-fix.md` +**Proposed canonical location:** `how-it-works/fix-generation.md`. Other pages should use: "Pixee uses deterministic codemods for known patterns and AI-powered MagicMods for novel ones — [see Fix Generation]." + +### 4. PR-only delivery as architectural constraint +**Repeated on:** `platform/remediation.md`, `how-it-works/fix-safety.md`, `platform/security.md`, `platform/architecture.md`, `platform/what-is-agentic-security-engineering.md`, `enterprise/security-architecture.md`, `faq/faq-general.md`, `getting-started/getting-started.md` +**Proposed canonical location:** `how-it-works/fix-safety.md` (post-merge with security.md). One sentence + link on all other pages. + +### 5. Deployment model comparison (Cloud SaaS / Embedded Cluster / Helm / Air-Gapped) +**Repeated on:** `enterprise/deployment.md`, `enterprise/enterprise-overview.md`, `enterprise/security-architecture.md`, `getting-started/` SCM setup pages (data-leaves-your-network section), `getting-started/ci-cd.md` +**Proposed canonical location:** `enterprise/deployment.md`. All others should show only the deployment model names and link. + +### 6. "No CLI required / no code changes to install" +**Repeated on:** `getting-started/getting-started.md`, `getting-started/github.md`, `getting-started/gitlab.md`, `getting-started/azure-devops.md`, `getting-started/bitbucket.md`, `faq/faq-general.md` +**Proposed canonical location:** `getting-started/getting-started.md`. SCM setup pages can keep one sentence of confirmation but do not need full paragraphs. + +### 7. "git revert applies; no runtime dependency on Pixee for merged code" +**Repeated on:** `platform/remediation.md`, `how-it-works/fix-safety.md`, `platform/security.md`, `platform/architecture.md`, `faq/faq-general.md` +**Proposed canonical location:** `how-it-works/fix-safety.md`. Two sentences on other pages maximum. + +### 8. 76% merge rate claim +**Repeated on:** `platform/remediation.md`, `how-it-works/fix-safety.md`, `platform/security.md`, `getting-started/getting-started.md`, and 4+ other pages +**Proposed canonical location:** `how-it-works/fix-safety.md` with the full context. Other pages should say "76% merge rate — see [Fix Safety]" without re-explaining what the number means. + +### 9. Infrastructure requirements (8 vCPU, 32 GB RAM, 100 GB SSD) +**Repeated on:** `enterprise/deployment.md`, `enterprise/embedded-cluster.md`, `enterprise/helm.md`, `enterprise/air-gap.md`, `faq/faq-enterprise.md` +**Proposed canonical location:** `enterprise/deployment.md` (already has the definitive table). Other pages should link to it, not repeat it. + +### 10. Scanner count ("12 native integrations") — currently an inconsistency +**Repeated incorrectly on:** ~26 pages saying "12" while integrations-overview.md correctly shows 13 named scanners (Arnica SAST and Datadog SAST added per changelog). The actual count, including DefectDojo as an aggregator, is 14 supported scanners, 13 named as "native." +**Proposed canonical location:** `integrations/integrations-overview.md` has the definitive matrix. All other pages should say "13 named scanner integrations" and link. Requires auditing the exact current list (Arnica, Datadog per changelog; both pages are missing from `integrations/scanners/`). + +--- + +## Content Gaps + +### 1. The Learning Loop — CRITICAL GAP +**What's missing:** How Pixee improves from feedback. This is described as a core product capability but has zero dedicated documentation. The single sentence ("overrides are recorded and used to improve future classifications") does not explain mechanism, scope, cadence, or measurability. +**Where it should live:** `how-it-works/learning.md` (new page) +**What it should cover:** Signal types (overrides, PR merges, PR closes, inline comments), scope (per-repo vs org vs global model improvement), cadence (immediate? batch? weekly?), how teams can observe improvement over time, any measurable effect on false positive rates. +**Blocker:** Requires product/engineering input to document accurately. Cannot be written from existing docs alone. + +### 2. Dashboard and Reporting Interface — SIGNIFICANT GAP +**What's missing:** The Pixee dashboard is mentioned everywhere as the primary interface for security leads, but it is never shown or described in detail. What does it look like? What views exist? How are findings organized? What filtering is available? What does the triage summary view show? +**Where it should live:** `configuration/operations-config.md` Reporting section (currently exists but only describes metrics in abstract — no screenshots, no view descriptions, no navigation guidance) +**What it should cover:** Primary dashboard views (triage summary, fix activity, repository status), filtering controls, how to read merge rate and MTTR metrics, how to export data. + +### 3. Convention-Aware Fix Generation — SIGNIFICANT GAP +**What's missing:** Marketing copy says Pixee generates "context-aware code fixes matching team conventions." The PIXEE.yaml page documents the `pr` section (labels, reviewers, draft) but this is PR metadata, not fix conventions. The `fix-generation.md` page mentions "per-project PIXEE.yaml policy" for preferred imports and framework choices but `pixee-yaml.md` has no corresponding schema fields for coding conventions, preferred imports, or framework preferences. Either the PIXEE.yaml schema is incomplete in the docs, or the convention-awareness is an AI behavior not user-configurable. +**Where it should live:** `configuration/pixee-yaml.md` and `how-it-works/fix-generation.md` +**What it should cover:** What aspects of team conventions Pixee detects automatically vs. what requires explicit configuration, what PIXEE.yaml fields (if any) control fix style. + +### 4. Triage Verdict Override Workflow — MODERATE GAP +**What's missing:** Multiple pages mention that security engineers can override triage verdicts. None explain how to do this. Where in the UI? What happens when you override? Is there a comment field? Does the override affect future findings? Is it per-finding or per-rule? +**Where it should live:** `how-it-works/triage.md` (post-merge) — add a "Overriding Triage Verdicts" section +**What it should cover:** UI/API mechanics for overrides, the scope of an override, how overrides feed into learning. + +### 5. Arnica SAST and Datadog SAST Integration Pages — MISSING +**What's missing:** The changelog (v5.4.11 and v5.4.15) shows Arnica SAST and Datadog SAST were added as native integrations. The integrations-overview.md doesn't list them. There are no scanner pages for either in `integrations/scanners/`. The platform/triage.md lists them in the scanner list but there is no integration setup page. +**Where it should live:** `integrations/scanners/arnica.md` and `integrations/scanners/datadog-sast.md` (new pages) + +### 6. Multi-Scanner Deduplication — MODERATE GAP +**What's missing:** `platform/triage.md` mentions "cross-tool deduplication -- when multiple scanners flag the same finding, the system eliminates duplicates." This is a real operational question for teams running 3-4 scanners. How does deduplication work? What defines a "duplicate"? When does Pixee merge findings vs. treat them independently? +**Where it should live:** `how-it-works/scanner-integration.md` or the merged triage page + +### 7. SCA Verification Cache Details — MINOR GAP +**What's missing:** `how-it-works/sca-pipeline.md` mentions a "verification cache" for CVE+dependency combinations. What is the TTL? Is it per-org or global? How does it interact with new CVE advisories for the same library version? +**Where it should live:** `how-it-works/sca.md` (post-merge) + +### 8. Phased Rollout Success Metrics — MODERATE GAP +**What's missing:** `enterprise/phased-rollout.md` describes phases but the Phase 1 success criteria section (seen in first 50 lines) is cut off in this audit. More importantly, there is no guidance on how to set up measurement during a rollout — specifically, how to access merge rate data, triage volume data, and developer acceptance metrics during the pilot phase before org-wide deployment. +**Where it should live:** `enterprise/phased-rollout.md` + link to the Reporting section + +--- + +## Flags for Human Review + +1. **Scanner count accuracy.** The actual current number of supported scanners needs verification. The integrations-overview claims 13 named + DefectDojo as aggregator. The changelog mentions Arnica (v5.4.11) and Datadog SAST (v5.4.15). But neither appears in `integrations/scanners/` as a page. Many older pages say "12." What is the current authoritative count, and which scanners have dedicated setup pages vs. just changelog mentions? + +2. **85% SCA noise reduction and 90% less triage time claims** on `platform/sca.md`. These are presented as product claims without qualification (unlike the 95% triage claim, which includes a detailed qualification about workload composition). Are these numbers validated? If so, they need the same qualification treatment. If not, they should be removed. + +3. **Learning loop — product reality.** Before writing any documentation about the learning loop, engineering must confirm: (a) Does Pixee actually improve triage accuracy from feedback signals in a live, deployed way? (b) What signals does it ingest? (c) Is improvement per-repo, per-org, or global? (d) Is this a shipped feature or a roadmap item? The current docs imply it exists ("overrides are recorded and used to improve") but do not validate this. + +4. **PIXEE.yaml convention fields.** The `fix-generation.md` page says "Per-project PIXEE.yaml policy. MagicMods respect project-level configuration files specifying your coding conventions, preferred imports, and framework choices." But `pixee-yaml.md` has no schema fields for preferred imports or framework choices. Either (a) these PIXEE.yaml fields exist but are undocumented, (b) the convention-awareness is automatic (detected, not configured), or (c) this is planned, not shipped. This needs engineering clarification before the docs can be corrected. + +5. **"50+ validated" SARIF scanners.** Multiple pages claim "over 50 scanner tools have been validated via the universal SARIF path." Is there a public list? If not, this claim should be qualified as "50+ scanners in Pixee's testing environment" rather than implying any scanner producing SARIF is guaranteed to work. + +6. **Air-gapped deployment license validation.** `enterprise/air-gap.md` says "License validation still requires a network path to Pixee servers — either direct or through a proxy." This is called out as "An honest clarification" in the page. Given that many air-gapped use cases are in environments where NO outbound internet is allowed (classified DoD environments, for example), this limitation may be a deal-stopper that the docs currently undersell. Flag for product decision: is there a fully offline license model, and if so, how does it work? + +7. **`platform/what-is-agentic-security-engineering.md` — audience and SEO intent.** This page is positioned as a conceptual explainer for search traffic ("What is agentic security engineering?") but currently lives deep in the `platform/` section. If this page is intended to capture search traffic from users who don't know Pixee, it should be the highest-level page in the site or live at the root. If it's for existing users, it can live in the platform section. The intent needs clarification before IA is finalized. + +8. **`api/changelog.md` has a FAQ section.** The changelog's embedded FAQ includes "How often does Pixee release updates?" (answered: ~25 releases per 6 months). This is the most recent and specific product frequency information in the docs and should inform the enterprise-overview.md's similar claim (currently consistent). However, the changelog FAQ is the only place this appears. Verify that the "25 releases in 6 months" figure is current. + +9. **`enterprise/troubleshooting.md` vs. `faq/faq-troubleshooting.md` overlap.** Both cover troubleshooting but for different audiences: enterprise-troubleshooting covers Helm/K8s/LLM issues; faq-troubleshooting covers scanner connectivity and PR issues. After consolidation, ensure the separation remains clean and cross-links are correct. + +10. **`configuration/operations-config.md` references `configuration/operations`** in the config-overview quick reference table. This slug does not match the actual slug `configuration/operations` — the file is `operations-config.md` with slug `/configuration/operations`. Verify all internal links are correct after any consolidation. diff --git a/docs/api/api-overview.md b/docs/api/api-overview.md index bb311e43..ac64b074 100644 --- a/docs/api/api-overview.md +++ b/docs/api/api-overview.md @@ -145,7 +145,7 @@ for fix in fixes["data"]: ## Input format -Pixee consumes scanner output in **SARIF** -- the OASIS standard for static analysis results -- from 12 native scanner integrations and any SARIF-producing tool. See the [SARIF Reference](/api/sarif). +Pixee consumes scanner output in **SARIF** -- the OASIS standard for static analysis results -- from 13 native scanner integrations and any SARIF-producing tool. See the [SARIF Reference](/api/sarif). ## SDKs and OpenAPI specification @@ -172,19 +172,5 @@ npx @openapitools/openapi-generator-cli generate \ - [SARIF Reference](/api/sarif) -- How Pixee consumes SARIF from scanners - [Webhooks](/api/webhooks) -- Event-driven integration for CI/CD and automation - [Changelog](/api/changelog) -- API version history and release notes -- [CI/CD Integration](/getting-started/ci-cd) -- Common API consumer patterns -- [Configuration Overview](/configuration/overview) -- Repository management - -## FAQ - -### Does Pixee have a REST API? - -Yes. Pixee provides a REST API for programmatic access to triage and remediation workflows, fix status, repository management, and webhook configuration. Authenticate with an organization-scoped API token and use standard HTTPS requests. - -### How do I authenticate with the Pixee API? - -Generate an API token in your Pixee dashboard under **Settings > API Tokens**. Pass it as a bearer token in the `Authorization` header: `Authorization: Bearer YOUR_API_TOKEN`. - -### What input format does Pixee accept from scanners? - -Pixee accepts SARIF (the OASIS standard for static analysis results) from 12 native scanner integrations and any SARIF-producing tool via the universal SARIF integration. +- [CI/CD Integration](/integrations/ci-cd) -- Common API consumer patterns +- [Configuration Overview](/configuration/config-overview) -- Repository management diff --git a/docs/api/changelog.md b/docs/api/changelog.md index 42162c8d..c5ba76be 100644 --- a/docs/api/changelog.md +++ b/docs/api/changelog.md @@ -63,7 +63,7 @@ Categories are omitted when a release has no entries of that type. ### Added -- **Datadog SAST integration.** Native scanner handler for Datadog SAST findings. Pixee now ingests SARIF from Datadog alongside the existing 11 native scanner integrations. See [Integrations Overview](/integrations/overview). +- **Datadog SAST integration.** Native scanner handler for Datadog SAST findings. See [Integrations Overview](/integrations/integrations-overview). - **Activity feed with SSE streaming.** Triage outcomes and remediation activity are now streamed in real time via Server-Sent Events to the Pixee dashboard. Includes drawer auto-transition and outcome banners. ### Changed @@ -77,7 +77,7 @@ Categories are omitted when a release has no entries of that type. ### Added - **Decision-tree triage analyzer.** New triage strategy option (`decision-tree`) for deterministic, rules-based triage routing. Complements existing ReACT and agent-based strategies. -- **Arnica SAST integration.** Native scanner handler for Arnica SAST findings. See [Integrations Overview](/integrations/overview). +- **Arnica SAST integration.** Native scanner handler for Arnica SAST findings. See [Integrations Overview](/integrations/integrations-overview). - **Anthropic-optimized triage prompts.** Provider-family-aware prompting for Anthropic LLM providers. Triage prompts are now optimized per provider family rather than using a lowest-common-denominator approach. - **Authentik IdP federation and RP-Initiated Logout.** Embedded Authentik OIDC provider now federates to upstream corporate identity providers (Google Workspace, Microsoft Entra ID, Okta) with auto-redirect and direct login. RP-Initiated Logout enables clean session termination. - **Bring-your-own database secret support.** CloudNativePG now supports `existingSecret` for external secret managers (Vault, External Secrets Operator, SOPS). See [Enterprise Deployment](/enterprise/deployment). @@ -145,21 +145,7 @@ Non-breaking additions (new fields in response bodies, new event types, new endp ## Related pages -- [API Overview](/api/overview) -- Endpoint reference and authentication +- [API Overview](/api/api-overview) -- Endpoint reference and authentication - [Enterprise Deployment](/enterprise/deployment) -- Upgrade procedures - [Enterprise Troubleshooting](/enterprise/troubleshooting) -- Version-specific issues -- [Integrations Overview](/integrations/overview) -- Scanner integration details - -## FAQ - -### How often does Pixee release updates? - -Pixee has shipped approximately 25 releases in the past 6 months across the enterprise server Helm chart, with regular updates to the cloud platform. Release cadence varies based on feature scope and customer needs. - -### How do I know which version I am running? - -For embedded cluster deployments, check the version in the KOTS admin console. For Helm deployments, run `helm list -n pixee` to see the deployed chart version. Cloud (SaaS) users are always on the latest version. - -### Do I need to update my API integration when Pixee releases a new version? - -Non-breaking additions (new response fields, new event types, new endpoints) do not require changes to existing integrations. Breaking changes ship under a new API version prefix with a documented migration period. Pin your integration to the current API version (`v1`) for stability. +- [Integrations Overview](/integrations/integrations-overview) -- Scanner integration details diff --git a/docs/getting-started/cli.md b/docs/api/cli.md similarity index 84% rename from docs/getting-started/cli.md rename to docs/api/cli.md index ec596deb..f986cd44 100644 --- a/docs/getting-started/cli.md +++ b/docs/api/cli.md @@ -1,6 +1,6 @@ --- title: Pixee CLI -slug: /getting-started/cli +slug: /api/cli track: dev content_type: tutorial seo_title: "Pixee CLI | Command-Line Client for the Pixee Platform" @@ -144,30 +144,5 @@ pixee scan list --repo "$REPO" --branch main --tool codeql --json pixee workflow create new-scan --repo "$REPO" --tool codeql ... ``` -The CLI does not run analysis or generate fixes — those happen on the platform, triggered by your SCM integration. See [CI/CD Integration](/getting-started/ci-cd) for the end-to-end pipeline patterns. +The CLI does not run analysis or generate fixes — those happen on the platform, triggered by your SCM integration. See [CI/CD Integration](/integrations/ci-cd) for the end-to-end pipeline patterns. -## Frequently Asked Questions - -### Does the Pixee CLI generate fixes locally? - -No. The CLI is a client for the Pixee platform. Triage and remediation run on the platform; the CLI lets you inspect, query, and configure that platform from the command line. - -### Do I need a Pixee account to use the CLI? - -Yes. The CLI authenticates against a specific Pixee deployment using an API token. It is intended for Pixee customers. - -### Where is the source code? - -The distributed binaries are published from [github.com/pixee/pixee-cli](https://github.com/pixee/pixee-cli). Source code lives in a private repository (`pixee-cli-private`); the public repo distributes the compiled binaries, the container image, and the coding-agent skills. - -### How do I authenticate in CI without storing a config file? - -Set `PIXEE_TOKEN` and `PIXEE_SERVER` as environment variables. The CLI resolves credentials from env vars before falling back to the stored config file, so no `pixee auth login` step is required in pipelines. - -### What happens when I get exit code 2? - -Exit code 2 means authentication failed. Run `pixee auth status` to see which server and token are configured. If the server is wrong, re-run `pixee auth login --server `. If the token is invalid, generate a new one in the admin console. - -### Is there a Docker image? - -Yes. The `pixee/pixee-cli` container image is published alongside each release; pull `pixee/pixee-cli:latest` or pin to a specific version tag. diff --git a/docs/api/sarif.md b/docs/api/sarif.md index 50d6c80b..b8aed5c5 100644 --- a/docs/api/sarif.md +++ b/docs/api/sarif.md @@ -181,26 +181,12 @@ Native scanner integrations handle SARIF automatically. These notes apply when y | **Snyk** | Use `snyk code test --sarif` for SAST results. | | **Trivy** | Use `trivy fs --format sarif` for filesystem scanning results. | -For full setup guides per scanner, see [Integrations Overview](/integrations/overview). +For full setup guides per scanner, see [Integrations Overview](/integrations/integrations-overview). ## Related pages -- [API Overview](/api/overview) -- Authentication and endpoint reference +- [API Overview](/api/api-overview) -- Authentication and endpoint reference - [Universal SARIF Integration](/integrations/sarif-universal) -- Setup guide for SARIF ingestion -- [Integrations Overview](/integrations/overview) -- All supported scanners -- [How Scanner Integration Works](/how-it-works/scanner-integration) -- Technical depth on scanner normalization +- [Integrations Overview](/integrations/integrations-overview) -- All supported scanners +- [Scanner Integration](/platform/scanner-integration) -- Technical depth on scanner normalization - [Changelog](/api/changelog) -- API and format version history - -## FAQ - -### What is the SARIF format for security findings? - -SARIF (Static Analysis Results Interchange Format) is an OASIS open standard for representing static analysis tool output in a structured JSON format. It includes finding locations, rule metadata, severity levels, and dataflow information. Pixee uses SARIF as the universal input format for ingesting security findings from any scanner. - -### Does Pixee support SARIF format? - -Yes. Pixee natively consumes SARIF from 12 scanner integrations (CodeQL, Semgrep, SonarQube, Checkmarx, Veracode, Snyk, AppScan, Polaris, GitLab SAST, Trivy, Datadog SAST, Arnica SAST) and accepts SARIF uploads from any SARIF-producing tool via the Universal SARIF integration or API. - -### What SARIF fields does Pixee require? - -At minimum: `tool.driver.name`, `results[].ruleId`, `results[].message.text`, and `results[].locations[]` with file path and line number. Dataflow information (`codeFlows` and `threadFlows`) is recommended for higher-quality triage and fixes. See the field reference table above for the complete mapping. diff --git a/docs/api/webhooks.md b/docs/api/webhooks.md index 0bd5b219..739633a2 100644 --- a/docs/api/webhooks.md +++ b/docs/api/webhooks.md @@ -299,21 +299,7 @@ if event["type"] == "triage.completed": ## Related pages -- [API Overview](/api/overview) -- Authentication and endpoint reference +- [API Overview](/api/api-overview) -- Authentication and endpoint reference - [SARIF Reference](/api/sarif) -- Input format that triggers scan events -- [CI/CD Integration](/getting-started/ci-cd) -- Common webhook consumer patterns +- [CI/CD Integration](/integrations/ci-cd) -- Common webhook consumer patterns - [Changelog](/api/changelog) -- Webhook event version history - -## FAQ - -### How do I set up webhooks for Pixee? - -Register a webhook endpoint URL in your Pixee organization settings or via the API. Provide an HTTPS URL, select the event types you want to receive, and configure an HMAC secret for signature verification. Test with the ping endpoint before going live. - -### What events can Pixee webhooks notify on? - -Pixee webhooks notify on six event types: `fix.generated`, `pr.opened`, `pr.merged`, `pr.closed`, `triage.completed`, and `scan.completed`. Subscribe to individual events or use `*` for all events. - -### How do I verify Pixee webhook payloads? - -Pixee signs every payload with HMAC-SHA256 using your webhook secret. Compute the HMAC-SHA256 hex digest of the raw request body using your secret and compare it to the value in the `X-Pixee-Signature` header. Use constant-time comparison to prevent timing attacks. diff --git a/docs/configuration/ai-settings.md b/docs/configuration/ai-settings.md index a2d4141d..bfa56d9f 100644 --- a/docs/configuration/ai-settings.md +++ b/docs/configuration/ai-settings.md @@ -76,7 +76,7 @@ The recommended approach is progressive expansion: 1. **Start conservative.** Enable deterministic codemods only. Review merge rates and fix quality. 2. **Expand by category.** Enable MagicMods for specific CWE categories where your team sees high fix quality. -3. **Broaden over time.** As confidence builds (tracked via merge rate and quality scores in [Reporting](/configuration/operations)), expand the scope of AI-powered fixes. +3. **Broaden over time.** As confidence builds (tracked via merge rate and quality scores in [Reporting](/configuration/operations-config)), expand the scope of AI-powered fixes. The [Phased Rollout Guide](/enterprise/phased-rollout) covers this progression in detail. @@ -90,16 +90,3 @@ Self-hosted Pixee deployments have additional AI configuration beyond the behavi These infrastructure-level settings are managed through the admin console or Helm values, not through the Pixee dashboard's AI settings page. -## FAQ - -### What is the difference between security gates and guardrails? - -Security gates block deployments when thresholds are exceeded. Guardrails guide behavior without blocking. Pixee's AI settings act as guardrails that tune how aggressively triage and remediation operate, while your existing CI/CD gates remain in control of deployment decisions. - -### Can I disable AI-powered fixes and use only deterministic codemods? - -Yes. You can configure Pixee to use only deterministic code transformations and disable AI-powered fix generation (MagicMods) for specific or all finding categories. See [Codemodder](/open-source/codemodder) for the full codemod catalog. - -### How do I increase automation gradually? - -Start with conservative triage settings and a narrow set of fix categories. As your team builds confidence with merge rates and quality scores, expand the scope. The [Phased Rollout Guide](/enterprise/phased-rollout) covers this progression in detail. diff --git a/docs/configuration/config-overview.md b/docs/configuration/config-overview.md index 508263e5..422739af 100644 --- a/docs/configuration/config-overview.md +++ b/docs/configuration/config-overview.md @@ -49,15 +49,15 @@ Use this table to jump to the right page for your configuration task. | Customize PR formatting (labels, title prefix) | [PIXEE.yaml Reference](/configuration/pixee-yaml) | | Add or remove repositories from monitoring | [Repository Management](/configuration/repositories) | | Organize repos by team or business unit | [Repository Management](/configuration/repositories) | -| Set scan schedules or switch to on-demand analysis | [Operations](/configuration/operations) | -| Route notifications to Slack or email | [Notifications](/configuration/operations) | -| Set up webhook integrations for custom workflows | [Notifications](/configuration/operations) | +| Set scan schedules or switch to on-demand analysis | [Operations](/configuration/operations-config) | +| Route notifications to Slack or email | [Notifications](/configuration/operations-config) | +| Set up webhook integrations for custom workflows | [Notifications](/configuration/operations-config) | | Manage team member access and roles | [Users & Access](/configuration/users) | | Configure SSO with your identity provider | [Users & Access](/configuration/users) | | Tune AI triage sensitivity | [AI Settings](/configuration/ai-settings) | | Control which finding categories get AI-powered fixes | [AI Settings](/configuration/ai-settings) | -| Configure reporting exports or dashboards | [Reporting](/configuration/operations) | -| Export data for compliance audits | [Reporting](/configuration/operations) | +| Configure reporting exports or dashboards | [Reporting](/configuration/operations-config) | +| Export data for compliance audits | [Reporting](/configuration/operations-config) | ## Getting Started with Configuration @@ -69,16 +69,3 @@ If you just installed Pixee, the recommended approach is: Enterprise self-hosted deployments have additional configuration surfaces for infrastructure (LLM providers, authentication, observability) managed through the admin console or Helm values. See [Enterprise > Deployment Options](/enterprise/deployment) for details. -## FAQ - -### Do I need to configure Pixee before it starts working? - -No. Pixee works with zero configuration on supported repositories. Default settings enable triage and remediation for all supported languages and vulnerability types. - -### Can developers override organization-wide settings? - -Developers can customize behavior for their repositories using PIXEE.yaml. Organization-level policies set guardrails that PIXEE.yaml operates within. - -### Where do I configure Pixee for enterprise self-hosted deployments? - -Enterprise deployments have additional infrastructure configuration (LLM providers, authentication, observability) managed through the admin console or Helm values. See [Enterprise > Deployment Options](/enterprise/deployment). diff --git a/docs/configuration/operations-config.md b/docs/configuration/operations-config.md index 0550376e..48fdd214 100644 --- a/docs/configuration/operations-config.md +++ b/docs/configuration/operations-config.md @@ -162,11 +162,11 @@ Pixee tracks every triage decision and remediation outcome, giving your team vis | **Remediation Velocity** | Time from finding to merged fix | Compliance teams tracking MTTR reduction | | **Repository Status** | Per-repo analysis state, last scan time, recent activity | Developers checking individual repo health | -**Merge rate** is the percentage of Pixee PRs that developers review and merge. It is a primary indicator of fix quality and relevance. See [Fix Safety](/how-it-works/fix-safety) for production metrics. +**Merge rate** is the percentage of Pixee PRs that developers review and merge. It is a primary indicator of fix quality and relevance. See [Security & Trust](/platform/security) for production metrics. **Remediation velocity** measures the elapsed time from when a finding is detected to when its fix is merged. This metric maps directly to Mean Time to Remediation (MTTR), a standard compliance metric. -**Triage volume** tracks how many findings Pixee classified, broken down by true positive, false positive, and won't-fix outcomes. See [Triage Engine](/how-it-works/triage-engine) for details on false positive reduction. +**Triage volume** tracks how many findings Pixee classified, broken down by true positive, false positive, and won't-fix outcomes. See [Triage](/platform/triage) for details on false positive reduction. ### Dashboard @@ -202,7 +202,7 @@ Compliance exports include: - Fix outcome (PR merged, closed, pending) - Timestamps for each state transition -For custom reporting, use the Pixee API to query triage and remediation data programmatically. See [API > Overview](/api/overview) for endpoints and authentication. +For custom reporting, use the Pixee API to query triage and remediation data programmatically. See [API Overview](/api/api-overview) for endpoints and authentication. ### Enterprise Observability @@ -210,40 +210,3 @@ Self-hosted Pixee deployments include a bundled observability stack with metrics For full observability configuration, see [Enterprise > Observability](/enterprise/observability). -## FAQ - -### Does Pixee run on every commit? - -By default, Pixee analyzes when new scanner findings are available, not on every commit. You can configure event-driven, scheduled, or on-demand analysis modes to match your workflow. - -### Can I prevent Pixee from opening PRs during business hours? - -Yes. Scheduled mode lets you set a cron expression that runs analysis during off-hours, so PRs are ready for review when your team starts work. - -### How do I trigger a scan manually? - -Use the Pixee dashboard or API to trigger on-demand analysis for any connected repository. Results and PRs appear as soon as analysis completes. - -### Do I need to configure notifications to use Pixee? - -No. Pixee uses your SCM platform's native notification system by default. PRs appear in your normal PR queue, and status checks integrate with your existing workflow. Additional channels (Slack, email, webhooks) are optional. - -### Can I send notifications to different Slack channels for different repositories? - -Yes. Notification routing supports per-repository and per-team channel assignments. Route backend repos to `#backend-security` and frontend repos to `#frontend-security`, for example. - -### Does Pixee support PagerDuty or ServiceNow integration? - -Pixee supports generic webhooks that integrate with PagerDuty, ServiceNow, Jira, or any system that accepts webhook payloads. Configure a webhook URL and select the event types you want forwarded. - -### Can I export Pixee data for compliance audits? - -Yes. Every triage decision and fix outcome is persisted with timestamps and justification. Export as CSV or JSON, or use the API for automated evidence collection. The data maps to common compliance frameworks including SOC 2 and ISO 27001. - -### Does Pixee show fix merge rates? - -Yes. Merge rate -- the percentage of Pixee PRs that developers review and merge -- is a primary metric tracked in the dashboard. See [Fix Safety](/how-it-works/fix-safety) for production metrics. - -### Can I integrate Pixee reporting with Jira or ServiceNow? - -Yes. Use the webhook and API integrations to push Pixee data to Jira, ServiceNow, or any system that accepts webhook payloads or REST API calls. See [API > Webhooks](/api/webhooks) for payload details. diff --git a/docs/configuration/pixee-yaml.md b/docs/configuration/pixee-yaml.md index a019add9..710f67fd 100644 --- a/docs/configuration/pixee-yaml.md +++ b/docs/configuration/pixee-yaml.md @@ -254,20 +254,3 @@ Check the Pixee dashboard for your repository. The configuration status indicate | Codemod still running after disabling | Codemod name typo | Verify the exact codemod identifier in the Pixee dashboard | | Labels not appearing on PRs | SCM permissions | Ensure the Pixee integration has permission to apply labels | -## FAQ - -### How do I exclude files or directories from Pixee? - -Add path patterns to the `excludes.paths` section of PIXEE.yaml. Standard glob patterns are supported. For example, `"tests/**"` excludes everything under the `tests/` directory. - -### Can I disable specific fix types? - -Yes. The `fixes` section lets you enable or disable specific codemods by name or entire fix categories (SAST, SCA) with a single toggle. - -### What happens if my PIXEE.yaml has a syntax error? - -Pixee falls back to organization defaults and logs a validation warning. No analysis is skipped -- the file is simply ignored until corrected. Check the Pixee dashboard for validation status. - -### Does PIXEE.yaml work with all SCM platforms? - -Yes. PIXEE.yaml is read from the repository root on GitHub, GitLab, Azure DevOps, and Bitbucket. diff --git a/docs/configuration/repositories.md b/docs/configuration/repositories.md index 38f1312b..1cb0d14b 100644 --- a/docs/configuration/repositories.md +++ b/docs/configuration/repositories.md @@ -98,16 +98,3 @@ Cross-platform visibility means your security team sees triage results and fix a Enterprise self-hosted deployments have the same multi-SCM support. See [Enterprise > Deployment Options](/enterprise/deployment) for infrastructure details. -## FAQ - -### Can I add repositories from multiple SCM platforms? - -Yes. A single Pixee deployment supports repositories from GitHub, GitLab, Azure DevOps, and Bitbucket simultaneously. All 4 platforms are managed from one dashboard. - -### What happens when I add a new repository? - -Pixee runs an initial analysis and opens PRs for any findings it can triage or fix. The first results typically appear within minutes. - -### Can I limit Pixee to specific repositories instead of an entire organization? - -Yes. On GitHub, you can restrict the GitHub App to selected repositories during installation. On GitLab, the `member_projects_only` toggle restricts Pixee to projects where the service account is an explicit member. On Azure DevOps and Bitbucket, repository scope is controlled through PAT access. diff --git a/docs/configuration/users.md b/docs/configuration/users.md index 2a932ba3..41f16c75 100644 --- a/docs/configuration/users.md +++ b/docs/configuration/users.md @@ -70,16 +70,3 @@ Enterprise self-hosted deployments also support embedded OIDC (via Authentik run For full SSO configuration details on self-hosted deployments, see [Enterprise > Security Architecture](/enterprise/security-architecture). -## FAQ - -### Do developers need a Pixee account to review and merge fixes? - -No. Pixee delivers fixes as standard PRs in your SCM platform. Developers review and merge them using their existing GitHub, GitLab, Azure DevOps, or Bitbucket workflow. No Pixee login required. - -### Can I restrict which users can change organization-wide policies? - -Yes. Only Admin and Security Lead roles can modify organization policies. Member roles interact with Pixee through PRs and can only configure per-repository settings via PIXEE.yaml. - -### Does Pixee support SSO? - -Yes. Pixee integrates with Google Workspace, Microsoft Entra ID, and Okta for single sign-on. Enterprise self-hosted deployments additionally support embedded OIDC via Authentik, which can federate to any upstream corporate IdP. diff --git a/docs/enterprise/air-gap.md b/docs/enterprise/air-gap.md index db3dd3ac..caf7fb7b 100644 --- a/docs/enterprise/air-gap.md +++ b/docs/enterprise/air-gap.md @@ -86,24 +86,3 @@ All three contexts share the same technical deployment. The difference is in the Air-gapped installation follows the same Helm deployment process with additional configuration for container image transfer to a local registry, private LLM endpoint settings, proxy configuration, and CA certificates. Preflight checks validate LLM endpoint connectivity and license server access before the first analysis runs. For the current installation procedure and common issues, see the [deployment guide](https://app.pixee.ai/docs/deploy) and [Enterprise Troubleshooting](/enterprise/troubleshooting). -## Frequently Asked Questions - -### Can Pixee run with zero internet connectivity? - -Not completely. Pixee requires a network path for license validation, either direct or through a proxy. Source code, findings, and LLM requests stay fully within your network, but the license check must reach Pixee servers. There is no offline license mode. - -### Does Pixee work with Azure AI Foundry in an air-gapped environment? - -Yes. Azure AI Foundry is a first-class supported LLM provider for air-gapped deployments. Configure your Azure AI Foundry endpoint and API key during installation. The models run in your Azure subscription with your keys. - -### What happens if the private LLM endpoint goes down? - -Pixee queues analysis tasks and retries when the endpoint becomes available. Existing PRs and triage results are unaffected. Deterministic codemods that require no LLM continue to function regardless of LLM availability. - -### Can I use a self-hosted open-source LLM? - -If the model exposes an OpenAI-compatible API endpoint, it can be configured as Pixee's LLM provider. Triage and fix quality depend on model capability -- lower-capability models may produce lower merge rates and less accurate triage. - -### Does air-gapped deployment affect fix quality? - -Fix quality depends on the LLM model available at your private endpoint. If the private model is equivalent to production defaults, quality is identical. Lower-capability models may produce lower merge rates. Web search and deep research LLM tiers are unavailable in air-gapped environments. Deterministic codemods are unaffected. diff --git a/docs/enterprise/byom.md b/docs/enterprise/byom.md index d880d300..774f75df 100644 --- a/docs/enterprise/byom.md +++ b/docs/enterprise/byom.md @@ -80,24 +80,3 @@ When an LLM provider is unavailable, Pixee handles the degradation: This resilience architecture means an LLM outage degrades Pixee's capability without halting it entirely. -## Frequently Asked Questions - -### Can I bring my own LLM model with Pixee? - -Yes. Pixee supports four LLM provider families: OpenAI, Azure AI Foundry, Anthropic, and Azure Anthropic. You configure your API keys and endpoint, and Pixee routes all AI inference through your account. - -### Can I use different models for different tasks? - -Yes. Seven named LLM tiers let you assign different models to triage, remediation, classification, research, and other workflow stages. This lets you balance cost, quality, and latency per task type. - -### Does Pixee use Anthropic-optimized prompts for Anthropic models? - -Yes. Pixee uses provider-family-aware prompting. When configured for Anthropic, the triage engine uses Anthropic-optimized prompt structures rather than a generic approach. - -### What happens if my LLM provider is unavailable? - -Pixee queues tasks and retries when the provider becomes available. Deterministic codemods that require no LLM continue functioning regardless of LLM availability. - -### Can I use a self-hosted open-source model? - -If your model exposes an OpenAI-compatible API endpoint, it can be configured as a provider. Quality of triage and remediation depends on model capability. diff --git a/docs/enterprise/compliance.md b/docs/enterprise/compliance.md index 98bf5f86..2dd1a536 100644 --- a/docs/enterprise/compliance.md +++ b/docs/enterprise/compliance.md @@ -84,26 +84,4 @@ The architecture provides verifiable answers to common governance questions: - **Narrow scope** -- security fixes only (1-5 lines applying OWASP/SANS patterns), not general-purpose code generation - **Deterministic floor** -- deterministic codemods use zero LLM involvement with zero hallucination risk (see [Codemodder](/open-source/codemodder) for the full catalog) -For the full technical trust framework, see [Security & Trust](/platform/security) and [Fix Safety & Validation](/how-it-works/fix-safety). - -## Frequently Asked Questions - -### How does Pixee help with SOC 2 compliance? - -Pixee provides audit-ready evidence for vulnerability management controls: timestamped triage decisions with reasoned justification, PR-based remediation with full change tracking, and exportable reports for control sampling. Every disposition is persisted for the lifetime of the deployment. - -### Is Pixee SOC 2 Type II certified? - -Contact the Pixee team for the current status of SOC 2 certification. - -### Does Pixee support FedRAMP requirements? - -Pixee supports FedRAMP-relevant controls through air-gapped deployment (no source code leaves your network), audit event logging, and configuration change documentation. See [Air-Gapped Deployment](/enterprise/air-gap) for disconnected environment details and known limitations. - -### How does Pixee handle data residency requirements? - -Self-hosted deployments keep all data in the customer's network. LLM inference uses the customer's chosen provider in the customer's chosen region. The only outbound connection is license validation, which can be proxied. - -### Can Pixee generate compliance reports automatically? - -Yes. Pixee's reporting API exports triage decisions, fix outcomes, and audit trails in CSV and JSON formats for integration with compliance platforms and GRC tools. +For the full technical trust framework, see [Security & Trust](/platform/security). diff --git a/docs/enterprise/deployment.md b/docs/enterprise/deployment.md index 4a893b4b..26173240 100644 --- a/docs/enterprise/deployment.md +++ b/docs/enterprise/deployment.md @@ -137,24 +137,3 @@ Use this decision tree to narrow down your model: These are starting recommendations. Actual resource requirements depend on finding volume, concurrent analysis workload, and LLM inference latency. Contact Pixee solutions engineering for sizing guidance on large deployments. -## Frequently Asked Questions - -### What data does Pixee send outside my network? - -In self-hosted deployments (embedded cluster, Helm, air-gapped), source code and scanner findings stay in your network. LLM inference uses your chosen provider. The only outbound connection is license validation, which can be proxied. See the data flow table above for details per deployment model. - -### Does Pixee require Kubernetes expertise? - -No. The embedded cluster deployment installs a complete K3s-based platform on a single Linux VM with a form-based admin console. No Kubernetes knowledge required. The Helm deployment does require an existing Kubernetes cluster and Helm CLI experience. See [Embedded Cluster](/enterprise/embedded-cluster) for details. - -### Can Pixee run in my existing EKS/GKE/AKS cluster? - -Yes. The Helm chart deploys into any customer-provided Kubernetes cluster. Conditional subcharts let you swap embedded components for your own services (S3, PostgreSQL, observability, auth). See [Helm / BYO Kubernetes](/enterprise/helm) for details. - -### How long does deployment take? - -Embedded cluster and Helm deployments typically complete in under one hour. Air-gapped deployments take longer due to private LLM endpoint configuration and network verification. - -### Does Pixee support multi-cloud? - -Yes. The Helm chart includes storage-class configurations for EKS (gp2/gp3), GKE (standard-rwo), AKS (managed-csi), and K3s local default. A single Pixee deployment can connect to multiple SCM platforms simultaneously. diff --git a/docs/enterprise/embedded-cluster.md b/docs/enterprise/embedded-cluster.md index 986a9296..b91f1800 100644 --- a/docs/enterprise/embedded-cluster.md +++ b/docs/enterprise/embedded-cluster.md @@ -98,20 +98,3 @@ The embedded cluster is the right choice for most organizations without existing Both deployment models deliver the same triage and remediation capabilities. The choice is about infrastructure preference, not product functionality. -## Frequently Asked Questions - -### Do I need Kubernetes experience to deploy Pixee? - -No. The embedded cluster deployment handles all Kubernetes components automatically. The admin console is a form-based UI for all configuration -- no YAML editing, no kubectl commands, no cluster management. - -### What Kubernetes distribution does the embedded cluster use? - -The embedded cluster is built on K3s (Kubernetes 1.32) distributed via Replicated Embedded Cluster. - -### Can I run the embedded cluster in a VM on my existing infrastructure? - -Yes. The embedded cluster runs on any Linux VM that meets the prerequisites -- physical servers, VMware, Hyper-V, cloud VMs (EC2, Azure VMs, GCE), or any other virtualization platform. - -### How do I upgrade the embedded cluster? - -Upgrades are managed through the KOTS admin console. New versions are delivered as single-step upgrades with rollback support. No manual Kubernetes operations are required. diff --git a/docs/enterprise/enterprise-overview.md b/docs/enterprise/enterprise-overview.md index 1ebed261..63b5af88 100644 --- a/docs/enterprise/enterprise-overview.md +++ b/docs/enterprise/enterprise-overview.md @@ -63,7 +63,7 @@ Track these metrics from the Pixee reporting dashboard to evaluate operational i | **Compliance window adherence** | Critical/high findings remediated within required timeframes | Pixee reporting + compliance tool | | **Finding volume trend** | Total open findings over time | Pixee dashboard: backlog view | -See [Fix Safety](/how-it-works/fix-safety) for production metrics on fix quality and validation. +See [Security & Trust](/platform/security) for production metrics on fix quality and validation. ## What's Next @@ -73,24 +73,3 @@ See [Fix Safety](/how-it-works/fix-safety) for production metrics on fix quality **Reviewing compliance requirements?** The [Compliance](/enterprise/compliance) page maps Pixee capabilities to SOC 2, HIPAA, FedRAMP, PCI-DSS, NIST 800-53, and ISO 27001. -## Frequently Asked Questions - -### Does Pixee support self-hosted deployment? - -Yes. Pixee offers three self-hosted deployment models: a turnkey embedded cluster (single Linux VM, no Kubernetes expertise needed), a standard Helm chart for existing Kubernetes clusters (EKS, GKE, AKS), and a fully air-gapped deployment with your own private LLM endpoint. See [Deployment Options](/enterprise/deployment) for details. - -### What metrics does Pixee track? - -The reporting dashboard tracks merge rate, triage reduction, MTTR, compliance window adherence, and finding volume trends. See the Measuring Success section above for details. - -### What compliance frameworks does Pixee support? - -Pixee maps to SOC 2, HIPAA, FedRAMP, PCI-DSS, NIST 800-53, and ISO 27001 control requirements. See the [Compliance](/enterprise/compliance) page for detailed framework mapping. - -### How long does enterprise deployment take? - -Embedded cluster and Helm deployments typically complete in under one hour. Air-gapped deployments take longer due to private LLM endpoint configuration and network verification. See [Deployment Options](/enterprise/deployment) for infrastructure requirements. - -### Can I use Pixee across multiple SCM platforms? - -Yes. A single Pixee Enterprise deployment supports GitHub, GitLab, Azure DevOps, and Bitbucket simultaneously. All four platforms receive the same triage and remediation capabilities. diff --git a/docs/enterprise/helm.md b/docs/enterprise/helm.md index baa76f3a..afb4ab0c 100644 --- a/docs/enterprise/helm.md +++ b/docs/enterprise/helm.md @@ -96,20 +96,3 @@ Approximately 25 releases have shipped in the last 6 months. The platform is act Before upgrading, back up your current `values.yaml` file. If an upgrade introduces an issue, roll back to the previous Helm release using standard Helm rollback commands. -## Frequently Asked Questions - -### Can I use my own PostgreSQL database? - -Yes. Disable the embedded CloudNativePG subchart and provide connection details for your external PostgreSQL 15+ instance. BYO database-secret support is available for external secret managers. - -### Does Pixee support pod identity (IRSA, Workload Identity)? - -Yes. The Helm chart supports IRSA (AWS), Workload Identity (GCP), and Managed Identity (Azure) for object store credentials, alongside static key configuration. - -### Can I route Pixee observability to my existing Grafana? - -Yes. Disable the embedded observability subcharts and configure Pixee to emit metrics to your existing VictoriaMetrics, Prometheus, or Grafana Cloud instance. Optional Grafana Cloud Private Data Connector integration is also supported. See [Observability](/enterprise/observability) for details. - -### What Helm chart version should I use? - -The latest stable release. Check the changelog for release notes before upgrading. Pixee maintains backward compatibility across minor releases. diff --git a/docs/enterprise/observability.md b/docs/enterprise/observability.md index d600872b..e4f2a97a 100644 --- a/docs/enterprise/observability.md +++ b/docs/enterprise/observability.md @@ -52,7 +52,7 @@ For day-two operations teams, these are the metrics that indicate platform healt **Business metrics vs. platform metrics:** Merge rate, triage volume, and remediation velocity are business metrics visible in Pixee's reporting dashboard. Analysis throughput, LLM latency, and error rates are platform metrics visible in the observability stack. Both matter for different audiences -- share business metrics with security leadership and platform metrics with SRE. -For business-level reporting (merge rate trends, triage reduction, MTTR), see [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success). +For business-level reporting (merge rate trends, triage reduction, MTTR), see [Enterprise Overview > Measuring Success](/enterprise/enterprise-overview#measuring-success). ## Operational Controls @@ -67,16 +67,3 @@ Operational settings are configurable through the KOTS admin console (embedded c For troubleshooting operational issues, see [Enterprise Troubleshooting](/enterprise/troubleshooting). -## Frequently Asked Questions - -### Does Pixee include monitoring out of the box? - -Yes. The Helm chart bundles VictoriaMetrics (metrics), Victoria-logs (logs), Victoria-traces (distributed tracing), and Grafana dashboards. No separate purchase or manual installation required. - -### Can I route Pixee telemetry to my existing Grafana or Prometheus? - -Yes. Disable the embedded observability subcharts and configure Pixee to emit metrics to your existing stack. Grafana Cloud Private Data Connector integration is also supported. - -### What dashboards does Pixee provide? - -Pixee includes curated Grafana dashboards for platform health, analysis throughput, LLM performance, and fix quality metrics. These are Pixee-specific dashboards, not just upstream chart defaults. diff --git a/docs/enterprise/phased-rollout.md b/docs/enterprise/phased-rollout.md index d5cb0759..bbc309c3 100644 --- a/docs/enterprise/phased-rollout.md +++ b/docs/enterprise/phased-rollout.md @@ -12,7 +12,7 @@ Pixee deploys in phases: single repository, team, org unit, enterprise. Each pha ## Overview -Pixee deploys in phases to validate triage accuracy and fix quality on a controlled scope before expanding. Each phase generates metrics that inform the next expansion decision. Phase 1 data feeds the metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success). +Pixee deploys in phases to validate triage accuracy and fix quality on a controlled scope before expanding. Each phase generates metrics that inform the next expansion decision. Phase 1 data feeds the metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/enterprise-overview#measuring-success). ## Phase Model Overview @@ -41,7 +41,7 @@ Phase 1 is where most readers will start and where the most specific guidance ma **Installation.** Connect Pixee to the pilot repositories. See the Getting Started guides for [GitHub](/getting-started/github), [GitLab](/getting-started/gitlab), [Azure DevOps](/getting-started/azure-devops), or [Bitbucket](/getting-started/bitbucket). -**Scanner connection.** Connect your existing scanners to Pixee so it can triage and remediate findings from your current tooling. Pixee works with 12 native scanner integrations and any SARIF-producing scanner. +**Scanner connection.** Connect your existing scanners to Pixee so it can triage and remediate findings from your current tooling. Pixee works with 13 native scanner integrations and any SARIF-producing scanner. **First fix review.** Walk through the first Pixee PR with the development team. Explain what changed, why it changed, and the quality scores. @@ -62,7 +62,7 @@ Phase 1 is where most readers will start and where the most specific guidance ma Expand from champion repositories to team-wide deployment. Set team-level merge rate targets based on Phase 1 data. Establish fix review norms: who reviews Pixee PRs, what response time is expected. -Use Phase 1 metrics to evaluate whether expansion is warranted. The metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success) provide the data points for Phase 3 decision-making. +Use Phase 1 metrics to evaluate whether expansion is warranted. The metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/enterprise-overview#measuring-success) provide the data points for Phase 3 decision-making. ### Security Engineer Execution Track @@ -84,7 +84,7 @@ Build the executive reporting dashboard for Phase 4 approval. Present triage red ### Security Engineer Execution Track -Scale repository configuration across teams using PIXEE.yaml. Verify language coverage across the org unit (see [Languages > Overview](/languages/overview)). Integrate Pixee reporting with existing CI/CD pipelines and dashboards. Set up observability (see [Observability](/enterprise/observability)) if running a self-hosted deployment. +Scale repository configuration across teams using PIXEE.yaml. Verify language coverage across the org unit (see [Languages > Overview](/languages/languages-overview)). Integrate Pixee reporting with existing CI/CD pipelines and dashboards. Set up observability (see [Observability](/enterprise/observability)) if running a self-hosted deployment. ### Decision Gate @@ -94,7 +94,7 @@ Consistent metrics across all enrolled teams, compliance team sign-off on audit ### Security Leader Planning Track -Executive sign-off requires presenting Phase 3 results with the metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success): merge rate, triage reduction, MTTR, and compliance window adherence. +Executive sign-off requires presenting Phase 3 results with the metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/enterprise-overview#measuring-success): merge rate, triage reduction, MTTR, and compliance window adherence. Make enterprise deployment model decisions at this stage -- cloud SaaS, embedded cluster, Helm, or air-gapped based on compliance requirements. See [Deployment Options](/enterprise/deployment). @@ -119,7 +119,7 @@ Disabling Pixee at any phase does not affect existing code. Previously merged fi A champion is a developer who actively uses Pixee PRs during the pilot phase and can support other teams during expansion. Typical indicators: merges Pixee PRs early, reviews PR descriptions and quality scores in detail, and asks about framework coverage. -**Enablement:** Share the [Languages > Overview](/languages/overview) page (coverage matrix) and this rollout guide. Provide access to the metrics from [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success). +**Enablement:** Share the [Languages > Overview](/languages/languages-overview) page (coverage matrix) and this rollout guide. Provide access to the metrics from [Enterprise Overview > Measuring Success](/enterprise/enterprise-overview#measuring-success). ## Multi-Business-Unit Rollout @@ -166,24 +166,3 @@ severity: Each business unit or team can use a different configuration during rollout. As confidence builds, adjust the severity threshold downward and remove directory exclusions. See [PIXEE.yaml Reference](/configuration/pixee-yaml) for the complete configuration reference. -## Frequently Asked Questions - -### How long does it take to roll out Pixee across an enterprise? - -Most teams complete a single-repo pilot in one week and reach org-unit deployment in 30-45 days. Full enterprise rollout depends on team size, approval processes, and deployment model. The phased approach lets you move at your organization's pace with evidence at each step. - -### What if Pixee does not work for a specific repository or team? - -Pixee is additive -- disabling it means PRs stop being opened. No existing code is modified. You can disable Pixee per-repository or per-team without affecting other deployments. All historical triage and fix data is preserved. - -### What merge rate should I expect in Phase 1? - -Most pilots see merge rates above 50% in the first week, trending higher as developers become familiar with the PR format. See [Fix Safety](/how-it-works/fix-safety) for production metrics. Initial rates vary by team, language, and fix complexity. - -### What metrics inform the expansion decision? - -The metrics tracked in [Measuring Success](/enterprise/overview#measuring-success) -- merge rate, triage reduction, MTTR, and compliance window adherence -- are collected during each phase. - -### Do I need enterprise deployment for the pilot? - -No. Phase 1 can run on cloud SaaS. Enterprise deployment (self-hosted, air-gapped) is typically introduced in Phase 3 or Phase 4 based on compliance requirements. diff --git a/docs/enterprise/security-architecture.md b/docs/enterprise/security-architecture.md index 9f1cdf6c..24eb7da6 100644 --- a/docs/enterprise/security-architecture.md +++ b/docs/enterprise/security-architecture.md @@ -166,24 +166,3 @@ Pixee retains the following data categories, each with distinct lifecycle contro **Data purge** follows standard Kubernetes PVC lifecycle. Customers control retention and deletion through their infrastructure configuration. For cloud SaaS deployments, data deletion requests are handled through standard support channels. -## Frequently Asked Questions - -### Does Pixee send my source code to an LLM? - -Pixee sends only the code relevant to each specific vulnerability -- not entire repositories. For smaller files, the full file is sent for proper context; for larger files, only the vulnerable region plus surrounding context. No absolute paths, repository URLs, git metadata, commit hashes, author information, or CI/CD details are included. - -### How does Pixee handle data residency? - -In self-hosted deployments, all data stays in your network. LLM inference uses your chosen provider in your chosen region. The only outbound connection is license validation, which can be proxied. See [Deployment Options](/enterprise/deployment) for the full data flow table. - -### Can a compromised analysis affect other repositories? - -No. Each analysis is an isolated, stateless inference call. A single analysis cannot modify the model, persist across analyses, or affect other applications. - -### Does Pixee use my code to train AI models? - -No. Customer code is used only for the specific analysis request. Azure OpenAI and equivalent providers offer contractual guarantees that customer data is not used for model training. Pixee does not retain customer code after analysis completion. - -### What credentials does Pixee need? - -Pixee requires SCM access tokens (GitHub App, GitLab PAT, Azure DevOps PAT, or Bitbucket API token) and LLM provider API keys. All credentials are stored in Kubernetes secrets and support external secret manager integration via `existingSecret`. diff --git a/docs/enterprise/troubleshooting.md b/docs/enterprise/troubleshooting.md index 4ad4d442..4b7f23d2 100644 --- a/docs/enterprise/troubleshooting.md +++ b/docs/enterprise/troubleshooting.md @@ -31,9 +31,9 @@ For detailed setup procedures, see [Embedded Cluster](/enterprise/embedded-clust | Scanner findings not appearing in Pixee | SARIF file format mismatch or upload path error | Verify the scanner output conforms to the SARIF 2.1.0 specification and the upload endpoint is correctly configured. | | Partial findings ingestion | Scanner output exceeds size limits or contains unsupported rule IDs | Check the scanner output for unsupported finding types. Verify the scanner is producing complete SARIF output. | | Duplicate findings after re-scan | Deduplication key mismatch between scan runs | Verify the scanner configuration produces consistent finding identifiers across runs. | -| Findings appear but no fixes generated | Scanner findings are in an unsupported language or CWE category | Check the [Languages Overview](/languages/overview) for supported language and finding type coverage. | +| Findings appear but no fixes generated | Scanner findings are in an unsupported language or CWE category | Check the [Languages Overview](/languages/languages-overview) for supported language and finding type coverage. | -For scanner-specific setup guides, see [Integrations Overview](/integrations/overview). For custom scanner configuration, see the [Universal SARIF](/integrations/sarif-universal) guide. +For scanner-specific setup guides, see [Integrations Overview](/integrations/integrations-overview). For custom scanner configuration, see the [Universal SARIF](/integrations/sarif-universal) guide. ## LLM Configuration @@ -83,21 +83,3 @@ If your issue is not covered on this page: - Support bundle (attached) 3. **For critical issues** affecting production analysis, escalate through your enterprise support channel for priority response. - -## Frequently Asked Questions - -### How do I troubleshoot a failed Pixee Helm installation? - -Check three things in order: (1) image pull secrets are configured and the cluster can reach the container registry, (2) minimum resource requirements are met (8 vCPU, 32 GB RAM), and (3) Helm values match your environment (LLM endpoint, SCM credentials, SSO configuration). Check pod status and logs for specific error messages. - -### Why are scanner findings not appearing in Pixee? - -The most common cause is a SARIF format mismatch. Verify your scanner output matches the SARIF 2.1.0 specification and that the upload path is correct. Check the [Integrations Overview](/integrations/overview) for scanner-specific configuration requirements. - -### How do I generate a support bundle for Pixee? - -Use the KOTS admin console (embedded cluster) or the support bundle tool (Helm) to generate a diagnostic bundle. Configure log size and age limits before generation to control bundle size. Include the bundle with your support request to Pixee solutions engineering. - -### What do I do if LLM-based fixes stop generating? - -Verify the LLM endpoint is reachable from within the cluster, API credentials are valid, and rate limits have not been exceeded. For air-gapped deployments, confirm the private LLM endpoint is accessible on the configured network path. See [Bring Your Own Model](/enterprise/byom) for provider-specific configuration. diff --git a/docs/faq/_category_.json b/docs/faq/_category_.json index 8cebef83..08b9f8b1 100644 --- a/docs/faq/_category_.json +++ b/docs/faq/_category_.json @@ -5,6 +5,6 @@ "collapsed": false, "link": { "type": "doc", - "id": "faq/faq-general" + "id": "faq/faq" } } diff --git a/docs/faq/faq-enterprise.md b/docs/faq/faq-enterprise.md deleted file mode 100644 index 2343411c..00000000 --- a/docs/faq/faq-enterprise.md +++ /dev/null @@ -1,99 +0,0 @@ ---- -title: Enterprise Technical FAQ -slug: /faq/enterprise -track: both -content_type: faq -seo_title: Enterprise Technical FAQ -- Pixee Docs -description: Enterprise FAQ covering deployment, compliance, data residency, BYOM LLM configuration, and AI governance. -sidebar_position: 2 ---- - -This page covers enterprise deployment, compliance, data residency, AI governance, and security architecture questions. If your question is not here, check the [General FAQ](/faq/general) for product capabilities or the [Troubleshooting FAQ](/faq/troubleshooting) for operational issues. - -## Deployment and Infrastructure - -### Does Pixee support self-hosted deployment? - -See [Deployment Options](/enterprise/deployment) for details on all three self-hosted models (embedded cluster, Helm, air-gapped) and their architecture diagrams. - -### Can Pixee run in an air-gapped environment? - -See [Air-Gapped Deployment](/enterprise/air-gap) for details on capabilities, requirements, and known limitations in disconnected environments. - -### What are the infrastructure requirements for self-hosted Pixee? - -See [Deployment Options](/enterprise/deployment) for infrastructure requirements, sizing guidance, and deployment timelines per model. - -### Does Pixee support multiple SCM platforms simultaneously? - -Yes. A single Pixee Enterprise deployment supports GitHub, GitLab, Azure DevOps, and Bitbucket at the same time — 4 platforms from one instance. You do not need separate deployments per platform. Each SCM connection is configured independently through the admin console, and Pixee delivers the same triage and remediation capabilities across all of them. - -### How does Pixee handle high availability and disaster recovery? - -Pixee Enterprise runs on Kubernetes with standard HA patterns: pod replication, persistent volume claims, and configurable backup. The embedded cluster includes built-in backup and restore capabilities through the KOTS admin console. Helm deployments leverage your existing Kubernetes HA infrastructure — EKS, GKE, and AKS all have documented storage-class configurations. All triage decisions and fix history persist independently of the analysis pipeline, so operational state survives pod restarts and cluster failovers. The bundled observability stack (metrics, logs, traces, dashboards) provides visibility into platform health without requiring a separate monitoring purchase. - -### What is Pixee's upgrade process? - -Embedded cluster: upgrades via the KOTS admin console with one-click apply — no Kubernetes expertise required. Helm: standard `helm upgrade` with release notes documenting breaking changes. Air-gapped: new image bundles transferred to your registry, then the standard upgrade path applies. Pixee has shipped approximately 25 releases in 6 months, reflecting active development and rapid iteration. Each release includes documented changes, version-specific migration notes where applicable, and subchart version bumps for the bundled observability stack. The upgrade cadence means security coverage and triage accuracy improve continuously without requiring customer-side code changes. - -## Data Handling and Residency - -### How does Pixee handle data residency requirements? - -See [Security Architecture](/enterprise/security-architecture) for the full data flow table by deployment model. Self-hosted deployments keep all data in your network. Air-gapped deployments have zero outbound data transmission. For cloud SaaS, contact Pixee for data handling details. - -### Does Pixee access or store my source code? - -Pixee analyzes code to generate fixes but does not store full repositories. Code snippets relevant to a specific finding are sent to your configured LLM provider — in self-hosted and air-gapped deployments, this traffic stays within your network. Only the vulnerable function and surrounding context are sent, not entire files or repositories. For dataflow findings, the taint flow steps are included. File paths sent to LLM providers are relative to the project root only. No absolute filesystem paths, repository URLs, git metadata, commit hashes, author information, CI/CD details, or scanner-specific identifiers are sent to LLM providers. Triage decisions store finding metadata, not source code. The audit trail references commits and PRs, not code content. Each analysis is a stateless inference call — no data persists across analyses at the LLM provider. - -### What data does Pixee send to LLM providers? - -Pixee sends code snippets — the vulnerable function and surrounding context — to the configured LLM provider for fix generation. For dataflow findings, the taint flow steps are included. In self-hosted and air-gapped deployments, this traffic stays within your network. Pixee does not send repository names, organizational metadata, or CI/CD configuration to LLM providers. Bring Your Own Model (BYOM) means you control the provider, the model, the endpoint, and the data path. - -### Can I control which LLM provider Pixee uses? - -Yes. Bring Your Own Model (BYOM) supports OpenAI, Azure AI Foundry, Anthropic, and Azure Anthropic. You choose the provider, the model, and the endpoint. For air-gapped deployments, you host the model entirely within your network. Pixee does not default to any external LLM — you configure the provider during deployment. Per-provider preflight checks validate the LLM connection at install time, not at first analysis, so misconfiguration is caught before any code is analyzed. Provider-family-aware prompting ensures optimal results for each provider rather than a lowest-common-denominator approach. Customer owns the keys, picks the vendor, keeps the bill. - -## Compliance and Certification - -### Is Pixee SOC 2 Type II certified? - -Contact Pixee for current SOC 2 certification status and audit report availability. Pixee's architecture supports the controls required for SOC 2 Type II — including audit-ready evidence trails with timestamped triage justifications, role-based access control with SCM permission inheritance, and change management documentation through PR-based fix delivery with full diff tracking and quality scores. Enterprise customers can request compliance documentation through their account team. - -### How does Pixee help with SOC 2 compliance? - -See [Compliance](/enterprise/compliance) for the full framework mapping table covering SOC 2, HIPAA, FedRAMP, PCI-DSS, NIST 800-53, and ISO 27001. - -### Does Pixee support FedRAMP requirements? - -Pixee supports FedRAMP-relevant controls through air-gapped deployment (no source code leaves your network), audit event logging (AU-2), configuration change documentation (CM-3), and account management (AC-2). Air-gapped deployment with a private LLM eliminates all external data transmission. Contact Pixee for current FedRAMP authorization status and for details on how specific control families are addressed. - -### How does Pixee map to HIPAA, PCI-DSS, and NIST 800-53? - -See [Compliance](/enterprise/compliance) for the full framework mapping table with specific control references per framework. - -### What audit trail does Pixee provide? - -See [Compliance](/enterprise/compliance) for the full audit evidence breakdown including export formats, evidence types, and framework mapping. - -### How does Pixee handle AI governance requirements? - -Pixee is designed for AI governance committee review. Every AI-generated fix passes through documented validation layers before delivery -- constrained generation that limits the AI to established security patterns, independent evaluation by a separate model (not self-critique from the generator), and your existing code review process. The PR-based workflow ensures human-in-the-loop approval for every change. No AI output bypasses existing governance gates. Deterministic codemods use zero LLM involvement -- a significant portion of fixes carry no AI risk whatsoever. All decisions are auditable with persisted reasoning. See [Security Architecture](/enterprise/security-architecture) for the full AI governance architecture. - -## Security Architecture - -### How does Pixee authenticate users? - -See [Security Architecture](/enterprise/security-architecture) for authentication options (SSO via Google Workspace, Microsoft Entra ID, Okta, embedded Authentik OIDC) and RBAC details. - -### What is Pixee's security architecture? - -See [Security Architecture](/enterprise/security-architecture) for data flow diagrams, access control details, credential management, AI governance, and network security. - -### Has Pixee undergone third-party security assessment? - -Contact Pixee for details on third-party security assessments, penetration test reports, and security audit results. Enterprise customers can request this documentation through their account team or during the evaluation process. Pixee's architecture is designed for security scrutiny — every code change is auditable, every AI decision is traceable, and every data path is documented. The self-hosted deployment model means your own security team can assess the platform running within your infrastructure using your standard evaluation methodology. - -### How does Pixee handle secrets and credentials? - -See [Security Architecture](/enterprise/security-architecture) for credential management details, including `existingSecret` support for Vault, External Secrets Operator, and SOPS. diff --git a/docs/faq/faq-general.md b/docs/faq/faq-general.md deleted file mode 100644 index dfbf9962..00000000 --- a/docs/faq/faq-general.md +++ /dev/null @@ -1,107 +0,0 @@ ---- -title: General FAQ -slug: /faq/general -track: both -content_type: faq -seo_title: General FAQ -- Pixee Docs -description: "Common questions about Pixee: how automated triage and remediation work, fix safety, merge rates, and getting started." -sidebar_position: 1 ---- - -This page answers the questions we hear most from security leaders, security engineers, and developers evaluating automated vulnerability remediation. Every answer draws from production data and customer experience. If your question is not here, check the [Enterprise Technical FAQ](/faq/enterprise) for deployment and compliance questions or the [Troubleshooting FAQ](/faq/troubleshooting) for operational issues. - -## How It Works - -### What is automated vulnerability remediation? - -Automated vulnerability remediation is the process of programmatically fixing security findings without requiring a developer to manually write the patch. Pixee generates fixes as pull requests that go through your existing review and CI/CD pipeline. Fixes are created using two approaches: deterministic codemods -- rule-based transformations where the same input always produces the same output -- and constrained AI generation for patterns where deterministic rules do not reach. Every fix passes a multi-layer validation pipeline before delivery. Nothing reaches a developer that has not been independently evaluated for safety, effectiveness, and cleanliness. The typical fix changes 1-5 lines of code, applying established OWASP/SANS security patterns rather than generating novel logic. See [Codemodder](/open-source/codemodder) for the full codemod catalog. - -### How does automated vulnerability triage work? - -Automated triage analyzes scanner findings for exploitability and contextual relevance before any human review. Pixee's triage engine uses reachability analysis (can an attacker reach the vulnerable code?), data-flow analysis (does untrusted data flow to the vulnerability?), and context signals (is there an upstream security control the scanner missed?) to classify findings as true positive, false positive, or won't-fix. Every classification includes a structured justification — not a confidence score, but an auditable investigation trail. This significantly reduces the volume of findings requiring manual review. See [Triage Engine](/how-it-works/triage-engine) for production metrics. - -### What is the difference between vulnerability detection and remediation? - -Detection tools (SAST, SCA, DAST) find potential security issues. Remediation tools fix them. Most organizations have invested heavily in detection but still fix vulnerabilities manually. Pixee automates the remediation step, turning scanner output into merged fixes. - -### What is a codemod? - -A codemod is a deterministic code transformation rule that rewrites source code from a vulnerable pattern to a safe pattern. "Deterministic" means the same input always produces the same output -- no randomness, no variation between runs. Pixee ships codemods across Java, Python, JavaScript/TypeScript, .NET, Go, and PHP. Codemods handle the predictable fix patterns (SQL injection parameterization, XSS output encoding, insecure API replacement). Constrained AI generation handles the patterns where deterministic rules cannot reach. See [Codemodder](/open-source/codemodder) for the full catalog. - -### What scanners does Pixee work with? - -Pixee integrates natively with 12 scanners: CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, GitLab SAST, Trivy, DefectDojo, and Fortify. Any scanner that produces SARIF output can also connect through the Universal SARIF integration. Pixee is scanner-agnostic — it consumes findings from your existing tools and generates fixes regardless of which scanner identified the issue. You do not need to change your detection stack. - -### Does Pixee replace my existing scanners? - -No. Pixee sits downstream of your existing SAST, SCA, and DAST tools. It consumes their findings, triages them to separate real threats from false positives, and produces validated fixes for confirmed vulnerabilities. - -## Safety and Trust - -### Does automated remediation break existing code? - -Every fix goes through a multi-layer validation pipeline -- constrained generation that limits what the AI can modify, independent evaluation by a separate model that scores safety, effectiveness, and cleanliness, and your existing CI/CD pipeline and code review process. Fixes that do not pass validation are not delivered. Nothing is merged without developer approval. See [Fix Safety](/how-it-works/fix-safety) for production metrics. - -### How accurate are AI-generated security fixes? - -Pixee uses constrained AI generation, not free-form code suggestion. The AI operates within defined transformation boundaries -- it can modify the vulnerability pattern but cannot restructure surrounding code. Most fixes apply established OWASP/SANS remediation patterns to SAST-identified issues, typically changing 1-5 lines. A separate AI evaluator -- running as a distinct inference call, not self-critique from the same model -- independently scores every fix on safety, effectiveness, and cleanliness before delivery. Fixes that fail evaluation are automatically rejected and never shown to users. The constraint is deliberate: narrow scope means lower risk. See [Fix Safety](/how-it-works/fix-safety) for production metrics. - -### What happens if an automated fix introduces a bug? - -Every Pixee fix is delivered as a pull request, not a direct commit. There is no mode, setting, or override that allows Pixee to commit directly to a branch. The fix runs through your existing CI/CD pipeline — tests, linters, build checks — before any human sees it. If CI fails, the developer sees the failure and rejects the PR. If CI passes but the developer identifies an issue during review, they reject or modify the PR like any other code change. Standard `git revert` applies if a merged change needs to be undone. There is no runtime dependency on Pixee for previously merged code — if you removed Pixee entirely, all merged fixes remain as standard code in your repository. Closing an unmerged PR discards the proposed change with zero impact. Pixee never bypasses your existing quality gates. - -### What is a good merge rate for automated security fixes? - -Merge rate is the percentage of automated pull requests that developers merge after human review. This metric spans all supported languages, fix types, and customer environments. Individual teams may see higher or lower rates depending on their review cadence and codebase complexity. See [Fix Safety](/how-it-works/fix-safety) for production metrics. - -### How does Pixee handle false positives from scanners? - -Pixee's triage engine reduces false positives before fixes are generated. It uses reachability analysis (can an attacker reach the vulnerable code?), data-flow analysis (does untrusted data flow to the vulnerability?), and context signals (is there an upstream sanitizer or security control the scanner missed?) to classify findings. Each classification includes a structured justification — the specific code paths and evidence that drove the decision, not just a confidence score. Findings classified as false positives are surfaced with this reasoning so your team can validate the classification and override if they disagree. A significant portion of findings that would have required manual triage can be automatically classified. See [Triage Engine](/how-it-works/triage-engine) for production metrics on false positive reduction. - -### Is automated vulnerability remediation safe for production code? - -Yes, when implemented with proper guardrails. Pixee's safety model has three layers: constrained generation that limits what the AI can modify to established OWASP/SANS security patterns, independent evaluation where a separate model scores every fix on safety, effectiveness, and cleanliness before delivery, and your existing code review and CI/CD pipeline. Deterministic codemods use zero LLM involvement -- zero hallucination risk on those fixes. Fixes that use AI pass independent evaluation before reaching a PR. The same SAST tools that found the original vulnerability also scan the proposed fix; if the fix introduces new findings, those appear in the PR. No fix touches production without developer approval. This is fundamentally different from general-purpose AI code generation where the user is the sole quality gate. See [Fix Safety](/how-it-works/fix-safety) for production metrics. - -## Getting Started and Adoption - -### How long does it take to set up Pixee? - -Cloud SaaS setup takes minutes: install the GitHub App, GitLab integration, Azure DevOps extension, or Bitbucket connector and Pixee begins analyzing your repositories immediately. No code changes, no SDK, no CI/CD modifications. Self-hosted deployment — either the turnkey embedded cluster (single Linux VM with 8 vCPU, 32 GB RAM, no Kubernetes expertise needed) or the standard Helm chart for existing Kubernetes clusters (EKS, GKE, AKS) — typically completes in under one hour. Air-gapped deployment takes longer due to private LLM configuration and image transfer. See the [Getting Started](/) guide for platform-specific setup instructions. - -### Does Pixee require code changes to install? - -No. Pixee installs as a GitHub App, GitLab integration, Azure DevOps extension, or Bitbucket connector — 4 platforms supported from a single deployment. No code changes, no agents in your CI/CD pipeline, no SDK to add. Pixee reads your scanner results and opens PRs — that is the entire integration surface. You do not need to modify your build system, add dependencies, or change your deployment pipeline. Developers interact with Pixee through standard pull requests in their existing workflow. No new tools to learn, no context-switching required. - -### How long does it take to see results from automated remediation? - -Most teams see their first automated fix within hours of connecting a scanner with existing findings. Triage results appear even faster -- Pixee begins classifying findings as soon as scanner data is available. Developers interact with Pixee through standard PRs in their existing platform, so there is no adoption curve or behavioral change required from the development team. - -### Can Pixee fix vulnerabilities across multiple languages? - -Yes. Pixee supports 6 languages: Java, Python, JavaScript/TypeScript, .NET, Go, and PHP. Each language has dedicated codemods for SAST and SCA findings. Java and Python have the deepest codemod libraries, with JavaScript/TypeScript close behind. Coverage varies by language and finding type. See the [Language Support Overview](/languages/overview) for the full coverage matrix. - -### What is the difference between Pixee and GitHub Copilot Autofix? - -Copilot Autofix is limited to GitHub Advanced Security (CodeQL) findings on GitHub. Pixee works with 12 natively integrated scanners across GitHub, GitLab, Azure DevOps, and Bitbucket -- 4 platforms, not one. Pixee also provides triage automation, which Copilot Autofix does not offer. Both capabilities -- triage and remediation -- work across your full scanner stack, not just one tool on one platform. Pixee uses deterministic codemods alongside constrained AI, while Copilot Autofix relies on general-purpose AI code generation. Pixee also supports self-hosted and air-gapped deployment with Bring Your Own Model (BYOM) -- requirements common in financial services, healthcare, and government environments that Copilot Autofix does not address. - -## Platform Capabilities - -### What programming languages does Pixee support? - -Java, Python, JavaScript/TypeScript, .NET, Go, and PHP -- 6 languages total. Each language has dedicated codemods for SAST and SCA findings. Java and Python have the most comprehensive coverage. See the [Language Support](/languages/overview) pages for per-language details including supported finding types and scanner coverage. - -### Does Pixee support SCA (software composition analysis) remediation? - -Yes. Pixee handles transitive dependency resolution, breaking change detection, and dependency upgrade testing. SCA fixes are more complex than SAST fixes because changing a dependency can cascade across the dependency tree — a single upgrade can ripple through dozens of transitive dependencies. Pixee's SCA pipeline validates compatibility before proposing upgrades and delivers the result as a standard PR for developer review. Both triage and remediation apply to SCA findings, so vulnerable dependencies are classified for exploitability before fix effort is invested. - -### Can I customize which vulnerabilities Pixee fixes? - -Yes. PIXEE.yaml configuration lets you control which finding types Pixee addresses, which repositories are active, and what approval workflows apply. You can exclude specific files, directories, or finding categories. You can also disable specific codemods by ID for fine-grained control. This is useful during phased rollouts — many teams start with a subset of repositories and finding types, then expand as confidence builds. See the [PIXEE.yaml Reference](/configuration/pixee-yaml) for configuration syntax and examples. - -### What happens when a Pixee PR conflicts with another PR? - -Pixee PRs are standard Git pull requests. Merge conflicts are handled the same way as any other PR -- rebase, merge the conflicting PR first, or close the Pixee PR. Pixee regenerates the fix on its next analysis cycle if the finding still exists. - -### What happens when two findings affect the same code block? - -Pixee generates separate PRs for separate findings. If fixes overlap on the same lines, the second PR may have a merge conflict after the first is merged. Close the conflicting PR and Pixee will regenerate it with the updated code context. diff --git a/docs/faq/faq-troubleshooting.md b/docs/faq/faq-troubleshooting.md deleted file mode 100644 index 325f2b1d..00000000 --- a/docs/faq/faq-troubleshooting.md +++ /dev/null @@ -1,132 +0,0 @@ ---- -title: Troubleshooting FAQ -slug: /faq/troubleshooting -track: both -content_type: faq -seo_title: Troubleshooting FAQ -- Pixee Docs -description: "Troubleshooting common Pixee issues: setup problems, scanner connectivity, PRs not appearing, CI failures, and triage questions." -sidebar_position: 3 ---- - -This page covers the most common issues users encounter with Pixee: setup problems, scanner connectivity, PRs not appearing, fixes failing CI, and configuration questions. Each answer provides the most likely cause and step-by-step resolution. For enterprise deployment issues (Helm, air-gapped, embedded cluster), see [Enterprise Troubleshooting](/enterprise/troubleshooting). For product capability questions, see the [General FAQ](/faq/general). - -## Setup and Installation - -### Why is Pixee not analyzing my repository? - -Most likely cause: the repository has not been enabled in Pixee's settings after installing the SCM app. Pixee supports 4 platforms (GitHub, GitLab, Azure DevOps, Bitbucket), and each requires platform-specific configuration. - -1. Verify the GitHub App, GitLab integration, Azure DevOps extension, or Bitbucket connector is installed on the correct organization. -2. Check that the specific repository is enabled in Pixee's repository management settings — installing the app does not automatically enable all repositories. -3. Verify Pixee has the required permissions: read code, read pull requests, write pull requests. -4. For GitLab, confirm the service account has the required scopes (`api`, `read_user`, `read_repository`, `read_api`, `write_repository`). -5. For Azure DevOps, verify the PAT is active and the webhook is configured. - -If all steps check out, see the [Getting Started](/) guide for platform-specific setup. - -### How do I verify Pixee is installed correctly? - -Check three things in order: - -1. The SCM app or integration appears in your platform's installed apps list (GitHub Settings > Applications, GitLab Admin > Applications, etc.). -2. Pixee shows the repository in its dashboard with a connected status. -3. Pixee has opened at least one PR or triage result within 24 hours of connecting a repository with existing scanner findings. - -If none of these are true, reinstall the integration following the [Getting Started](/) guide for your platform. - -### Pixee installed but I do not see any activity. What is wrong? - -Most likely cause: no scanner findings exist for the connected repository. Pixee needs scanner findings to generate fixes and triage results — if no scanner is connected or no findings exist, Pixee has nothing to act on. This is the most common misunderstanding during initial setup. - -1. Connect at least one scanner. Pixee integrates natively with 12 scanners (CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, GitLab SAST, Trivy, DefectDojo, Fortify). See the [Integrations Overview](/integrations/overview). -2. Verify the scanner has produced findings for the repository. No findings means no triage results and no fixes. -3. For custom or unsupported scanners, check that findings are in SARIF 2.1.0 format and are being uploaded correctly. - -Pixee begins analyzing findings as soon as scanner data is available. Most teams see their first results within hours. - -### Can I use Pixee with a private or internal GitHub Enterprise instance? - -Yes, with self-hosted deployment. Pixee Enterprise (embedded cluster, Helm, or air-gapped) runs within your network and connects to your internal SCM instance. Cloud SaaS connects to GitHub.com, GitLab.com, Azure DevOps, and Bitbucket Cloud. See [Deployment Options](/enterprise/deployment) for self-hosted setup. - -## Scanner Connection Issues - -### Why are scanner findings not showing up in Pixee? - -Three common causes, in order of likelihood: - -1. **Integration not configured.** The scanner has not been set up in Pixee's settings. Each scanner requires its own integration configuration — check the integration page for your specific scanner. -2. **Format mismatch.** Scanner output does not match the expected specification. For native integrations, verify the scanner version is compatible. For custom scanners, verify SARIF 2.1.0 compliance. -3. **Upload path incorrect.** Scanner results are not being delivered to the correct endpoint or location. Check the integration documentation for the expected delivery method (webhook, file upload, API). - -### Pixee is showing findings from one scanner but not another. Why? - -Each of the 12 natively supported scanners requires its own integration configuration. Verify for the missing scanner: - -1. It is listed as connected in Pixee's integration settings. -2. It is producing output in the expected format. -3. Results are being delivered to the correct location. -4. It is not excluded by a rule in PIXEE.yaml. - -Some scanners require explicit enablement in [PIXEE.yaml](/configuration/pixee-yaml). See the [Integrations Overview](/integrations/overview) for per-scanner setup requirements. - -### My scanner findings appear in Pixee but no fixes are generated. Why? - -Not all findings have available fixes. Pixee generates fixes when three conditions are met: - -1. A codemod or AI generation path exists for the vulnerability pattern (see [Codemodder](/open-source/codemodder) for supported patterns). -2. The code context is sufficient for safe fix generation. -3. The fix passes the multi-layer validation pipeline. - -Findings without available fixes still receive triage classification — Pixee will still tell you whether the finding is a true positive, false positive, or won't-fix. Check the [Language Support](/languages/overview) pages for coverage of your specific finding types. - -### How do I connect a scanner that is not in Pixee's supported list? - -Any scanner that produces SARIF 2.1.0 output can connect to Pixee via the Universal SARIF integration. Convert your scanner's output to SARIF format and upload it to Pixee. Pixee is scanner-agnostic — it generates fixes and triage classifications regardless of which scanner produced the finding. See the [Universal SARIF](/integrations/sarif-universal) page for format requirements and upload methods. - -## PR and Fix Issues - -### Why is Pixee not opening PRs on my repository? - -Check in order: - -1. **Repository enabled and permissions set.** Pixee has write PR permissions for the repository. -2. **Scanner findings exist.** At least one scanner has produced findings for the repository. -3. **Fixes available.** Codemods or AI generation paths exist for the finding types present (not all finding types have available fixes). -4. **Configuration not blocking.** PIXEE.yaml is not excluding the relevant files, directories, or finding types. -5. **Scheduling not delaying.** Scheduling configuration has not deferred PR creation to a future window. - -If all five check out, contact Pixee support with your repository name and the finding types you expect fixes for. - -### Pixee opened a PR but it failed CI. What should I do? - -Review the CI failure and distinguish between two scenarios: - -**If the failure is in Pixee's fix** -- the change breaks a test or introduces a build error -- close the PR. Pixee's fixes are validated before delivery through a multi-layer pipeline, but they cannot account for every CI environment configuration. Some fixes require adjustment for specific environments. Closing a PR with zero impact is the intended workflow for fixes that do not fit your context. - -**If the failure is unrelated to Pixee's change** — a pre-existing flaky test, infrastructure issue, or unrelated build break — re-run CI. The fix itself may be correct. Check whether the CI failure also appears on other PRs to confirm it is not Pixee-specific. - -### A Pixee fix does not match our code style. Can I adjust this? - -Pixee's deterministic codemods follow standard language conventions. If your team uses specific formatting rules, your existing linters and formatters (Prettier, Black, google-java-format, etc.) will reformat the fix when CI runs. Pixee's fix is functionally correct — it addresses the security vulnerability with established OWASP/SANS patterns, typically in 1-5 lines. Formatting is handled by your existing toolchain as part of the standard PR pipeline. This is the same workflow you use for any other code change — the fix arrives as a PR and your formatting tools apply automatically. - -### How do I prevent Pixee from fixing certain types of vulnerabilities? - -Use [PIXEE.yaml](/configuration/pixee-yaml) to exclude specific finding types, files, or directories. You can also disable specific codemods by ID. This gives you granular control over what Pixee addresses without disabling it entirely. Common use cases: excluding test directories, deferring certain vulnerability categories to manual review, or limiting Pixee to specific repositories during a phased rollout. See the [PIXEE.yaml Reference](/configuration/pixee-yaml) for configuration syntax and examples. - -### A Pixee PR conflicts with another PR. How do I resolve this? - -Pixee PRs are standard Git pull requests. Resolve conflicts the same way you would for any other PR: rebase, merge the conflicting PR first, or close the Pixee PR. If you close the PR, Pixee will re-analyze the repository and open a new PR with updated context on its next analysis run. - -## Triage Issues - -### Why does Pixee classify a finding as false positive when I think it is real? - -Pixee's triage classification includes the reasoning behind every decision — the specific code paths, security controls, or context signals that drove the classification. Review the structured justification provided with the classification. Common reasons Pixee classifies a finding as false positive include: an upstream sanitizer or security control the scanner missed, the vulnerable code is unreachable from any application entry point, or untrusted data does not actually flow to the vulnerable function. If you disagree with the classification after reviewing the evidence, override it. Pixee surfaces the reasoning precisely so your team can make the final call. Overrides help calibrate triage accuracy for your specific codebase context over time. - -### Triage results are not appearing for some findings. Why? - -Triage requires sufficient code context to perform reachability and data-flow analysis. If the finding metadata from your scanner does not include enough context — file path, line number, rule ID — triage may not produce a classification. Verify your scanner output includes complete finding metadata. For custom SARIF scanners, ensure the `results` array includes `locations` with `physicalLocation` data. Pixee's triage engine significantly reduces findings requiring manual review when scanner metadata is complete. - -### How do I export triage decisions for compliance reporting? - -Pixee exports triage decisions via CSV, JSON, and API. Each export includes timestamp, finding metadata, classification (true positive / false positive / won't-fix), structured LLM justification, and any analyst overrides. For GRC platform integration, use the API for automated evidence collection. See the [Reporting](/configuration/operations) page for export procedures, format details, and integration examples. diff --git a/docs/faq/faq.md b/docs/faq/faq.md new file mode 100644 index 00000000..7e329a63 --- /dev/null +++ b/docs/faq/faq.md @@ -0,0 +1,191 @@ +--- +title: FAQ +slug: /faq +track: both +content_type: faq +seo_title: "Pixee FAQ | General, Enterprise, and Troubleshooting" +description: "Common questions about Pixee: how it works, safety, enterprise deployment, and troubleshooting." +sidebar_position: 1 +--- + +Frequently asked questions organized by topic. For detailed technical documentation, follow the links in each answer. + +## General + +### What is automated vulnerability remediation? + +Automated vulnerability remediation programmatically fixes security findings without requiring a developer to manually write the patch. Pixee generates fixes as pull requests that go through your existing review and CI/CD pipeline. Fixes come from two sources: deterministic codemods — rule-based transformations where the same input always produces the same output — and constrained AI generation for patterns where deterministic rules do not reach. Every fix passes a multi-layer validation pipeline before delivery. The typical fix changes 1-5 lines of code, applying established OWASP/SANS security patterns. + +### How does automated vulnerability triage work? + +Pixee's triage engine routes each finding through three progressive tiers: deterministic analyzers for known patterns (sub-second, zero cost), AI agents for ambiguous cases (dynamic codebase investigation), and adaptive analyzer generation for novel rule types. Every verdict includes a structured justification — the specific code paths, security controls, or context that drove the decision. Up to 98% false positive reduction. See [Triage](/platform/triage) for the full architecture. + +### What is a codemod? + +A codemod is a deterministic code transformation rule that rewrites source code from a vulnerable pattern to a safe pattern. Same input, same output — no randomness, no variation between runs. Pixee's open-source codemod engines (codemodder-java, codemodder-python) are publicly inspectable. See [Codemodder](/open-source/codemodder) for the full catalog. + +### What scanners does Pixee work with? + +Pixee integrates natively with 13 scanners: CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, and Trivy. Any scanner that produces SARIF output can also connect through the Universal SARIF integration — over 50 additional scanners validated. You do not need to change your detection stack. + +### Does Pixee replace my existing scanners? + +No. Pixee sits downstream of your existing SAST, SCA, and DAST tools. It consumes their findings, triages them to separate real threats from false positives, and produces validated fixes for confirmed vulnerabilities. + +### What programming languages does Pixee support? + +Java, Python, JavaScript/TypeScript, .NET/C#, Go, Ruby, PHP, Kotlin, Rust, Scala, Swift, plus IaC formats (Terraform, Dockerfile, K8s/Helm, CloudFormation). Deterministic codemod coverage is deepest for Java and Python. See [Language Support](/languages/languages-overview) for the full coverage matrix. + +### Does Pixee support SCA (software composition analysis) remediation? + +Yes. SCA findings flow through the same triage and remediation pipeline as SAST findings. Pixee handles transitive dependency resolution, breaking change detection, and dependency upgrade coordination — delivering atomic PRs that include both the manifest version bump and downstream source-file changes. See [SCA](/platform/sca) for details. + +### What is the difference between Pixee and GitHub Copilot Autofix? + +Copilot Autofix is limited to GitHub Advanced Security (CodeQL) findings on GitHub. Pixee works with 13 natively integrated scanners across GitHub, GitLab, Azure DevOps, and Bitbucket. Pixee also provides triage automation, which Copilot Autofix does not offer. Pixee uses deterministic codemods alongside constrained AI, while Copilot Autofix relies on general-purpose AI code generation. Pixee also supports self-hosted and air-gapped deployment with Bring Your Own Model (BYOM). + +### How long does it take to set up Pixee? + +Cloud SaaS setup: install the GitHub App, GitLab integration, Azure DevOps extension, or Bitbucket connector and Pixee begins analyzing repositories immediately — under 5 minutes. Self-hosted deployment (embedded cluster or Helm) typically completes in under one hour. Air-gapped deployment takes longer due to private LLM configuration and image transfer. + +### Does Pixee require code changes to install? + +No. Pixee installs as a platform integration and requires zero code changes, CLI installs, or configuration files to start. Developers interact with Pixee through standard pull requests in their existing platform. + +### How long does it take to see results? + +Most teams see their first automated fix within hours of connecting a scanner with existing findings. Triage results appear even faster — Pixee begins classifying findings as soon as scanner data is available. + +### Can I customize which vulnerabilities Pixee fixes? + +Yes. PIXEE.yaml configuration lets you control which finding types Pixee addresses, which repositories are active, and what approval workflows apply. You can exclude specific files, directories, or finding categories. See the [PIXEE.yaml Reference](/configuration/pixee-yaml) for configuration syntax. + +## Safety and Trust + +### Does automated remediation break existing code? + +Every fix goes through a multi-layer validation pipeline — constrained generation, independent evaluation by a separate model scoring Safety, Effectiveness, and Cleanliness, and your existing CI/CD pipeline and code review process. Fixes that do not pass validation are not delivered. See [Security & Trust](/platform/security). + +### What is the merge rate for Pixee-generated fixes? + +76% of Pixee-generated fixes are merged by development teams after human review on production deployments. This reflects developer trust after reviewing pre-validated fixes — not raw AI output. Fixes that cannot pass quality standards are suppressed before reaching a PR. + +### What happens if an automated fix introduces a bug? + +Every Pixee fix is delivered as a pull request, not a direct commit. Standard `git revert` applies if a merged change needs to be undone. There is no runtime dependency on Pixee for previously merged code. Closing an unmerged PR discards the proposed change with zero impact. + +### How does Pixee handle false positives from scanners? + +The triage engine reduces false positives by evaluating dataflow quality, detecting security controls between source and sink, classifying production vs. test code, and filtering intentionally-vulnerable projects. Each classification includes a structured justification. Security engineers can override any verdict. See [Triage](/platform/triage). + +### Is automated vulnerability remediation safe for production code? + +Yes. Pixee's fixes are narrow-scope security changes (1-5 lines) applying established OWASP/SANS patterns, not general-purpose code generation. They pass multi-layer validation before reaching a PR, and your existing CI/CD, SAST re-scanning, and code review gates all apply. The PR-only delivery model is an architectural constraint — there is no mode that allows direct commits. See [Security & Trust](/platform/security). + +## Enterprise + +### Does Pixee support self-hosted deployment? + +Yes. Three deployment models: embedded cluster (turnkey, no Kubernetes expertise required), Helm (for existing Kubernetes infrastructure), and air-gapped (fully disconnected with customer-hosted LLM). See [Deployment Options](/enterprise/deployment). + +### What are the infrastructure requirements for self-hosted Pixee? + +Minimum: 8 vCPU, 32 GB RAM, 100 GB SSD (single Linux VM for embedded cluster). See [Deployment Options](/enterprise/deployment) for sizing guidance per model. + +### Does Pixee support multiple SCM platforms simultaneously? + +Yes. A single Pixee Enterprise deployment supports GitHub, GitLab, Azure DevOps, and Bitbucket at the same time. Each SCM connection is configured independently. + +### Can Pixee run in an air-gapped environment? + +Yes. Pixee supports fully air-gapped deployment with a customer-hosted LLM. No code leaves your environment after installation. License validation requires a network path to Pixee servers (direct or via proxy). See [Air-Gapped Deployment](/enterprise/air-gap). + +### How does Pixee handle data residency requirements? + +Self-hosted deployments keep all data in your network. Air-gapped deployments have zero outbound data transmission. For cloud SaaS, contact Pixee for data handling details. See [Security Architecture](/enterprise/security-architecture) for the full data flow table by deployment model. + +### What data does Pixee send to LLM providers? + +Only code snippets relevant to the specific vulnerability — the vulnerable function and surrounding context — are sent to the configured LLM provider. No repository names, organizational metadata, or CI/CD configuration is sent. In self-hosted and air-gapped deployments, this traffic stays within your network. Bring Your Own Model (BYOM) means you control the provider, the model, and the endpoint. + +### Can I control which LLM provider Pixee uses? + +Yes. BYOM supports OpenAI, Azure AI Foundry, Anthropic, and Azure Anthropic. For air-gapped deployments, you host the model entirely within your network. See [BYOM Configuration](/enterprise/byom). + +### Does Pixee support SOC 2, FedRAMP, HIPAA, and other compliance frameworks? + +Pixee's architecture supports the controls required for major compliance frameworks. Contact Pixee for current SOC 2 Type II certification status and audit report availability. See [Compliance](/enterprise/compliance) for the full framework mapping table covering SOC 2, HIPAA, FedRAMP, PCI-DSS, NIST 800-53, and ISO 27001. + +### What audit trail does Pixee provide? + +Every Pixee fix creates a defensible audit record: typed triage verdict with code-level evidence, fix quality scores on every PR, full Git history showing what changed when and why, SAST re-scanning confirmation, and developer approval recorded in the merge event. Triage decisions export via CSV, JSON, and API. See [Compliance](/enterprise/compliance). + +### How does Pixee handle AI governance requirements? + +Every AI-generated fix passes through documented validation layers before delivery — constrained generation, independent evaluation by a separate model, and your existing code review process. The PR-based workflow ensures human-in-the-loop approval for every change. A significant portion of fixes use zero LLM involvement (deterministic codemods). All decisions are auditable with persisted reasoning. See [Security & Trust](/platform/security) for the Responsible AI governance Q&A. + +## Troubleshooting + +### Why is Pixee not analyzing my repository? + +Most likely cause: the repository has not been enabled in Pixee's settings after installing the SCM app. + +1. Verify the GitHub App, GitLab integration, Azure DevOps extension, or Bitbucket connector is installed on the correct organization. +2. Check that the specific repository is enabled in Pixee's repository management settings — installing the app does not automatically enable all repositories. +3. Verify Pixee has the required permissions: read code, read pull requests, write pull requests. +4. For GitLab, confirm the service account has the required scopes (`api`, `read_user`, `read_repository`, `read_api`, `write_repository`). +5. For Azure DevOps, verify the PAT is active and the webhook is configured. + +### Pixee installed but I do not see any activity. What is wrong? + +Most likely cause: no scanner findings exist for the connected repository. **Connecting a scanner is required** — Pixee needs scanner findings to generate fixes and triage results. + +1. Connect at least one scanner. See the [Integrations Overview](/integrations/integrations-overview) for setup instructions. +2. Verify the scanner has produced findings for the repository. +3. For custom or unsupported scanners, verify findings are in SARIF 2.1.0 format and are being uploaded correctly. + +### Why are scanner findings not showing up in Pixee? + +Three common causes, in order of likelihood: + +1. **Integration not configured.** Each scanner requires its own integration configuration. +2. **Format mismatch.** Scanner output does not match the expected specification. Verify SARIF 2.1.0 compliance for custom scanners. +3. **Upload path incorrect.** Scanner results are not being delivered to the correct endpoint. Check the integration documentation for the expected delivery method. + +### Scanner findings appear in Pixee but no fixes are generated. Why? + +Not all findings have available fixes. Pixee generates fixes when: a codemod or AI generation path exists for the vulnerability pattern, the code context is sufficient for safe fix generation, and the fix passes the multi-layer validation pipeline. Findings without available fixes still receive triage classification. Check [Language Support](/languages/languages-overview) for coverage of your specific finding types. + +### Why is Pixee not opening PRs on my repository? + +Check in order: + +1. Repository enabled and Pixee has write PR permissions. +2. Scanner findings exist for the repository. +3. Fixes are available for the finding types present. +4. PIXEE.yaml is not excluding the relevant files, directories, or finding types. +5. Scheduling configuration has not deferred PR creation to a future window. + +If all five check out, contact Pixee support with your repository name and the finding types you expect fixes for. + +### A Pixee PR failed CI. What should I do? + +**If the failure is in Pixee's fix:** Close the PR. Pixee's fixes are validated before delivery, but they cannot account for every CI environment configuration. Closing a PR with zero impact is the intended workflow for fixes that do not fit your context. + +**If the failure is unrelated to Pixee's change:** Re-run CI. Check whether the CI failure also appears on other PRs to confirm it is not Pixee-specific. + +### Why does Pixee classify a finding as false positive when I think it is real? + +Review the structured justification provided with the classification — the specific code paths, security controls, or context signals that drove the decision. If you disagree after reviewing the evidence, override it. Overrides help calibrate triage accuracy for your codebase over time. + +### How do I prevent Pixee from fixing certain vulnerability types? + +Use [PIXEE.yaml](/configuration/pixee-yaml) to exclude specific finding types, files, or directories. You can also disable specific codemods by ID. + +### How do I export triage decisions for compliance reporting? + +Pixee exports triage decisions via CSV, JSON, and API. Each export includes timestamp, finding metadata, classification, structured justification, and any analyst overrides. See the [Reporting](/configuration/operations-config) page for export procedures. + +### Can I use Pixee with a private or internal GitHub Enterprise instance? + +Yes, with self-hosted deployment. Pixee Enterprise (embedded cluster, Helm, or air-gapped) runs within your network and connects to your internal SCM instance. See [Deployment Options](/enterprise/deployment). diff --git a/docs/getting-started/azure-devops.md b/docs/getting-started/azure-devops.md index 8fc5bfa8..96346c10 100644 --- a/docs/getting-started/azure-devops.md +++ b/docs/getting-started/azure-devops.md @@ -17,7 +17,7 @@ Before you start, confirm the following: - **Azure DevOps permissions.** You need Project Administrator or Project Collection Administrator permissions on the target projects. Organization-level settings may require Organization Administrator access. - **Azure DevOps instance.** Azure DevOps Services (cloud, dev.azure.com) or Azure DevOps Server (on-premises). For on-premises, see [Azure DevOps Server (On-Premises)](#azure-devops-server-on-premises) below. - **Supported language.** At least one repository in Azure Repos with code in Java, Python, JavaScript/TypeScript, .NET, Go, or PHP. -- **Scanner results (optional).** If you run scanners through Azure Pipelines (CodeQL, Checkmarx, SonarQube, or others), Pixee can ingest those results. This is additive — Pixee also runs its own analysis. +- **Scanner results (required).** Pixee needs scanner findings to perform triage and generate fixes. If you run scanners through Azure Pipelines (CodeQL, Checkmarx, SonarQube, or others), Pixee can ingest those results. No extensions to install from the Visual Studio Marketplace. No pipeline YAML changes needed to start. @@ -27,7 +27,7 @@ Create an Azure DevOps personal access token for a dedicated service account wit After connecting, choose which projects and repositories Pixee should analyze -- at the organization, project, or individual repository level. Pixee targets the default branch of each connected repository. You can customize branch targeting and other behavior later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the repository root. -**Scanner integration:** Pixee natively integrates with 12 scanners. If your Azure Pipelines run security scanners, Pixee can ingest findings from those pipeline runs. Any scanner producing SARIF output can also be connected through Pixee's [Integrations](/integrations/overview) page. Pixee runs its own analysis independently, so external scanners are additive, not required. +**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If your Azure Pipelines run security scanners, Pixee can ingest findings from those pipeline runs. Any scanner producing SARIF output can also be connected through Pixee's [Integrations](/integrations/integrations-overview) page. After setup, Pixee begins its initial analysis and opens pull requests for actionable findings within the first hour. If no PRs appear, verify PAT scopes, organization-level admin consent, and supported language coverage. @@ -56,7 +56,7 @@ When Pixee identifies a fixable vulnerability, it opens a standard pull request **Build validation:** Pixee-generated PRs trigger your existing Azure Pipelines build validation policies like any other PR. If your branch policies require a successful build before completion, the Pixee fix branch goes through the same gates. -For merge rate data, see [Fix Safety](/how-it-works/fix-safety). +For merge rate data, see [Security & Trust](/platform/security). ## What Data Leaves Your Network @@ -73,12 +73,3 @@ For teams that require code to remain within their own infrastructure, Pixee off Azure DevOps Server is supported. See [Azure DevOps Integration → Azure DevOps Server (On-Premises)](/integrations/scms/azure-devops#azure-devops-server-on-premises) for the connection model and Entra ID notes, and [Enterprise Deployment Options](/enterprise/deployment) for air-gapped and on-prem Pixee deployments. -## Frequently Asked Questions - -### Does Pixee work with Azure Pipelines? - -Yes. Pixee-generated pull requests trigger your existing Azure Pipelines build validation policies like any other PR. You can also configure Pixee to ingest scanner results from your pipeline runs — no changes to your pipeline YAML required. - -### Does Pixee require pipeline secrets? - -No. Pixee does not access Azure Pipelines variable groups, service connections, key vaults, or deployment gate configurations. The PAT scopes are limited to code, pull requests, work items (when linking is configured), and project metadata. diff --git a/docs/getting-started/bitbucket.md b/docs/getting-started/bitbucket.md index 8d31a55e..49e0aefa 100644 --- a/docs/getting-started/bitbucket.md +++ b/docs/getting-started/bitbucket.md @@ -17,7 +17,7 @@ Before you start, confirm the following: - **Bitbucket permissions.** You need Admin permissions on the target workspace (Bitbucket Cloud) or Project Admin permissions (Bitbucket Server). - **Bitbucket instance.** Bitbucket Cloud (bitbucket.org) or Bitbucket Data Center / Server. See [Bitbucket Data Center / Server](#bitbucket-data-center--server) below for on-premises details. - **Supported language.** At least one repository with code in Java, Python, JavaScript/TypeScript, .NET, Go, or PHP. -- **Scanner results (optional).** If you run scanners through Bitbucket Pipelines or a separate CI system (Snyk, SonarQube, Checkmarx, or others), Pixee can ingest those findings. This is additive — Pixee also runs its own analysis. +- **Scanner results (required).** Pixee needs scanner findings to perform triage and generate fixes. If you run scanners through Bitbucket Pipelines or a separate CI system (Snyk, SonarQube, Checkmarx, or others), Pixee can ingest those findings. No Bitbucket app marketplace installs required. No `bitbucket-pipelines.yml` changes needed to start. @@ -27,7 +27,7 @@ Create a Bitbucket Cloud API token for a dedicated service account ([Atlassian i After connecting, choose which repositories Pixee should analyze -- all repositories in the workspace or specific repositories. Pixee analyzes the default branch (typically `main` or `master`) of each connected repository. You can customize branch targeting and other behavior later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the repository root. -**Scanner integration:** Pixee natively integrates with 12 scanners. If your Bitbucket Pipelines include security scanner steps, Pixee can ingest findings from those pipeline runs. Any scanner producing SARIF output can also be connected through Pixee's [Integrations](/integrations/overview) page. Pixee runs its own analysis independently, so external scanners are additive, not required. +**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If your Bitbucket Pipelines include security scanner steps, Pixee can ingest findings from those pipeline runs. Any scanner producing SARIF output can also be connected through Pixee's [Integrations](/integrations/integrations-overview) page. After setup, Pixee begins its initial analysis and opens pull requests for actionable findings within the first hour. If no PRs appear, verify API token permissions, workspace-level admin approval, and supported language coverage. @@ -55,7 +55,7 @@ When Pixee identifies a fixable vulnerability, it opens a standard Bitbucket pul **Pipeline behavior:** Pixee-generated PRs trigger your existing Bitbucket Pipelines like any other pull request. If your pipeline includes security scans, tests, or linting steps, those run against the Pixee fix branch automatically. -For merge rate data, see [Fix Safety](/how-it-works/fix-safety). +For merge rate data, see [Security & Trust](/platform/security). ## What Data Leaves Your Network @@ -76,14 +76,5 @@ Bitbucket Server (formerly Data Center) is a separate Atlassian product from Bit If your team uses Jira alongside Bitbucket, Pixee PRs can reference Jira issue keys in their descriptions when configured. This allows Jira to automatically link the Pixee-generated PR to the relevant security issue, keeping your Atlassian workflow intact. -For Jira integration details, see [Integrations Overview](/integrations/overview). +For Jira integration details, see [Integrations Overview](/integrations/integrations-overview). -## Frequently Asked Questions - -### What scanners work with Pixee on Bitbucket? - -Pixee natively integrates with 12 scanners including Snyk, SonarQube, Checkmarx, and any scanner producing SARIF output. Scanner results can be ingested via Bitbucket Pipelines or direct integration. Pixee also runs its own analysis independently. - -### Do I need to modify my `bitbucket-pipelines.yml` to use Pixee? - -No. Pixee connects through an API token and operates independently of your pipeline configuration. No changes to `bitbucket-pipelines.yml` are required to start. If you want Pixee to ingest scanner results from your pipeline, that configuration is handled in the Pixee integration settings, not in your pipeline file. diff --git a/docs/getting-started/first-fix.md b/docs/getting-started/first-fix.md index 3efcfc71..905e2c0c 100644 --- a/docs/getting-started/first-fix.md +++ b/docs/getting-started/first-fix.md @@ -3,57 +3,58 @@ title: Your First Fix slug: /getting-started/first-fix track: dev content_type: tutorial -seo_title: "Your First Pixee Fix | From Install to Merged PR in Minutes" -description: "Walk through your first automated security fix from Pixee: PR contents, diff review, and merge workflow." -sidebar_position: 8 +seo_title: "Your First Pixee Fix | From Install to Merged PR" +description: "What a Pixee PR looks like, what the quality scores mean, and what to do with it." +sidebar_position: 6 --- -Your first Pixee fix arrives as a pull request in your existing code review tool. Open the PR, read the description, review the diff, and merge. Most teams see their first fix within an hour of installation. This page walks through exactly what that PR looks like and how to evaluate it. - -## What to Expect - -After installing Pixee ([GitHub](/getting-started/github), [GitLab](/getting-started/gitlab), [Azure DevOps](/getting-started/azure-devops), or [Bitbucket](/getting-started/bitbucket)), the platform connects to your repositories, ingests findings, and begins triaging. For confirmed vulnerabilities with available fixes, Pixee opens a pull request. - -First PRs are not random. Pixee prioritizes high-confidence, low-risk fixes for initial pull requests — deterministic codemods with predictable behavior. The first fix establishes trust through a clear, reviewable change, not through volume. +Your first Pixee fix arrives as a pull request in your existing code review tool. This page covers what to expect, how to evaluate the fix, and what the quality scores mean. ## Anatomy of a Pixee Fix PR -Every Pixee PR includes a descriptive title, a structured description, and the diff. - **PR Title:** Identifies the vulnerability type and affected file. Example: `Pixee fix: Parameterize SQL query in UserRepository.java` **PR Description — four parts:** 1. **The vulnerability** — What was found, which scanner flagged it, severity, CWE, and OWASP category. 2. **The fix** — What Pixee changed and why this approach was chosen. -3. **Safety evidence** — Why the fix is safe. For codemods: rule-based transformation with no behavioral change. For MagicMods: validation scores from the fix evaluation pipeline. +3. **Quality scores** — Safety, Effectiveness, and Cleanliness scores from the independent evaluation gate. 4. **References** — CWE definitions, OWASP documentation, scanner rule links. **The Diff:** Typically 1-5 lines in a single file. One vulnerability per PR — no bundled changes or surrounding refactors. -## Reviewing the Fix +## Understanding the Quality Scores -Review a Pixee PR the same way you review any other code change: +Every Pixee PR includes three scores from an independent evaluation pass (a separate inference call from the fix generator): -**Step 1: Read the PR description.** Understand the vulnerability and how the fix resolves it. +| Score | What It Checks | +|---|---| +| **Safety** | No breaking changes, no regressions, no unintended side effects | +| **Effectiveness** | The fix correctly resolves the vulnerability | +| **Cleanliness** | Proper formatting, no extraneous changes, preserves existing code | -**Step 2: Review the diff.** Confirm the code change is correct for your application. +All three must pass before the fix reaches your PR queue. A fix cannot reach you on a high Cleanliness score if it fails Safety. -**Step 3: Check CI results.** Your existing tests, linters, and scanners run against the fix automatically. If tests pass, the fix does not break existing behavior. +## What to Do With the PR -**Step 4: Decide:** +Review a Pixee PR the same way you review any other code change: + +1. Read the PR description — understand the vulnerability and the fix approach. +2. Review the diff — confirm the code change is correct for your application. +3. Check CI results — your existing tests, linters, and scanners run against the fix automatically. +4. Decide: -| Action | When | -| ------------------- | ------------------------------------------------------------------------------------- | -| **Merge** | The fix is correct, tests pass, and the change resolves the vulnerability | +| Action | When | +|---|---| +| **Merge** | The fix is correct, tests pass, and the change resolves the vulnerability | | **Request changes** | The fix is directionally correct but needs modification for your codebase conventions | -| **Close** | The fix is not appropriate for your codebase or the finding is acceptable risk | +| **Close** | The fix is not appropriate for your codebase or the finding is acceptable risk | -Pixee proposes. You decide. This is assisted remediation through your existing review process. +Pixee proposes. You decide. Your code review policies, CI/CD pipelines, and branch protection rules all apply. -## Common First-Fix Scenarios +## Example Fixes -**SQL injection fix:** Pixee replaces string concatenation with a parameterized query. +**SQL injection — Java:** ```java // Before @@ -68,55 +69,29 @@ stmt.setString(1, userId); ResultSet rs = stmt.executeQuery(); ``` -**Dependency upgrade (SCA fix):** Pixee bumps a vulnerable dependency to a patched version. The change is a single line in your manifest file (`pom.xml`, `requirements.txt`, `package.json`). Pixee checks for breaking changes before proposing the upgrade. - -**Hardcoded secret removal:** Pixee extracts a hardcoded credential into an environment variable reference. The code changes from a string literal to an environment variable lookup, and the PR description notes which variable to set. +**Dependency upgrade (SCA fix):** Pixee bumps a vulnerable dependency to a patched version in your manifest file (`pom.xml`, `requirements.txt`, `package.json`) and includes any downstream source-file changes in the same PR. ## After You Merge -Once you merge, the vulnerability is resolved. Your scanner confirms remediation on its next run, your backlog shrinks by one, and Pixee continues generating fixes for other findings. No dashboard to update, no ticket to close. The merged PR is the record. - -**Metrics to watch:** +Once you merge, the vulnerability is resolved. Your scanner confirms remediation on its next run, and your backlog shrinks. No dashboard to update, no ticket to close. The merged PR is the record. -| Metric | What It Tells You | -| ----------------- | -------------------------------------------------------------------------------------------------------------- | -| Merge rate | What percentage of Pixee PRs your team accepts. See [Fix Safety](/how-it-works/fix-safety) for benchmark data. | -| Time to merge | How quickly your team reviews and merges fixes | -| Backlog reduction | How fast your open vulnerability count decreases | +Standard `git revert` applies if a merged change ever needs to be undone. There is no runtime dependency on Pixee for merged code. -## What If No Fix Arrives? +## If No Fix Arrives If you do not see a PR within an hour of installation: 1. **Verify the integration is connected.** Check that Pixee has access to the repositories you selected during setup. -2. **Confirm supported languages are present.** Pixee supports Java, Python, JavaScript/TypeScript, .NET, Go, and PHP. Repositories in other languages will not generate fixes. -3. **Connect a scanner.** Pixee generates more fixes when it has scanner findings to work from. Connect CodeQL, Semgrep, SonarQube, or any SARIF-producing scanner via [CI/CD Integration](/getting-started/ci-cd). -4. **Check for fixable findings.** Your repositories may have findings that Pixee cannot currently remediate. This does not mean the integration is broken — it means the specific vulnerability types present do not yet have available codemods or MagicMod coverage. +2. **Confirm a scanner is connected.** Pixee needs scanner findings to act on. Connect CodeQL, Semgrep, SonarQube, or any SARIF-producing scanner via [CI/CD Integration](/integrations/ci-cd). +3. **Confirm supported languages are present.** Repositories in unsupported languages will not generate fixes. +4. **Check for fixable findings.** Your repositories may have findings that Pixee cannot currently remediate. Triage classifications will still appear. ## From First Fix to Full Value -The first merged fix proves the workflow: setup takes minutes, fixes arrive without manual effort, and developers stay in their existing tools. +Once the workflow is proven: -- **Connect additional scanners** to expand coverage. Pixee works with 12 natively integrated scanners and any SARIF-producing tool. +- **Connect additional scanners** to expand coverage. Pixee works with 13 natively integrated scanners and any SARIF-producing tool. - **Roll out to more repositories** as confidence builds. -- **Track your merge rate.** See [Fix Safety](/how-it-works/fix-safety) for merge rate data. - -For scaling from a single repository to organization-wide deployment, see the [Phased Rollout Guide](/enterprise/phased-rollout). For technical depth on fix methodology, see [Fix Generation](/how-it-works/fix-generation) and [Fix Safety and Validation](/how-it-works/fix-safety). - -## Frequently Asked Questions - -### How do I get my first automated fix from Pixee? - -Install Pixee for your platform ([GitHub](/getting-started/github), [GitLab](/getting-started/gitlab), [Azure DevOps](/getting-started/azure-devops), or [Bitbucket](/getting-started/bitbucket)), connect at least one repository, and wait for your first pull request. Most teams receive their first fix within an hour of installation. - -### How long does it take to review a Pixee fix? - -Most fixes change 1-5 lines and take seconds to minutes to review. The PR description explains the vulnerability, the fix approach, and why it is safe. - -### What if I disagree with a Pixee fix? - -Close the PR or leave a comment requesting changes — the same workflow as any other code review. Pixee proposes fixes; your team decides which to merge. You maintain full control over your codebase. - -### Are Pixee fixes deterministic or AI-generated? +- **Track your merge rate** — see [Security & Trust](/platform/security) for merge rate data and context. -Both. Pixee uses deterministic codemods for well-understood vulnerability patterns -- these produce identical, predictable output every time. For complex, codebase-specific scenarios, Pixee uses MagicMods (AI-generated fixes) that pass through a validation pipeline scoring Safety, Effectiveness, and Cleanliness before reaching your PR queue. See [Fix Generation](/how-it-works/fix-generation) for details on the codemod library. +For scaling to organization-wide deployment, see the [Phased Rollout Guide](/enterprise/phased-rollout). For technical depth on fix methodology, see [Remediation](/platform/remediation). diff --git a/docs/getting-started/getting-started.md b/docs/getting-started/getting-started.md index 816029cb..33938efe 100644 --- a/docs/getting-started/getting-started.md +++ b/docs/getting-started/getting-started.md @@ -4,11 +4,11 @@ slug: / track: dev content_type: tutorial seo_title: "Get Started with Pixee | Automated Security Remediation" -description: Install Pixee and connect your repositories for automated vulnerability triage and remediation via pull requests. +description: Install Pixee and connect your scanners for automated vulnerability triage and remediation via pull requests. sidebar_position: 1 --- -Pixee automates vulnerability triage and remediation directly inside your existing pull request workflow. Install the GitHub App, GitLab integration, Azure DevOps extension, or Bitbucket connector, and Pixee starts delivering fixes as standard PRs your developers already know how to review and merge. No new dashboards. No new interfaces. Setup takes under five minutes, and most teams see their first automated fix within the hour. +Pixee automates vulnerability triage and remediation directly inside your existing pull request workflow. Install the GitHub App, GitLab integration, Azure DevOps extension, or Bitbucket connector, connect your scanners, and Pixee starts delivering fixes as standard PRs your developers already know how to review and merge. Setup takes under five minutes, and most teams see their first automated fix within the hour. Pixee is not a scanner. It works downstream of your existing SAST, SCA, and DAST tools — ingesting their findings, triaging them for exploitability, and generating validated fixes. @@ -16,30 +16,49 @@ Pixee is not a scanner. It works downstream of your existing SAST, SCA, and DAST Pixee provides two co-equal capabilities: -**Triage Automation** reduces false positives by up to 95%. Each scanner finding passes through exploitability analysis that determines whether the vulnerability is actually reachable and triggerable in your codebase — not just whether it matches a pattern. Findings classified as false positives include a structured justification explaining why, so your security team can audit the decision. +**Triage Automation** reduces false positives by up to 98%. Each scanner finding passes through exploitability analysis that determines whether the vulnerability is actually reachable and triggerable in your codebase — not just whether it matches a pattern. Every verdict includes a structured justification with the specific code evidence that drove the decision. **Remediation Automation** generates context-aware code fixes and delivers them as pull requests. Developers review and merge these PRs like any other code change. Across production deployments, 76% of Pixee-generated fixes are merged by development teams after human review. -Both capabilities work together. Triage eliminates the noise. Remediation fixes what remains. The combination reduces vulnerability backlog resolution time. +Both capabilities work together. Triage eliminates the noise. Remediation fixes what remains. -| Capability | What It Does | Proof Point | -| ----------- | ------------------------------------------------------------- | ---------------------------------------- | -| Triage | Exploitability analysis across 12 native scanner integrations | Up to 95% false positive reduction | -| Remediation | Context-aware fixes as pull requests | 76% merge rate on production deployments | -| Delivery | Standard PRs in GitHub, GitLab, ADO, Bitbucket | Native platform integration | +| Capability | What It Does | Proof Point | +|---|---|---| +| Triage | Exploitability analysis across 13 native scanner integrations | Up to 98% false positive reduction | +| Remediation | Context-aware fixes as pull requests | 76% merge rate on production deployments | +| Delivery | Standard PRs in GitHub, GitLab, ADO, Bitbucket | Native platform integration | -## Choose Your Platform +## Setup Flow -| Platform | Setup Time | Guide | -| ---------------- | ---------- | ----------------------------------------------------- | -| **GitHub** | ~3 minutes | [GitHub Setup →](/getting-started/github) | -| **GitLab** | ~5 minutes | [GitLab Setup →](/getting-started/gitlab) | -| **Azure DevOps** | ~5 minutes | [Azure DevOps Setup →](/getting-started/azure-devops) | -| **Bitbucket** | ~5 minutes | [Bitbucket Setup →](/getting-started/bitbucket) | +Setting up Pixee takes three steps: + +| Step | Page | Time | +|---|---|---| +| 1. Install the platform integration | [GitHub](/getting-started/github), [GitLab](/getting-started/gitlab), [Azure DevOps](/getting-started/azure-devops), or [Bitbucket](/getting-started/bitbucket) | 3-5 min | +| 2. Connect your scanners | See below — required | 5-10 min | +| 3. Review and merge your first fix | [Your First Fix](/getting-started/first-fix) | 5 min | + +Total time to first merged fix: under 30 minutes for most teams. + +## Connecting Scanners (Required) + +Pixee requires scanner findings to perform triage and generate fixes. Without connected scanners, there is nothing for Pixee to act on. -Already running CI/CD pipelines? See [CI/CD Integration](/getting-started/ci-cd) for pipeline-level setup. +**What "connecting a scanner" means:** -Want to drive the platform from the command line — query scans, configure workflows, hit the API? See [Pixee CLI](/getting-started/cli). +- For scanners that write to your SCM's code-scanning surface (GitHub Code Scanning, GitLab Security Dashboard, etc.), Pixee ingests findings automatically through the SCM integration — no additional step required. +- For scanners that don't write to the SCM's code-scanning surface, upload SARIF results to the SCM's code-scanning API as a CI step. Pixee then ingests them through the SCM integration. + +Pixee integrates natively with 13 scanners: CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, and Trivy. Any SARIF-producing scanner also works. See [Scanner Integration](/platform/scanner-integration) for the full list and [CI/CD Integration](/integrations/ci-cd) for pipeline setup examples. + +## Choose Your Platform + +| Platform | Setup Time | Guide | +|---|---|---| +| **GitHub** | ~3 minutes | [GitHub Setup →](/getting-started/github) | +| **GitLab** | ~5 minutes | [GitLab Setup →](/getting-started/gitlab) | +| **Azure DevOps** | ~5 minutes | [Azure DevOps Setup →](/getting-started/azure-devops) | +| **Bitbucket** | ~5 minutes | [Bitbucket Setup →](/getting-started/bitbucket) | Need enterprise deployment (self-hosted, air-gapped, BYOM)? Start with [Enterprise Deployment Options](/enterprise/deployment). @@ -51,54 +70,20 @@ Need enterprise deployment (self-hosted, air-gapped, BYOM)? Start with [Enterpri 4. Your developers review the PR in their normal workflow — same code review process, same CI/CD pipeline, same branch protection rules. 5. Developers merge, modify, or close the PR. No special tooling required. -There is no Pixee dashboard you need to monitor. The PR is the interface. - -## Developer Journey - -This Getting Started section walks you through a complete path: - -**Install** → **Connect scanners** → **Review your first fix** → **Merge** - -| Step | Page | Time | -| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | -| 1. Install the platform integration | [GitHub](/getting-started/github), [GitLab](/getting-started/gitlab), [ADO](/getting-started/azure-devops), or [Bitbucket](/getting-started/bitbucket) | 3-5 min | -| 2. Connect your scanner (optional) | [CI/CD Integration](/getting-started/ci-cd) | 5-10 min | -| 3. Review and merge your first fix | [Your First Fix](/getting-started/first-fix) | 5 min | - -Total time to first merged fix: under 30 minutes for most teams. - ## Prerequisites - A GitHub, GitLab, Azure DevOps, or Bitbucket account with at least one repository -- Code in a supported language: Java, Python, JavaScript/TypeScript, .NET, Go, or PHP -- Existing scanner findings recommended for immediate triage and remediation results. Without connected scanner results, Pixee can apply proactive security hardening codemods to common vulnerability patterns. +- Code in a supported language: Java, Python, JavaScript/TypeScript, .NET, Go, Ruby, PHP, Kotlin, Rust, Scala, Swift, or IaC +- At least one connected scanner — this is required for triage and remediation to work No agents to install. No CLI required for the standard workflow. No configuration files needed to start. ## Large Backlogs (10,000+ Findings) -Pixee handles large vulnerability backlogs without overwhelming your development team. Findings are prioritized by severity -- Critical and High findings are processed first, so the most dangerous vulnerabilities get addressed before lower-priority items. - -PR creation is batched, not instantaneous. Expect a steady stream of fixes delivered over days, not a flood of hundreds of PRs at once. This pacing keeps code review manageable and avoids overwhelming CI/CD pipelines. - -Use a [PIXEE.yaml](/configuration/pixee-yaml) file to scope initial remediation to specific severity levels, vulnerability types, or repository paths. This gives your team control over the rollout pace and lets you focus on the findings that matter most. - -For organizations managing hundreds of repositories or millions of findings, the [Phased Rollout Guide](/enterprise/phased-rollout) covers rollout strategy for large estates -- including recommended phasing, success metrics per phase, and organizational change management. - -## Frequently Asked Questions - -### How do I install Pixee? - -Choose your platform (GitHub, GitLab, Azure DevOps, or Bitbucket), authorize the app, select your repositories, and Pixee begins analyzing findings automatically. Setup takes under five minutes. See the platform-specific guides linked above. - -### How long does it take to see results? - -Most teams see their first automated fix within one hour of installation. Triage results appear as soon as scanner findings are ingested. The timeline depends on how many findings your scanners have already produced. - -### Does Pixee require code changes to install? +Pixee handles large vulnerability backlogs without overwhelming your development team. Findings are prioritized by severity — Critical and High findings are processed first. -No. Pixee installs as a platform integration (GitHub App, GitLab webhook, Azure DevOps extension, Bitbucket connector) and requires zero code changes, CLI installs, or configuration files to start. +PR creation is batched, not instantaneous. Expect a steady stream of fixes delivered over days, not a flood of hundreds of PRs at once. -### Do developers need to learn a new tool? +Use a [PIXEE.yaml](/configuration/pixee-yaml) file to scope initial remediation to specific severity levels, vulnerability types, or repository paths. -No. Developers interact with Pixee exclusively through pull requests in their existing platform. There is no new interface, no new CLI, no new dashboard. Reviewing a Pixee PR is identical to reviewing any other code change. +For organizations managing hundreds of repositories or millions of findings, the [Phased Rollout Guide](/enterprise/phased-rollout) covers rollout strategy for large estates. diff --git a/docs/getting-started/github.md b/docs/getting-started/github.md index c00e1c27..62073603 100644 --- a/docs/getting-started/github.md +++ b/docs/getting-started/github.md @@ -16,7 +16,7 @@ Before you start, confirm the following: - **GitHub permissions.** You need admin or owner permissions on the target repositories, or organization-level install permissions for org-wide deployment. - **Supported language.** At least one repository with code in Java, Python, JavaScript/TypeScript, .NET, Go, or PHP. -- **Scanner results (optional).** If you already run CodeQL, Semgrep, Snyk Code, Checkmarx, SonarQube, or another scanner that uploads SARIF to GitHub Code Scanning, Pixee ingests those results automatically. This is additive — Pixee also runs its own analysis without any external scanner. +- **Scanner results (required).** Pixee needs scanner findings to perform triage and generate fixes. If you already run CodeQL, Semgrep, Snyk Code, Checkmarx, SonarQube, or another scanner that uploads SARIF to GitHub Code Scanning, Pixee ingests those results automatically. No agents to install. No CLI required. No configuration files needed to start. @@ -26,7 +26,7 @@ Install the Pixee GitHub App from the GitHub Marketplace, select your organizati Pixee analyzes the default branch of each connected repository. Branch targeting and other behavior can be customized later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the repository root. -**Scanner integration:** Pixee natively integrates with 12 scanners. If you use GitHub Code Scanning (which includes CodeQL, Semgrep via SARIF upload, and others), Pixee ingests those results automatically. For scanners outside the GitHub Code Scanning ecosystem, connect them through Pixee's [Integrations](/integrations/overview) page. Pixee also runs its own analysis independently, so external scanners are additive, not required. +**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If you use GitHub Code Scanning (which includes CodeQL, Semgrep via SARIF upload, and others), Pixee ingests those results automatically through the GitHub App. For scanners outside the GitHub Code Scanning ecosystem, connect them through Pixee's [Integrations](/integrations/integrations-overview) page. After installation, Pixee begins its initial analysis. Within the first hour, Pixee opens pull requests for any actionable findings it identifies. If no PRs appear, the repository may have no actionable findings, or you may need to verify repository access and supported language coverage. @@ -93,7 +93,7 @@ When Pixee identifies a fixable vulnerability, it opens a standard GitHub pull r **How to reject:** Close the PR with a comment. Pixee does not reopen closed PRs for the same finding. -For merge rate data, see [Fix Safety](/how-it-works/fix-safety). +For merge rate data, see [Security & Trust](/platform/security). ## What Data Leaves Your Network @@ -122,12 +122,3 @@ See the full [PIXEE.yaml Reference](/configuration/pixee-yaml) for all options. GHES is supported via Pixee Enterprise (self-hosted) — not on the cloud SaaS. See [GitHub Integration → GitHub Enterprise Server](/integrations/scms/github#github-enterprise-server) for the connection model and network requirements, and [Enterprise Deployment Options](/enterprise/deployment) for infrastructure setup. -## Frequently Asked Questions - -### Does Pixee require code changes to install on GitHub? - -No. Pixee installs as a standard GitHub App. You authorize it, select repositories, and it begins working. No code changes, no config files required to start. You can optionally add a `PIXEE.yaml` for customization later. - -### What scanners work with Pixee on GitHub? - -Pixee natively integrates with 12 scanners including CodeQL, Semgrep, Checkmarx, Snyk Code, SonarQube, and any scanner that produces SARIF output via GitHub Code Scanning. Pixee also runs its own analysis independently, so external scanners are additive, not required. diff --git a/docs/getting-started/gitlab.md b/docs/getting-started/gitlab.md index 8c2f38cc..4e581c6a 100644 --- a/docs/getting-started/gitlab.md +++ b/docs/getting-started/gitlab.md @@ -17,7 +17,7 @@ Before you start, confirm the following: - **GitLab permissions.** You need Maintainer or Owner role on the target projects. For group-level setup, you need Owner on the parent group. - **GitLab instance.** GitLab SaaS (gitlab.com) or a self-managed GitLab instance. For self-managed, you will provide your instance URL during setup. - **Supported language.** At least one project with code in Java, Python, JavaScript/TypeScript, .NET, Go, or PHP. -- **Scanner results (optional).** If you run GitLab SAST, Semgrep, Checkmarx, or other scanners through GitLab CI, Pixee can ingest those findings. This is additive — Pixee also runs its own analysis. +- **Scanner results (required).** Pixee needs scanner findings to perform triage and generate fixes. If you run GitLab SAST, Semgrep, Checkmarx, or other scanners through GitLab CI, Pixee ingests those findings automatically. No agents to install. No runner configuration changes. No `.gitlab-ci.yml` edits needed to start. @@ -27,7 +27,7 @@ Create a GitLab personal access token for a dedicated service account, then conn After connecting, choose which GitLab projects Pixee should analyze -- all projects, member projects only, or specific projects. Pixee analyzes the default branch of each connected project. You can customize branch targeting and other behavior later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the project root. -**Scanner integration:** Pixee natively integrates with 12 scanners. If your `.gitlab-ci.yml` includes the GitLab SAST template, Pixee ingests those findings directly. Third-party scanners producing SARIF output can be connected through Pixee's [Integrations](/integrations/overview) page. Pixee also runs its own analysis independently, so external scanners are additive, not required. +**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If your `.gitlab-ci.yml` includes the GitLab SAST template, Pixee ingests those findings directly. Third-party scanners producing SARIF output can be connected through Pixee's [Integrations](/integrations/integrations-overview) page. After setup, Pixee begins its initial analysis and opens merge requests for actionable findings within the first hour. If no MRs appear, verify PAT scopes, network connectivity (for self-managed instances), and supported language coverage. @@ -55,7 +55,7 @@ When Pixee identifies a fixable vulnerability, it opens a standard GitLab merge **CI pipeline behavior:** Pixee-generated MRs trigger your existing GitLab CI pipeline like any other merge request. If your pipeline includes SAST, tests, or linting stages, those run against the Pixee fix branch automatically. -For merge rate data, see [Fix Safety](/how-it-works/fix-safety). +For merge rate data, see [Security & Trust](/platform/security). ## What Data Leaves Your Network @@ -72,16 +72,3 @@ For teams that require code to remain within their own infrastructure, Pixee off Self-managed GitLab is supported. See [GitLab Integration → Self-Hosted GitLab](/integrations/scms/gitlab#self-hosted-gitlab) for the connection model and network requirements, and [Enterprise Deployment Options](/enterprise/deployment) for air-gapped and on-prem Pixee deployments. -## Frequently Asked Questions - -### Does Pixee work with GitLab CI/CD? - -Yes. Pixee-generated merge requests run through your existing GitLab CI pipeline like any other MR — including SAST stages, test suites, and approval rules. You can also configure Pixee to ingest scanner results produced by your CI pipeline. - -### What scanners does Pixee support on GitLab? - -Pixee natively integrates with 12 scanners including GitLab SAST, Semgrep, Checkmarx, Snyk Code, SonarQube, and any scanner producing SARIF output. Pixee triages findings from these scanners and generates fixes for confirmed vulnerabilities. - -### Do I need to modify my `.gitlab-ci.yml` to use Pixee? - -No. Pixee connects through a personal access token and operates independently of your CI pipeline configuration. No changes to `.gitlab-ci.yml` are required to start. If you want Pixee to ingest scanner results from your pipeline, that configuration is handled in the Pixee integration settings, not in your CI file. diff --git a/docs/how-it-works/_category_.json b/docs/how-it-works/_category_.json deleted file mode 100644 index 159aad94..00000000 --- a/docs/how-it-works/_category_.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "label": "How It Works", - "position": 3, - "collapsible": true, - "collapsed": false, - "link": { - "type": "generated-index" - } -} diff --git a/docs/how-it-works/context-intelligence.md b/docs/how-it-works/context-intelligence.md deleted file mode 100644 index 70b274c7..00000000 --- a/docs/how-it-works/context-intelligence.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: "Context & Intelligence" -slug: /how-it-works/context-intelligence -track: both -content_type: guide -seo_title: "Context & Intelligence | Beyond Reachability Analysis" -description: How Pixee evaluates dataflow quality, production vs. test context, security controls, and severity signals on every vulnerability finding. -sidebar_position: 6 ---- - -Pixee's context-aware intelligence layer evaluates multiple dimensions of code context to determine whether a vulnerability is actually exploitable -- not just whether it is reachable. The system assesses dataflow quality on a four-tier scale, classifies code as production or test, detects security controls in the code path, filters intentionally-vulnerable projects, and adjusts severity based on all available signals. This shared intelligence substrate enriches both triage verdicts and remediation context. See [Triage Capabilities](/platform/triage) for false positive reduction data. - -Context intelligence is the shared layer underneath both of Pixee's co-equal capabilities: [Triage Automation](/how-it-works/triage-engine) and [Remediation Automation](/how-it-works/fix-generation). The same analysis that makes triage verdicts accurate also makes generated fixes higher quality. - -## Why Reachability Is Not Enough - -Reachability analysis checks whether a vulnerable function is reachable from an entry point. This is a useful first filter -- it removes dead code and internal utilities from consideration. However, reachability alone is not sufficient for accurate triage. - -Reachability tells you whether code CAN be reached. It does not tell you whether a vulnerability is actually exploitable in context. Four categories of noise survive basic reachability: - -**1. Protected but reachable.** A function may be reachable but sits behind a WAF rule, a framework-provided sanitizer, or an input validation layer. Reachability says "yes, reachable." Exploitability analysis says "yes, reachable, but the input is validated before it arrives -- this is a false positive." - -**2. Test code that looks like production.** Test fixtures often exercise the same code paths as production. Reachability analysis treats test code the same as production code. Exploitability analysis classifies code context and adjusts severity. - -**3. Weak dataflow evidence.** Some scanner findings are based on pattern matches with no clear taint propagation from source to sink. Reachability does not assess the quality of the evidence. Exploitability analysis does -- weak evidence gets lower confidence, preventing marginal findings from consuming engineering attention. - -**4. Severity misalignment.** A "critical" finding in a CTF demo project is not the same as a "critical" finding in a production payment service. Reachability does not adjust severity for deployment context. Exploitability analysis does. - -Pixee evaluates all of these dimensions to close the gap between reachability and exploitability. - -## Dataflow Quality Assessment - -Not all findings have equal evidence. Pixee classifies the strength of dataflow evidence on every finding using a four-tier scale: - -| Tier | Description | Confidence Impact | Gathering Strategy | -| ---------------------- | ------------------------------------------------------- | ------------------------------------------ | --------------------------------------------------------------------- | -| **Strong Multi-File** | High-confidence taint propagation across multiple files | Highest confidence in verdicts | Traces full cross-file dataflow; includes all files in the taint path | -| **Strong Single-File** | High-confidence dataflow within a single file | High confidence | Full file context with highlighted vulnerable region | -| **Weak** | Partial or low-confidence dataflow information | Reduced confidence; may downgrade findings | Targeted excerpts around the flagged location | -| **Single-Location** | Only the flagged line, no dataflow available | Lowest confidence | Surrounding context with heuristic file matching | - -**How this affects triage:** Higher dataflow quality increases confidence in true positive verdicts. Weak evidence can downgrade findings that basic reachability would flag as critical. A scanner that reports a SQL injection but provides only a single-location match with no dataflow evidence gets a lower confidence score than the same rule backed by a full source-to-sink trace across multiple files. - -**How this affects remediation:** The same classification drives the context gathering strategy for fix generation. Strong multi-file dataflow means the LLM sees the full cross-file taint path. Single-location findings get targeted context with heuristic file matching. Better context means better fixes at lower cost. - -## Production vs. Test Classification - -A SQL injection pattern in a production API endpoint is critical. The same pattern in a test fixture is not. - -The system identifies code context -- production services, test fixtures, integration tests, development utilities -- and adjusts severity accordingly. This means executive dashboards reflect real exploit risk instead of raw rule counts. - -This classification is particularly valuable for organizations with large test suites. Test code exercises the same code paths and triggers the same scanner rules as production code, but carries fundamentally different risk. Without production vs. test classification, every test fixture vulnerability inflates the backlog with findings that no one should fix. - -## Security Control Detection - -When a sanitizer, validator, or framework-specific protection exists between a source and a sink, the system identifies it and uses it as evidence for the triage verdict. - -This is the difference between "this function is reachable" and "this function is reachable but the input is sanitized before it arrives." - -**How it works:** - -- Identifies sanitizers (input validation functions, encoding routines) -- Detects validators (schema validation, type checking) -- Recognizes framework-specific protections (CSRF tokens, Content Security Policy headers, parameterized query builders) -- Every triage verdict includes code snippets showing the relevant controls - -Security control detection is what allows the triage engine to confidently classify findings as false positives when a control exists in the code path. Without it, the system would need to escalate every reachable finding for human review. - -## Intentionally-Vulnerable Project Filtering - -Demo applications, CTF challenges, and security training repositories generate permanent scanner noise. These projects are deliberately insecure -- they exist to teach or test, not to run in production. - -The system detects these projects and filters them from the triage pipeline. This prevents wasted triage capacity on findings that are designed to be vulnerable and should never be remediated. - -## Severity Adjustment - -When context signals indicate that a finding's real-world risk differs from its raw scanner severity, the system adjusts: - -- True positive on high-quality dataflow in production stays critical -- Same rule on a weak match in a test fixture gets downgraded -- A finding behind a validated security control may be reclassified as won't-fix - -Every severity adjustment includes an audit trail showing why the adjustment was made. Auditors can verify the reasoning. This means compliance teams can explain to auditors why a "critical" scanner finding was downgraded -- the triage verdict includes the specific code signals that justified the decision. - -## How Context Feeds Remediation - -The context intelligence layer serves double duty. The same analysis that drives triage accuracy also drives fix quality. - -**For fix generation:** - -- Dataflow quality determines how much code context the LLM sees. Strong multi-file dataflow means the model sees the full taint path. Weak evidence means targeted excerpts. -- Token-budget optimization: targeted excerpts for large files, full files for small ones. Merges consecutive vulnerable regions in the same file to reduce cost. -- Fuzzy file matching finds related files not explicitly named in the dataflow trace. - -**Why this matters:** LLM fix quality is bounded by what the model can see. Too little context produces wrong fixes. Too much context wastes tokens and confuses the model. The context intelligence layer solves both problems by adapting the gathering strategy to the finding's dataflow quality. - -Better context means better fixes at lower cost. This is the component that caps per-call resource usage without sacrificing fix quality. - -## Frequently Asked Questions - -### What is exploitability analysis in application security? - -Exploitability analysis determines whether a scanner-reported vulnerability can actually be triggered in a specific codebase. It goes beyond reachability to evaluate dataflow quality, security control presence, production vs. test classification, and the strength of evidence supporting an attack path. Pixee evaluates all of these dimensions on every finding, producing auditable verdicts with code-level evidence. - -### How does Pixee go beyond basic reachability analysis? - -While reachability checks whether a function can be reached from an entry point, Pixee additionally evaluates dataflow quality on a four-tier scale, detects security controls between source and sink, classifies code as production or test, filters intentionally-vulnerable projects, and adjusts severity based on all available context signals. These additional dimensions close the gap between "is this code reachable?" and "is this vulnerability actually dangerous?" - -### Does context analysis work across all scanners? - -Yes. The context-aware intelligence layer operates across any SARIF-producing scanner. Whether findings come from CodeQL, Semgrep, Checkmarx, or custom internal tools, the same exploitability analysis applies to all findings through a unified pipeline. Triage accuracy scales with the richness of metadata each scanner provides, but every scanner gets context-aware analysis. diff --git a/docs/how-it-works/fix-generation.md b/docs/how-it-works/fix-generation.md deleted file mode 100644 index 0cea46b4..00000000 --- a/docs/how-it-works/fix-generation.md +++ /dev/null @@ -1,157 +0,0 @@ ---- -title: Fix Generation -slug: /how-it-works/fix-generation -track: both -content_type: guide -seo_title: "How Fix Generation Works | Codemods + AI Remediation" -description: "How Pixee generates security fixes: deterministic codemods for known patterns, AI-powered MagicMods for novel scenarios, and independent quality evaluation." -sidebar_position: 2 ---- - -Pixee generates security fixes through a hybrid-intelligence engine: 120+ deterministic codemods handle known vulnerability patterns with zero AI variance, while AI-powered MagicMods handle novel and complex scenarios using dataflow-bounded context and per-rule knowledge base guidance. Every fix -- deterministic or AI-generated -- passes through an independent quality evaluation scoring Safety, Effectiveness, and Cleanliness before reaching a pull request. Developers see only pre-validated fixes. See [Fix Safety](/how-it-works/fix-safety) for merge rate data. - -Remediation is one of two co-equal capabilities in Pixee's Agentic Security Engineering Platform. The other is [Triage Automation](/how-it-works/triage-engine), which classifies findings as true or false positives with structured evidence. Together they close the loop from "scanner found something" to "vulnerability is fixed." - -## Fix Generation Pipeline - -Every scanner finding that passes triage as a true positive enters the same fix pipeline, regardless of which scanner detected it or whether the fix uses deterministic or AI-powered generation. - -**End-to-end flow:** - -1. **Context gathering** -- classifies dataflow quality on a four-tier scale, follows taint propagation across files, highlights vulnerable regions with inline markers, and adapts context windows to file size -2. **Route decision** -- known pattern routes to a deterministic codemod; novel or complex pattern routes to an AI-powered MagicMod -3. **Fix planning** (complex/multi-file fixes) -- specialized agents decompose the fix into coordinated manifest changes, source file edits, and declaration updates -4. **Fix generation** -- codemod applies an AST or regex transformation (deterministic); MagicMod generates a fix with dataflow-bounded context and per-rule guidance -5. **Fix evaluation** -- a separate inference call scores the fix on Safety, Effectiveness, and Cleanliness. Fixes that fail are retried with structured feedback or suppressed -6. **PR creation** -- the validated fix plus metadata, diff rationale, and quality scores are delivered as a pull request - -The same evaluation gate applies regardless of whether the fix was deterministic or AI-generated. The pipeline handles both SAST and [SCA findings](/how-it-works/sca-pipeline). - -## Deterministic Codemods - -Codemods are pre-built, rule-based code transformations encoding OWASP/SANS security patterns. No LLM is involved. Same input, same output, every time. - -**Scale:** 120+ codemods across Java and Python. The open-source engines -- codemodder-java (51 core codemods) and codemodder-python (60+ core codemods) -- are publicly inspectable on GitHub, with additional JavaScript/TypeScript coverage. - -**Fix types covered:** - -- SQL injection parameterization -- SSRF prevention -- Insecure deserialization (PyYAML hardening, defused XML) -- Weak cryptography (secure random, JWT decode verification) -- Insecure temp file handling -- SSL/TLS protocol upgrades -- Security hardening patterns from OWASP/SANS - -**Why deterministic matters:** - -- **Zero hallucination risk.** The transformation is a fixed rule, not a generated response. There is no variance between runs. -- **Auditor-inspectable.** The open-source codemod engines let customers and auditors read the transformation rules before deployment. -- **Cost-effective at scale.** Codemods run in sub-second time with zero inference cost. This keeps per-finding cost bounded, leaving AI budget for genuinely novel cases. - -Codemods handle known, solved patterns without AI involvement. - -## AI-Powered MagicMods - -MagicMods fire when no deterministic codemod matches the finding. They handle the scenarios that rule-based systems cannot reach: custom framework wrappers, multi-file dataflow vulnerabilities, context-dependent sanitization, and novel patterns. - -**MagicMod architecture:** - -- **Dataflow-bounded context.** The LLM receives only the code relevant to the vulnerability's dataflow path. This precision controls token cost and provides focused context. -- **Per-rule knowledge base guidance.** Each scanner rule has associated remediation knowledge. The LLM receives rule-specific security advice, not generic guidance. -- **Per-project PIXEE.yaml policy.** MagicMods respect project-level configuration files specifying your coding conventions, preferred imports, and framework choices. AI-generated fixes match your team's style. -- **Scanner-aware dispatchers.** Dispatchers for 8+ scanner types (Semgrep, CodeQL, Sonar, Snyk, AppScan, Polaris, DefectDojo, Trivy) understand each tool's output format and rule semantics. A Semgrep finding is processed differently than a Checkmarx finding because the available metadata differs. - -Every MagicMod fix passes through the same independent evaluation gate that all fixes pass. - -## Context Gathering - -Fix quality is bounded by what the LLM can see. Context gathering is the engineering that controls this boundary. - -**4-tier dataflow quality classification:** - -| Tier | Description | Gathering Strategy | -| ---------------------- | ------------------------------------------------------- | --------------------------------------------------------------------- | -| **Strong Multi-File** | High-confidence taint propagation across multiple files | Traces full cross-file dataflow; includes all files in the taint path | -| **Strong Single-File** | High-confidence dataflow within a single file | Full file context with highlighted vulnerable region | -| **Weak** | Partial or low-confidence dataflow information | Targeted excerpts around the flagged location | -| **Single-Location** | Only the flagged line, no dataflow available | Surrounding context with heuristic file matching | - -**Key capabilities:** - -- Follows SARIF-based taint propagation across files -- Highlights the vulnerable region with inline markers so the LLM knows exactly where the problem is -- Adapts between whole-file and targeted excerpts based on file size -- Merges consecutive vulnerable regions in the same file to reduce token cost -- Fuzzy file matching finds related files not explicitly named in the dataflow - -This context layer is shared between triage and remediation paths. The same classification that drives triage verdict accuracy also drives fix quality. - -## Multi-Agent Fix Planning - -Some security fixes span multiple files. A vulnerable dependency may require upgrading the library version in a manifest file, updating import statements in source files, and refactoring call sites that use changed APIs -- all as a single, atomic change. - -Pixee decomposes complex fixes across specialized agents rather than cramming everything into a single AI prompt: - -- **Version decision logic** -- determines which library version resolves the vulnerability while maintaining compatibility -- **Source file identification** -- uses the vulnerability's dataflow evidence to identify which source files need edits -- **Manifest declaration updates** -- locates the exact line in the manifest file that needs to change - -**Iterative refinement:** The fix plan is evaluated for quality before execution begins. Plans that are incomplete or inconsistent receive structured feedback and are refined. Plans that cannot reach acceptable quality are not executed. - -**Why this matters:** Multi-file security fixes are where single-pass AI code generation consistently fails. The model forgets the manifest, bumps the dependency without updating imports, or edits the wrong file. Structured planning with specialized agents prevents these failure modes. - -The result is an atomic PR: manifest change plus source-file refactoring plus declaration updates in a single pull request. No "upgrade succeeded, tests broken" half-states. - -## Fix Evaluation - -Every generated fix passes through an independent quality gate before a developer sees it. Bad fixes are rejected, not shipped. - -**Three-dimension rubric:** - -| Dimension | What It Checks | Failure Example | -| ----------------- | ----------------------------------------------------------------- | ---------------------------------------------------------- | -| **Safety** | No breaking changes, no regressions, no unintended side effects | Fix changes the API signature, breaking callers | -| **Effectiveness** | Correctly resolves the security vulnerability | Fix adds validation but misses the actual injection point | -| **Cleanliness** | Proper formatting, no extraneous changes, preserves existing code | Fix reformats the entire file or removes existing comments | - -**Architectural independence:** The evaluator runs as a separate inference call -- the generator does not grade its own work. This is not self-critique from the same model. The separation prevents the "grading your own homework" failure mode. - -**Retry and suppression:** Fixes that fail receive specific reasoning and suggestions. The generator uses this feedback to produce a better fix. If a fix still cannot pass after retries, it is suppressed with an explanation -- the developer never sees it. - -For the full trust analysis, see [Fix Safety and Validation](/how-it-works/fix-safety). - -## What Developers See - -The end product is a standard pull request in GitHub, GitLab, Azure DevOps, or Bitbucket. There is no new tool to learn and no context-switching. - -**A typical Pixee PR includes:** - -- **Code diff** -- usually 1-5 lines adding input validation, parameterized queries, or safe API calls -- **Vulnerability context** -- what the scanner found and why it matters -- **Quality scores** -- Safety, Effectiveness, and Cleanliness scores from the evaluation gate -- **Fix rationale** -- why this specific remediation approach was chosen - -Developers review, modify, reject, or merge like any other code change. Standard git revert applies to any merged change. There is no runtime dependency on Pixee for merged code -- if Pixee were removed, all previously merged fixes remain as standard code in the repository. - -## Frequently Asked Questions - -### How do AI-generated code fixes get validated before merging? - -Every fix passes through an independent quality evaluation scoring three dimensions: Safety (no breaking changes), Effectiveness (resolves the vulnerability), and Cleanliness (code quality). The evaluator runs as a separate inference call -- the generator does not grade its own work. Fixes that fail are retried with structured feedback or suppressed entirely. Developers see only fixes that have passed this gate. - -### What is a good merge rate for automated security fixes? - -Merge rate reflects the combined quality of deterministic codemods (zero variance on known patterns), AI-generated fixes (constrained generation with independent evaluation), and the suppression of fixes that cannot pass quality gates. See [Fix Safety](/how-it-works/fix-safety) for current merge rate data. - -### What is the difference between codemods and AI-generated fixes? - -Deterministic codemods are pre-built, rule-based transformations that produce identical output every time with zero AI involvement. They handle known patterns like SQL injection parameterization and SSRF prevention. AI-powered MagicMods handle novel patterns where deterministic rules cannot reach, using LLM-based generation with dataflow-bounded context and independent quality evaluation. The system routes each vulnerability to the appropriate mode automatically. - -### Does Pixee respect my team's coding conventions? - -Yes. AI-generated fixes use per-project PIXEE.yaml policy files that specify coding conventions, preferred imports, and framework choices. Deterministic codemods follow OWASP/SANS standard patterns. All fixes can be modified by developers before merging -- they are standard PRs with full diff visibility. - -### What is the failure mode for AI-generated fixes? - -When an AI-generated fix does not meet quality standards, it is retried with structured feedback from the evaluator. If it still cannot pass after retries, it is suppressed with an explanation -- the developer never sees it. No fix reaches a pull request without passing the independent evaluation gate. Developers always have final authority: they can modify, reject, or revert any merged change through standard Git operations. diff --git a/docs/how-it-works/fix-safety.md b/docs/how-it-works/fix-safety.md deleted file mode 100644 index 96c7fc56..00000000 --- a/docs/how-it-works/fix-safety.md +++ /dev/null @@ -1,129 +0,0 @@ ---- -title: "Fix Safety & Validation" -slug: /how-it-works/fix-safety -track: both -content_type: guide -seo_title: "Fix Safety & Validation | How Pixee Prevents Bad Fixes" -description: Deterministic codemods, independent AI evaluation, and PR-only delivery. How Pixee validates fixes before they reach developers. -sidebar_position: 3 ---- - -Pixee uses a deterministic-first, AI-second architecture with independent quality evaluation to ensure automated fixes do not break your code. Most fixes come from pre-built codemods that produce identical, zero-variance output every time. See [Fix Generation](/how-it-works/fix-generation) for the full codemod library. Fixes that require AI generation pass through a separate evaluation scoring Safety, Effectiveness, and Cleanliness before any developer sees them. Every change ships as a pull request -- never a direct commit -- preserving your existing code review, CI/CD, and SAST re-scanning gates. The measured result: a 76% merge rate on production deployments. - -## How Fix Safety Works - -Pixee's fix safety rests on independent validation layers, narrow scope by design, and preserved human authority at every stage. - -## Deterministic vs. Probabilistic Fixes - -This distinction is the single most important concept on this page. When technical evaluators understand it, the concern about AI-generated fixes fundamentally changes. - -**Deterministic codemods:** Pre-built, rule-based code transformations encoding OWASP/SANS security patterns. Same input, same output, every time. Zero LLM involvement. Zero hallucination risk. The open-source codemod engines (codemodder-java, codemodder-python) are publicly inspectable -- your security team or auditors can read the transformation rules before deployment. - -**AI-generated MagicMods:** Handle novel patterns where deterministic rules cannot reach -- custom framework wrappers, multi-file dataflow vulnerabilities, context-dependent sanitization. Every AI-generated fix earns its way through the evaluation pipeline. - -| Dimension | Deterministic Codemods | AI-Generated MagicMods | -| ------------------------------- | ------------------------------------------------------------------------------ | --------------------------------------------------------------------- | -| **Input/output predictability** | Identical output every time | Output varies based on context; constrained by dataflow-bounded input | -| **Scope** | Known vulnerability patterns (SQL injection, XSS, SSRF, deserialization, etc.) | Novel, custom, and multi-file patterns | -| **Hallucination risk** | Zero | Mitigated by independent evaluation and retry/suppression | -| **Validation requirement** | Pre-validated by design; open-source engines inspectable | Mandatory independent evaluation gate | -| **LLM involvement** | None | Constrained generation with per-rule knowledge base guidance | - -Deterministic codemods carry zero AI risk. AI-generated fixes receive additional validation through the independent evaluation pipeline. Routing between modes is automatic -- no manual configuration. - -## Independent Fix Evaluation - -Every AI-generated fix passes through an independent quality gate before a developer sees it. This is the concrete mechanism behind the 76% merge rate. - -**Separate inference call, not self-critique.** The evaluator runs as a structurally independent inference call -- separate context window, separate system prompt, separate scoring rubric -- not the same process that generated the fix. This prevents the "grading your own homework" failure mode that undermines single-pass AI systems. - -**Three-dimension rubric:** - -| Dimension | What It Checks | Why It Matters | -| ----------------- | ----------------------------------------------------------------- | ----------------------------------------------------------- | -| **Safety** | No breaking changes, no regressions, no unintended side effects | Prevents the fix from creating new problems | -| **Effectiveness** | Correctly resolves the security vulnerability | Prevents cosmetic changes that leave the vulnerability open | -| **Cleanliness** | Proper formatting, no extraneous changes, preserves existing code | Prevents unnecessary diff noise that frustrates reviewers | - -**All three dimensions must pass.** This is not an aggregate score where a dangerous fix slides through because it scored well on formatting. A fix that fails Safety is rejected regardless of Effectiveness and Cleanliness scores. - -**Structured feedback loop:** Fixes that fail evaluation receive specific reasoning and suggestions. The generator uses this feedback to produce a better fix. If a fix still cannot pass after retries, it is suppressed entirely -- with an explanation logged for debugging. The developer never sees a fix that failed the gate. - -**Quality scores are visible.** When a fix passes evaluation and reaches the PR, the Safety, Effectiveness, and Cleanliness scores are included. Transparency builds trust over time. - -## Your Existing Gates Still Apply - -Fix evaluation is additional validation that happens before the PR reaches your existing quality controls. Pixee does not replace your gates -- it adds layers in front of them. - -**What happens after Pixee creates the PR:** - -1. **Code review** by the development team -- the same review process you apply to human-written code -2. **CI/CD pipeline execution** -- tests, builds, and any other automated checks you have configured -3. **SAST re-scanning** by the same tools that found the original vulnerability -- if the fix introduces new findings, they appear in the PR -4. **Branch protection rules** and merge requirements you have configured - -Every Pixee change flows through your full approval pipeline. There is no mode, setting, or override that allows Pixee to commit directly to a branch. PR-only delivery is an architectural constraint, not an optional configuration. - -Pixee does not replace your quality gates -- it adds validation layers before changes reach your existing review process. - -## The 76% Merge Rate in Context - -This number is measured merge behavior on production pull requests. It reflects developer trust -- engineers review the fix and choose to merge it. - -**What it means:** Three out of four Pixee-authored fixes are accepted by development teams after human review. - -**What it does not mean:** That 24% of fixes are harmful. Rejected fixes include cases where developers had a different preferred approach, the fix was correct but the team chose to address the issue differently, or the finding was deprioritized. A rejected PR has zero impact -- closing it discards the change. - -**Why this number is trustworthy:** It reflects the combined output of deterministic reliability on common patterns (zero variance) plus validated AI generation on complex ones (independent evaluation gate). Fixes that cannot pass quality standards are suppressed before they reach a PR, so the 76% measures developer acceptance of pre-validated fixes -- not raw AI output. - -## Narrow Scope, Lower Risk - -Pixee fixes SAST-identified security issues. The typical fix is 1-5 lines of code adding input validation, parameterized queries, or safe API calls. - -**What Pixee does:** Applies established OWASP/SANS remediation patterns to known vulnerability types. - -**What Pixee does not do:** Write features. Generate business logic. Create new functionality. Refactor architectures. Perform open-ended code completion. - -Security controls do not alter legitimate application behavior -- they block attacker traffic only. This narrow scope makes both independent evaluation and human review tractable. - -## Rollback and Reversibility - -- **Standard git revert.** Every Pixee change is a normal Git commit within a pull request. Standard git revert undoes any merged change. No special tooling required. -- **Full traceability.** All fixes are stored in Git history with complete context about what vulnerability was addressed and why the specific remediation was chosen. -- **No lock-in dependency.** If Pixee were removed entirely, all previously merged fixes remain as standard code in the repository. There is no runtime dependency on Pixee for merged code. -- **Pre-merge rejection is trivial.** Closing a PR without merging discards the proposed change with zero impact on the codebase. - -## Audit Defensibility - -For regulated industries, every Pixee fix creates a defensible audit record: - -- Typed triage verdict (true positive, false positive, won't fix, suspicious) with code-level evidence -- Fix quality scores (Safety, Effectiveness, Cleanliness) on every PR -- Full Git history showing what changed, when, and why -- SAST re-scanning confirmation that the fix does not introduce new findings -- Developer approval recorded in the merge event - -Compliance teams reviewing automated code changes need to see that the change was validated by independent evaluation, reviewed by a human, tested by CI/CD, and re-scanned by the same tools that found the original issue. Pixee's pipeline provides all four. - -## Frequently Asked Questions - -### Does automated remediation break existing code? - -Pixee uses multiple independent validation layers to prevent breaking changes. Most fixes come from deterministic codemods with zero AI variance. AI-generated fixes pass independent evaluation scoring Safety, Effectiveness, and Cleanliness. Every change ships as a PR through your existing code review, CI/CD, and SAST re-scanning gates. Fixes that cannot pass quality standards are suppressed before developers see them. - -### What happens if an automated fix introduces a bug? - -Every Pixee change is a standard Git commit within a pull request. Standard git revert undoes any merged change -- no special tooling needed. Fixes are typically 1-5 lines, making review straightforward. There is no runtime dependency on Pixee for merged code, and closing a PR before merge discards the change with zero impact. - -### How accurate are AI-generated security fixes? - -Pixee achieves a 76% merge rate on production PRs -- three out of four fixes are accepted by development teams after human review. Many fixes use deterministic codemods with zero AI variance. AI-generated fixes pass an independent evaluation gate scoring Safety, Effectiveness, and Cleanliness. Fixes that cannot pass quality standards are suppressed, never shipped to developers. - -### Is automated vulnerability remediation safe for production code? - -Yes. Pixee's fixes are narrow-scope security changes (1-5 lines) applying established OWASP/SANS patterns, not general-purpose code generation. They pass multi-layer validation before reaching a PR, and your existing CI/CD, SAST re-scanning, and code review gates all apply. The PR-only delivery model is an architectural constraint -- there is no mode that allows direct commits. - -### What is the confidence level on these fixes? - -Every fix includes quality scores visible on the PR. Fixes must pass a three-dimension rubric (Safety, Effectiveness, Cleanliness) via an independent evaluation process before reaching developers. All three dimensions must pass independently -- a dangerous fix cannot slide through on aggregate scoring. Fixes that cannot meet standards after retries are suppressed with an explanation. diff --git a/docs/how-it-works/sca-pipeline.md b/docs/how-it-works/sca-pipeline.md deleted file mode 100644 index 70bd68fa..00000000 --- a/docs/how-it-works/sca-pipeline.md +++ /dev/null @@ -1,116 +0,0 @@ ---- -title: SCA Pipeline -slug: /how-it-works/sca-pipeline -track: both -content_type: guide -seo_title: "How the SCA Pipeline Works | Dependency Vulnerability Fix" -description: How Pixee verifies CVE exploitability in your codebase and delivers atomic dependency upgrade PRs with code-level fixes. -sidebar_position: 4 ---- - -Pixee's SCA pipeline determines whether flagged CVEs are actually exploitable in your specific codebase, then delivers atomic dependency upgrade PRs that include both manifest version bumps and downstream source-file refactoring. The pipeline combines external CVE research with internal code analysis to produce evidence-based classifications -- not just version matching. Confirmed vulnerabilities get coordinated fixes across Python, Java, JavaScript, and .NET manifests, with fix evaluation before any PR is created. - -SCA findings flow through the same co-equal triage and remediation pipeline that handles SAST findings. Pixee applies the same exploitability analysis and fix generation methodology to third-party dependency vulnerabilities that it applies to first-party code findings. - -## How the SCA Pipeline Works End to End - -1. **SCA scanner** (Snyk, Trivy, or any SARIF-producing tool) flags a CVE in a dependency -2. **CVE research** -- gathers CVE details, changelogs, patches, and release notes to identify the specific conditions required for exploitation -3. **Verification cache lookup** -- checks whether this CVE+dependency combination has already been verified, avoiding redundant analysis -4. **Triage synthesis** -- combines external CVE research with internal code analysis, secure coding guidelines, historical triage decisions, and cross-tool context -5. **Classification output** -- Exploitable or Not Exploitable, with evidence, context-adjusted severity, and a transparent verification report -6. **Dependency remediation** (if exploitable) -- identifies the target version, locates the manifest file, coordinates source-file refactoring, and evaluates the fix -7. **Atomic PR** -- manifest bump plus source-file changes in a single reviewable diff - -## CVE Exploitability Verification - -Pixee determines whether a flagged CVE can actually be triggered in your code, rather than only checking whether a vulnerable version is present. - -**How it works:** - -**External research.** The system gathers CVE details, changelogs, patches, and release notes to identify the specific exploitation conditions -- for example, "requires WebFlux, Spring static resource handling, and a non-permitAll security rule." - -**Internal analysis.** The system examines how the library is actually used in your code: which APIs are called, which configurations are active, and whether attacker-controlled input can reach the vulnerable function. - -**Evidence-based classification.** Each verdict includes: - -- The specific conditions the CVE requires -- Analysis of each condition against your code -- Code snippets demonstrating why conditions are or are not met -- A defensible conclusion (e.g., "2 of 3 conditions are not met") - -The following table summarizes the three approaches to SCA analysis: - -| Approach | What It Tells You | What It Misses | -| --------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | -| **Version matching** (legacy SCA) | "This dependency version has a known CVE" | Whether anyone calls the vulnerable function, whether exploitation conditions are met, whether security controls mitigate the risk | -| **Basic reachability** | "The vulnerable function is reachable from your code" | Exploitation preconditions, input validation, configuration states | -| **Exploitability verification** (Pixee) | "This CVE requires conditions X, Y, Z. Your code meets/does not meet each one. Here is the evidence." | -- | - -## Verification Cache - -Verified CVE+dependency combinations are cached for reuse across repositories. Organizations with many repositories sharing common dependencies verify once, not N times. - -- Significant cost reduction for repeated CVE analysis -- the same library-CVE pair analyzed once accelerates every subsequent encounter -- Cache remains valid until CVE data or dependency context changes -- Particularly valuable for large enterprises where dozens of repositories import the same libraries - -## Transitive Dependency Handling - -Transitive dependencies require chain analysis. A vulnerability four layers deep through an unused code path carries different risk than a direct exposure. - -Pixee traces the full dependency chain from the application root through every intermediate library to the vulnerable package: - -- **TID (Taint Introducing Dependency):** The direct dependency in your manifest that begins the chain to the vulnerable transitive dependency. This tells developers exactly which dependency to upgrade. -- **TCD (Taint Consuming Dependency):** The package that actually contains the vulnerable code. -- **Severity calibration by depth and usage:** Risk is adjusted based on the depth and nature of the dependency chain. A vulnerability in a direct dependency with proven reachability is higher risk than the same CVE four layers deep through an unused code path. -- **Blast radius analysis:** When multiple taint-initiating dependencies lead to the same vulnerable transitive dependency, Pixee surfaces the combined blast radius. - -This matters because developers need to know which direct dependency to upgrade in their manifest to resolve a transitive vulnerability. Pixee provides that answer directly. - -## Dependency Remediation - -When an SCA finding is confirmed as exploitable, Pixee generates a justified upgrade -- not a blind version bump. - -**Multi-manifest support:** - -| Language | Supported Manifests | -| -------------- | -------------------------------------------------------------- | -| **Python** | requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg | -| **Java** | pom.xml, build.gradle | -| **JavaScript** | package.json | -| **.NET** | .csproj, packages.config | - -**How the fix pipeline works for SCA:** - -- **Justified upgrades only.** The system only bumps a version when a verified vulnerability and exploitable path justify the change. No blind version bumping. -- **Version selection with compatibility analysis.** Not "upgrade to latest." The system uses framework compatibility, runtime constraints, and historical upgrade patterns to select the right version. -- **Atomic PRs.** A single PR contains the manifest bump AND downstream source-file changes the upgrade requires. No "upgrade succeeded, tests broken" half-states. -- **Fix evaluation.** The same three-dimension rubric (Safety, Effectiveness, Cleanliness) that validates SAST fixes also validates dependency upgrades before PR creation. - -## Cross-Tool Intelligence - -The SCA pipeline benefits from Pixee's unified platform architecture. SAST and SCA findings share context and inform each other: - -| Intelligence Source | What It Provides | -| ------------------------------- | ----------------------------------------------------------------------------------------------------------------- | -| **SAST results** | Inform SCA risk scoring -- a dependency vulnerability in code that also has SAST findings carries compounded risk | -| **Historical triage decisions** | Prevent re-triaging the same CVEs across repositories | -| **Secure coding guidelines** | Team preferences in natural language enrich SCA analysis | -| **GitHub PRs and Jira tickets** | Previous SCA upgrade context provides upgrade history | - -Because SAST and SCA findings share context in the same pipeline, cross-tool signals are available during analysis. - -## Frequently Asked Questions - -### What is reachability analysis for SCA findings? - -Basic reachability checks whether a vulnerable function in a dependency is reachable from your code. Pixee goes further with exploitability analysis -- determining whether the specific conditions required to trigger the CVE are actually met in your codebase, including data flow analysis and exploitation precondition verification. Each classification includes transparent evidence showing which conditions are met and which are not. - -### How does Pixee handle transitive dependencies? - -Pixee traces the full dependency chain from your application through every intermediate library to the vulnerable package. It identifies exactly which direct dependency in your manifest to upgrade (TID -- Taint Introducing Dependency) and coordinates the manifest change with downstream source-file refactoring in a single atomic PR. Severity is calibrated based on dependency depth and actual usage patterns. - -### Does Pixee just bump dependency versions? - -No. Pixee only upgrades when a verified vulnerability justifies the change. Each upgrade PR includes both the manifest version bump and any downstream source-file changes the upgrade requires. Fix evaluation validates the complete change before creating the PR. Version selection considers framework compatibility and historical upgrade patterns, not just "latest available." diff --git a/docs/how-it-works/scanner-integration.md b/docs/how-it-works/scanner-integration.md deleted file mode 100644 index 05d58e68..00000000 --- a/docs/how-it-works/scanner-integration.md +++ /dev/null @@ -1,129 +0,0 @@ ---- -title: Scanner Integration -slug: /how-it-works/scanner-integration -track: both -content_type: guide -seo_title: "How Scanner Integration Works | 12+ Native Scanners" -description: How Pixee ingests findings from 12 natively integrated scanners and any SARIF-producing tool. Two-tier integration architecture and metadata extraction. -sidebar_position: 5 ---- - -Pixee integrates with 12 natively supported scanners and any SARIF-producing tool through a two-tier architecture. Dedicated handlers extract scanner-specific metadata from tools like CodeQL, Semgrep, and Checkmarx for maximum triage accuracy. Universal SARIF ingestion handles everything else -- including proprietary and internal scanners -- with zero pre-built integration required. Findings from all scanners flow into the same triage and remediation pipeline, so heterogeneous scanner stacks get unified resolution through one platform. - -Pixee does not replace your scanners. It sits downstream of them. Your existing SAST tools continue to scan your code exactly as they do today. Pixee consumes each tool's output, triages every finding, and delivers remediation as pull requests for confirmed vulnerabilities. - -## Two-Tier Integration Architecture - -**Tier 1 -- Native (Dedicated) Handlers.** For the most widely deployed SAST tools, Pixee has dedicated handlers that extract scanner-specific metadata. Each handler understands the idiosyncrasies of that tool's SARIF output -- where rule descriptions live, whether dataflow traces are available, and what metadata the scanner includes or omits. Richer metadata extraction means higher triage accuracy. - -**Tier 2 -- Universal SARIF Ingestion.** For any scanner that produces SARIF output (the OASIS open standard for static analysis results), Pixee ingests findings automatically. No pre-built integration required. The system dynamically adapts its handling strategy based on whatever metadata the SARIF contains. - -Both tiers feed into the same downstream [triage](/how-it-works/triage-engine) and [remediation](/how-it-works/fix-generation) pipeline. The dedicated handlers provide richer context where available; the universal path ensures nothing is locked out. - -## Deep Scanner Integrations - -### CodeQL (GitHub Advanced Security) - -CodeQL is a deep integration with dedicated SARIF parsing that extracts the full richness of CodeQL output: - -- Extracts **codeFlows** -- multi-step source-to-sink dataflow traces that give the triage engine full dataflow context, not just the final finding location -- Handles CodeQL's non-standard SARIF behavior where rule metadata is stored on `tool.extensions` rather than `driver` -- Extracts `help.markdown` from rule metadata for rich vulnerability descriptions -- Pre-configured handlers for common CodeQL rules - -CodeQL is commonly used via GitHub Advanced Security. Pixee triages CodeQL findings through the same pipeline as all other scanners. - -### Semgrep - -Dedicated handler with Semgrep-specific metadata extraction: - -- Extracts `fullDescription.text` for rule explanations used in triage context -- Supports both Semgrep OSS and Semgrep Pro rule output - -Supports both Semgrep OSS and Semgrep Pro rule output. Findings are classified with structured justification. - -### Checkmarx - -Dedicated handler with an adaptive strategy for metadata-poor SARIF: - -- Compensates for Checkmarx's sparse SARIF output (minimal rule descriptions, no codeFlows) -- Uses a rule-ID-only prompting strategy that routes findings to the adaptive triage pipeline, which re-derives context directly from the codebase -- Includes 3 Checkmarx-specific remediation codemods (SQL parameterization for .NET and JavaScript, NoSQL parameterization for JavaScript) - -Checkmarx SARIF exports contain minimal metadata. Pixee's handler compensates for the metadata gap by re-deriving context from the codebase. - -## Standard Scanner Integrations - -| Scanner | Status | Integration Method | -| -------------------------- | ------ | ----------------------------------------------------------- | -| **Veracode** | GA | SARIF pipeline with tool-specific identification | -| **Snyk Code** | GA | SARIF pipeline with MagicMod dispatcher support | -| **SonarQube / SonarCloud** | GA | SARIF pipeline with dedicated prompt builders | -| **HCL AppScan** | GA | SARIF ingestion pipeline | -| **Polaris (Synopsys)** | GA | SARIF ingestion pipeline | -| **GitLab SAST** | GA | SARIF pipeline with dedicated namespace | -| **Trivy** | GA | SARIF pipeline with MagicMod dispatcher support | -| **DefectDojo** | GA | SARIF pipeline (aggregates findings from multiple scanners) | - -All 12 named scanners are GA. See individual scanner integration pages for per-tool setup guides and full capability details. - -## Universal SARIF Support - -Any scanner that produces SARIF output works with Pixee -- no pre-built integration required. - -**SARIF** (Static Analysis Results Interchange Format) is the OASIS open standard for static analysis results. Most modern SAST, SCA, and secret-scanning tools produce SARIF output natively or via converters. - -**What this means for your organization:** - -- Internal and proprietary scanners that output SARIF work out of the box -- New commercial scanners are supported on day one if they produce SARIF -- You are never locked to a specific tool list -- The system dynamically adapts its handling strategy based on available metadata -- Resilient processing degrades gracefully on malformed or novel tool output - -**Key principle:** Bring whatever you have that outputs SARIF. Pixee handles it. - -## What Metadata Matters - -Triage accuracy scales with the richness of metadata each scanner includes in its SARIF output. Pixee adapts its strategy based on what is available: - -| Metadata Type | Which Scanners Provide It | How Pixee Uses It | -| ----------------------------------- | ------------------------------------------------------ | ------------------------------------------------------------------------------------------------ | -| **codeFlows** (dataflow paths) | CodeQL (multi-step source-to-sink) | Full dataflow context for triage -- traces from source to sink, not just the final location | -| **Rule descriptions** | Semgrep (fullDescription.text), CodeQL (help.markdown) | Enriches triage context with rule semantics and vulnerability explanation | -| **Severity ratings** | Most scanners | Input to context-aware severity adjustment (may be upgraded or downgraded based on code context) | -| **Language tags** | Most scanners | Routes to language-specific codemods and analysis strategies | -| **Rule ID only** (minimal metadata) | Checkmarx, some internal tools | Triggers adaptive triage that re-derives context from the codebase | - -Rich-metadata scanners get deep extraction. Sparse-metadata scanners get compensatory strategies. No scanner is left behind. - -## Platform Integrations - -| Platform | SARIF Ingestion | Native CodeQL/GHAS | Notes | -| ---------------- | --------------- | ------------------ | -------------------------------------------- | -| **GitHub** | Full support | Deep integration | CodeQL findings via GHAS API or SARIF upload | -| **GitLab** | Full support | Via SARIF upload | GitLab SAST has dedicated namespace | -| **Azure DevOps** | Full support | Via SARIF upload | Standard SARIF pipeline | -| **Bitbucket** | Full support | Via SARIF upload | Standard SARIF pipeline | - -All scanner integrations are available across SaaS and Enterprise Server deployment models. - -**[See all integrations](/integrations/overview)** | [Platform architecture](/platform/architecture) - -## Frequently Asked Questions - -### What scanners does Pixee support? - -Pixee natively integrates with 12 scanners: CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, GitLab SAST, Trivy, and DefectDojo. Any additional scanner that produces SARIF output works automatically through universal SARIF ingestion -- including proprietary and internal tools. - -### Does Pixee support SARIF format? - -Yes. Pixee's universal SARIF engine processes any SARIF-conforming output, including from proprietary and internal scanners. No pre-built integration is required. SARIF is the OASIS open standard for static analysis results, and most modern security tools produce it natively or via converters. - -### Can I use Pixee with multiple scanners at the same time? - -Yes. Findings from all connected scanners flow through the same triage and remediation pipeline. - -### Does this lock me into Pixee's ecosystem? - -No. Pixee sits downstream of your existing scanners -- it does not replace them. Your detection tools continue running exactly as they do today. Pixee adds triage and remediation on top. If you remove Pixee, your scanners, your code, and all previously merged fixes remain intact. The scanner-agnostic architecture means you can change your detection stack at any time without affecting the resolution layer. diff --git a/docs/how-it-works/triage-engine.md b/docs/how-it-works/triage-engine.md deleted file mode 100644 index ca4486c2..00000000 --- a/docs/how-it-works/triage-engine.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -title: Triage Engine -slug: /how-it-works/triage-engine -track: both -content_type: guide -seo_title: "How the Triage Engine Works | Pixee Technical Guide" -description: "Three-tier progressive triage architecture: deterministic analysis, agentic investigation, and adaptive analyzer generation." -sidebar_position: 1 ---- - -Pixee's triage engine routes every vulnerability finding through a three-tier progressive architecture that applies the cheapest sufficient intelligence to each finding. Tier 1 uses 15+ deterministic analyzers for sub-second verdicts with zero LLM cost. Tier 2 deploys AI agents that dynamically investigate the codebase. Tier 3 generates custom analyzers on the fly for novel vulnerability types and caches them for reuse. The result: up to 95% false positive reduction with structured, auditable evidence on every verdict. - -Triage is one of two co-equal capabilities in Pixee's Agentic Security Engineering Platform. The other is [Remediation Automation](/how-it-works/fix-generation), which generates validated code fixes for confirmed vulnerabilities. Together they close the loop from "scanner found something" to "vulnerability is fixed." - -## How Triage Works End to End - -Every finding follows the same pipeline regardless of which scanner produced it. The system routes automatically based on finding characteristics and confidence signals -- no customer configuration required. - -**Progressive fallback flow:** - -1. **Finding arrives** from any SARIF-producing scanner via one of 12 native scanner integrations -2. **Tier 1 attempt** -- the system checks for a matching deterministic analyzer. If one exists and reaches a high-confidence verdict, triage completes in sub-second time -3. **Tier 2 escalation** -- if Tier 1 lacks a matching analyzer or yields insufficient confidence, the finding routes to AI-powered investigation -4. **Tier 3 escalation** -- if agentic investigation cannot resolve the finding (typically a novel rule type), the adaptive tier generates a custom analyzer on the fly -5. **Structured verdict** -- regardless of which tier resolved it, every finding exits with the same outcome format: typed status, adjusted severity, justification, code evidence, and confidence score - -A single pipeline handles findings from all SARIF-producing scanners. A [context-aware intelligence layer](/how-it-works/context-intelligence) enriches every tier with dataflow quality assessment, production vs. test classification, and security control detection. - -## Tier 1 -- Deterministic Analysis - -Tier 1 runs 15+ structured analyzers for common vulnerability classes. These produce sub-second, reproducible verdicts without invoking an LLM. - -**Vulnerability classes covered:** SQL injection, XSS, command injection, path traversal, and 12+ additional common SAST vulnerability types. Each has a dedicated analyzer with class-specific logic. - -**Why deterministic matters:** - -- **Sub-second latency.** No LLM call means no inference cost and no wait. This is the fastest path through the system. -- **Reproducible.** Same input always produces the same output. Compliance teams and auditors require deterministic, auditable results -- Tier 1 delivers exactly that. -- **High-confidence patterns only.** Tier 1 handles the vulnerability classes where deterministic analysis is reliable. These common patterns make up the bulk of scanner noise. When a pattern is ambiguous, the finding falls through to Tier 2. - -Most findings resolve at Tier 1. This means the majority of triage volume incurs zero LLM cost and completes in under one second. - -## Tier 2 -- Agentic Investigation - -When deterministic rules cannot reach a high-confidence verdict, an AI agent dynamically investigates the finding. This happens with novel frameworks, custom security controls, or context-dependent patterns that do not match a known template. - -**How it works:** The agent runs a reasoning-and-acting loop -- observe the finding, select an investigative tool (code search, dataflow tracing, security-control detection), execute it, evaluate the result, and iterate until sufficient evidence exists to emit a verdict. - -**What it adds over Tier 1:** - -- **Dynamic investigation.** Instead of matching against pre-built patterns, the agent explores the codebase the way a senior security engineer would -- following dataflow, checking for sanitizers, verifying framework protections. -- **Readable investigation trail.** The agent produces a step-by-step reasoning trace: "Searched for the sanitizer, found it on line X, it validates input type Y, therefore this is a false positive." This trail is the artifact that makes triage auditable and defensible. -- **No pre-configuration required.** The agentic tier adapts to whatever codebase it encounters. No per-framework setup, no rule tuning, no onboarding configuration. - -Every Tier 2 verdict includes the full investigation trail -- every code search, every control check, and the reasoning chain that led to the conclusion. - -## Tier 3 -- Adaptive Analysis - -Tier 3 handles the long tail: vulnerability types the system has never encountered before. When a finding reaches Tier 3, the system generates a custom triage analyzer on the fly, then caches it so subsequent findings with the same rule skip the generation step. - -**When it kicks in:** Proprietary SAST tools, custom Semgrep rules, internal CodeQL queries, or niche scanners that produce rules outside of standard vulnerability taxonomies. - -**How it works:** A multi-stage workflow analyzes the unknown rule's semantics and the finding's context, generates a custom triage analyzer tailored to that specific rule type, runs the generated analyzer against the finding, emits a verdict with justification, and caches the analyzer for future reuse. - -**Why this matters:** - -- **Self-extending.** Every novel rule type the system encounters becomes a cached analyzer. Coverage grows automatically as customers connect new scanners. -- **Zero manual configuration.** Customers running heterogeneous scanner stacks (CodeQL + Semgrep + internal custom rules) get triage coverage across all of them without requesting vendor integrations. -- **Handles the true long tail.** While Tier 1 covers common patterns and Tier 2 investigates ambiguous cases, Tier 3 handles the genuinely novel. - -## Comparing the Three Tiers - -| Dimension | Tier 1: Deterministic | Tier 2: Agentic | Tier 3: Adaptive | -| ----------------- | --------------------------------- | ------------------------------- | --------------------------------------------------- | -| **Speed** | Sub-second | Seconds to minutes | Minutes (first encounter), near-Tier-2 on cache hit | -| **LLM cost** | Zero | Per-finding inference | Per-finding generation (first), zero on cache hit | -| **Coverage** | 15+ common vulnerability classes | Any finding in known categories | Any SARIF rule, including never-before-seen types | -| **Auditability** | Fully deterministic, reproducible | Readable investigation trail | Generated analyzer + verdict justification | -| **Configuration** | None | None | None | - -## Context-Aware Intelligence - -A shared intelligence layer enriches all three tiers with codebase context. - -**Context signals evaluated on every finding:** - -- **Dataflow quality** -- classified on a four-tier scale: strong multi-file, strong single-file, weak, and single-location. Higher dataflow quality increases confidence in true positive verdicts. Weak evidence can downgrade findings that basic reachability would flag as critical. -- **Production vs. test classification** -- a SQL injection in a production API endpoint is critical. The same pattern in a test fixture is not. The system identifies code context and adjusts severity accordingly. -- **Security control detection** -- sanitizers, validators, and framework-specific protections between source and sink are identified and factored into the verdict. This is the difference between "reachable" and "reachable but the input is sanitized before it arrives." -- **Intentionally-vulnerable project filtering** -- demo applications, CTF challenges, and security training repositories generate permanent scanner noise. The system detects these projects and removes them from the triage pipeline. -- **Severity adjustment** -- when context signals indicate real-world risk differs from raw scanner severity, the system adjusts up or down, with a full audit trail showing why. - -For the full technical detail on context analysis, see [Context and Intelligence](/how-it-works/context-intelligence). - -## Triage Outcomes - -Every triage verdict is a structured, machine-processable artifact. Every decision includes the evidence that drove it. - -| Status | Meaning | Recommended Action | -| ------------------ | ----------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------- | -| **True Positive** | The finding is a real, exploitable vulnerability in this code context | Escalate for remediation -- Pixee can generate a fix automatically, or flag for human review | -| **False Positive** | The scanner fired on a pattern that is not exploitable in this context | Suppress from developer view; remove from backlog noise | -| **Won't Fix** | Technically real but not worth fixing given the context (test code, acceptable risk, compensating controls) | Deprioritize; document the rationale for auditors | -| **Suspicious** | Insufficient evidence for a definitive verdict | Route to a security engineer for manual assessment with the available evidence | - -**What ships with every verdict:** - -- Typed status (one of the four above, not a numeric score) -- Adjusted severity based on context signals -- Justification prose explaining why this verdict was reached -- Code snippets showing the specific evidence (sanitizer location, dataflow path, framework control) -- Confidence score -- Investigation trail (Tier 2 and Tier 3 verdicts) - -**Override capability.** Security engineers can disagree with a verdict and override it. The full evidence is visible, so overrides are informed decisions rather than blind overrules. - -**Machine-processable for downstream systems.** Typed statuses (not freeform text) mean dashboards, workflows, and SLA tracking tools can consume verdicts programmatically. - -## Triage and Remediation: Closing the Loop - -When the triage engine classifies a finding as a true positive, the finding flows directly into Pixee's [fix generation pipeline](/how-it-works/fix-generation). Triage determines what is real. Remediation fixes what is real. Neither capability works at full value without the other. - -Auditable triage verdicts support compliance requirements. Structured investigation trails replace manual finding review. Fixes arrive as pull requests in GitHub, GitLab, Azure DevOps, or Bitbucket. See [Fix Safety](/how-it-works/fix-safety) for merge rate data. - -## Frequently Asked Questions - -### How does automated vulnerability triage reduce false positives? - -Pixee routes each finding through a three-tier system. Tier 1 applies deterministic rules for known patterns. Tier 2 uses AI agents to dynamically investigate the codebase. Tier 3 generates custom analyzers for novel rules. Each tier evaluates exploitability in context -- checking dataflow paths, security controls, and production vs. test classification -- to separate real threats from noise. The result is up to 95% false positive reduction across supported scanners. Results vary by workload composition. Known vulnerability patterns handled by deterministic analyzers see the highest reduction rates. Mixed workloads that include novel patterns and custom scanner rules typically see 70-80% reduction as the baseline, with 95% achievable on well-characterized vulnerability classes. - -### What is exploitability analysis in application security? - -Exploitability analysis determines whether a scanner-reported vulnerability can actually be triggered in a specific codebase. It goes beyond reachability to assess dataflow quality, security control presence, code deployment context, and the strength of evidence supporting an attack path. Pixee evaluates all of these dimensions on every finding, producing auditable verdicts with code-level evidence. - -### How do I reduce SAST false positives? - -Pixee's triage engine reduces SAST false positives by up to 95% through three mechanisms: deterministic pattern analysis for known vulnerability types, AI-powered investigation for ambiguous cases, and context-aware intelligence that factors in security controls, dataflow quality, and production vs. test classification. Every suppressed finding includes a structured justification for audit defensibility. - -### Does the triage system handle custom scanner rules? - -Yes. Tier 3 adaptive analysis generates custom triage analyzers on the fly for any rule the system has not encountered before -- including proprietary scanners, custom Semgrep rules, and internal CodeQL queries. Generated analyzers are cached so subsequent findings with the same rule resolve at near-Tier-2 speed. The system's coverage grows automatically as customers connect new scanners. - -### How do I know the triage classification is accurate? - -Every verdict includes structured evidence: the typed status, justification prose, code snippets showing the specific signals that drove the decision, and a confidence score. Tier 2 and Tier 3 verdicts include a full investigation trail showing every search and reasoning step. Security engineers can review this evidence and override any verdict they disagree with. Your existing SAST re-scanning also applies to validated fixes, closing the verification loop. diff --git a/docs/getting-started/ci-cd.md b/docs/integrations/ci-cd.md similarity index 87% rename from docs/getting-started/ci-cd.md rename to docs/integrations/ci-cd.md index 2ec24cbf..de79c97b 100644 --- a/docs/getting-started/ci-cd.md +++ b/docs/integrations/ci-cd.md @@ -1,6 +1,6 @@ --- title: CI/CD Integration -slug: /getting-started/ci-cd +slug: /integrations/ci-cd track: dev content_type: tutorial seo_title: "Pixee CI/CD Integration | Automated Security Fixes in Your Pipeline" @@ -179,7 +179,7 @@ Pixee does not require a specific CI system. As long as the scanner can run _som Two common patterns: 1. **Scanner writes to the SCM's code-scanning surface.** A Jenkins job runs the scanner, then uploads SARIF to GitHub Code Scanning / GitLab Security Dashboard / etc. via that platform's API. Pixee picks up the findings through the SCM integration. -2. **Scripted upload to Pixee.** A pipeline step uploads SARIF directly to the Pixee API. The [Pixee CLI](/getting-started/cli)'s `pixee api` subcommand can POST a SARIF body, or you can use any HTTP client. +2. **Scripted upload to Pixee.** A pipeline step uploads SARIF directly to the Pixee API. The [Pixee CLI](/api/cli)'s `pixee api` subcommand can POST a SARIF body, or you can use any HTTP client. ```bash # Example: upload SARIF directly to Pixee using the CLI in any CI environment. @@ -194,15 +194,15 @@ pixee api /api/v1/scans \ Discover the exact upload endpoint for your deployment via HAL link traversal: `pixee api /api/v1` lists the available resources, and each resource's `_links` lead to its upload routes. -**Prerequisites:** A Pixee API token (`PIXEE_TOKEN`) and the deployment URL (`PIXEE_SERVER`). For background on the CLI, see [Pixee CLI](/getting-started/cli). +**Prerequisites:** A Pixee API token (`PIXEE_TOKEN`) and the deployment URL (`PIXEE_SERVER`). For background on the CLI, see [Pixee CLI](/api/cli). ## Scanner Result Ingestion Pixee accepts scanner results through three paths: 1. **SCM-native APIs.** GitHub Code Scanning, GitLab vulnerability reports, Azure DevOps Code Scanning, Bitbucket reports. Pixee reads findings through the SCM integration. -2. **Direct SARIF upload to Pixee.** Use the [Pixee CLI](/getting-started/cli) (`pixee api`) or an HTTP client. Useful when your CI system doesn't have a clean upload path to the SCM. -3. **Native scanner integrations.** For 13 named scanners (CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy) Pixee uses dedicated handlers that extract scanner-specific metadata for richer triage. See the per-scanner pages under [Integrations](/integrations/overview). +2. **Direct SARIF upload to Pixee.** Use the [Pixee CLI](/api/cli) (`pixee api`) or an HTTP client. Useful when your CI system doesn't have a clean upload path to the SCM. +3. **Native scanner integrations.** For 13 named scanners (CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy) Pixee uses dedicated handlers that extract scanner-specific metadata for richer triage. See the per-scanner pages under [Integrations](/integrations/integrations-overview). **Universal SARIF.** Any SARIF 2.1.0–producing scanner works through the universal SARIF integration. See [Universal SARIF Integration](/integrations/sarif-universal). @@ -214,26 +214,5 @@ Pixee accepts scanner results through three paths: **Fix PRs not appearing.** Check that the Pixee integration has write access to the target repository. For GitHub, the App needs `pull_requests: write`. Fix generation is asynchronous — allow a few minutes after findings are ingested. -**`pixee api` returns exit code 2.** Authentication failed. Run `pixee auth status` to confirm the configured server and token, or reset both with `pixee auth login`. See [Pixee CLI](/getting-started/cli) for credential resolution rules. +**`pixee api` returns exit code 2.** Authentication failed. Run `pixee auth status` to confirm the configured server and token, or reset both with `pixee auth login`. See [Pixee CLI](/api/cli) for credential resolution rules. -## Frequently Asked Questions - -### Does adding Pixee require a new pipeline step? - -Not always. If your scanner writes to the SCM's code-scanning surface (GHAS, GitLab vulnerability reports, etc.), Pixee ingests findings through the SCM integration with no pipeline change. A new step is only required when uploading SARIF directly to Pixee or to the SCM's code-scanning API. - -### Does Pixee slow down my CI/CD pipeline? - -No. Pixee processes findings on the platform asynchronously, not in your pipeline. The pipeline itself sees only the time to invoke any SARIF upload step (seconds), not the time to generate fixes. - -### Does Pixee require code changes to my application? - -No code changes to your application. You configure the SCM integration once; pipeline definition files are unchanged or gain a single SARIF upload step depending on your scanner. - -### Can I control which findings Pixee fixes? - -Yes. Use [PIXEE.yaml](/configuration/pixee-yaml) to configure which finding types, languages, or severity levels Pixee should address. You can also scope fixes to specific directories or exclude paths. - -### Where does the `pixee` CLI fit? - -The CLI is a client for the Pixee REST API — useful for managing workflows, querying scan history, or scripting SARIF uploads. It does not run scanners or generate fixes locally. See [Pixee CLI](/getting-started/cli). diff --git a/docs/integrations/integrations-overview.md b/docs/integrations/integrations-overview.md index 39da4294..455bc09f 100644 --- a/docs/integrations/integrations-overview.md +++ b/docs/integrations/integrations-overview.md @@ -81,24 +81,3 @@ The result: one triage and remediation pipeline across every scanner in your sta - You are never locked to a specific tool list - Adding or removing a scanner from your stack does not require any Pixee configuration changes -## FAQ - -### What scanners does Pixee support? - -Pixee supports 13 named scanners — CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube/SonarCloud, HCL AppScan, Polaris/Black Duck, Fortify, Contrast, GitLab SAST, GitLab SCA (Dependency Scanning), and Trivy — plus DefectDojo as an aggregation platform and any tool that produces SARIF output. See the coverage matrix above for integration-tier details. - -### What SCMs does Pixee support? - -GitHub, GitLab, Azure DevOps, and Bitbucket — including their self-hosted/on-premises variants (GitHub Enterprise Server, self-hosted GitLab, Azure DevOps Server, Bitbucket Server) via Pixee Enterprise Server. - -### Can I use Pixee with multiple scanners at the same time? - -Yes. Pixee's scanner-agnostic architecture processes findings from all your scanners through one unified triage and remediation pipeline. There is no limit on the number of scanners. Findings from every scanner are triaged and remediated through the same workflow. - -### Does Pixee support SARIF format? - -Yes. Any scanner that produces SARIF output works with Pixee automatically, including proprietary and internal tools. SARIF (Static Analysis Results Interchange Format) is the OASIS open standard supported by most modern SAST, SCA, and secret-scanning tools. - -### Do I need to replace my current scanner to use Pixee? - -No. Pixee complements your existing scanners. It sits downstream, consuming their output and delivering triage and remediation. Your existing scanners continue running as configured. diff --git a/docs/integrations/sarif-universal.md b/docs/integrations/sarif-universal.md index a574ccac..afbb2209 100644 --- a/docs/integrations/sarif-universal.md +++ b/docs/integrations/sarif-universal.md @@ -10,7 +10,7 @@ sidebar_position: 2 # Universal SARIF Integration -Pixee's Universal SARIF integration accepts findings from any security scanner that produces SARIF 2.1.0 output. This means you are not limited to Pixee's 12 natively integrated scanners — if your tool can export SARIF, Pixee can triage and remediate its findings. Universal SARIF is how Pixee stays scanner-agnostic: your choice of detection tools is independent of your choice of resolution platform. +Pixee's Universal SARIF integration accepts findings from any security scanner that produces SARIF 2.1.0 output. This means you are not limited to Pixee's 13 natively integrated scanners — if your tool can export SARIF, Pixee can triage and remediate its findings. Universal SARIF is how Pixee stays scanner-agnostic: your choice of detection tools is independent of your choice of resolution platform. This page covers the SARIF format requirements, upload methods, what metadata Pixee extracts, and the differences between Universal SARIF and native integrations. @@ -18,7 +18,7 @@ This page covers the SARIF format requirements, upload methods, what metadata Pi Use Universal SARIF when: -- Your scanner is not in Pixee's [native integration list](/integrations/overview) +- Your scanner is not in Pixee's [native integration list](/integrations/integrations-overview) - You use a proprietary or custom-built scanner - You aggregate findings from multiple tools through a central platform that exports SARIF - You want to evaluate Pixee with a scanner before requesting a native integration @@ -114,20 +114,3 @@ Any scanner producing valid SARIF 2.1.0 output works with Universal SARIF. Scann - Custom scanners with SARIF export - Security platforms with SARIF aggregation (DefectDojo, GitHub Code Scanning, etc.) -## Frequently Asked Questions - -### Can I use any scanner with Pixee? - -Yes, if the scanner produces SARIF 2.1.0 output. Universal SARIF is Pixee's fallback integration that accepts findings from any SARIF-compatible tool. Pixee also has 12 native integrations that provide deeper triage context. - -### What if my scanner does not produce SARIF? - -Some scanners can be configured to output SARIF via plugins or converters. Check your scanner's documentation for SARIF export options. If SARIF export is not available, contact the Pixee team to discuss custom integration options. - -### Is Universal SARIF less accurate than native integrations? - -Triage and fix quality depend on the metadata available in the SARIF file. Native integrations use scanner-specific handlers that extract maximum context. Universal SARIF works with whatever metadata the SARIF contains. If your SARIF includes code flows, rule metadata, and help text, the quality difference is minimal. - -### How do I validate my SARIF file before uploading? - -Use a SARIF validator (the SARIF SDK includes validation tools) to verify your file conforms to the 2.1.0 specification before uploading. Common issues include missing required fields, incorrect schema references, and unsupported SARIF versions. diff --git a/docs/integrations/scanners/appscan.md b/docs/integrations/scanners/appscan.md index 3e0b90f9..7caafda0 100644 --- a/docs/integrations/scanners/appscan.md +++ b/docs/integrations/scanners/appscan.md @@ -60,7 +60,7 @@ Fixes use deterministic codemods and AI-powered MagicMods. - **Basic Auth (recommended)** — username and password for HTTP Basic auth on inbound webhook requests. Configure the username and password in Pixee, then use them when registering the webhooks in AppScan (see below). - **Webhook secret (deprecated)** — a shared secret embedded in the webhook URL path. Supported but not recommended. 4. **Configure two webhooks in AppScan** (see [Webhook Configuration](#webhook-configuration) below) so AppScan notifies Pixee when scans complete and when patch requests are created. -5. **Connect your code repository** to Pixee (GitHub, GitLab, Azure DevOps, or Bitbucket — see [Source Control](/integrations/overview#source-control-coverage)). +5. **Connect your code repository** to Pixee (GitHub, GitLab, Azure DevOps, or Bitbucket — see [Source Control](/integrations/integrations-overview#source-control-coverage)). 6. **Pixee ingests AppScan findings** and processes them through the triage and remediation pipeline. 7. **Review and merge** Pixee-generated PRs in your normal development workflow. @@ -124,18 +124,4 @@ For details on AppScan's webhook API, see HCL's [AppScan Webhook API Documentati - **Framework-protected patterns:** Findings in code protected by application framework security controls that AppScan's static analysis cannot resolve - **Duplicate findings across SAST and DAST:** When teams use both AppScan SAST and DAST, the same vulnerability may appear from both testing methods; Pixee's unified pipeline helps deduplicate -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. - -## FAQ - -### Does Pixee work with AppScan Source, AppScan Enterprise, and AppScan on Cloud? - -Pixee's AppScan integration works with SAST findings from any AppScan deployment model. The dedicated handler processes AppScan's SARIF output regardless of whether the scan originated from on-premises or cloud-hosted AppScan. - -### What is the custom code flow mapper? - -AppScan structures its SARIF trace information differently from most scanners. Pixee's dedicated handler translates AppScan's trace format into the structure the triage engine expects, preserving data flow context that is critical for accurate triage. Without this translation, multi-step data flow findings could not be triaged accurately. - -### Does Pixee handle AppScan DAST findings? - -Pixee's primary integration with AppScan focuses on SAST findings, where code-level triage and remediation are most applicable. DAST findings that map to code-level issues may also be processed through the pipeline. +See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/checkmarx.md b/docs/integrations/scanners/checkmarx.md index f90716a0..5bdfaaa2 100644 --- a/docs/integrations/scanners/checkmarx.md +++ b/docs/integrations/scanners/checkmarx.md @@ -84,22 +84,4 @@ Beyond these dedicated codemods, Pixee's general-purpose codemod library and AI- - **Test code at production severity:** Test fixtures and example files flagged alongside production code - **Context-poor findings:** Findings where Checkmarx's sparse SARIF metadata makes manual review difficult -- Pixee re-derives context from the actual codebase -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. - -## FAQ - -### Does Pixee replace Checkmarx? - -No. Pixee complements Checkmarx by adding automated triage and remediation. Keep CxSAST or CxOne scanning exactly as it runs today. Pixee processes Checkmarx output and delivers classified findings and fixes. - -### How does Pixee handle Checkmarx's sparse SARIF output? - -Pixee's dedicated Checkmarx handler uses an adaptive strategy that re-derives context directly from the codebase when scanner metadata is minimal. Instead of depending on the scanner to explain the finding, Pixee examines the code itself. Triage accuracy does not degrade with sparse input. - -### What Checkmarx-specific fixes does Pixee provide? - -Pixee includes three dedicated codemods for Checkmarx findings: SQL parameterization for .NET, SQL parameterization for JavaScript, and NoSQL parameterization for JavaScript. Additional fixes are available through the general-purpose codemod library and AI-powered MagicMods. - -### Does Pixee work with both CxSAST and CxOne? - -Yes. Pixee ingests Checkmarx findings in SARIF format from both CxSAST and CxOne. The same triage and remediation pipeline processes findings regardless of which Checkmarx product generated them. +See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/codeql.md b/docs/integrations/scanners/codeql.md index e7dabf23..8d033d01 100644 --- a/docs/integrations/scanners/codeql.md +++ b/docs/integrations/scanners/codeql.md @@ -75,18 +75,4 @@ Pixee generates fixes using a combination of deterministic codemods and AI-power - **Test code at production severity:** Findings in test fixtures, example code, and documentation snippets flagged at production severity levels - **Low-precision rules in specific contexts:** Rules with high recall but low precision in certain language or framework configurations -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. - -## FAQ - -### Does Pixee replace CodeQL or GitHub Advanced Security? - -No. Pixee complements CodeQL by adding automated triage and remediation on top of your existing GHAS deployment. CodeQL continues scanning exactly as before. Pixee processes the output. - -### What is codeFlows extraction? - -CodeQL SARIF includes multi-step dataflow traces showing how data moves from source to sink. Pixee's dedicated handler extracts these traces to give the triage engine full context -- the complete data journey, not just the flagged line. This leads to more accurate triage decisions, especially for injection-class vulnerabilities. - -### Do I need to export CodeQL results manually? - -No. Pixee's GitHub integration ingests CodeQL findings automatically via the GHAS API. If you prefer, you can also upload CodeQL SARIF directly. Either path feeds into the same triage and remediation pipeline. +See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/contrast.md b/docs/integrations/scanners/contrast.md index 9043b0e3..b3edcd7f 100644 --- a/docs/integrations/scanners/contrast.md +++ b/docs/integrations/scanners/contrast.md @@ -80,18 +80,4 @@ Pixee ingests Contrast findings via the [pixee/upload-tool-results-action](https - **Sanitized sinks:** Runtime-observed flows that terminate in sinks with framework-level sanitization Contrast does not always resolve - **Severity inflation:** Findings flagged at high severity that are gated behind authentication, internal APIs, or otherwise reduced-impact contexts -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. - -## FAQ - -### Does Pixee replace Contrast Security? - -No. Pixee processes findings produced by Contrast and other scanners. Contrast continues running as your IAST source. Pixee adds triage and automated code fixes on top. - -### Does Pixee require a specific Contrast deployment model? - -Pixee works with findings from any Contrast Assess deployment. The integration uses the [pixee/upload-tool-results-action](https://github.com/pixee/upload-tool-results-action) to ingest exported findings -- the path Contrast takes to produce them does not matter to Pixee. - -### How does runtime-detected differ from statically-detected for triage? - -Runtime-confirmed findings carry a higher prior toward true-positive classification because the vulnerability has been observed during execution. Pixee still validates each finding in code context to confirm reachability in production paths and identify effective remediations. +See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/defectdojo.md b/docs/integrations/scanners/defectdojo.md index 17a60391..27c25893 100644 --- a/docs/integrations/scanners/defectdojo.md +++ b/docs/integrations/scanners/defectdojo.md @@ -49,18 +49,4 @@ DefectDojo tracks vulnerability status but does not generate code fixes. Pixee d **Prerequisites:** DefectDojo instance with findings imported, Pixee platform integration configured. -## FAQ - -### Does Pixee replace DefectDojo? - -No. DefectDojo is a vulnerability management platform that tracks and organizes findings. Pixee is a resolution platform that triages and fixes them. They serve different functions and work together. - -### How do findings flow between DefectDojo and Pixee? - -Findings are exported from DefectDojo in SARIF format and ingested by Pixee for triage and remediation. When Pixee generates a fix, the resulting PR can be tracked back in DefectDojo as a mitigation action. - -### Can Pixee update DefectDojo finding status automatically? - -Integration capabilities between Pixee and DefectDojo depend on your deployment configuration. Contact the Pixee team for current webhook and API integration options. - -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/fortify.md b/docs/integrations/scanners/fortify.md index 335d14d8..e0ad77bd 100644 --- a/docs/integrations/scanners/fortify.md +++ b/docs/integrations/scanners/fortify.md @@ -55,18 +55,4 @@ Fortify identifies vulnerabilities but does not generate automated code fixes. P **Prerequisites:** Fortify SCA or SSC with findings, SARIF export capability, Pixee platform integration configured. -## FAQ - -### Does Pixee work with Fortify on-premises deployments? - -Yes. Pixee ingests Fortify findings via SARIF export, which works regardless of whether Fortify runs on-premises or in the cloud. For on-premises Pixee deployments, no data leaves your network. - -### How do I export Fortify findings in SARIF format? - -Fortify supports SARIF export via FPR-to-SARIF conversion tools and Fortify Software Security Center (SSC). Check your Fortify version documentation for the specific export method available. - -### Can Pixee leverage Fortify's dataflow traces? - -When Fortify findings include source-to-sink dataflow information in the SARIF output, Pixee's triage engine uses this context for more accurate exploitability assessment. - -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/gitlab-sast.md b/docs/integrations/scanners/gitlab-sast.md index 3d3b6406..7b34bb79 100644 --- a/docs/integrations/scanners/gitlab-sast.md +++ b/docs/integrations/scanners/gitlab-sast.md @@ -58,18 +58,4 @@ GitLab SAST findings often lack the contextual detail needed for efficient manua **Prerequisites:** GitLab Ultimate license (for SAST), Pixee GitLab integration installed -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. - -## Frequently Asked Questions - -### Does Pixee replace GitLab SAST? - -No. GitLab SAST continues running in your CI/CD pipeline exactly as configured. Pixee sits downstream, triaging the findings and generating fixes. You keep GitLab SAST for detection; Pixee adds triage and remediation. - -### How does Pixee handle findings from different GitLab SAST analyzers? - -Pixee normalizes findings from all GitLab SAST analyzers (Semgrep, SpotBugs, Gosec, Bandit, etc.) into a single triage workflow. Each finding is classified with the same structured evidence format regardless of which analyzer produced it. - -### Do I need GitLab Ultimate for this integration? - -GitLab SAST requires GitLab Ultimate. If you use GitLab Free or Premium, you can still use Pixee with other scanners that produce SARIF output. See [Universal SARIF](/integrations/sarif-universal). +See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/gitlab-sca.md b/docs/integrations/scanners/gitlab-sca.md index 6f76c7e5..1d4190a6 100644 --- a/docs/integrations/scanners/gitlab-sca.md +++ b/docs/integrations/scanners/gitlab-sca.md @@ -64,28 +64,4 @@ Pixee's SCA remediation is deterministic: for each TRUE_POSITIVE with a fix avai **Prerequisites:** GitLab Ultimate license (Dependency Scanning is part of GitLab's Secure category, which requires Ultimate), Pixee GitLab integration installed. -See the [SCA pipeline](/how-it-works/sca-pipeline) for details on how Pixee handles dependency findings end-to-end. - -## FAQ - -### Does Pixee replace GitLab Dependency Scanning? - -No. GitLab Dependency Scanning continues running in your CI/CD pipeline and continues populating the GitLab vulnerability dashboard. Pixee sits downstream, triaging the findings for reachability and opening fix MRs for the ones that matter. - -### Do I need GitLab Ultimate? - -GitLab Dependency Scanning requires GitLab Ultimate (it is part of GitLab's Secure tier). If you use GitLab Free or Premium, you can still get SCA coverage with Pixee by running an external SCA scanner (e.g., Trivy) and uploading SARIF — see [Trivy Integration](/integrations/scanners/trivy) and [Universal SARIF](/integrations/sarif-universal). - -### How does Pixee decide which dependency CVEs are reachable? - -Pixee's reachability analysis examines whether your code (directly or via the dependency graph) actually calls the vulnerable function or class identified by the CVE. CVEs in dependencies whose vulnerable code paths are never exercised in your codebase are classified FALSE_POSITIVE with an explanation. - -### What happens for CVEs without a fixed version? - -Findings without a published fix are classified WONT_FIX (no remediation possible without an upstream fix) along with the CVE details so your team can track and apply mitigations manually if needed. - -### Does Pixee batch multiple CVE fixes into one MR? - -When several CVEs in the same dependency can be resolved by a single version bump, Pixee batches them into one MR rather than opening one MR per CVE. - -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. +See the [SCA](/platform/sca) page for details on how Pixee handles dependency findings end-to-end. See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/polaris.md b/docs/integrations/scanners/polaris.md index 0b70cab2..30d0a8a0 100644 --- a/docs/integrations/scanners/polaris.md +++ b/docs/integrations/scanners/polaris.md @@ -59,18 +59,4 @@ Polaris provides findings and remediation guidance but does not generate automat - **Buffer overflow false positives in managed languages:** Coverity rules designed for C/C++ may produce findings in managed-language code (Java, C#) where memory management is handled by the runtime - **Test and example code at production severity:** Findings in non-production code flagged at production severity levels -## FAQ - -### Does Pixee work with both Coverity SAST and Black Duck SCA through Polaris? - -Pixee's Polaris integration focuses on SAST findings from the Coverity engine. For SCA-specific remediation (dependency version updates), see the [SCA pipeline](/how-it-works/sca-pipeline) documentation. - -### I see findings from Coverity, Black Duck, and Rapid Scan in Polaris -- does Pixee handle all of them? - -Pixee processes Polaris findings exported in SARIF format. Coverity SAST findings are the primary input for the triage and remediation pipeline. Rapid Scan results that overlap with Coverity finding types are also handled. - -### Is the brand Synopsys, Black Duck, or Polaris? - -Synopsys divested its Software Integrity Group, which now operates under the Black Duck Software brand. Polaris remains the unified platform name. Coverity remains the SAST engine name. Pixee works with Polaris regardless of the branding on your license agreement. - -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/semgrep.md b/docs/integrations/scanners/semgrep.md index d75944ca..b772c56d 100644 --- a/docs/integrations/scanners/semgrep.md +++ b/docs/integrations/scanners/semgrep.md @@ -78,22 +78,4 @@ Pixee generates fixes using deterministic codemods and AI-powered MagicMods. The - **Test code flagged at production severity:** Test fixtures, example code, and mock data triggering rules intended for production code - **Stale API warnings:** Generic rules that lack language-version awareness, flagging deprecated API usage on code that has already been migrated -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. - -## FAQ - -### Does Pixee replace Semgrep? - -No. Pixee complements Semgrep by adding automated triage and remediation. Keep running Semgrep exactly as you do today. Pixee processes Semgrep's output and delivers classified findings and fixes. - -### Does Pixee work with both Semgrep OSS and Semgrep Pro? - -Yes. Pixee's dedicated Semgrep handler supports both Semgrep OSS and Pro rule output. Findings from either rule set are processed through the same triage and remediation pipeline. - -### What about my custom Semgrep rules? - -Custom Semgrep rules that produce SARIF output work with Pixee automatically. Findings from custom rules are triaged and remediated through the same pipeline as standard rules. No additional configuration is needed. - -### How does Pixee handle Semgrep's high-volume output? - -Pixee's triage engine classifies each finding with a code-level justification and confidence score. Findings classified as false positives or won't-fix are separated from true positives, so developers see only actionable findings with fixes ready for review. The volume problem becomes a solved problem. +See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/snyk-code.md b/docs/integrations/scanners/snyk-code.md index 45440096..5f29618e 100644 --- a/docs/integrations/scanners/snyk-code.md +++ b/docs/integrations/scanners/snyk-code.md @@ -69,18 +69,4 @@ Fixes are generated using deterministic codemods and AI-powered MagicMods for co - **Test code at production severity:** Intentionally vulnerable test fixtures, mock data, or example code flagged as production security issues - **Context-dependent findings:** Findings that depend on runtime configuration or deployment context that static analysis cannot determine -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. - -## FAQ - -### Does Pixee replace Snyk Code? - -No. Pixee complements Snyk Code by adding unified triage and automated remediation. Snyk Code continues scanning as before. Pixee processes the output alongside findings from all your other scanners through one pipeline. - -### If Snyk Code already has low false positive rates, why add Pixee triage? - -Two reasons. First, Pixee provides independent verification with audit-ready justification trails -- valuable for compliance. Second, and more importantly, Pixee triages Snyk Code findings alongside every other scanner in your portfolio through one pipeline. The unified view across all tools is the primary value for teams running Snyk Code alongside other scanners. - -### How does Pixee compare to Snyk's DeepCode AI Fix? - -DeepCode AI Fix provides remediation suggestions within the Snyk UI. Pixee delivers complete fixes as pull requests through your standard code review workflow. Pixee also provides independent triage classification before remediation -- sorting findings before fixing them. +See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/sonarqube.md b/docs/integrations/scanners/sonarqube.md index 49037750..1e8fc827 100644 --- a/docs/integrations/scanners/sonarqube.md +++ b/docs/integrations/scanners/sonarqube.md @@ -75,7 +75,7 @@ Connect SonarQube by providing your instance URL and a user token with Browse an ### What Happens with Large Backlogs -If your SonarQube instance has thousands of findings, Pixee does not open thousands of PRs simultaneously. Findings are prioritized by severity (Critical and High first), and PR creation is controlled by your configured batch settings. See [Operations](/configuration/operations) for PR volume controls. +If your SonarQube instance has thousands of findings, Pixee does not open thousands of PRs simultaneously. Findings are prioritized by severity (Critical and High first), and PR creation is controlled by your configured batch settings. See [Operations](/configuration/operations-config) for PR volume controls. ## SonarQube Finding Examples @@ -120,18 +120,4 @@ ResultSet rs = ps.executeQuery(); - **Framework-mitigated injection patterns:** Findings where the application framework provides protection (parameterized queries via ORM, CSRF tokens via framework middleware) - **Test code at production severity:** SonarQube scans test directories by default; Pixee adjusts classification for non-production code -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. - -## FAQ - -### Does Pixee work with both SonarQube and SonarCloud? - -Yes. Pixee's SonarQube integration works with both self-hosted SonarQube and SonarCloud (SaaS). The same triage and remediation pipeline processes findings from either deployment. - -### How does Pixee handle SonarQube security hotspots? - -SonarQube security hotspots require manual review -- someone must investigate the code and classify the hotspot as safe or vulnerable. Pixee automates this review by investigating the actual code context and classifying each hotspot with a detailed justification. This eliminates the manual review bottleneck. - -### Does Pixee fix code quality issues from SonarQube, or only security findings? - -Pixee focuses on security-relevant findings -- vulnerabilities and security hotspots. Code quality issues like code smells and technical debt remain in SonarQube's domain. When a code quality finding has security implications, Pixee's triage pipeline evaluates it and may generate a fix. +See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/trivy.md b/docs/integrations/scanners/trivy.md index eb9cfd49..78fb6c1a 100644 --- a/docs/integrations/scanners/trivy.md +++ b/docs/integrations/scanners/trivy.md @@ -67,4 +67,4 @@ Trivy container scans often surface hundreds of CVEs in OS packages. Pixee's tri Yes. Configure Trivy with `--format sarif` to produce SARIF 2.1.0 output. Pixee also supports Trivy's native JSON format through the dedicated Trivy handler. -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/veracode.md b/docs/integrations/scanners/veracode.md index cd39f702..ec68c169 100644 --- a/docs/integrations/scanners/veracode.md +++ b/docs/integrations/scanners/veracode.md @@ -68,18 +68,4 @@ Veracode's own "Veracode Fix" provides AI-assisted remediation suggestions, but - **Test code at production severity:** Pixee distinguishes test fixtures, example code, and documentation snippets from production code - **Framework-mitigated findings:** Code protected by framework-level security controls (Spring Security, Django middleware) that Veracode's static analysis cannot resolve -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. - -## FAQ - -### Does Pixee replace Veracode? - -No. Pixee complements Veracode by adding automated triage and remediation on top of your existing deployment. Veracode continues scanning as before. Pixee processes the output, classifies findings, and delivers fixes as pull requests. - -### How does Pixee compare to Veracode Fix? - -Veracode Fix provides AI-assisted remediation suggestions within the Veracode UI. Pixee delivers complete, context-aware fixes as pull requests that developers review and merge through their standard code review workflow. Pixee also adds independent triage before remediation -- classifying each finding before generating a fix. - -### Does Pixee work with Veracode SCA findings as well as SAST? - -Pixee's Veracode integration processes SAST findings through the triage and remediation pipeline. For SCA-specific remediation (dependency version updates), see the [SCA pipeline](/how-it-works/sca-pipeline) documentation. +See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scms/azure-devops.md b/docs/integrations/scms/azure-devops.md index 8e669b2a..82c80947 100644 --- a/docs/integrations/scms/azure-devops.md +++ b/docs/integrations/scms/azure-devops.md @@ -52,22 +52,4 @@ Pixee Enterprise Server supports both Azure DevOps Services (cloud) and Azure De For on-premises configuration, see the [enterprise deployment documentation](/enterprise/deployment). -## FAQ - -### Does Pixee work with Azure DevOps Server (on-premises)? - -Yes. Pixee Enterprise Server connects to Azure DevOps Server via the same PAT plus webhook integration used for Azure DevOps Services. - -### What permissions does the PAT need? - -A custom scope with **full _Code_ access**. Avoid the "Full access" preset — that grants more than the integration needs. - -### Are the webhook credentials required? - -No, they are optional. Without them, Pixee operates against Azure DevOps without inbound webhook events. Configuring webhooks gives the integration lower-latency response to repository and PR events. - -### Do I need Azure Pipelines? - -No. Pixee works with any scanner that produces SARIF, regardless of where the scanner runs. Many teams use Azure Pipelines, but Jenkins or other CI systems work equally well. - -See [Integrations Overview](/integrations/overview) for the full integration coverage matrix. +See [Integrations Overview](/integrations/integrations-overview) for the full integration coverage matrix. diff --git a/docs/integrations/scms/bitbucket.md b/docs/integrations/scms/bitbucket.md index 352288af..86882d00 100644 --- a/docs/integrations/scms/bitbucket.md +++ b/docs/integrations/scms/bitbucket.md @@ -62,26 +62,4 @@ For the install-time walkthrough, see [Getting Started with Bitbucket](/getting- Bitbucket Server (formerly Data Center) is a separate Atlassian product from Bitbucket Cloud. The integration mechanics — credentials, scopes, and configuration paths — differ. For Bitbucket Server deployments running on Pixee Enterprise, see the [enterprise deployment documentation](/enterprise/deployment) for the supported connection model and current configuration details. -## FAQ - -### Why does Pixee need both my username and my email address? - -Bitbucket Cloud API tokens authenticate via email address, but Git operations require the workspace username. Pixee uses both — email for API calls, username for the actual `git push` of fix branches. Configuring only one will produce authentication failures. - -### Does Pixee work with Bitbucket Server / Data Center? - -Bitbucket Server is supported on Pixee Enterprise, but the connection details differ from Bitbucket Cloud. See the [enterprise deployment documentation](/enterprise/deployment) for the current Bitbucket Server configuration model. - -### Do I need Bitbucket Pipelines? - -No. Pixee works with any scanner that produces SARIF, regardless of where the scanner runs. Many teams use Bitbucket Pipelines, but Jenkins or other CI systems work equally well. - -### Are app passwords still supported? - -API tokens are the current authentication method. App passwords are deprecated by Atlassian; we recommend API tokens for new integrations and migration for existing ones. - -### Do developers need to install anything? - -No. The integration is configured at the workspace level by an administrator. Developers interact with Pixee through standard pull requests. - -See [Integrations Overview](/integrations/overview) for the full integration coverage matrix. +See [Integrations Overview](/integrations/integrations-overview) for the full integration coverage matrix. diff --git a/docs/integrations/scms/github.md b/docs/integrations/scms/github.md index 7b341dae..dc94c969 100644 --- a/docs/integrations/scms/github.md +++ b/docs/integrations/scms/github.md @@ -89,7 +89,7 @@ The Pixee GitHub App requests the following permissions during installation. Pix **Webhook events the App subscribes to:** Code scanning alert, Check run, Create, Dependabot alert, Issue comment, Issues, Pull request, Pull request review, Pull request review comment, Pull request review thread, Push, Repository. -See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. ## GitHub Enterprise Server @@ -139,20 +139,3 @@ Provide the App's credentials to your Pixee Enterprise installation: For deployment-model details (embedded cluster, Helm, air-gapped), see [Enterprise Deployment Options](/enterprise/deployment). -## FAQ - -### Does Pixee work with GitHub Enterprise Server? - -Yes. Pixee supports both GitHub.com and GitHub Enterprise Server. Pixee Enterprise Server connects to GHES via a GitHub App with the same capabilities as the cloud integration. - -### Do developers need to install anything? - -No. The GitHub App is installed at the organization level by an administrator. Developers interact with Pixee through standard pull requests. There is nothing new to install, learn, or configure on the developer side. - -### Can I control which repositories Pixee monitors? - -Yes. During GitHub App installation, you choose between all repositories or a selected set. You can modify this selection at any time through GitHub's App settings. - -### How does Pixee integrate with GitHub Actions? - -Pixee works alongside your existing Actions workflows. Scanner results from Actions jobs are available to Pixee automatically (for GHAS/CodeQL) or via SARIF upload. No modification to your workflow YAML is required. diff --git a/docs/integrations/scms/gitlab.md b/docs/integrations/scms/gitlab.md index 3fe5ceac..503ffe5f 100644 --- a/docs/integrations/scms/gitlab.md +++ b/docs/integrations/scms/gitlab.md @@ -80,26 +80,4 @@ Pixee Enterprise Server connects to self-hosted GitLab via the same PAT integrat For self-hosted GitLab configuration, see the [enterprise deployment documentation](/enterprise/deployment). -## FAQ - -### Does Pixee work with self-hosted GitLab? - -Yes. Pixee Enterprise Server connects to self-hosted GitLab via a service-account PAT with the same capabilities as the GitLab.com integration. - -### What is `member_projects_only`? - -A configuration toggle that restricts Pixee's effective project scope to projects where the service-account user is an explicit member. This is a useful security control on large GitLab instances where the service-account token might technically have access to many more projects than you actually want Pixee monitoring. - -### Do I need GitLab Ultimate? - -No. Pixee works with GitLab Free, Premium, and Ultimate. GitLab Ultimate is required only if you want to use GitLab's built-in SAST as a scanner source — see [GitLab SAST](/integrations/scanners/gitlab-sast). Without Ultimate, Pixee still works with any other SARIF-producing scanner via the universal SARIF integration. - -### Do developers need to install anything? - -No. The integration is configured at the group/project level by an administrator. Developers interact with Pixee through standard merge requests. - -### Can Pixee link MRs to GitLab issues? - -Pixee MR descriptions can reference issues, but explicit issue-linking integration depends on configuration. Contact the Pixee team for current options. - -See [Integrations Overview](/integrations/overview) for the full integration coverage matrix. +See [Integrations Overview](/integrations/integrations-overview) for the full integration coverage matrix. diff --git a/docs/languages/dotnet.md b/docs/languages/dotnet.md index dc3291bc..1056229d 100644 --- a/docs/languages/dotnet.md +++ b/docs/languages/dotnet.md @@ -10,7 +10,7 @@ sidebar_position: 5 Pixee remediates .NET vulnerabilities automatically using deterministic codemods and AI-powered fixes for custom patterns. Coverage includes ASP.NET Core and Blazor applications with fixes for injection vulnerabilities, insecure cryptography, and dependency vulnerabilities. Pixee uses full AST analysis for C# source code and manages dependency upgrades across both .csproj and packages.config formats, delivering fixes as pull requests that match your codebase conventions. -.NET support uses Pixee's full AST parsing tier, providing deep cross-file analysis on par with Java and Python. Deterministic codemod coverage is growing alongside comprehensive AI-powered MagicMod support. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). +.NET support uses Pixee's full AST parsing tier, providing deep cross-file analysis on par with Java and Python. Deterministic codemod coverage is growing alongside comprehensive AI-powered MagicMod support. For the full language coverage matrix, see the [Language Support Overview](/languages/languages-overview). ## What Pixee Fixes in .NET @@ -127,20 +127,3 @@ Any scanner that produces SARIF output can feed .NET findings to Pixee through t | Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | | Frameworks | ASP.NET Core, Blazor Server | -## FAQ - -**Does Pixee support .NET?** - -Yes. Pixee remediates .NET vulnerabilities automatically using deterministic codemods and AI-powered fixes with full AST analysis for C# source code. Fixes are delivered as pull requests. - -**Does Pixee work with ASP.NET Core applications?** - -Yes. Pixee recognizes ASP.NET Core controllers, middleware, Entity Framework Core patterns, and Razor views for targeted security fixes. Fixes respect ASP.NET Core conventions and use framework-native security patterns. - -**How does Pixee handle NuGet dependency vulnerabilities?** - -Pixee upgrades vulnerable packages in .csproj and packages.config files, coordinating version bumps with required source-file changes in a single PR. - -**What .NET scanners does Pixee work with?** - -Pixee remediates findings from CodeQL, SonarQube, Checkmarx, Veracode, Fortify, and any SARIF-producing scanner. Enterprise .NET shops using Microsoft-stack tooling can connect through the universal SARIF integration. diff --git a/docs/languages/go.md b/docs/languages/go.md index 560a9385..6260f0ac 100644 --- a/docs/languages/go.md +++ b/docs/languages/go.md @@ -10,7 +10,7 @@ sidebar_position: 6 Pixee remediates Go vulnerabilities using Tree-sitter-based analysis and AI-powered fixes for standard library, Gin, and Echo applications. Coverage includes injection vulnerabilities, insecure cryptography, and dependency vulnerabilities in go.mod-managed projects. Go support uses lighter parsing than Pixee's full AST languages (Java, Python, JS/TS, .NET) with expanding coverage for standard security patterns and framework-specific fixes. -Go's adoption in infrastructure and cloud-native environments makes it a strategic language for Pixee. Coverage is actively expanding. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). +Go's adoption in infrastructure and cloud-native environments makes it a strategic language for Pixee. Coverage is actively expanding. For the full language coverage matrix, see the [Language Support Overview](/languages/languages-overview). ## What Pixee Fixes in Go @@ -120,20 +120,3 @@ The pull request includes any source-file changes required by the upgraded modul | Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | | Frameworks | Standard library, Gin, Echo | -## FAQ - -**Does Pixee support Go?** - -Yes. Pixee remediates Go vulnerabilities using Tree-sitter analysis and AI-powered fixes for standard library, Gin, and Echo applications. Coverage is actively expanding. - -**What is the difference between Go support and Java/Python support in Pixee?** - -Java and Python use full AST parsing for deeper cross-file analysis and have larger deterministic codemod libraries (51+ and 60+ core codemods, respectively). Go uses Tree-sitter for reliable syntax parsing with expanding coverage. All three languages benefit from AI-powered MagicMods for custom patterns. - -**Does Pixee work with govulncheck?** - -Pixee remediates govulncheck findings exported in SARIF format through the [universal SARIF integration](/integrations/sarif-universal). Export your govulncheck results as SARIF, and Pixee generates remediation pull requests. - -**How does Pixee handle Go dependency vulnerabilities?** - -Pixee upgrades vulnerable dependencies in go.mod and coordinates version changes with source-file refactoring in a single pull request. diff --git a/docs/languages/java.md b/docs/languages/java.md index 23828d51..84afb971 100644 --- a/docs/languages/java.md +++ b/docs/languages/java.md @@ -10,7 +10,7 @@ sidebar_position: 2 Pixee remediates Java vulnerabilities automatically using 51+ deterministic codemods and AI-powered fixes for custom patterns. Coverage spans Spring Boot, Jakarta EE, and Micronaut applications with fixes for SQL injection, SSRF, insecure deserialization, weak cryptography, and dependency vulnerabilities. Pixee analyzes Java source code using full AST parsing for deep cross-file dataflow analysis, delivering fixes as pull requests. -Java is Pixee's most mature language ecosystem. The open-source [codemodder-java](https://github.com/pixee/codemodder-java) engine is publicly inspectable, and deterministic codemods cover the broadest range of vulnerability types. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). +Java is Pixee's most mature language ecosystem. The open-source [codemodder-java](https://github.com/pixee/codemodder-java) engine is publicly inspectable, and deterministic codemods cover the broadest range of vulnerability types. For the full language coverage matrix, see the [Language Support Overview](/languages/languages-overview). ## What Pixee Fixes in Java @@ -157,24 +157,3 @@ Any scanner that produces SARIF output can feed Java findings to Pixee through t | Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | | Dependency manifests | pom.xml, build.gradle | -## FAQ - -**Does Pixee fix Java vulnerabilities automatically?** - -Yes. Pixee uses 51+ deterministic codemods and AI-powered MagicMods to automatically remediate Java SAST and SCA findings. Fixes are delivered as pull requests. - -**Does Pixee support Spring Boot applications?** - -Yes. Pixee recognizes Spring Boot annotations, controller patterns, and service layer conventions. Fixes use your existing Spring Security configurations and preferred libraries. - -**What Java scanners does Pixee work with?** - -Pixee remediates findings from CodeQL, Semgrep, Checkmarx, SonarQube, Snyk Code, Veracode, Fortify, AppScan, and any SARIF-producing scanner. - -**Can Pixee handle Java dependency vulnerabilities?** - -Yes. Pixee upgrades vulnerable dependencies in pom.xml and build.gradle, coordinating the version bump with any required source-file refactoring in a single PR. - -**Is the Java codemod engine open source?** - -Yes. [codemodder-java](https://github.com/pixee/codemodder-java) is open source and publicly inspectable on GitHub. Customers and auditors can review the fix rules before trusting automated changes. diff --git a/docs/languages/javascript.md b/docs/languages/javascript.md index b4003b57..e3f955cb 100644 --- a/docs/languages/javascript.md +++ b/docs/languages/javascript.md @@ -10,7 +10,7 @@ sidebar_position: 4 Pixee remediates JavaScript and TypeScript vulnerabilities automatically using deterministic codemods and AI-powered fixes. Coverage spans Express, React, and Node.js applications with fixes for injection vulnerabilities, prototype pollution, insecure dependencies, and OWASP Top 10 patterns. Pixee uses full AST analysis for deep cross-file dataflow tracking and manages package.json dependency upgrades coordinated with source-file refactoring in a single pull request. -JavaScript/TypeScript support is actively expanding. Deterministic codemod coverage is growing alongside comprehensive AI-powered MagicMod support. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). +JavaScript/TypeScript support is actively expanding. Deterministic codemod coverage is growing alongside comprehensive AI-powered MagicMod support. For the full language coverage matrix, see the [Language Support Overview](/languages/languages-overview). ## What Pixee Fixes in JavaScript/TypeScript @@ -138,24 +138,3 @@ npm audit findings can be exported in SARIF format and consumed through the [uni | Dependency manifests | package.json | | Frameworks | Express, React, Next.js, Node.js standard library | -## FAQ - -**What JavaScript/Node.js vulnerabilities can Pixee fix?** - -Pixee fixes injection vulnerabilities, prototype pollution, XSS, SSRF, insecure dependencies, and OWASP Top 10 patterns in JavaScript and TypeScript applications. Coverage is expanding with growing deterministic codemods and comprehensive AI-powered MagicMods. - -**Does Pixee support TypeScript?** - -Yes. Pixee analyzes TypeScript files with full type awareness and preserves type annotations in generated fixes. Both `.ts` and `.tsx` files are supported. - -**How does Pixee handle npm dependency vulnerabilities?** - -Pixee upgrades vulnerable packages in package.json and coordinates version bumps with source-file refactoring in a single PR. Breaking API changes from the upgrade are addressed in the same pull request. - -**Does Pixee work with Express applications?** - -Yes. Pixee recognizes Express route handlers, middleware chains, and request validation patterns for targeted security fixes. - -**What JavaScript scanners does Pixee work with?** - -Pixee remediates findings from CodeQL, Semgrep, SonarQube, Snyk Code, and any SARIF-producing scanner including npm audit. diff --git a/docs/languages/languages-overview.md b/docs/languages/languages-overview.md index 54d9fd00..495056a6 100644 --- a/docs/languages/languages-overview.md +++ b/docs/languages/languages-overview.md @@ -10,7 +10,7 @@ sidebar_position: 1 Pixee supports six language ecosystems: Java, Python, JavaScript/TypeScript, .NET, Go, and PHP. Coverage varies by language. Java and Python have the deepest support with 120+ deterministic codemods plus AI-powered fixes for custom patterns. Each language includes framework-specific remediation (Spring Boot, Django, Express, ASP.NET) and fixes for OWASP Top 10 vulnerability categories. The coverage matrix below shows exactly what Pixee fixes in your stack. -Language support is one half of the integration picture. Pixee also integrates with [12 native scanners](/integrations/overview) across all supported languages. +Language support is one half of the integration picture. Pixee also integrates with [13 native scanners](/integrations/integrations-overview) across all supported languages. ## Coverage Matrix @@ -85,7 +85,7 @@ Python's five packaging conventions are worth calling out. Most tools handle onl ## Scanner Compatibility -Pixee remediates findings from [12 native scanner integrations](/integrations/overview) plus any scanner that exports SARIF. Scanner compatibility applies across all supported languages, though individual scanner coverage depth varies by language. +Pixee remediates findings from [13 native scanner integrations](/integrations/integrations-overview) plus any scanner that exports SARIF. Scanner compatibility applies across all supported languages, though individual scanner coverage depth varies by language. | Scanner | Java | Python | JS/TS | .NET | Go | PHP | | --------------- | ---- | ------ | ----- | ---- | --- | --- | @@ -99,7 +99,7 @@ Pixee remediates findings from [12 native scanner integrations](/integrations/ov | AppScan | Yes | -- | -- | -- | -- | -- | | Universal SARIF | Yes | Yes | Yes | Yes | Yes | Yes | -For scanner-specific details, see the [Integrations](/integrations/overview) section. +For scanner-specific details, see the [Integrations](/integrations/integrations-overview) section. ## Roadmap @@ -111,24 +111,3 @@ Pixee is actively expanding language coverage. Current priorities: If your language or framework is not listed, [contact the team](https://pixee.ai/demo) to discuss your stack. Pixee's [universal SARIF integration](/integrations/sarif-universal) can remediate findings from any scanner in any language. -## FAQ - -**What programming languages does Pixee support?** - -Pixee supports Java, Python, JavaScript/TypeScript, .NET, Go, and PHP. Java and Python have the deepest coverage with 120+ combined deterministic codemods. All six languages also receive AI-powered MagicMod fixes for custom patterns. - -**Which language has the deepest Pixee support?** - -Java and Python. Both have mature open-source codemod engines (codemodder-java with 51+ core codemods, codemodder-python with 60+ core codemods), full AST parsing, and comprehensive framework coverage. - -**Does Pixee support polyglot repositories?** - -Yes. Pixee analyzes each language independently within a single repository and generates language-appropriate fixes. A repository containing Java, Python, and JavaScript files receives separate, correctly-scoped fixes for each language. - -**What is the difference between full AST and Tree-sitter analysis?** - -Full AST languages (Java, Python, JS/TS, .NET) receive deeper cross-file dataflow analysis and more deterministic codemods. Tree-sitter languages (Go, PHP) use syntax-level parsing with expanding coverage. Both benefit from AI-powered MagicMods. - -**Can Pixee fix vulnerabilities across multiple languages in one repository?** - -Yes. Pixee processes each language independently and generates separate, language-appropriate pull requests (or combined PRs when a fix spans multiple files within the same language). diff --git a/docs/languages/php.md b/docs/languages/php.md index 1adb0cdb..62f69e09 100644 --- a/docs/languages/php.md +++ b/docs/languages/php.md @@ -10,7 +10,7 @@ sidebar_position: 7 Pixee remediates PHP vulnerabilities using Tree-sitter-based analysis and AI-powered fixes for Laravel and Symfony applications. Coverage includes injection vulnerabilities, insecure cryptography, and dependency vulnerabilities managed through Composer. PHP support uses Tree-sitter parsing with expanding deterministic coverage and AI-powered fixes for custom framework patterns. Fixes are delivered as pull requests that match your codebase conventions. -PHP powers significant enterprise web infrastructure through Laravel, Symfony, and WordPress. Pixee's PHP support ensures teams running these frameworks have automated remediation in their pipeline. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). +PHP powers significant enterprise web infrastructure through Laravel, Symfony, and WordPress. Pixee's PHP support ensures teams running these frameworks have automated remediation in their pipeline. For the full language coverage matrix, see the [Language Support Overview](/languages/languages-overview). ## What Pixee Fixes in PHP @@ -95,16 +95,3 @@ Any scanner that produces SARIF output can feed PHP findings to Pixee through th | Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | | Frameworks | Laravel, Symfony | -## FAQ - -**Does Pixee support PHP?** - -Yes. Pixee remediates PHP vulnerabilities using Tree-sitter analysis and AI-powered fixes for Laravel and Symfony applications. Coverage is actively expanding with growing deterministic codemods. - -**Does Pixee work with Laravel?** - -Yes. Pixee recognizes Laravel Eloquent patterns, middleware chains, and Blade template security patterns. Fixes respect Laravel conventions and use framework-native security utilities. - -**How does Pixee handle Composer dependency vulnerabilities?** - -Pixee upgrades vulnerable packages in composer.json and coordinates version changes with required source-file refactoring in a single pull request. diff --git a/docs/languages/python.md b/docs/languages/python.md index 8c4129d8..74fe1974 100644 --- a/docs/languages/python.md +++ b/docs/languages/python.md @@ -10,7 +10,7 @@ sidebar_position: 3 Pixee remediates Python vulnerabilities automatically using 60+ deterministic codemods and AI-powered fixes for custom patterns. Coverage includes Django, Flask, and FastAPI applications with fixes for SQL injection, SSRF, insecure deserialization (PyYAML hardening, defused XML), weak cryptography, and dependency vulnerabilities. Pixee uses full AST-level analysis for deep cross-file dataflow tracking and framework-aware transformations across all five Python packaging formats. -Python is Pixee's second-deepest language ecosystem alongside Java. The open-source [codemodder-python](https://github.com/pixee/codemodder-python) engine is publicly inspectable, and support for five packaging conventions (requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg) sets Pixee apart from tools that handle only one. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). +Python is Pixee's second-deepest language ecosystem alongside Java. The open-source [codemodder-python](https://github.com/pixee/codemodder-python) engine is publicly inspectable, and support for five packaging conventions (requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg) sets Pixee apart from tools that handle only one. For the full language coverage matrix, see the [Language Support Overview](/languages/languages-overview). ## What Pixee Fixes in Python @@ -170,24 +170,3 @@ Bandit findings can be exported in SARIF format and consumed by Pixee through th | Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | | Dependency manifests | requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg | -## FAQ - -**Can Pixee remediate Python security issues?** - -Yes. Pixee uses 60+ deterministic codemods and AI-powered MagicMods to automatically fix Python SAST and SCA findings. Fixes are delivered as pull requests. - -**Does Pixee support Django applications?** - -Yes. Pixee recognizes Django models, views, URL configurations, and REST Framework serializers. Fixes respect Django conventions and use Django-native security utilities. - -**How does Pixee handle Python dependency vulnerabilities?** - -Pixee upgrades vulnerable dependencies across all five Python packaging conventions (requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg) and coordinates version bumps with source-file refactoring in a single PR. - -**What Python scanners does Pixee work with?** - -Pixee remediates findings from CodeQL, Semgrep, SonarQube, Snyk Code, Checkmarx, and any SARIF-producing scanner including Bandit. - -**Is the Python codemod engine open source?** - -Yes. [codemodder-python](https://github.com/pixee/codemodder-python) is open source on GitHub with 60+ core codemods that customers and auditors can inspect. diff --git a/docs/open-source/codemodder.md b/docs/open-source/codemodder.md index c632a72e..4a29648c 100644 --- a/docs/open-source/codemodder.md +++ b/docs/open-source/codemodder.md @@ -121,7 +121,7 @@ Codemodder powers the deterministic remediation layer of the Pixee platform. The - **MagicMods** -- AI-powered fixes for patterns that deterministic rules cannot reach (custom framework wrappers, multi-file dataflows, context-dependent sanitization) - **Triage Automation** -- false positive reduction before fixes are generated -- **Scanner integration** -- 12 native scanner integrations plus universal SARIF support +- **Scanner integration** -- 13 native scanner integrations plus universal SARIF support - **PR workflow** -- fixes delivered as pull requests through GitHub, GitLab, Azure DevOps, or Bitbucket Codemodder handles the known, well-understood vulnerability patterns. MagicMods extend coverage to the long tail. Both produce fixes that pass through the same quality evaluation before reaching a developer. @@ -130,28 +130,4 @@ Codemodder handles the known, well-understood vulnerability patterns. MagicMods - **Build your own codemod:** The [Custom Codemods](/open-source/custom-codemods) tutorial walks through building a codemod from scratch - **Contribute to the project:** See the [Contributing](/open-source/contributing) guide for community participation -- **Explore the full platform:** The Pixee platform adds AI-powered remediation and triage on top of Codemodder -- [learn how fix generation works](/how-it-works/fix-generation) - ---- - -## Frequently Asked Questions - -### What is Codemodder? - -Codemodder is an open source framework created by Pixee for building deterministic, security-focused code transformations. It supports Java (51+ codemods) and Python (60+ codemods), with a combined 110+ codemods publicly available on GitHub. - -### What is a codemod in security? - -A security codemod is a deterministic rule that transforms insecure code into secure code. Unlike AI-generated fixes, codemods produce the same output for the same input every time. There is no LLM involved, no variance, and no hallucination risk. Each codemod encodes a specific OWASP or SANS remediation pattern. - -### Can I run Codemodder without the Pixee platform? - -Yes. Codemodder is a standalone open source tool. Run it locally or in CI/CD to apply deterministic security fixes. The Pixee platform adds AI-powered MagicMods, triage automation, scanner integration, and enterprise deployment on top of Codemodder. - -### How does Codemodder relate to the Pixee platform? - -Codemodder powers the deterministic remediation layer. The Pixee platform builds on Codemodder and adds AI-powered fixes for novel patterns, triage automation for false positive reduction, native scanner integrations, and pull request delivery through your existing code review workflow. - -### What languages does Codemodder support? - -Codemodder currently supports Java (codemodder-java, 51+ codemods using ParseAndGo AST transformations) and Python (codemodder-python, 60+ codemods using LibCST, regex, and XML transformers). +- **Explore the full platform:** The Pixee platform adds AI-powered remediation and triage on top of Codemodder — [learn how fix generation works](/platform/remediation) diff --git a/docs/open-source/contributing.md b/docs/open-source/contributing.md index 3ef1129e..13f6b0b4 100644 --- a/docs/open-source/contributing.md +++ b/docs/open-source/contributing.md @@ -125,22 +125,3 @@ If this is your first contribution to Pixee: Every codemod contributed expands the number of vulnerabilities the community can fix automatically. Your contribution matters. ---- - -## Frequently Asked Questions - -### How do I contribute to Pixee's open source projects? - -Fork the repository, create a feature branch, implement your change with tests, and submit a pull request. Browse issues tagged `good first issue` for beginner-friendly contributions. New codemod contributions have the highest impact on the project. - -### What license are Pixee's open source projects under? - -Pixee's open source projects (codemodder-java, codemodder-python) are licensed under Apache 2.0. All contributions must be submitted under the same license. - -### What makes a good first contribution? - -Issues tagged `good first issue` are specifically scoped for new contributors with clear requirements. Bug fixes with reproduction steps and documentation improvements are also good starting points. Building a new codemod requires more familiarity with the Codemodder framework, so review the [Custom Codemods](/open-source/custom-codemods) tutorial first. - -### Where do I ask questions about contributing? - -Use GitHub Discussions in the relevant repository for questions, ideas, and conversation. Use GitHub Issues for specific bugs, feature requests, or codemod proposals. Maintainers are active in both channels. diff --git a/docs/open-source/custom-codemods.md b/docs/open-source/custom-codemods.md index 3e089022..5468fb73 100644 --- a/docs/open-source/custom-codemods.md +++ b/docs/open-source/custom-codemods.md @@ -221,22 +221,3 @@ codemodder $WORKSPACE --codemod-include pixee:python/safe-yaml-load --output res **Contributing upstream.** If your codemod addresses a general vulnerability pattern, consider [contributing it back](/open-source/contributing) to the open source repositories so the broader community benefits. ---- - -## Frequently Asked Questions - -### Can I write custom codemods for Pixee? - -Yes. Using the open source Codemodder framework, you can build custom deterministic codemods for your organization's specific security patterns. Both Java and Python are supported with full framework tooling for testing and validation. - -### Do I need the Pixee platform to run custom codemods? - -No. Custom codemods built on Codemodder run standalone via CLI or in CI/CD. The Pixee platform can optionally integrate custom codemods into its full remediation workflow alongside built-in codemods and MagicMods. - -### What testing is required for custom codemods? - -Each codemod should have before/after test fixtures covering the primary pattern, code style variations, negative cases (where the codemod should not fire), and edge cases. Codemodder provides a testing framework that automatically validates fixtures. - -### Can I share custom codemods with the community? - -Yes. Submit custom codemods as contributions to the codemodder-java or codemodder-python open source repositories. See the [Contributing](/open-source/contributing) guide for the submission workflow and quality standards. diff --git a/docs/open-source/oss-overview.md b/docs/open-source/oss-overview.md index 09650661..a6a83c9b 100644 --- a/docs/open-source/oss-overview.md +++ b/docs/open-source/oss-overview.md @@ -86,20 +86,3 @@ All Pixee open source projects are released under the **Apache License 2.0**. Yo --- -## Frequently Asked Questions - -### Is Pixee open source? - -Pixee's deterministic codemod engines (codemodder-java, codemodder-python) are open source on GitHub under Apache 2.0. The full Pixee platform -- including AI-powered MagicMods, triage automation, and enterprise features -- is a commercial product built on these open source foundations. - -### What is the Codemodder framework? - -[Codemodder](/open-source/codemodder) is Pixee's open source framework for building language-specific, security-focused code transformations (codemods). It powers codemodder-java and codemodder-python, and you can use it to build custom codemods for your own security patterns. - -### Can I use Pixee's open source codemods without the platform? - -Yes. The open source codemod engines can be run locally or in CI/CD to apply deterministic security fixes without requiring the Pixee platform. The platform adds AI-powered fixes, triage, scanner integration, and enterprise features. - -### How do I contribute to Pixee's open source projects? - -See the [Contributing](/open-source/contributing) guide for the contribution workflow, quality standards, and community guidelines. Issues tagged `good first issue` are a great starting point. diff --git a/docs/platform/_category_.json b/docs/platform/_category_.json index 59562f00..482998f3 100644 --- a/docs/platform/_category_.json +++ b/docs/platform/_category_.json @@ -1,5 +1,5 @@ { - "label": "Platform Overview", + "label": "Platform", "position": 2, "collapsible": true, "collapsed": false, diff --git a/docs/platform/architecture.md b/docs/platform/architecture.md index 5c075b58..1bc609bb 100644 --- a/docs/platform/architecture.md +++ b/docs/platform/architecture.md @@ -28,9 +28,9 @@ SAST and SCA findings both flow through this same pipeline. There is no separate ## Scan Ingestion -Findings arrive from 12 native scanner integrations or any SARIF-producing tool: +Findings arrive from 13 native scanner integrations or any SARIF-producing tool: -**Native integrations with dedicated handlers:** CodeQL (GitHub Advanced Security), SonarQube/SonarCloud, Checkmarx, Veracode, Snyk, Semgrep, AppScan, Polaris, GitLab SAST, Trivy, Datadog SAST, and Arnica SAST. +**Native integrations with dedicated handlers:** CodeQL (GitHub Advanced Security), SonarQube/SonarCloud, Checkmarx, Veracode, Snyk Code, Semgrep, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, and Trivy — 13 named scanners. Each native integration has a tool-specific handler that extracts maximum metadata from the scanner's output format. CodeQL findings include codeFlows and help documentation. Semgrep findings carry full rule descriptions. Metadata-poor tools like Checkmarx use rule-ID-based strategies to compensate for sparse SARIF output. @@ -54,13 +54,13 @@ A shared context-aware intelligence layer enriches every tier with codebase sign For false positive reduction data, see [Triage Capabilities](/platform/triage). -For full triage details, see [Triage Capabilities](/platform/triage) and [How the Triage Engine Works](/how-it-works/triage-engine). +For full triage details, see [Triage](/platform/triage). ## Remediation Engine The remediation engine uses a hybrid-intelligence model: deterministic codemods handle known vulnerability patterns, and AI-powered MagicMods handle everything else. -**Deterministic codemods:** Pre-built, rule-based transformations for known OWASP/SANS security patterns. Same input, same output, every time. Zero LLM involvement. Zero hallucination risk. Open-source engines (codemodder-java, codemodder-python) are publicly inspectable. See [Fix Generation](/how-it-works/fix-generation) for the full codemod library. +**Deterministic codemods:** Pre-built, rule-based transformations for known OWASP/SANS security patterns. Same input, same output, every time. Zero LLM involvement. Zero hallucination risk. Open-source engines (codemodder-java, codemodder-python) are publicly inspectable. See [Remediation](/platform/remediation) for the full codemod library. **AI-powered MagicMods:** Handle custom frameworks, multi-file dataflow vulnerabilities, and novel patterns where deterministic rules cannot reach. Scanner-aware dispatchers for 8+ tools ensure the AI receives the right context for each scanner's output format. @@ -68,9 +68,9 @@ The remediation engine uses a hybrid-intelligence model: deterministic codemods **Independent fix evaluation:** Every generated fix passes through a separate quality gate scoring Safety (no breaking changes), Effectiveness (resolves the vulnerability), and Cleanliness (code quality). The evaluator runs as a separate inference call -- the generator does not grade its own work. Fixes that fail evaluation are retried with structured feedback or suppressed entirely. -For merge rate data, see [Fix Safety](/how-it-works/fix-safety). +For merge rate data and trust details, see [Security & Trust](/platform/security). -For full remediation details, see [Remediation Capabilities](/platform/remediation) and [How Fix Generation Works](/how-it-works/fix-generation). +For full remediation details, see [Remediation](/platform/remediation). ## PR Delivery @@ -115,24 +115,3 @@ For air-gapped deployments, a customer-hosted LLM is required. No code leaves th The Analysis Service handles the computationally intensive work -- triage decisions, fix generation, and quality evaluation. The Backend Platform manages the integration surface: scanner webhooks, SCM platform APIs, and PR lifecycle. The User Platform provides visibility into triage outcomes, remediation activity, and configuration. -## Frequently Asked Questions - -### What technology stack does Pixee use? - -Pixee is built on three components: a Java/Quarkus backend for platform orchestration, a Python/FastAPI analysis service for triage and remediation, and a React/TypeScript frontend for user interaction. LLM orchestration supports OpenAI, Azure OpenAI, Anthropic Claude, and any OpenAI-compatible endpoint. - -### Can Pixee work with my existing scanners? - -Yes. Pixee ingests findings from 12 natively integrated scanners (CodeQL, Semgrep, Checkmarx, Veracode, Snyk, SonarQube, and others) plus any tool that produces SARIF output. - -### How does Pixee deliver fixes? - -Every fix is delivered as a pull request on your existing platform (GitHub, GitLab, Azure DevOps, or Bitbucket). There is no direct commit mode. Your existing code review, CI/CD, and branch protection rules all apply. - -### Can Pixee run in an air-gapped environment? - -Yes. Pixee supports fully air-gapped deployment with a customer-hosted LLM. No code leaves the customer's environment. The only outbound connection is license validation, which can be routed through a proxy. - -### What happens if I stop using Pixee? - -All previously merged fixes remain as standard code in your repositories. There is no runtime dependency on Pixee. Removing Pixee does not affect any code that has already been merged. diff --git a/docs/platform/remediation.md b/docs/platform/remediation.md index 50a0646e..03e23124 100644 --- a/docs/platform/remediation.md +++ b/docs/platform/remediation.md @@ -1,99 +1,99 @@ --- -title: Remediation Capabilities +title: Remediation slug: /platform/remediation -track: leader -content_type: conceptual +track: both +content_type: guide seo_title: "Automated Vulnerability Remediation | 76% Merge Rate" -description: How Pixee generates security fixes using deterministic codemods and AI-powered generation with independent quality evaluation. +description: How Pixee generates security fixes using deterministic codemods and AI-powered MagicMods with independent quality evaluation. sidebar_position: 4 --- -Pixee generates validated security fixes and delivers them as pull requests. The hybrid-intelligence engine routes each vulnerability to the best fix method: deterministic codemods handle known patterns with zero AI variance, while AI-powered MagicMods handle novel and complex scenarios. Every fix passes independent quality evaluation before reaching a developer, and every change ships as a standard PR through your existing code review workflow. See [Fix Safety](/how-it-works/fix-safety) for merge rate data and [Fix Generation](/how-it-works/fix-generation) for the full codemod library. +Pixee generates validated security fixes and delivers them as pull requests. The hybrid-intelligence engine routes each vulnerability to the best fix method: deterministic codemods handle known patterns with zero AI variance, while AI-powered MagicMods handle novel and complex scenarios. Every fix passes independent quality evaluation before reaching a developer. Across production deployments, 76% of Pixee-generated fixes are merged by development teams after human review. -Remediation is co-equal with [triage](/platform/triage). +Remediation is co-equal with [triage](/platform/triage). Triage determines what is real; remediation fixes what is real. ## Hybrid Intelligence Model -Pixee uses two fundamentally different fix engines, routed automatically based on the vulnerability type: +Pixee uses two fundamentally different fix engines, routed automatically based on vulnerability type: -| Engine | How It Works | When It Fires | Risk Profile | -| -------------------------- | -------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------- | -| **Deterministic codemods** | Pre-built, rule-based code transformations applying OWASP/SANS patterns | Known patterns: SQL injection parameterization, SSRF prevention, insecure deserialization, weak cryptography, insecure temp files, SSL/TLS upgrades | Zero hallucination risk. Same input, same output, every time. | -| **AI-powered MagicMods** | Constrained AI generation with dataflow-bounded context and per-rule knowledge base guidance | Custom frameworks, multi-file dataflow vulnerabilities, novel patterns, context-dependent sanitization | AI-generated, but independently evaluated before reaching a PR. | +| Engine | How It Works | When It Fires | Risk Profile | +|---|---|---|---| +| **Deterministic codemods** | Pre-built, rule-based transformations encoding OWASP/SANS patterns | Known patterns: SQL injection parameterization, SSRF prevention, insecure deserialization, weak cryptography, insecure temp files, SSL/TLS upgrades | Zero hallucination risk. Same input, same output, every time. | +| **AI-powered MagicMods** | Constrained AI generation with dataflow-bounded context and per-rule knowledge base guidance | Custom frameworks, multi-file dataflow vulnerabilities, novel patterns, context-dependent sanitization | AI-generated, independently evaluated before reaching a PR. | -**Routing is automatic.** The system checks whether a deterministic codemod exists for the vulnerability type. If yes, the codemod fires -- sub-second, zero LLM cost. If no deterministic rule can handle it, a MagicMod generates a fix using scanner-aware context. No manual configuration. +Routing is automatic. The system checks whether a deterministic codemod exists for the vulnerability type. If yes, the codemod fires — sub-second, zero LLM cost. If no deterministic rule handles it, a MagicMod generates a fix using scanner-aware context. **Open-source engines.** The deterministic codemod engines (codemodder-java with 51 core codemods, codemodder-python with 60+ core codemods) are publicly inspectable. Customers and auditors can read the transformation rules before trusting them. **Scanner-aware dispatchers.** MagicMod includes scanner-aware dispatchers for each natively integrated scanner. Each dispatcher understands the scanner's output format and rule semantics, so the AI receives the right context for each finding. -Known vulnerability patterns use deterministic codemods. AI-powered generation handles custom framework wrappers, multi-file dataflow vulnerabilities, and context-dependent patterns that require understanding the specific codebase. +## Context Gathering -## Fix Quality Validation +Fix quality is bounded by what the system can see. Context gathering controls this boundary using the same four-tier dataflow quality classification that drives triage accuracy. -Every generated fix passes through an independent quality evaluation before a developer ever sees it. Bad fixes are rejected, not shipped. +| Tier | Description | Gathering Strategy | +|---|---|---| +| **Strong Multi-File** | High-confidence taint propagation across multiple files | Traces full cross-file dataflow; includes all files in the taint path | +| **Strong Single-File** | High-confidence dataflow within a single file | Full file context with highlighted vulnerable region | +| **Weak** | Partial or low-confidence dataflow information | Targeted excerpts around the flagged location | +| **Single-Location** | Only the flagged line, no dataflow available | Surrounding context with heuristic file matching | -**Three-dimension rubric:** - -| Dimension | What It Evaluates | -| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | -| **Safety** | Does the fix introduce breaking changes? Could it cause regressions? Does it preserve the application's existing behavior for legitimate inputs? | -| **Effectiveness** | Does the fix actually resolve the vulnerability? Will the SAST scanner stop flagging this finding after the fix is applied? | -| **Cleanliness** | Does the fix meet code quality standards? Proper formatting, no extraneous changes, preserves existing comments? | +Key capabilities: follows SARIF-based taint propagation across files, highlights the vulnerable region with inline markers, adapts between whole-file and targeted excerpts based on file size, and merges consecutive vulnerable regions to reduce token cost. -An independent evaluator scores every fix on Safety, Effectiveness, and Cleanliness before it reaches a PR. Fixes that fail are retried with structured feedback or suppressed entirely. Scores that pass are included in the PR description so developers can see them. See [Fix Safety](/how-it-works/fix-safety) for the full rubric and process. - -## Multi-Agent Fix Planning - -Security fixes are not always single-file, single-line changes. A vulnerable dependency may require upgrading a library version in a manifest file, updating import statements in source files, and refactoring call sites that use changed APIs -- all as a single, atomic change. - -Pixee decomposes complex fixes across specialized agents rather than cramming everything into a single AI prompt: +## Fix Evaluation -- **Version decision logic** -- determines which library version to target based on the vulnerability, framework compatibility, and runtime constraints -- **Source file identification** -- uses the vulnerability's dataflow evidence to identify which source files are affected -- **Manifest declaration updates** -- locates the exact line in the manifest file that needs to change +Every generated fix passes through an independent quality gate before a developer sees it. Bad fixes are rejected, not shipped. -The fix plan itself is evaluated for quality before execution begins. If the plan is incomplete or inconsistent, it receives structured feedback and is refined. Plans that cannot reach acceptable quality are not executed. +**Three-dimension rubric:** -The result is a single pull request that contains the manifest version bump AND the downstream source-file changes. No "upgrade succeeded, tests broken" half-states. +| Dimension | What It Checks | Why It Matters | +|---|---|---| +| **Safety** | No breaking changes, no regressions, no unintended side effects | Prevents the fix from creating new problems | +| **Effectiveness** | Correctly resolves the security vulnerability | Prevents cosmetic changes that leave the vulnerability open | +| **Cleanliness** | Proper formatting, no extraneous changes, preserves existing code | Prevents unnecessary diff noise that frustrates reviewers | -## Developer Experience +**Architectural independence.** The evaluator runs as a separate inference call — the generator does not grade its own work. This is not self-critique from the same model. The separation prevents the "grading your own homework" failure mode. -Fixes ship as native pull requests on GitHub, GitLab, Azure DevOps, or Bitbucket. A typical fix is 1-5 lines. Developers review, modify, or reject like any other code change. Your code review policies, CI/CD pipelines, SAST re-scanning, and branch protection rules all apply. +**Retry and suppression.** Fixes that fail evaluation receive specific reasoning and suggestions. The generator uses this feedback to produce a better fix. If a fix still cannot pass after retries, it is suppressed entirely — the developer never sees it. -Standard `git revert` applies if any merged change needs to be undone. There is no runtime dependency -- removing Pixee leaves all previously merged fixes intact as standard code in your repository. +**Quality scores are visible.** When a fix passes evaluation and reaches a PR, the Safety, Effectiveness, and Cleanliness scores are included in the PR description. Transparency builds trust over time. -## Language and Scanner Coverage +## Multi-Agent Fix Planning -| Coverage Type | Details | -| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | -| **Languages** | Java, Python, JavaScript/TypeScript, .NET/C#, Go, PHP | -| **Native scanner integrations** | 12 (CodeQL, SonarQube, Checkmarx, Veracode, Snyk, Semgrep, AppScan, Polaris, GitLab SAST, Trivy, Datadog SAST, Arnica SAST) | -| **Universal SARIF** | Any SARIF-producing scanner (50+ validated) | -| **Platforms** | GitHub, GitLab, Azure DevOps, Bitbucket | +Some security fixes span multiple files. A vulnerable dependency may require upgrading the library version in a manifest file, updating import statements, and refactoring call sites — all as a single, atomic change. -Deterministic codemod coverage is deepest for Java (51+ codemods) and Python (60+ codemods), which together cover the most common enterprise vulnerability patterns. JavaScript/TypeScript, .NET, Go, and PHP have expanding codemod libraries supplemented by AI-powered generation for patterns not yet covered by deterministic rules. +Pixee decomposes complex fixes across specialized agents rather than cramming everything into a single AI prompt: -Fixes are generated regardless of which scanner found the vulnerability. SCA findings flow through the same remediation pipeline as SAST findings -- see [SCA Capabilities](/platform/sca) for dependency-specific details. +- **Version decision logic** — determines which library version resolves the vulnerability while maintaining compatibility +- **Source file identification** — uses the vulnerability's dataflow evidence to identify which source files need edits +- **Manifest declaration updates** — locates the exact line in the manifest file that needs to change -## Frequently Asked Questions +The fix plan is evaluated for quality before execution begins. Plans that are incomplete or inconsistent receive structured feedback and are refined. Plans that cannot reach acceptable quality are not executed. -### What is a good merge rate for automated security fixes? +The result is an atomic PR: manifest change plus source-file refactoring in a single pull request. No "upgrade succeeded, tests broken" half-states. -Merge rate is measured on production pull requests, not theoretical accuracy. The rate reflects the combined effect of deterministic codemods for known patterns, independent quality evaluation for AI-generated fixes, and context-aware fix generation that matches codebase conventions. See [Fix Safety](/how-it-works/fix-safety) for current merge rate data. +## Developer Experience -### How do AI-generated code fixes get validated before merging? +Fixes ship as native pull requests on GitHub, GitLab, Azure DevOps, or Bitbucket. A typical Pixee PR includes: -Every fix passes through an independent quality evaluation scoring Safety (no breaking changes), Effectiveness (resolves the vulnerability), and Cleanliness (code quality). The evaluator is a separate inference call -- it does not share context with the generator. Fixes that fail are retried with structured feedback or suppressed. Developers see only pre-validated fixes. +- **Code diff** — usually 1-5 lines adding input validation, parameterized queries, or safe API calls +- **Vulnerability context** — what the scanner found and why it matters +- **Quality scores** — Safety, Effectiveness, and Cleanliness scores from the evaluation gate +- **Fix rationale** — why this specific remediation approach was chosen -### What is the scope of Pixee's fixes? +Developers review, modify, reject, or merge like any other code change. Your code review policies, CI/CD pipelines, SAST re-scanning, and branch protection rules all apply. -Pixee fixes SAST-identified security issues -- typically 1-5 lines applying established OWASP/SANS patterns. It uses deterministic codemods for known patterns and AI-powered generation with independent evaluation for novel patterns. All fixes are delivered as pull requests through your existing code review process. +Standard `git revert` applies if any merged change needs to be undone. There is no runtime dependency — removing Pixee leaves all previously merged fixes intact as standard code in your repository. -### What happens when the AI generates a bad fix? +## Language and Scanner Coverage -The independent fix evaluation gate catches it. Fixes that fail the Safety, Effectiveness, or Cleanliness evaluation are retried with structured feedback. If the fix still cannot pass after retries, it is suppressed entirely -- the developer never sees it. For fixes that pass evaluation and reach a PR, developers review and decide whether to merge. Standard `git revert` applies to anything merged that needs to be undone. +| Coverage Type | Details | +|---|---| +| **Languages** | Java, Python, JavaScript/TypeScript, .NET/C#, Go, Ruby, PHP, Kotlin, Rust, Scala, Swift + IaC (Terraform, Dockerfile, K8s/Helm, CloudFormation) | +| **Native scanner integrations** | 13 (CodeQL, SonarQube, Checkmarx, Veracode, Snyk Code, Semgrep, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy) | +| **Universal SARIF** | Any SARIF-producing scanner (50+ validated) | +| **Platforms** | GitHub, GitLab, Azure DevOps, Bitbucket | -### Does Pixee fix dependency vulnerabilities too? +Deterministic codemod coverage is deepest for Java (51+ codemods) and Python (60+ codemods). JavaScript/TypeScript, .NET, Go, and PHP have expanding codemod libraries supplemented by AI-powered generation for patterns not yet covered by deterministic rules. -Yes. SCA findings flow through the same remediation pipeline as SAST findings. Dependency upgrades include both the manifest version bump and any downstream source-file changes in a single atomic PR. See [SCA Capabilities](/platform/sca) for full details. +SCA findings flow through the same remediation pipeline as SAST findings — see [SCA](/platform/sca) for dependency-specific details. diff --git a/docs/platform/sca.md b/docs/platform/sca.md index f48938a9..0c0d7b5e 100644 --- a/docs/platform/sca.md +++ b/docs/platform/sca.md @@ -1,94 +1,94 @@ --- -title: SCA Capabilities +title: SCA slug: /platform/sca -track: leader -content_type: conceptual -seo_title: "SCA Triage & Remediation | Dependency Vulnerabilities" -description: How Pixee applies exploitability analysis to dependency vulnerabilities and delivers atomic upgrade PRs with code-level fixes. +track: both +content_type: guide +seo_title: "SCA Triage & Remediation | Dependency Vulnerability Verification" +description: How Pixee verifies CVE exploitability in your codebase and delivers atomic dependency upgrade PRs with code-level fixes. sidebar_position: 5 --- -Pixee applies the same triage and remediation model to third-party dependency vulnerabilities that it applies to first-party code findings. When your existing SCA tools flag a CVE, Pixee determines whether the vulnerability is actually exploitable in your specific codebase -- not just whether the version is affected. Confirmed vulnerabilities get atomic upgrade PRs that include both the manifest version bump and any downstream source-file changes. The result: 85% SCA noise reduction and 90% less triage time. +Pixee applies the same triage and remediation model to third-party dependency vulnerabilities that it applies to first-party code findings. When your SCA tools flag a CVE, Pixee determines whether the vulnerability is actually exploitable in your specific codebase — not just whether the version is affected. Confirmed vulnerabilities get atomic upgrade PRs that include both the manifest version bump and any downstream source-file changes. -SCA capabilities are part of Pixee's unified pipeline. SAST and SCA findings flow through the same triage and [remediation](/platform/remediation) infrastructure -- no separate tools, no context-switching between first-party and third-party vulnerabilities. +SCA findings flow through the same triage engine, remediation pipeline, and PR delivery as SAST findings. No separate tools, no context-switching between first-party and third-party vulnerabilities. ## Version Matching vs. Exploitability Standard SCA tools flag every CVE associated with an affected dependency version, regardless of actual exploitability: - **Version matching is not vulnerability matching.** A CVE may require specific configuration or API usage that your code never exercises. -- **CVSS scores carry zero codebase context.** A CVSS 9.8 in a library where the vulnerable function is never called does not represent a 9.8 in the application. +- **CVSS scores carry zero codebase context.** A CVSS 9.8 in a library where the vulnerable function is never called does not represent a 9.8 in your application. -## Exploitability Verification for Dependencies +Pixee answers "Can this CVE actually be triggered in this codebase?" — not just "Is this version theoretically affected?" -Pixee answers "Can this CVE actually be triggered in this codebase?" -- not just "Is this version theoretically affected?" +## CVE Exploitability Verification -**How exploitability verification works:** +**How it works:** -| Step | What Happens | -| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **1. External research** | A CVE research agent gathers CVE details, changelogs, patches, and release notes to identify the specific conditions required for exploitation | -| **2. Internal analysis** | The triage agent examines how the library is actually used in your code -- which functions are called, what input reaches them, what security controls exist | -| **3. Evidence-based classification** | Every "Not Exploitable" includes the conditions the CVE requires, analysis of each condition against your code, code snippets demonstrating why conditions are or are not met, and a defensible conclusion | -| **4. Cache acceleration** | Verified CVE+dependency combinations are cached. The same analysis is not repeated across repositories sharing common dependencies | +| Step | What Happens | +|---|---| +| **1. External research** | A CVE research agent gathers CVE details, changelogs, patches, and release notes to identify the specific conditions required for exploitation | +| **2. Internal analysis** | The triage agent examines how the library is actually used in your code — which functions are called, what input reaches them, what security controls exist | +| **3. Evidence-based classification** | Every "Not Exploitable" verdict includes the conditions the CVE requires, analysis of each condition against your code, code snippets demonstrating why conditions are or are not met, and a defensible conclusion | +| **4. Cache acceleration** | Verified CVE+dependency combinations are cached. The same analysis is not repeated across repositories sharing common dependencies | **Concrete example:** A scanner flags a Spring WebFlux static resource authorization bypass (CVSS 6.9). The CVE requires three conditions: WebFlux controllers, Spring static resource handling, and a non-permitAll security rule. Pixee's analysis finds no WebFlux controllers, no Spring static resource APIs, and no non-permitAll protection rules. Two of three conditions are unmet. Classification: Not Exploitable, with the evidence. -This is the difference between reachability ("does a code path exist?") and exploitability ("can an attacker actually walk it?"). Reachability is necessary but not sufficient. Pixee layers data flow analysis and condition verification on top of call-graph analysis to answer the question that matters. +**The three approaches compared:** -## Dependency Remediation - -When an SCA finding is triaged as a true positive, Pixee handles the fix through the same remediation pipeline as SAST findings: - -**Justified upgrades only.** The dependency agent bumps a version only when a verified vulnerability and exploitable path justify the change. No blind version bumping. - -**Atomic PRs.** A single Pixee PR contains both the manifest version bump AND the downstream source-file changes the upgrade requires. When a major version upgrade changes an API, the import statements and call sites are updated in the same diff. No "upgrade succeeded, tests broken" half-states. - -**Multi-manifest support:** +| Approach | What It Tells You | What It Misses | +|---|---|---| +| **Version matching** (legacy SCA) | "This dependency version has a known CVE" | Whether the vulnerable function is called, whether exploitation conditions are met, whether security controls mitigate the risk | +| **Basic reachability** | "The vulnerable function is reachable from your code" | Exploitation preconditions, input validation, configuration states | +| **Exploitability verification** (Pixee) | "This CVE requires conditions X, Y, Z. Your code meets/does not meet each one. Here is the evidence." | — | -| Language | Supported Manifest Formats | -| ---------- | -------------------------------------------------------------- | -| Python | requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg | -| Java | pom.xml, build.gradle | -| JavaScript | package.json | -| .NET | .csproj, packages.config | +## Verification Cache -**Fix evaluation gate.** The same three-dimension quality rubric (Safety, Effectiveness, Cleanliness) that validates SAST fixes also validates dependency upgrade PRs. The evaluator confirms the upgrade resolves the vulnerability without introducing breaking changes. +Verified CVE+dependency combinations are cached for reuse across repositories. Organizations with many repositories sharing common dependencies verify once, not N times. -**Multi-file coordination.** The fix planning system coordinates across manifest files, source files, and configuration. Complex dependency upgrades that require code changes alongside the version bump are handled as a single, reviewable unit of work. +- Significantly reduces cost for repeated CVE analysis +- Cache remains valid until CVE data or dependency context changes +- Particularly valuable for large enterprises where dozens of repositories import the same libraries ## Transitive Dependency Handling -Modern applications have hundreds to thousands of transitive dependencies. A vulnerability four layers deep through an unused code path is not the same risk as a direct exposure. +Transitive dependencies require full chain analysis. A vulnerability four layers deep through an unused code path carries different risk than a direct exposure. -Pixee handles transitive dependencies through full chain analysis: +**Key concepts:** -**Full chain tracing.** Traces the dependency chain from your application root through every intermediate library to the vulnerable package. Not just "library X has CVE Y" but "your app imports A, which imports B, which imports the vulnerable function in C." +- **TID (Taint Introducing Dependency):** The direct dependency in your manifest that begins the chain to the vulnerable transitive dependency. This tells developers exactly which dependency to upgrade. +- **TCD (Taint Consuming Dependency):** The package that actually contains the vulnerable code. +- **Severity calibration by depth:** Risk is adjusted based on the depth and nature of the dependency chain. +- **Blast radius analysis:** When multiple taint-initiating dependencies lead to the same vulnerable transitive dependency, Pixee surfaces the combined exposure. -**TID identification.** Pixee surfaces the Taint Introducing Dependency -- the direct dependency in your manifest that begins the chain to the vulnerable transitive dependency. This tells developers exactly which dependency to address. +Pixee traces the full dependency chain from your application root through every intermediate library to the vulnerable package. Developers get a direct answer: which dependency in your manifest to upgrade. -**Severity calibration by depth.** Risk is adjusted based on the depth and nature of the dependency chain. A vulnerability in a direct dependency with proven reachability is higher risk than the same CVE four layers deep through an unused code path. - -**Combined blast radius.** When multiple dependencies lead to the same vulnerable transitive dependency, Pixee surfaces the combined exposure so teams understand the full scope. - -## Unified Pipeline - -SCA and SAST findings flow through the same triage engine, remediation pipeline, and PR delivery. SAST results inform SCA risk scoring -- a SAST finding in code that calls a vulnerable dependency function changes the exploitability calculus. No context-switching between tools, no separate dashboards. +## Dependency Remediation -## Frequently Asked Questions +When an SCA finding is confirmed as exploitable, Pixee generates a justified upgrade — not a blind version bump. -### What is reachability analysis for SCA findings? +**Justified upgrades only.** The dependency agent bumps a version only when a verified vulnerability and exploitable path justify the change. -Reachability analysis checks whether a vulnerable function in a dependency is reachable from your application code. Pixee goes further with exploitability analysis -- determining whether the specific conditions required to trigger the CVE are actually met in your codebase, not just whether a code path exists. The difference matters: a reachable function protected by a sanitizer is reachable but not exploitable. +**Multi-manifest support:** -### How does Pixee handle transitive dependencies? +| Language | Supported Manifest Formats | +|---|---| +| **Python** | requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg | +| **Java** | pom.xml, build.gradle | +| **JavaScript** | package.json | +| **.NET** | .csproj, packages.config | -Pixee traces the full dependency chain from your application through every intermediate library to the vulnerable package. It identifies exactly which direct dependency in your manifest to upgrade and coordinates manifest changes with downstream source-file refactoring in a single atomic PR. +**Atomic PRs.** A single Pixee PR contains both the manifest version bump AND the downstream source-file changes the upgrade requires. When a major version upgrade changes an API, the import statements and call sites are updated in the same diff. No "upgrade succeeded, tests broken" half-states. -### Does Pixee replace my existing SCA tool? +**Fix evaluation gate.** The same three-dimension quality rubric (Safety, Effectiveness, Cleanliness) that validates SAST fixes also validates dependency upgrade PRs. -No. Pixee sits downstream of your existing SCA tools (Snyk, Trivy, and others). Your scanners continue to detect dependency vulnerabilities. Pixee adds exploitability verification and automated remediation on top. You do not need to change your detection stack. +## Cross-Tool Intelligence -### What happens when a dependency upgrade would break my code? +The SCA pipeline benefits from Pixee's unified platform architecture. SAST and SCA findings share context and inform each other: -Pixee's dependency agent does not blindly upgrade to the latest version. It analyzes changelog data, API changes, and framework compatibility to select the right target version. The fix planning system includes downstream source-file changes in the same PR when an upgrade changes APIs. The fix evaluation gate validates that the upgrade does not introduce breaking changes before the PR is created. +| Intelligence Source | What It Provides | +|---|---| +| **SAST results** | Inform SCA risk scoring — a dependency vulnerability in code that also has SAST findings carries compounded risk | +| **Historical triage decisions** | Prevent re-triaging the same CVEs across repositories | +| **Secure coding guidelines** | Team preferences in natural language enrich SCA analysis | +| **GitHub PRs and Jira tickets** | Previous SCA upgrade context provides upgrade history | diff --git a/docs/platform/scanner-integration.md b/docs/platform/scanner-integration.md new file mode 100644 index 00000000..bd4f4f86 --- /dev/null +++ b/docs/platform/scanner-integration.md @@ -0,0 +1,97 @@ +--- +title: Scanner Integration +slug: /platform/scanner-integration +track: both +content_type: guide +seo_title: "Scanner Integration | 13 Native Scanners + Universal SARIF" +description: How Pixee integrates with 13 native scanners and any SARIF-producing tool. Two-tier integration architecture and metadata extraction. +sidebar_position: 7 +--- + +Pixee integrates with 13 natively supported scanners and any SARIF-producing tool through a two-tier architecture. Dedicated handlers extract scanner-specific metadata from tools like CodeQL, Semgrep, and Checkmarx for maximum triage accuracy. Universal SARIF ingestion handles everything else — including proprietary and internal scanners — with zero pre-built integration required. + +Pixee does not replace your scanners. It sits downstream of them. Your existing SAST tools continue to scan your code exactly as they do today. Pixee consumes each tool's output, triages every finding, and delivers remediation as pull requests for confirmed vulnerabilities. + +## Two-Tier Integration Architecture + +**Tier 1 — Native (Dedicated) Handlers.** For the most widely deployed SAST tools, Pixee has dedicated handlers that extract scanner-specific metadata. Each handler understands the idiosyncrasies of that tool's SARIF output — where rule descriptions live, whether dataflow traces are available, and what metadata the scanner includes or omits. Richer metadata extraction means higher triage accuracy. + +**Tier 2 — Universal SARIF Ingestion.** For any scanner that produces SARIF output (the OASIS open standard for static analysis results), Pixee ingests findings automatically. No pre-built integration required. The system dynamically adapts its handling strategy based on whatever metadata the SARIF contains. + +Both tiers feed into the same downstream [triage](/platform/triage) and [remediation](/platform/remediation) pipeline. + +## Deep Scanner Integrations + +### CodeQL (GitHub Advanced Security) + +- Extracts **codeFlows** — multi-step source-to-sink dataflow traces that give the triage engine full dataflow context +- Handles CodeQL's non-standard SARIF behavior where rule metadata is stored on `tool.extensions` rather than `driver` +- Extracts `help.markdown` from rule metadata for rich vulnerability descriptions +- Pre-configured handlers for common CodeQL rules + +### Semgrep + +- Extracts `fullDescription.text` for rule explanations used in triage context +- Supports both Semgrep OSS and Semgrep Pro rule output + +### Checkmarx + +- Compensates for Checkmarx's sparse SARIF output (minimal rule descriptions, no codeFlows) +- Uses a rule-ID-only prompting strategy that routes findings to the adaptive triage pipeline, which re-derives context directly from the codebase +- Includes Checkmarx-specific remediation codemods (SQL parameterization for .NET and JavaScript, NoSQL parameterization for JavaScript) + +## Standard Scanner Integrations + +| Scanner | Status | Integration Method | +|---|---|---| +| **Veracode** | GA | SARIF pipeline with tool-specific identification | +| **Snyk Code** | GA | SARIF pipeline with MagicMod dispatcher support | +| **SonarQube / SonarCloud** | GA | SARIF pipeline with dedicated prompt builders | +| **HCL AppScan** | GA | SARIF ingestion pipeline | +| **Polaris (Synopsys)** | GA | SARIF ingestion pipeline | +| **Fortify** | GA | SARIF ingestion pipeline | +| **Contrast** | GA | SARIF ingestion pipeline | +| **GitLab SAST** | GA | SARIF pipeline with dedicated namespace | +| **GitLab SCA** | GA | SARIF pipeline | +| **Trivy** | GA | SARIF pipeline with MagicMod dispatcher support | +| **DefectDojo** | GA | SARIF pipeline (aggregates findings from multiple scanners) | + +All 13 named scanners are GA. See individual scanner integration pages under [Integrations](/integrations/integrations-overview) for per-tool setup guides. + +## Universal SARIF Support + +Any scanner that produces SARIF output works with Pixee — no pre-built integration required. + +**SARIF** (Static Analysis Results Interchange Format) is the OASIS open standard for static analysis results. Most modern SAST, SCA, and secret-scanning tools produce SARIF output natively or via converters. + +- Internal and proprietary scanners that output SARIF work out of the box +- New commercial scanners are supported on day one if they produce SARIF +- The system dynamically adapts its handling strategy based on available metadata +- Resilient processing degrades gracefully on malformed or novel tool output + +Over 50 scanner tools have been validated via this path. + +## What Metadata Matters + +Triage accuracy scales with the richness of metadata each scanner includes in its SARIF output. + +| Metadata Type | Which Scanners Provide It | How Pixee Uses It | +|---|---|---| +| **codeFlows** (dataflow paths) | CodeQL (multi-step source-to-sink) | Full dataflow context for triage | +| **Rule descriptions** | Semgrep (fullDescription.text), CodeQL (help.markdown) | Enriches triage context with rule semantics | +| **Severity ratings** | Most scanners | Input to context-aware severity adjustment | +| **Language tags** | Most scanners | Routes to language-specific codemods and analysis strategies | +| **Rule ID only** (minimal metadata) | Checkmarx, some internal tools | Triggers adaptive triage that re-derives context from the codebase | + +Rich-metadata scanners get deep extraction. Sparse-metadata scanners get compensatory strategies. No scanner is left behind. + +## Platform Integrations + +| Platform | SARIF Ingestion | Native CodeQL/GHAS | Notes | +|---|---|---|---| +| **GitHub** | Full support | Deep integration | CodeQL findings via GHAS API or SARIF upload | +| **GitLab** | Full support | Via SARIF upload | GitLab SAST has dedicated namespace | +| **Azure DevOps** | Full support | Via SARIF upload | Standard SARIF pipeline | +| **Bitbucket** | Full support | Via SARIF upload | Standard SARIF pipeline | + +All scanner integrations are available across SaaS and Enterprise deployment models. diff --git a/docs/platform/security.md b/docs/platform/security.md index 2442ba4a..88fa5aa7 100644 --- a/docs/platform/security.md +++ b/docs/platform/security.md @@ -1,160 +1,124 @@ --- title: "Security & Trust" slug: /platform/security -track: leader -content_type: conceptual +track: both +content_type: guide seo_title: "Security & Trust | Pixee AI Safety and Guardrails" description: How Pixee validates AI-generated fixes, protects your code, and preserves human authority. Fix validation layers, data handling, and deployment models. sidebar_position: 6 --- -Pixee applies multiple independent validation layers before any AI-generated code change reaches a developer. Every fix must pass automated quality evaluation, and every fix ships as a pull request -- never a direct commit. Your existing code review, CI/CD pipelines, and SAST re-scanning all apply to Pixee changes exactly as they do to human-written code. The result: defense-in-depth controls that Responsible AI Councils, compliance officers, and engineering leaders can verify. See [Fix Safety](/how-it-works/fix-safety) for merge rate data. - -This page details what data Pixee accesses, where it goes, what controls prevent bad output, and how the architecture differs from general-purpose AI coding tools. If you are evaluating whether AI-generated code changes can be trusted in production, this is the page to read most carefully. +Pixee applies multiple independent validation layers before any AI-generated code change reaches a developer. Every fix passes automated quality evaluation, and every fix ships as a pull request — never a direct commit. Your existing code review, CI/CD pipelines, and SAST re-scanning all apply to Pixee changes exactly as they do to human-written code. The measured result: a 76% merge rate on production deployments. ## Trust Framework Pixee's trust model rests on three governing principles: -**1. Narrow scope.** Pixee fixes SAST-identified security issues -- typically 1-5 lines adding input validation, parameterized queries, or safe API calls. It does not write features, generate business logic, or create new functionality. +**1. Narrow scope.** Pixee fixes SAST-identified security issues — typically 1-5 lines adding input validation, parameterized queries, or safe API calls. It does not write features, generate business logic, or create new functionality. **2. Defense in depth.** No single validation layer is considered sufficient. Multiple independent checks operate in sequence: constrained generation, independent evaluation, pull request review, CI/CD testing, and SAST re-scanning. If one layer misses something, the next catches it. -**3. Human authority preserved.** Pixee adds validation layers BEFORE changes reach your existing review process. Developers always have final approval. There is no mode, setting, or override that bypasses human review. - -These three principles produce the following architecture: - -## Fix Quality Validation - -Every fix passes through three independent layers before reaching a developer: - -### Layer 1: Constrained Generation - -The AI receives only security-relevant code context alongside established OWASP/SANS remediation patterns. No customer proprietary information is used in pattern libraries -- only industry-standard security guidance. This constrains the solution space to known-good security patterns rather than open-ended code generation. - -For common vulnerability patterns, generation is entirely deterministic. Pre-built codemods apply rule-based transformations with zero LLM involvement. Same input, same output, every time. These fixes carry zero hallucination risk by design. - -### Layer 2: Independent Evaluation - -A separate inference call -- structurally independent from the generator -- scores every fix on three dimensions: - -| Dimension | What It Checks | -| ----------------- | -------------------------------------------------------------------------------------------------------------------------- | -| **Safety** | No behavior changes beyond fixing the vulnerability. No breaking API changes, missing imports, or unintended side effects. | -| **Effectiveness** | Correctly addresses the security issue. The SAST scanner should stop flagging this finding after the fix is applied. | -| **Cleanliness** | Proper formatting, indentation, no extraneous changes. Preserves existing comments and code structure. | - -A fix must pass all three dimensions. This is not an aggregate score that lets a dangerous fix through because it scored well on formatting. See [Fix Safety](/how-it-works/fix-safety) for merge rate data. - -The critical design choice: the evaluator runs as a structurally independent inference call -- separate context window, separate system prompt, separate scoring rubric -- not the same process that generated the fix. This independence prevents the generator from grading its own work. For security leaders accustomed to defense-in-depth thinking, this is a familiar pattern -- multiple independent controls, no single point of reliance. +**3. Human authority preserved.** Pixee adds validation layers before changes reach your existing review process. Developers always have final approval. There is no mode, setting, or override that bypasses human review. -**What happens when a fix fails:** The evaluator produces specific reasoning and suggestions. The generator uses this feedback to produce a better fix. If the fix still cannot pass after retries, it is suppressed entirely -- the developer never sees it, and the suppression reasoning is logged. +## Deterministic vs. AI Fixes -### Layer 3: Customer Control Integration +This distinction is the most important concept on this page. -All changes are delivered as pull requests. Your controls then apply: +| Dimension | Deterministic Codemods | AI-Generated MagicMods | +|---|---|---| +| **Input/output predictability** | Identical output every time | Output varies based on context; constrained by dataflow-bounded input | +| **Scope** | Known vulnerability patterns (SQL injection, XSS, SSRF, deserialization, etc.) | Novel, custom, and multi-file patterns | +| **Hallucination risk** | Zero | Mitigated by independent evaluation and retry/suppression | +| **Validation requirement** | Pre-validated by design; open-source engines inspectable | Mandatory independent evaluation gate | +| **LLM involvement** | None | Constrained generation with per-rule knowledge base guidance | -- Code review by your development team -- CI/CD pipeline execution (tests, builds, linting) -- SAST re-scanning of the proposed fix by the same tools that found the original vulnerability -- Branch protection rules and merge requirements you have configured +**Deterministic codemods** handle known vulnerability patterns — SQL injection parameterization, SSRF prevention, insecure deserialization, weak cryptography, and more. These are pre-built, rule-based transformations with zero LLM involvement. The open-source engines (codemodder-java, codemodder-python) are publicly inspectable — your security team or auditors can review the transformation rules before deployment. -Pixee adds validation layers before your existing gates. It does not replace or bypass any of them. +**AI-powered MagicMods** fire only when deterministic rules cannot reach — custom framework wrappers, multi-file dataflow vulnerabilities, novel patterns. Every MagicMod fix passes through the full independent evaluation pipeline. -## Hybrid Intelligence Architecture +Routing between modes is automatic — no manual configuration. -Pixee does not rely on AI for every fix. The system uses a hybrid model with direct trust implications: +## Independent Fix Evaluation -**Deterministic codemods** handle known vulnerability patterns -- SQL injection parameterization, SSRF prevention, insecure deserialization, weak cryptography, and more. These are pre-built, rule-based transformations with zero LLM involvement. Zero hallucination risk. Reproducible output. The open-source engines (codemodder-java, codemodder-python) are publicly inspectable -- your security team or auditors can review the transformation rules before deploying Pixee. See [Fix Generation](/how-it-works/fix-generation) for the full codemod library. +Every AI-generated fix passes through an independent quality gate before a developer sees it. -**AI-powered MagicMods** fire only when deterministic rules cannot reach -- custom framework wrappers, multi-file dataflow vulnerabilities, novel patterns. Every MagicMod fix passes through the full independent evaluation pipeline. Deterministic codemods do not need this gate because their output is pre-validated by design. AI fixes earn their way through. +**Separate inference call, not self-critique.** The evaluator runs as a structurally independent inference call — separate context window, separate system prompt, separate scoring rubric — not the same process that generated the fix. This prevents the "grading your own homework" failure mode. -Deterministic codemods carry zero AI risk. AI-generated fixes receive additional validation through the independent evaluation pipeline. +**Three-dimension rubric:** -## Triage and Remediation Trust Architecture +| Dimension | What It Checks | +|---|---| +| **Safety** | No behavior changes beyond fixing the vulnerability. No breaking API changes, missing imports, or unintended side effects. | +| **Effectiveness** | Correctly addresses the security issue. The SAST scanner should stop flagging this finding after the fix is applied. | +| **Cleanliness** | Proper formatting, indentation, no extraneous changes. Preserves existing comments and code structure. | -Beyond fix validation, the triage and remediation engines each embed trust-specific design choices: +**All three dimensions must pass.** This is not an aggregate score that lets a dangerous fix through because it scored well on formatting. -**Triage: beyond reachability.** Many tools stop at checking whether a vulnerable function is reachable. Pixee evaluates dataflow quality, production versus test classification, security control detection, and severity adjustment. Every verdict includes code snippets showing the evidence. Auditors can see exactly why a finding was classified as it was. The three-tier progressive architecture (deterministic, agentic, adaptive) means most findings resolve at Tier 1 with zero LLM cost and reproducible, auditable verdicts. See [Triage Capabilities](/platform/triage) for full details. +**Structured feedback loop.** Fixes that fail receive specific reasoning. The generator uses this feedback to produce a better fix. If a fix still cannot pass after retries, it is suppressed entirely — with the suppression reasoning logged. -**Remediation: multi-agent fix planning.** Complex multi-file fixes are planned before execution by specialized agents handling version decisions, source file identification, and manifest updates independently. Plans are evaluated for quality before code changes begin. The result: atomic PRs with no half-done upgrades. See [Remediation Capabilities](/platform/remediation) for full details. +## Your Existing Gates Still Apply -## Human-in-the-Loop Design +Pixee adds validation before your existing quality controls. It does not replace them. -PR-only workflow is a non-negotiable architectural constraint, not an optional configuration: +After Pixee creates a PR: -- **Never direct commits.** No mode, setting, or override allows direct branch commits. -- **Full diff visibility.** Developers see what changed, why, and the quality scores. -- **SAST re-scanning.** The same tools that found the vulnerability scan the fix. -- **Standard Git rollback.** `git revert` applies to any merged change. -- **No lock-in.** Removing Pixee leaves all merged fixes intact. No runtime dependency. +1. **Code review** by your development team +2. **CI/CD pipeline execution** — tests, builds, and any other automated checks +3. **SAST re-scanning** by the same tools that found the original vulnerability +4. **Branch protection rules** and merge requirements you have configured -## Data Handling and Privacy +Every Pixee change flows through your full approval pipeline. PR-only delivery is an architectural constraint — there is no mode, setting, or override that allows direct branch commits. -What data Pixee accesses, and what it does not: +## Data Handling -**Input scope limitation.** Only code relevant to the specific vulnerability is sent to AI models -- not entire repositories. File paths are relative to project root only. No absolute paths, repository URLs, git metadata, commit hashes, or author information are sent. - -**Adversarial input protection.** Code analyzed by an LLM is itself a potential attack vector -- malicious comments or string literals could attempt prompt injection. Pixee mitigates this through input scope limitation (only vulnerability-relevant snippets sent), independent output validation (separate evaluator catches anomalous fixes), narrow generation scope (constrained to OWASP/SANS patterns), and deterministic-first routing (most fixes use zero-LLM codemods). For the full treatment of adversarial input defense, see [Security Architecture -- Adversarial Input Protection](/enterprise/security-architecture#adversarial-input-protection). +**Input scope limitation.** Only code relevant to the specific vulnerability is sent to AI models — not entire repositories. File paths are relative to project root only. No absolute paths, repository URLs, git metadata, commit hashes, or author information are sent. **Stateless inference.** Each analysis is isolated. A single analysis cannot modify the model, persist across analyses, or affect other applications. -**Customer-controlled AI deployment.** Pixee uses your own AI deployment -- Azure OpenAI, Azure AI Foundry, Anthropic Claude, or any OpenAI-compatible endpoint. Your contractual terms with that provider govern data handling. - -**On-premises deployment.** Pixee deploys entirely on-premises when required. No code leaves your environment. Three deployment models: - -| Model | What It Provides | -| ------------------------- | -------------------------------------------------------------------------------------------------- | -| **Embedded cluster** | Turnkey self-hosted deployment with all infrastructure included. No Kubernetes expertise required. | -| **Helm / BYO Kubernetes** | Deploys into your existing Kubernetes infrastructure (EKS, GKE, AKS, or self-managed). | -| **Air-gapped** | Fully disconnected operation with customer-hosted LLM. Zero outbound internet after installation. | - -## Enterprise Security Concerns Addressed - -Common questions about AI-generated code changes, answered with architectural details. - -### "AI-generated code is too risky for production." - -Most common patterns use deterministic codemods with zero AI involvement. AI-generated fixes pass an independent evaluation gate before a developer sees them. The PR workflow ensures nothing reaches production without human approval. The same SAST tools that found the issue scan the fix. - -### "We cannot send proprietary code to an LLM." - -Pixee sends relevant code snippets -- not entire repositories -- to your own AI deployment. Azure OpenAI and equivalent providers guarantee customer data is not used for model training. For on-premises deployments, code never leaves your infrastructure. The only outbound connection is license validation, which can be proxied. - -### "What types of changes does the AI make?" - -Pixee fixes SAST-identified security vulnerabilities (1-5 lines, OWASP/SANS patterns). Deterministic codemods handle known patterns with zero AI involvement. AI-generated fixes pass an independent evaluation layer before reaching a PR. Fixes that fail quality evaluation are suppressed. - -### "What about data residency?" +**Adversarial input protection.** Code analyzed by an LLM is itself a potential attack vector — malicious comments or string literals could attempt prompt injection. Mitigations: input scope limitation (only vulnerability-relevant snippets sent), independent output validation (separate evaluator catches anomalous fixes), narrow generation scope (constrained to OWASP/SANS patterns), and deterministic-first routing (most fixes use zero-LLM codemods). -Pixee deploys on-premises or in your cloud. AI inference uses your deployment in your region. Only outbound connection: license validation (can be proxied). Air-gapped deployments require zero outbound internet after installation. +**Customer-controlled AI deployment.** Pixee uses your own AI deployment — Azure OpenAI, Azure AI Foundry, Anthropic Claude, or any OpenAI-compatible endpoint. Your contractual terms with that provider govern data handling. -### "Our Responsible AI Council needs to review this." +## Deployment Models -Pixee is designed for exactly this scrutiny. The architecture provides concrete answers to every question a governance committee asks: +| Model | What It Provides | +|---|---| +| **Cloud SaaS** | Pixee-managed infrastructure. Pixee accesses repositories via SCM integration (read-only code access, write access limited to PR creation). | +| **Embedded cluster** | Turnkey self-hosted deployment on a single Linux VM. No Kubernetes expertise required. All data stays in your network. | +| **Helm / BYO Kubernetes** | Deploys into your existing Kubernetes infrastructure (EKS, GKE, AKS, or self-managed). | +| **Air-gapped** | Fully disconnected operation with customer-hosted LLM. Zero outbound internet after installation. | -- **What does the AI generate?** Security fixes only -- 1-5 line changes applying OWASP/SANS patterns. -- **Who validates the output?** An independent evaluation layer (separate inference call), then your developers via PR review, then your CI/CD and SAST re-scanning. -- **Can it bypass human approval?** No. PR-only delivery is an architectural constraint, not a configuration option. -- **What data does it access?** Only code relevant to the specific vulnerability. No entire repositories, no PII, no secrets. -- **What if it is wrong?** Fixes that fail quality evaluation are suppressed. Fixes that pass are reviewed by developers. Merged fixes can be reverted with standard Git operations. -- **What is the deterministic floor?** Common vulnerability patterns are fixed with zero AI involvement using publicly inspectable, open-source codemod engines. See [Fix Generation](/how-it-works/fix-generation) for the codemod library. -- **What controls exist on the AI itself?** Constrained generation with security-specific context only, independent evaluation, structured retry with feedback, suppression on failure. +For air-gapped deployments, a customer-hosted LLM is required. The only outbound connection is license validation, which can be proxied. -## Frequently Asked Questions +## Rollback and Reversibility -### Is automated vulnerability remediation safe for production code? +- **Standard git revert.** Every Pixee change is a normal Git commit within a pull request. +- **Full traceability.** All fixes are stored in Git history with complete context. +- **No lock-in dependency.** If Pixee were removed entirely, all previously merged fixes remain as standard code in the repository. +- **Pre-merge rejection is trivial.** Closing a PR without merging discards the proposed change with zero impact. -Every fix passes independent quality evaluation (Safety, Effectiveness, Cleanliness) before reaching a PR. Most common patterns use deterministic codemods with zero AI involvement. Your existing code review, CI/CD, and SAST re-scanning all apply. See [Fix Safety](/how-it-works/fix-safety) for merge rate data. +## Responsible AI Governance -### What happens if an automated fix introduces a bug? +Pixee is designed for AI governance committee review. Concrete answers to common governance questions: -Standard `git revert` applies -- every Pixee change is a normal Git commit within a PR. Fixes are typically 1-5 lines. There is no runtime dependency on Pixee for merged code. +| Question | Answer | +|---|---| +| **What does the AI generate?** | Security fixes only — 1-5 line changes applying OWASP/SANS patterns. | +| **Who validates the output?** | An independent evaluation layer (separate inference call), then your developers via PR review, then your CI/CD and SAST re-scanning. | +| **Can it bypass human approval?** | No. PR-only delivery is an architectural constraint, not a configuration option. | +| **What data does it access?** | Only code relevant to the specific vulnerability. No entire repositories, no PII, no secrets. | +| **What if it is wrong?** | Fixes that fail quality evaluation are suppressed. Fixes that pass are reviewed by developers. Merged fixes can be reverted with standard Git operations. | +| **What is the deterministic floor?** | Common vulnerability patterns are fixed with zero AI involvement using publicly inspectable, open-source codemod engines. | +| **What controls exist on the AI itself?** | Constrained generation with security-specific context only, independent evaluation, structured retry with feedback, suppression on failure. | -### How does Pixee handle my proprietary code? +## Audit Defensibility -Pixee sends only vulnerability-relevant code to AI models, not entire repositories. On-premises deployment keeps all code within your environment. File paths are relative to project root only -- no absolute paths, repository URLs, git metadata, or author information. +For regulated industries, every Pixee fix creates a defensible audit record: -### How accurate are AI-generated security fixes? +- Typed triage verdict (true positive, false positive, won't fix, suspicious) with code-level evidence +- Fix quality scores (Safety, Effectiveness, Cleanliness) on every PR +- Full Git history showing what changed, when, and why +- SAST re-scanning confirmation that the fix does not introduce new findings +- Developer approval recorded in the merge event -Many fixes use deterministic codemods with zero AI variance. AI-generated fixes pass an independent evaluation gate structurally separate from the generator. Fixes that cannot pass are suppressed, not shipped. See [Fix Safety](/how-it-works/fix-safety) for merge rate data. +Compliance teams reviewing automated code changes need to see that the change was validated by independent evaluation, reviewed by a human, tested by CI/CD, and re-scanned by the same tools that found the original issue. Pixee's pipeline provides all four. diff --git a/docs/platform/triage.md b/docs/platform/triage.md index fa06f944..31ad002e 100644 --- a/docs/platform/triage.md +++ b/docs/platform/triage.md @@ -1,107 +1,97 @@ --- -title: Triage Capabilities +title: Triage slug: /platform/triage -track: leader -content_type: conceptual -seo_title: "Triage Automation | Up to 95% False Positive Reduction" -description: How Pixee triages vulnerability findings through three progressive tiers with structured, auditable evidence on every verdict. +track: both +content_type: guide +seo_title: "Automated Vulnerability Triage | Up to 98% False Positive Reduction" +description: How Pixee's three-tier triage engine classifies every vulnerability finding with structured, auditable evidence. sidebar_position: 3 --- -Pixee's triage engine classifies every vulnerability finding as true positive, false positive, or won't-fix through codebase-aware exploitability analysis -- not just pattern matching or reachability checks. The three-tier progressive architecture handles known patterns at sub-second speed, investigates ambiguous cases via AI agents, and generates custom analyzers for novel vulnerability types. The result: up to 95% false positive reduction with structured evidence on every verdict, across findings from 12 native scanner integrations. +Pixee's triage engine classifies every vulnerability finding as true positive, false positive, or won't-fix through codebase-aware exploitability analysis. The three-tier progressive architecture handles known patterns at sub-second speed, investigates ambiguous cases via AI agents, and generates custom analyzers for novel vulnerability types. The result: up to 98% false positive reduction with structured evidence on every verdict, across findings from 13 native scanner integrations. -Triage is co-equal with [remediation](/platform/remediation). +Triage is co-equal with [remediation](/platform/remediation). Together they close the loop from "scanner found something" to "vulnerability is fixed." ## Three-Tier Progressive Architecture -Pixee routes every finding through a tiered system that applies the cheapest sufficient intelligence. No customer configuration is required -- the routing is automatic. +Pixee routes every finding through a tiered system that applies the cheapest sufficient intelligence. Routing is automatic — no configuration required. -| Tier | Strategy | Speed | LLM Cost | Auditability | Coverage | -| ---------------------- | ------------------------------------------------------- | ---------------------------------------------------------- | ---------------------------------- | ----------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | -| **Tier 1: Structured** | 15+ deterministic analyzers | Sub-second | Zero | Reproducible -- same input, same output | Known vulnerability classes (SQL injection, XSS, command injection, path traversal, and 12+ more) | -| **Tier 2: Agentic** | AI agents dynamically search the codebase | Seconds | Per-finding | Readable investigation trail with every search and reasoning step | Ambiguous findings, novel frameworks, custom security controls | -| **Tier 3: Adaptive** | Generates custom analyzers on the fly, caches for reuse | Minutes (first encounter), near-Tier-2 speed after caching | Per-finding (first encounter only) | Generated analyzer is inspectable | Novel rule types, proprietary scanners, custom rulesets | +| Tier | Strategy | Speed | LLM Cost | Auditability | Coverage | +|---|---|---|---|---|---| +| **Tier 1: Structured** | 15+ deterministic analyzers | Sub-second | Zero | Reproducible — same input, same output | Known vulnerability classes (SQL injection, XSS, command injection, path traversal, 12+ more) | +| **Tier 2: Agentic** | AI agents dynamically search the codebase | Seconds | Per-finding | Readable investigation trail with every search and reasoning step | Ambiguous findings, novel frameworks, custom security controls | +| **Tier 3: Adaptive** | Generates custom analyzers on the fly, caches for reuse | Minutes (first encounter), near-Tier-2 speed after caching | Per-finding (first encounter only) | Generated analyzer is inspectable | Novel rule types, proprietary scanners, custom rulesets | -**How the fallback works:** +**End-to-end flow:** 1. A finding arrives from any SARIF-producing scanner. 2. Tier 1 checks whether a deterministic analyzer exists for this vulnerability class. If yes and confidence is sufficient, triage completes at sub-second speed. -3. If Tier 1 cannot decide, the finding routes to Tier 2. An AI agent investigates the codebase -- searching for security controls, tracing dataflow, and building an evidence chain. +3. If Tier 1 cannot decide, the finding routes to Tier 2. An AI agent investigates the codebase — searching for security controls, tracing dataflow, and building an evidence chain. 4. If Tier 2 cannot resolve the finding (typically because the rule type is novel), Tier 3 generates a custom analyzer, runs it, and caches it for future use. 5. Regardless of which tier resolved it, every finding exits with the same structured verdict. -**Cost efficiency:** Most findings resolve at Tier 1, where there is no LLM cost. Only genuinely complex findings incur AI inference cost. This amortizes AI expense across the full finding volume. +**Cost efficiency:** Most findings resolve at Tier 1, where there is no LLM cost. Only genuinely complex findings incur AI inference cost. -**Self-extending coverage:** Every novel rule type Tier 3 encounters becomes a cached analyzer. The system's coverage grows automatically as customers connect new scanners. +**Self-extending coverage:** Every novel rule type Tier 3 encounters becomes a cached analyzer. Coverage grows automatically as you connect new scanners. -## Beyond Reachability +## Context-Aware Intelligence -Reachability analysis checks whether a vulnerable function is reachable from an application entry point. This is a useful first filter, but reachability alone does not determine whether a vulnerability is actually exploitable. +A shared intelligence layer enriches all three tiers with codebase context. Reachability analysis alone is not sufficient — reachability tells you whether code can be reached, not whether a vulnerability is actually exploitable. -Pixee evaluates multiple context dimensions beyond reachability: +**Context signals evaluated on every finding:** -**Dataflow quality.** The system classifies the strength of dataflow evidence on a multi-tier scale. Strong multi-file taint propagation from source to sink is treated differently than a single-location pattern match. Higher dataflow quality increases confidence in true positive verdicts. Weak evidence can downgrade findings that basic reachability would flag as critical. +**Dataflow quality.** Classified on a four-tier scale: strong multi-file, strong single-file, weak, and single-location. Higher dataflow quality increases confidence in true positive verdicts. Weak evidence can downgrade findings that basic reachability would flag as critical. -**Production versus test classification.** A SQL injection pattern in a production API endpoint is critical. The same pattern in a test fixture is not. Pixee distinguishes between these contexts and adjusts severity accordingly, so dashboards reflect real exploit risk rather than raw rule counts. +| Tier | Description | Confidence Impact | +|---|---|---| +| **Strong Multi-File** | High-confidence taint propagation across multiple files | Highest confidence | +| **Strong Single-File** | High-confidence dataflow within a single file | High confidence | +| **Weak** | Partial or low-confidence dataflow | Reduced confidence; may downgrade findings | +| **Single-Location** | Only the flagged line, no dataflow available | Lowest confidence | + +**Production vs. test classification.** A SQL injection in a production API endpoint is critical. The same pattern in a test fixture is not. Pixee classifies code context and adjusts severity accordingly, so dashboards reflect real exploit risk rather than raw rule counts. **Security control detection.** When a sanitizer, validator, or framework-specific protection exists between a source and a sink, the system identifies it and factors it into the verdict. This is the difference between "this function is reachable" and "this function is reachable but the input is sanitized before it arrives." -**Intentionally-vulnerable project filtering.** Demo applications, CTF challenges, and security training repositories generate permanent noise in upstream scanners. Pixee detects these projects and filters them out of the triage pipeline. +**Intentionally-vulnerable project filtering.** Demo applications, CTF challenges, and security training repositories generate permanent scanner noise. Pixee detects these projects and filters them from the triage pipeline. -**Severity adjustment.** When context signals indicate that a finding's real-world risk differs from its raw scanner severity, the system adjusts up or down. A true positive with strong dataflow in production stays critical. The same rule on a weak match in a test fixture gets downgraded. +**Severity adjustment.** When context signals indicate real-world risk differs from raw scanner severity, the system adjusts up or down. Every adjustment includes an audit trail. -## Structured, Auditable Outcomes +## Triage Outcomes -Every triage verdict is a structured, machine-processable artifact. Every decision includes the evidence that drove it. +Every triage verdict is a structured, machine-processable artifact. -| Verdict Component | What It Contains | -| ---------------------------------- | ------------------------------------------------------------------------------------------------------------- | -| **Typed status** | True Positive, False Positive, Won't Fix, or Suspicious -- not a numeric score | -| **Adjusted severity** | Severity re-ranked based on context signals (production vs. test, dataflow quality, control presence) | -| **Justification prose** | Human-readable explanation of why this verdict was reached | -| **Code snippets** | Specific code evidence -- the sanitizer location, dataflow path, or framework control that drove the decision | -| **Confidence score** | Quantified confidence in the verdict | -| **Investigation trail** (Tier 2/3) | Step-by-step record of agent searches, control checks, and reasoning chain | +| Status | Meaning | Recommended Action | +|---|---|---| +| **True Positive** | The finding is a real, exploitable vulnerability in this code context | Escalate for remediation — Pixee can generate a fix automatically | +| **False Positive** | The scanner fired on a pattern that is not exploitable in this context | Suppress from developer view; remove from backlog noise | +| **Won't Fix** | Technically real but not worth fixing given the context (test code, acceptable risk, compensating controls) | Deprioritize; document the rationale for auditors | +| **Suspicious** | Insufficient evidence for a definitive verdict | Route to a security engineer for manual assessment | -**Audit defensibility.** Compliance officers and auditors see exactly why a finding was suppressed. The justification and code snippets provide a defensible record for every triage decision. +**What ships with every verdict:** -**Developer trust.** Developers see the sanitizer or control that justified a false positive verdict. This builds trust in the system and provides visibility into the reasoning. +| Component | What It Contains | +|---|---| +| **Typed status** | True Positive, False Positive, Won't Fix, or Suspicious — not a numeric score | +| **Adjusted severity** | Severity re-ranked based on context signals | +| **Justification prose** | Human-readable explanation of why this verdict was reached | +| **Code snippets** | The sanitizer location, dataflow path, or framework control that drove the decision | +| **Confidence score** | Quantified confidence in the verdict | +| **Investigation trail** (Tier 2/3) | Step-by-step record of agent searches, control checks, and reasoning chain | -**Machine processability.** Typed statuses mean downstream systems can consume verdicts programmatically -- dashboards, workflow triggers, SLA tracking, and SIEM integrations all work with structured data rather than freeform text. +**Audit defensibility.** Compliance officers and auditors see exactly why a finding was suppressed. The justification and code snippets provide a defensible record for every triage decision. -**Override capability.** Security engineers can disagree with a verdict and override it, because they can see exactly what evidence the system used and where it may have been insufficient. +**Machine processability.** Typed statuses mean downstream systems can consume verdicts programmatically — dashboards, workflow triggers, SLA tracking, and SIEM integrations all work with structured data rather than freeform text. -Pixee triage verdicts are advisory. Your security team retains final authority over all classification decisions and can override any verdict. When Pixee classifies a finding as FALSE_POSITIVE but your team disagrees, the override is recorded and used to improve future classifications for your codebase. +**Override capability.** Security engineers can disagree with a verdict and override it, because they can see exactly what evidence the system used. Overrides are recorded and used to improve future classifications for your codebase. ## Scanner-Agnostic Coverage -Triage works across any SARIF-producing scanner. Customers with heterogeneous stacks -- multiple commercial scanners plus custom rules -- get a single triage layer that handles all of it. +Triage works across any SARIF-producing scanner. Customers with heterogeneous stacks — multiple commercial scanners plus custom rules — get a single triage layer that handles all of it. -- **12 native integrations** with scanner-specific metadata extraction (CodeQL, SonarQube, Checkmarx, Veracode, Snyk, Semgrep, AppScan, Polaris, GitLab SAST, Trivy, Datadog SAST, Arnica SAST) +- **13 native integrations** with scanner-specific metadata extraction (CodeQL, SonarQube, Checkmarx, Veracode, Snyk Code, Semgrep, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy) - **Universal SARIF ingestion** for any additional scanner (50+ validated) -- **Custom rule coverage** -- proprietary Semgrep rules, internal CodeQL queries, and custom scanner rulesets are handled by Tier 2 and Tier 3 without vendor integration work -- **Cross-tool deduplication** -- when multiple scanners flag the same finding, the system eliminates duplicates +- **Custom rule coverage** — proprietary Semgrep rules, internal CodeQL queries, and custom scanner rulesets are handled by Tier 2 and Tier 3 without vendor integration work +- **Cross-tool deduplication** — when multiple scanners flag the same finding, the system eliminates duplicates The triage layer sits above your existing detection stack. You do not need to change, consolidate, or replace any scanners to use Pixee. - -## Frequently Asked Questions - -### How does automated vulnerability triage reduce false positives? - -Pixee analyzes each finding's exploitability in the context of your specific codebase -- checking dataflow paths, security controls, production versus test classification, and code context -- rather than relying on pattern matching alone. This context-aware approach eliminates up to 95% of false positives with structured evidence on every verdict. Results vary by workload composition. Known vulnerability patterns handled by deterministic analyzers see the highest reduction rates. Mixed workloads that include novel patterns and custom scanner rules typically see 70-80% reduction as the baseline, with 95% achievable on well-characterized vulnerability classes. - -### What is exploitability analysis in application security? - -Exploitability analysis determines whether a scanner-reported vulnerability can actually be triggered in a specific codebase. It goes beyond simple reachability to evaluate dataflow quality, security control presence, and deployment context. The result is a verdict based on real exploit risk, not theoretical pattern matches. - -### Does Pixee work with multiple scanners at the same time? - -Yes. Pixee ingests findings from 12 natively integrated scanners plus any tool that produces SARIF output, providing unified triage across your entire scanner portfolio through a single pipeline. Customers running heterogeneous stacks get a single triage layer without per-scanner configuration. - -### What happens when Pixee encounters a scanner rule it has never seen? - -Tier 3 of the triage architecture generates a custom analyzer on the fly for novel rule types. That analyzer is cached, so the next finding with the same rule resolves faster. The system's coverage extends itself as customers connect new scanners -- no manual rule authoring or vendor integration requests required. - -### How do I know the triage verdicts are accurate? - -Every verdict includes the structured evidence that drove the decision -- specific code paths, security controls, dataflow evidence, and reasoning. Security engineers can review the evidence, validate the logic, and override any verdict. Tier 1 verdicts are deterministic and reproducible: same input, same output, every time. diff --git a/docs/platform/what-is-agentic-security-engineering.md b/docs/platform/what-is-agentic-security-engineering.md index c524e75d..482071b2 100644 --- a/docs/platform/what-is-agentic-security-engineering.md +++ b/docs/platform/what-is-agentic-security-engineering.md @@ -8,85 +8,69 @@ description: Agentic security engineering uses purpose-built AI agents to triage sidebar_position: 1 --- -Agentic security engineering is a discipline where purpose-built AI agents autonomously triage and remediate application security vulnerabilities across the full development lifecycle. Pixee's platform combines triage automation with remediation automation across 12 native scanner integrations. See [Triage](/platform/triage) and [Fix Safety](/how-it-works/fix-safety) for details. +Agentic security engineering is a discipline where purpose-built AI agents autonomously triage and remediate application security vulnerabilities across the full development lifecycle. Pixee sits downstream of your existing scanners — receiving findings via webhook or API, determining which are exploitable, generating validated fixes, and delivering them as pull requests. -Pixee sits downstream of your security scanners. It receives findings via webhook or API, determines which are exploitable, generates validated fixes, and delivers them as pull requests. +## The Four-Layer Security Stack -## How Agentic Security Engineering Works +Pixee adds triage, remediation, and delivery layers on top of your existing detection tools: -Pixee provides two co-equal capabilities: triage automation and remediation automation. +| Layer | Function | Who Provides It | +|---|---|---| +| **1. Detection** | Find vulnerabilities | Your existing scanners (SonarQube, Checkmarx, Semgrep, CodeQL, Snyk, Veracode, etc.) | +| **2. Triage** | Determine which findings are real threats | Pixee — see [Triage](/platform/triage) | +| **3. Remediation** | Generate validated code fixes | Pixee — deterministic + AI hybrid. See [Remediation](/platform/remediation) | +| **4. Delivery** | Ship fixes through existing workflow | Pixee — PRs in GitHub, GitLab, ADO, Bitbucket | -### Triage Automation +Pixee integrates natively with 13 scanners and accepts any SARIF-producing tool. No changes to your detection stack are required. -Every scanner finding passes through exploitability analysis that goes beyond basic pattern matching: +## Two Co-Equal Capabilities -- **Reachability analysis:** Can an attacker actually reach the vulnerable code through the application's entry points? -- **Data-flow analysis:** Does untrusted data actually flow to the vulnerable function in a way that could be exploited? -- **Context signals:** Is this code in production or a test fixture? Is there a sanitizer or security control upstream that the scanner missed? +### Triage Automation -The triage engine classifies each finding as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX. Every classification includes a structured justification — the specific code paths, security controls, or context that drove the decision. This is not a confidence score. It is an auditable investigation trail. +Every scanner finding passes through exploitability analysis that goes beyond basic pattern matching. The triage engine classifies each finding as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX. Every classification includes a structured justification — the specific code paths, security controls, or context that drove the decision. This is not a confidence score. It is an auditable investigation trail. -See [Triage Capabilities](/platform/triage) for false positive reduction data. +Up to 98% false positive reduction. See [Triage](/platform/triage) for the full architecture. ### Remediation Automation For confirmed vulnerabilities, the platform generates context-aware code fixes: -- **Deterministic codemods:** Pre-built, rule-based transformations for known vulnerability patterns. Same input, same output, every time. Zero LLM involvement. Zero hallucination risk. These handle the predictable patterns -- SQL injection parameterization, XSS output encoding, insecure API replacement. - -- **AI-powered generation:** For novel or complex patterns where deterministic rules cannot reach, constrained AI generates fixes that are independently evaluated for Safety, Effectiveness, and Cleanliness before any developer sees them. +- **Deterministic codemods:** Pre-built, rule-based transformations for known vulnerability patterns. Same input, same output, every time. Zero LLM involvement. Zero hallucination risk. +- **AI-powered MagicMods:** For novel or complex patterns where deterministic rules cannot reach, constrained AI generates fixes that are independently evaluated for Safety, Effectiveness, and Cleanliness before any developer sees them. +- **Pull request delivery:** Every fix ships as a standard PR in GitHub, GitLab, Azure DevOps, or Bitbucket. Never a direct commit. -- **Pull request delivery:** Every fix ships as a standard PR in GitHub, GitLab, Azure DevOps, or Bitbucket. Never a direct commit. Your existing code review, CI/CD pipeline, and SAST re-scanning all apply. - -See [Fix Safety](/how-it-works/fix-safety) for merge rate data and [Fix Generation](/how-it-works/fix-generation) for the full codemod library. +76% merge rate on production deployments. See [Remediation](/platform/remediation) and [Security & Trust](/platform/security) for details. ## What Makes It "Agentic" The term "agentic" distinguishes this approach from both rule-based automation and general-purpose AI coding tools: -**Purpose-built agents, not general-purpose assistants.** These agents are trained for security vulnerability analysis. They do not write features, generate business logic, or perform open-ended code completion. Their scope is narrow: SAST-identified security issues, typically 1-5 lines of code applying OWASP/SANS established patterns. +**Purpose-built agents, not general-purpose assistants.** These agents are built for security vulnerability analysis. They do not write features, generate business logic, or perform open-ended code completion. Their scope is narrow: SAST-identified security issues, typically 1-5 lines of code applying OWASP/SANS established patterns. -**Reasoning-and-acting loop.** Agents observe a finding, select an investigative tool (code search, call-graph traversal, security-control detection), execute it, evaluate the result, and iterate until they have sufficient evidence to make a classification. This is not a single-pass classification — it is a dynamic investigation. +**Reasoning-and-acting loop.** Agents observe a finding, select an investigative tool (code search, call-graph traversal, security-control detection), execute it, evaluate the result, and iterate until they have sufficient evidence to make a classification. This is a dynamic investigation, not a single-pass classification. **Multi-agent orchestration.** Specialized agents handle distinct tasks independently: triage analysis, fix planning, dependency resolution, and fix quality evaluation. The agent that generates a fix is not the agent that evaluates it — preventing self-grading. -**Hybrid intelligence architecture.** The system routes each task to the cheapest sufficient method. Known patterns get deterministic rules (sub-second, zero cost). Complex patterns get AI investigation. Novel patterns generate new analyzers that are cached for future reuse. This routing happens automatically -- the user never selects a mode. - -## The Four-Layer Security Stack - -Pixee adds triage, remediation, and delivery layers on top of your existing detection tools: - -| Layer | Function | Who Provides It | -| ------------------ | ----------------------------------------- | ------------------------------------------------------------------------------------ | -| **1. Detection** | Find vulnerabilities | Your existing scanners (SonarQube, Checkmarx, Semgrep, CodeQL, Snyk, Veracode, etc.) | -| **2. Triage** | Determine which findings are real threats | Pixee -- see [Triage](/platform/triage) | -| **3. Remediation** | Generate validated code fixes | Pixee -- deterministic + AI hybrid. See [Fix Safety](/how-it-works/fix-safety) | -| **4. Delivery** | Ship fixes through existing workflow | Pixee — PRs in GitHub, GitLab, ADO, Bitbucket | - -Pixee integrates natively with 12 scanners and accepts any SARIF-producing tool. No changes to your detection stack are required. - -## Frequently Asked Questions - -### What is agentic security engineering? - -Agentic security engineering is a discipline where purpose-built AI agents autonomously triage and remediate application security vulnerabilities. These agents analyze exploitability, generate context-aware fixes, and deliver them as pull requests for developer review. The approach uses hybrid intelligence -- deterministic rules for known patterns and constrained AI for novel scenarios. - -### What is the difference between vulnerability detection and remediation? - -Detection tools (SAST, SCA, DAST scanners) find potential vulnerabilities. Remediation tools fix them. Agentic security engineering automates both triage and fix generation to close the loop between detection and resolution. - -### What is a resolution layer in application security? - -A resolution layer sits downstream of scanners and automates two tasks: triaging findings to separate real threats from false positives, and generating validated fixes for confirmed vulnerabilities. It does not replace detection tools. +**Hybrid intelligence architecture.** The system routes each task to the cheapest sufficient method. Known patterns get deterministic rules (sub-second, zero cost). Complex patterns get AI investigation. Novel patterns generate new analyzers that are cached for future reuse. Routing is automatic. -### How does automated vulnerability triage work? +## End-to-End Processing Flow -Pixee routes each finding through a progressive triage chain. Deterministic analyzers handle known patterns at sub-second speed and zero cost. AI agents dynamically investigate ambiguous findings using code search, call-graph traversal, and security-control detection. Each verdict includes structured evidence showing why the finding was classified as true positive, false positive, or won't-fix. +| Stage | What Happens | Output | +|---|---|---| +| **1. Scan Ingestion** | Finding arrives via webhook or API; normalized into a common internal format | Standardized finding with maximum available metadata | +| **2. Triage** | Three-tier progressive analysis determines exploitability | Typed verdict (true positive, false positive, won't fix) with structured evidence | +| **3. Remediation** | Hybrid engine generates a validated fix for confirmed vulnerabilities | Code change that passed independent quality evaluation | +| **4. PR Delivery** | Fix shipped as a native pull request on your platform | Reviewable diff with vulnerability context, quality scores, and description | +| **5. Developer Review** | Your team reviews, tests, and merges through existing workflow | Merged fix or feedback | -### What does scanner-agnostic mean in security tools? +SAST and SCA findings both flow through this same pipeline. -A scanner-agnostic tool works with any vulnerability scanner rather than requiring a specific vendor's output. Pixee ingests findings from 12 natively integrated scanners and any SARIF-producing tool, so organizations keep their existing detection stack while adding automated triage and remediation. +## Technical Stack -### What types of changes does Pixee make? +| Component | Technology | Responsibility | +|---|---|---| +| **Backend Platform** | Java / Quarkus | Platform orchestration, scan ingestion, PR authoring, API layer, webhook processing | +| **Analysis Service** | Python / FastAPI | Triage analysis, remediation generation, fix evaluation, SCA processing, code transformation | +| **User Platform** | React / TypeScript | Dashboard, findings management, configuration, reporting | -Pixee fixes SAST-identified security vulnerabilities -- typically 1-5 line changes applying OWASP/SANS patterns. Deterministic codemods handle known patterns with zero AI involvement. AI-powered fixes pass independent quality evaluation. All changes are delivered as pull requests through your existing code review process. +See [Platform Architecture](/platform/architecture) for the full technical stack and LLM orchestration details. From 1ff8bb8a5d704a65f09454f75df59a268653e2b5 Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 16:14:51 -0700 Subject: [PATCH 04/20] docs: fix broken internal links post-restructure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace file-path links with slug links site-wide: /integrations/integrations-overview → /integrations/overview /languages/languages-overview → /languages/overview /api/api-overview → /api/overview /configuration/config-overview → /configuration/overview /configuration/operations-config → /configuration/operations /enterprise/enterprise-overview → /enterprise/overview Fix /faqs redirect target: faq.md slug → /faq/general Build: zero broken links. Co-Authored-By: Claude Sonnet 4.5 --- docs/api/api-overview.md | 2 +- docs/api/changelog.md | 8 ++++---- docs/api/sarif.md | 6 +++--- docs/api/webhooks.md | 2 +- docs/configuration/ai-settings.md | 2 +- docs/configuration/config-overview.md | 10 +++++----- docs/configuration/operations-config.md | 2 +- docs/enterprise/observability.md | 2 +- docs/enterprise/phased-rollout.md | 10 +++++----- docs/enterprise/troubleshooting.md | 4 ++-- docs/faq/faq.md | 10 +++++----- docs/getting-started/azure-devops.md | 2 +- docs/getting-started/bitbucket.md | 4 ++-- docs/getting-started/github.md | 2 +- docs/getting-started/gitlab.md | 2 +- docs/integrations/ci-cd.md | 2 +- docs/integrations/sarif-universal.md | 2 +- docs/integrations/scanners/appscan.md | 4 ++-- docs/integrations/scanners/checkmarx.md | 2 +- docs/integrations/scanners/codeql.md | 2 +- docs/integrations/scanners/contrast.md | 2 +- docs/integrations/scanners/defectdojo.md | 2 +- docs/integrations/scanners/fortify.md | 2 +- docs/integrations/scanners/gitlab-sast.md | 2 +- docs/integrations/scanners/gitlab-sca.md | 2 +- docs/integrations/scanners/polaris.md | 2 +- docs/integrations/scanners/semgrep.md | 2 +- docs/integrations/scanners/snyk-code.md | 2 +- docs/integrations/scanners/sonarqube.md | 4 ++-- docs/integrations/scanners/trivy.md | 2 +- docs/integrations/scanners/veracode.md | 2 +- docs/integrations/scms/azure-devops.md | 2 +- docs/integrations/scms/bitbucket.md | 2 +- docs/integrations/scms/github.md | 2 +- docs/integrations/scms/gitlab.md | 2 +- docs/languages/dotnet.md | 2 +- docs/languages/go.md | 2 +- docs/languages/java.md | 2 +- docs/languages/javascript.md | 2 +- docs/languages/languages-overview.md | 6 +++--- docs/languages/php.md | 2 +- docs/languages/python.md | 2 +- docs/platform/scanner-integration.md | 2 +- 43 files changed, 66 insertions(+), 66 deletions(-) diff --git a/docs/api/api-overview.md b/docs/api/api-overview.md index ac64b074..1e64d97f 100644 --- a/docs/api/api-overview.md +++ b/docs/api/api-overview.md @@ -173,4 +173,4 @@ npx @openapitools/openapi-generator-cli generate \ - [Webhooks](/api/webhooks) -- Event-driven integration for CI/CD and automation - [Changelog](/api/changelog) -- API version history and release notes - [CI/CD Integration](/integrations/ci-cd) -- Common API consumer patterns -- [Configuration Overview](/configuration/config-overview) -- Repository management +- [Configuration Overview](/configuration/overview) -- Repository management diff --git a/docs/api/changelog.md b/docs/api/changelog.md index c5ba76be..1debee23 100644 --- a/docs/api/changelog.md +++ b/docs/api/changelog.md @@ -63,7 +63,7 @@ Categories are omitted when a release has no entries of that type. ### Added -- **Datadog SAST integration.** Native scanner handler for Datadog SAST findings. See [Integrations Overview](/integrations/integrations-overview). +- **Datadog SAST integration.** Native scanner handler for Datadog SAST findings. See [Integrations Overview](/integrations/overview). - **Activity feed with SSE streaming.** Triage outcomes and remediation activity are now streamed in real time via Server-Sent Events to the Pixee dashboard. Includes drawer auto-transition and outcome banners. ### Changed @@ -77,7 +77,7 @@ Categories are omitted when a release has no entries of that type. ### Added - **Decision-tree triage analyzer.** New triage strategy option (`decision-tree`) for deterministic, rules-based triage routing. Complements existing ReACT and agent-based strategies. -- **Arnica SAST integration.** Native scanner handler for Arnica SAST findings. See [Integrations Overview](/integrations/integrations-overview). +- **Arnica SAST integration.** Native scanner handler for Arnica SAST findings. See [Integrations Overview](/integrations/overview). - **Anthropic-optimized triage prompts.** Provider-family-aware prompting for Anthropic LLM providers. Triage prompts are now optimized per provider family rather than using a lowest-common-denominator approach. - **Authentik IdP federation and RP-Initiated Logout.** Embedded Authentik OIDC provider now federates to upstream corporate identity providers (Google Workspace, Microsoft Entra ID, Okta) with auto-redirect and direct login. RP-Initiated Logout enables clean session termination. - **Bring-your-own database secret support.** CloudNativePG now supports `existingSecret` for external secret managers (Vault, External Secrets Operator, SOPS). See [Enterprise Deployment](/enterprise/deployment). @@ -145,7 +145,7 @@ Non-breaking additions (new fields in response bodies, new event types, new endp ## Related pages -- [API Overview](/api/api-overview) -- Endpoint reference and authentication +- [API Overview](/api/overview) -- Endpoint reference and authentication - [Enterprise Deployment](/enterprise/deployment) -- Upgrade procedures - [Enterprise Troubleshooting](/enterprise/troubleshooting) -- Version-specific issues -- [Integrations Overview](/integrations/integrations-overview) -- Scanner integration details +- [Integrations Overview](/integrations/overview) -- Scanner integration details diff --git a/docs/api/sarif.md b/docs/api/sarif.md index b8aed5c5..f47b95b1 100644 --- a/docs/api/sarif.md +++ b/docs/api/sarif.md @@ -181,12 +181,12 @@ Native scanner integrations handle SARIF automatically. These notes apply when y | **Snyk** | Use `snyk code test --sarif` for SAST results. | | **Trivy** | Use `trivy fs --format sarif` for filesystem scanning results. | -For full setup guides per scanner, see [Integrations Overview](/integrations/integrations-overview). +For full setup guides per scanner, see [Integrations Overview](/integrations/overview). ## Related pages -- [API Overview](/api/api-overview) -- Authentication and endpoint reference +- [API Overview](/api/overview) -- Authentication and endpoint reference - [Universal SARIF Integration](/integrations/sarif-universal) -- Setup guide for SARIF ingestion -- [Integrations Overview](/integrations/integrations-overview) -- All supported scanners +- [Integrations Overview](/integrations/overview) -- All supported scanners - [Scanner Integration](/platform/scanner-integration) -- Technical depth on scanner normalization - [Changelog](/api/changelog) -- API and format version history diff --git a/docs/api/webhooks.md b/docs/api/webhooks.md index 739633a2..7f56b57b 100644 --- a/docs/api/webhooks.md +++ b/docs/api/webhooks.md @@ -299,7 +299,7 @@ if event["type"] == "triage.completed": ## Related pages -- [API Overview](/api/api-overview) -- Authentication and endpoint reference +- [API Overview](/api/overview) -- Authentication and endpoint reference - [SARIF Reference](/api/sarif) -- Input format that triggers scan events - [CI/CD Integration](/integrations/ci-cd) -- Common webhook consumer patterns - [Changelog](/api/changelog) -- Webhook event version history diff --git a/docs/configuration/ai-settings.md b/docs/configuration/ai-settings.md index bfa56d9f..8a369045 100644 --- a/docs/configuration/ai-settings.md +++ b/docs/configuration/ai-settings.md @@ -76,7 +76,7 @@ The recommended approach is progressive expansion: 1. **Start conservative.** Enable deterministic codemods only. Review merge rates and fix quality. 2. **Expand by category.** Enable MagicMods for specific CWE categories where your team sees high fix quality. -3. **Broaden over time.** As confidence builds (tracked via merge rate and quality scores in [Reporting](/configuration/operations-config)), expand the scope of AI-powered fixes. +3. **Broaden over time.** As confidence builds (tracked via merge rate and quality scores in [Reporting](/configuration/operations)), expand the scope of AI-powered fixes. The [Phased Rollout Guide](/enterprise/phased-rollout) covers this progression in detail. diff --git a/docs/configuration/config-overview.md b/docs/configuration/config-overview.md index 422739af..9b135095 100644 --- a/docs/configuration/config-overview.md +++ b/docs/configuration/config-overview.md @@ -49,15 +49,15 @@ Use this table to jump to the right page for your configuration task. | Customize PR formatting (labels, title prefix) | [PIXEE.yaml Reference](/configuration/pixee-yaml) | | Add or remove repositories from monitoring | [Repository Management](/configuration/repositories) | | Organize repos by team or business unit | [Repository Management](/configuration/repositories) | -| Set scan schedules or switch to on-demand analysis | [Operations](/configuration/operations-config) | -| Route notifications to Slack or email | [Notifications](/configuration/operations-config) | -| Set up webhook integrations for custom workflows | [Notifications](/configuration/operations-config) | +| Set scan schedules or switch to on-demand analysis | [Operations](/configuration/operations) | +| Route notifications to Slack or email | [Notifications](/configuration/operations) | +| Set up webhook integrations for custom workflows | [Notifications](/configuration/operations) | | Manage team member access and roles | [Users & Access](/configuration/users) | | Configure SSO with your identity provider | [Users & Access](/configuration/users) | | Tune AI triage sensitivity | [AI Settings](/configuration/ai-settings) | | Control which finding categories get AI-powered fixes | [AI Settings](/configuration/ai-settings) | -| Configure reporting exports or dashboards | [Reporting](/configuration/operations-config) | -| Export data for compliance audits | [Reporting](/configuration/operations-config) | +| Configure reporting exports or dashboards | [Reporting](/configuration/operations) | +| Export data for compliance audits | [Reporting](/configuration/operations) | ## Getting Started with Configuration diff --git a/docs/configuration/operations-config.md b/docs/configuration/operations-config.md index 48fdd214..7717c5b6 100644 --- a/docs/configuration/operations-config.md +++ b/docs/configuration/operations-config.md @@ -202,7 +202,7 @@ Compliance exports include: - Fix outcome (PR merged, closed, pending) - Timestamps for each state transition -For custom reporting, use the Pixee API to query triage and remediation data programmatically. See [API Overview](/api/api-overview) for endpoints and authentication. +For custom reporting, use the Pixee API to query triage and remediation data programmatically. See [API Overview](/api/overview) for endpoints and authentication. ### Enterprise Observability diff --git a/docs/enterprise/observability.md b/docs/enterprise/observability.md index e4f2a97a..732253db 100644 --- a/docs/enterprise/observability.md +++ b/docs/enterprise/observability.md @@ -52,7 +52,7 @@ For day-two operations teams, these are the metrics that indicate platform healt **Business metrics vs. platform metrics:** Merge rate, triage volume, and remediation velocity are business metrics visible in Pixee's reporting dashboard. Analysis throughput, LLM latency, and error rates are platform metrics visible in the observability stack. Both matter for different audiences -- share business metrics with security leadership and platform metrics with SRE. -For business-level reporting (merge rate trends, triage reduction, MTTR), see [Enterprise Overview > Measuring Success](/enterprise/enterprise-overview#measuring-success). +For business-level reporting (merge rate trends, triage reduction, MTTR), see [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success). ## Operational Controls diff --git a/docs/enterprise/phased-rollout.md b/docs/enterprise/phased-rollout.md index bbc309c3..2fe257b2 100644 --- a/docs/enterprise/phased-rollout.md +++ b/docs/enterprise/phased-rollout.md @@ -12,7 +12,7 @@ Pixee deploys in phases: single repository, team, org unit, enterprise. Each pha ## Overview -Pixee deploys in phases to validate triage accuracy and fix quality on a controlled scope before expanding. Each phase generates metrics that inform the next expansion decision. Phase 1 data feeds the metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/enterprise-overview#measuring-success). +Pixee deploys in phases to validate triage accuracy and fix quality on a controlled scope before expanding. Each phase generates metrics that inform the next expansion decision. Phase 1 data feeds the metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success). ## Phase Model Overview @@ -62,7 +62,7 @@ Phase 1 is where most readers will start and where the most specific guidance ma Expand from champion repositories to team-wide deployment. Set team-level merge rate targets based on Phase 1 data. Establish fix review norms: who reviews Pixee PRs, what response time is expected. -Use Phase 1 metrics to evaluate whether expansion is warranted. The metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/enterprise-overview#measuring-success) provide the data points for Phase 3 decision-making. +Use Phase 1 metrics to evaluate whether expansion is warranted. The metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success) provide the data points for Phase 3 decision-making. ### Security Engineer Execution Track @@ -84,7 +84,7 @@ Build the executive reporting dashboard for Phase 4 approval. Present triage red ### Security Engineer Execution Track -Scale repository configuration across teams using PIXEE.yaml. Verify language coverage across the org unit (see [Languages > Overview](/languages/languages-overview)). Integrate Pixee reporting with existing CI/CD pipelines and dashboards. Set up observability (see [Observability](/enterprise/observability)) if running a self-hosted deployment. +Scale repository configuration across teams using PIXEE.yaml. Verify language coverage across the org unit (see [Languages > Overview](/languages/overview)). Integrate Pixee reporting with existing CI/CD pipelines and dashboards. Set up observability (see [Observability](/enterprise/observability)) if running a self-hosted deployment. ### Decision Gate @@ -94,7 +94,7 @@ Consistent metrics across all enrolled teams, compliance team sign-off on audit ### Security Leader Planning Track -Executive sign-off requires presenting Phase 3 results with the metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/enterprise-overview#measuring-success): merge rate, triage reduction, MTTR, and compliance window adherence. +Executive sign-off requires presenting Phase 3 results with the metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success): merge rate, triage reduction, MTTR, and compliance window adherence. Make enterprise deployment model decisions at this stage -- cloud SaaS, embedded cluster, Helm, or air-gapped based on compliance requirements. See [Deployment Options](/enterprise/deployment). @@ -119,7 +119,7 @@ Disabling Pixee at any phase does not affect existing code. Previously merged fi A champion is a developer who actively uses Pixee PRs during the pilot phase and can support other teams during expansion. Typical indicators: merges Pixee PRs early, reviews PR descriptions and quality scores in detail, and asks about framework coverage. -**Enablement:** Share the [Languages > Overview](/languages/languages-overview) page (coverage matrix) and this rollout guide. Provide access to the metrics from [Enterprise Overview > Measuring Success](/enterprise/enterprise-overview#measuring-success). +**Enablement:** Share the [Languages > Overview](/languages/overview) page (coverage matrix) and this rollout guide. Provide access to the metrics from [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success). ## Multi-Business-Unit Rollout diff --git a/docs/enterprise/troubleshooting.md b/docs/enterprise/troubleshooting.md index 4b7f23d2..574213ea 100644 --- a/docs/enterprise/troubleshooting.md +++ b/docs/enterprise/troubleshooting.md @@ -31,9 +31,9 @@ For detailed setup procedures, see [Embedded Cluster](/enterprise/embedded-clust | Scanner findings not appearing in Pixee | SARIF file format mismatch or upload path error | Verify the scanner output conforms to the SARIF 2.1.0 specification and the upload endpoint is correctly configured. | | Partial findings ingestion | Scanner output exceeds size limits or contains unsupported rule IDs | Check the scanner output for unsupported finding types. Verify the scanner is producing complete SARIF output. | | Duplicate findings after re-scan | Deduplication key mismatch between scan runs | Verify the scanner configuration produces consistent finding identifiers across runs. | -| Findings appear but no fixes generated | Scanner findings are in an unsupported language or CWE category | Check the [Languages Overview](/languages/languages-overview) for supported language and finding type coverage. | +| Findings appear but no fixes generated | Scanner findings are in an unsupported language or CWE category | Check the [Languages Overview](/languages/overview) for supported language and finding type coverage. | -For scanner-specific setup guides, see [Integrations Overview](/integrations/integrations-overview). For custom scanner configuration, see the [Universal SARIF](/integrations/sarif-universal) guide. +For scanner-specific setup guides, see [Integrations Overview](/integrations/overview). For custom scanner configuration, see the [Universal SARIF](/integrations/sarif-universal) guide. ## LLM Configuration diff --git a/docs/faq/faq.md b/docs/faq/faq.md index 7e329a63..e3e5ff6e 100644 --- a/docs/faq/faq.md +++ b/docs/faq/faq.md @@ -1,6 +1,6 @@ --- title: FAQ -slug: /faq +slug: /faq/general track: both content_type: faq seo_title: "Pixee FAQ | General, Enterprise, and Troubleshooting" @@ -34,7 +34,7 @@ No. Pixee sits downstream of your existing SAST, SCA, and DAST tools. It consume ### What programming languages does Pixee support? -Java, Python, JavaScript/TypeScript, .NET/C#, Go, Ruby, PHP, Kotlin, Rust, Scala, Swift, plus IaC formats (Terraform, Dockerfile, K8s/Helm, CloudFormation). Deterministic codemod coverage is deepest for Java and Python. See [Language Support](/languages/languages-overview) for the full coverage matrix. +Java, Python, JavaScript/TypeScript, .NET/C#, Go, Ruby, PHP, Kotlin, Rust, Scala, Swift, plus IaC formats (Terraform, Dockerfile, K8s/Helm, CloudFormation). Deterministic codemod coverage is deepest for Java and Python. See [Language Support](/languages/overview) for the full coverage matrix. ### Does Pixee support SCA (software composition analysis) remediation? @@ -140,7 +140,7 @@ Most likely cause: the repository has not been enabled in Pixee's settings after Most likely cause: no scanner findings exist for the connected repository. **Connecting a scanner is required** — Pixee needs scanner findings to generate fixes and triage results. -1. Connect at least one scanner. See the [Integrations Overview](/integrations/integrations-overview) for setup instructions. +1. Connect at least one scanner. See the [Integrations Overview](/integrations/overview) for setup instructions. 2. Verify the scanner has produced findings for the repository. 3. For custom or unsupported scanners, verify findings are in SARIF 2.1.0 format and are being uploaded correctly. @@ -154,7 +154,7 @@ Three common causes, in order of likelihood: ### Scanner findings appear in Pixee but no fixes are generated. Why? -Not all findings have available fixes. Pixee generates fixes when: a codemod or AI generation path exists for the vulnerability pattern, the code context is sufficient for safe fix generation, and the fix passes the multi-layer validation pipeline. Findings without available fixes still receive triage classification. Check [Language Support](/languages/languages-overview) for coverage of your specific finding types. +Not all findings have available fixes. Pixee generates fixes when: a codemod or AI generation path exists for the vulnerability pattern, the code context is sufficient for safe fix generation, and the fix passes the multi-layer validation pipeline. Findings without available fixes still receive triage classification. Check [Language Support](/languages/overview) for coverage of your specific finding types. ### Why is Pixee not opening PRs on my repository? @@ -184,7 +184,7 @@ Use [PIXEE.yaml](/configuration/pixee-yaml) to exclude specific finding types, f ### How do I export triage decisions for compliance reporting? -Pixee exports triage decisions via CSV, JSON, and API. Each export includes timestamp, finding metadata, classification, structured justification, and any analyst overrides. See the [Reporting](/configuration/operations-config) page for export procedures. +Pixee exports triage decisions via CSV, JSON, and API. Each export includes timestamp, finding metadata, classification, structured justification, and any analyst overrides. See the [Reporting](/configuration/operations) page for export procedures. ### Can I use Pixee with a private or internal GitHub Enterprise instance? diff --git a/docs/getting-started/azure-devops.md b/docs/getting-started/azure-devops.md index 96346c10..60068dad 100644 --- a/docs/getting-started/azure-devops.md +++ b/docs/getting-started/azure-devops.md @@ -27,7 +27,7 @@ Create an Azure DevOps personal access token for a dedicated service account wit After connecting, choose which projects and repositories Pixee should analyze -- at the organization, project, or individual repository level. Pixee targets the default branch of each connected repository. You can customize branch targeting and other behavior later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the repository root. -**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If your Azure Pipelines run security scanners, Pixee can ingest findings from those pipeline runs. Any scanner producing SARIF output can also be connected through Pixee's [Integrations](/integrations/integrations-overview) page. +**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If your Azure Pipelines run security scanners, Pixee can ingest findings from those pipeline runs. Any scanner producing SARIF output can also be connected through Pixee's [Integrations](/integrations/overview) page. After setup, Pixee begins its initial analysis and opens pull requests for actionable findings within the first hour. If no PRs appear, verify PAT scopes, organization-level admin consent, and supported language coverage. diff --git a/docs/getting-started/bitbucket.md b/docs/getting-started/bitbucket.md index 49e0aefa..52926d60 100644 --- a/docs/getting-started/bitbucket.md +++ b/docs/getting-started/bitbucket.md @@ -27,7 +27,7 @@ Create a Bitbucket Cloud API token for a dedicated service account ([Atlassian i After connecting, choose which repositories Pixee should analyze -- all repositories in the workspace or specific repositories. Pixee analyzes the default branch (typically `main` or `master`) of each connected repository. You can customize branch targeting and other behavior later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the repository root. -**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If your Bitbucket Pipelines include security scanner steps, Pixee can ingest findings from those pipeline runs. Any scanner producing SARIF output can also be connected through Pixee's [Integrations](/integrations/integrations-overview) page. +**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If your Bitbucket Pipelines include security scanner steps, Pixee can ingest findings from those pipeline runs. Any scanner producing SARIF output can also be connected through Pixee's [Integrations](/integrations/overview) page. After setup, Pixee begins its initial analysis and opens pull requests for actionable findings within the first hour. If no PRs appear, verify API token permissions, workspace-level admin approval, and supported language coverage. @@ -76,5 +76,5 @@ Bitbucket Server (formerly Data Center) is a separate Atlassian product from Bit If your team uses Jira alongside Bitbucket, Pixee PRs can reference Jira issue keys in their descriptions when configured. This allows Jira to automatically link the Pixee-generated PR to the relevant security issue, keeping your Atlassian workflow intact. -For Jira integration details, see [Integrations Overview](/integrations/integrations-overview). +For Jira integration details, see [Integrations Overview](/integrations/overview). diff --git a/docs/getting-started/github.md b/docs/getting-started/github.md index 62073603..197c6a97 100644 --- a/docs/getting-started/github.md +++ b/docs/getting-started/github.md @@ -26,7 +26,7 @@ Install the Pixee GitHub App from the GitHub Marketplace, select your organizati Pixee analyzes the default branch of each connected repository. Branch targeting and other behavior can be customized later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the repository root. -**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If you use GitHub Code Scanning (which includes CodeQL, Semgrep via SARIF upload, and others), Pixee ingests those results automatically through the GitHub App. For scanners outside the GitHub Code Scanning ecosystem, connect them through Pixee's [Integrations](/integrations/integrations-overview) page. +**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If you use GitHub Code Scanning (which includes CodeQL, Semgrep via SARIF upload, and others), Pixee ingests those results automatically through the GitHub App. For scanners outside the GitHub Code Scanning ecosystem, connect them through Pixee's [Integrations](/integrations/overview) page. After installation, Pixee begins its initial analysis. Within the first hour, Pixee opens pull requests for any actionable findings it identifies. If no PRs appear, the repository may have no actionable findings, or you may need to verify repository access and supported language coverage. diff --git a/docs/getting-started/gitlab.md b/docs/getting-started/gitlab.md index 4e581c6a..8be16618 100644 --- a/docs/getting-started/gitlab.md +++ b/docs/getting-started/gitlab.md @@ -27,7 +27,7 @@ Create a GitLab personal access token for a dedicated service account, then conn After connecting, choose which GitLab projects Pixee should analyze -- all projects, member projects only, or specific projects. Pixee analyzes the default branch of each connected project. You can customize branch targeting and other behavior later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the project root. -**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If your `.gitlab-ci.yml` includes the GitLab SAST template, Pixee ingests those findings directly. Third-party scanners producing SARIF output can be connected through Pixee's [Integrations](/integrations/integrations-overview) page. +**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If your `.gitlab-ci.yml` includes the GitLab SAST template, Pixee ingests those findings directly. Third-party scanners producing SARIF output can be connected through Pixee's [Integrations](/integrations/overview) page. After setup, Pixee begins its initial analysis and opens merge requests for actionable findings within the first hour. If no MRs appear, verify PAT scopes, network connectivity (for self-managed instances), and supported language coverage. diff --git a/docs/integrations/ci-cd.md b/docs/integrations/ci-cd.md index de79c97b..e3f1365a 100644 --- a/docs/integrations/ci-cd.md +++ b/docs/integrations/ci-cd.md @@ -202,7 +202,7 @@ Pixee accepts scanner results through three paths: 1. **SCM-native APIs.** GitHub Code Scanning, GitLab vulnerability reports, Azure DevOps Code Scanning, Bitbucket reports. Pixee reads findings through the SCM integration. 2. **Direct SARIF upload to Pixee.** Use the [Pixee CLI](/api/cli) (`pixee api`) or an HTTP client. Useful when your CI system doesn't have a clean upload path to the SCM. -3. **Native scanner integrations.** For 13 named scanners (CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy) Pixee uses dedicated handlers that extract scanner-specific metadata for richer triage. See the per-scanner pages under [Integrations](/integrations/integrations-overview). +3. **Native scanner integrations.** For 13 named scanners (CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy) Pixee uses dedicated handlers that extract scanner-specific metadata for richer triage. See the per-scanner pages under [Integrations](/integrations/overview). **Universal SARIF.** Any SARIF 2.1.0–producing scanner works through the universal SARIF integration. See [Universal SARIF Integration](/integrations/sarif-universal). diff --git a/docs/integrations/sarif-universal.md b/docs/integrations/sarif-universal.md index afbb2209..d8c2e93f 100644 --- a/docs/integrations/sarif-universal.md +++ b/docs/integrations/sarif-universal.md @@ -18,7 +18,7 @@ This page covers the SARIF format requirements, upload methods, what metadata Pi Use Universal SARIF when: -- Your scanner is not in Pixee's [native integration list](/integrations/integrations-overview) +- Your scanner is not in Pixee's [native integration list](/integrations/overview) - You use a proprietary or custom-built scanner - You aggregate findings from multiple tools through a central platform that exports SARIF - You want to evaluate Pixee with a scanner before requesting a native integration diff --git a/docs/integrations/scanners/appscan.md b/docs/integrations/scanners/appscan.md index 7caafda0..92e0c472 100644 --- a/docs/integrations/scanners/appscan.md +++ b/docs/integrations/scanners/appscan.md @@ -60,7 +60,7 @@ Fixes use deterministic codemods and AI-powered MagicMods. - **Basic Auth (recommended)** — username and password for HTTP Basic auth on inbound webhook requests. Configure the username and password in Pixee, then use them when registering the webhooks in AppScan (see below). - **Webhook secret (deprecated)** — a shared secret embedded in the webhook URL path. Supported but not recommended. 4. **Configure two webhooks in AppScan** (see [Webhook Configuration](#webhook-configuration) below) so AppScan notifies Pixee when scans complete and when patch requests are created. -5. **Connect your code repository** to Pixee (GitHub, GitLab, Azure DevOps, or Bitbucket — see [Source Control](/integrations/integrations-overview#source-control-coverage)). +5. **Connect your code repository** to Pixee (GitHub, GitLab, Azure DevOps, or Bitbucket — see [Source Control](/integrations/overview#source-control-coverage)). 6. **Pixee ingests AppScan findings** and processes them through the triage and remediation pipeline. 7. **Review and merge** Pixee-generated PRs in your normal development workflow. @@ -124,4 +124,4 @@ For details on AppScan's webhook API, see HCL's [AppScan Webhook API Documentati - **Framework-protected patterns:** Findings in code protected by application framework security controls that AppScan's static analysis cannot resolve - **Duplicate findings across SAST and DAST:** When teams use both AppScan SAST and DAST, the same vulnerability may appear from both testing methods; Pixee's unified pipeline helps deduplicate -See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/checkmarx.md b/docs/integrations/scanners/checkmarx.md index 5bdfaaa2..4d1792e4 100644 --- a/docs/integrations/scanners/checkmarx.md +++ b/docs/integrations/scanners/checkmarx.md @@ -84,4 +84,4 @@ Beyond these dedicated codemods, Pixee's general-purpose codemod library and AI- - **Test code at production severity:** Test fixtures and example files flagged alongside production code - **Context-poor findings:** Findings where Checkmarx's sparse SARIF metadata makes manual review difficult -- Pixee re-derives context from the actual codebase -See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/codeql.md b/docs/integrations/scanners/codeql.md index 8d033d01..58f14423 100644 --- a/docs/integrations/scanners/codeql.md +++ b/docs/integrations/scanners/codeql.md @@ -75,4 +75,4 @@ Pixee generates fixes using a combination of deterministic codemods and AI-power - **Test code at production severity:** Findings in test fixtures, example code, and documentation snippets flagged at production severity levels - **Low-precision rules in specific contexts:** Rules with high recall but low precision in certain language or framework configurations -See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/contrast.md b/docs/integrations/scanners/contrast.md index b3edcd7f..295d4854 100644 --- a/docs/integrations/scanners/contrast.md +++ b/docs/integrations/scanners/contrast.md @@ -80,4 +80,4 @@ Pixee ingests Contrast findings via the [pixee/upload-tool-results-action](https - **Sanitized sinks:** Runtime-observed flows that terminate in sinks with framework-level sanitization Contrast does not always resolve - **Severity inflation:** Findings flagged at high severity that are gated behind authentication, internal APIs, or otherwise reduced-impact contexts -See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/defectdojo.md b/docs/integrations/scanners/defectdojo.md index 27c25893..a495a422 100644 --- a/docs/integrations/scanners/defectdojo.md +++ b/docs/integrations/scanners/defectdojo.md @@ -49,4 +49,4 @@ DefectDojo tracks vulnerability status but does not generate code fixes. Pixee d **Prerequisites:** DefectDojo instance with findings imported, Pixee platform integration configured. -See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/fortify.md b/docs/integrations/scanners/fortify.md index e0ad77bd..f99f8d8d 100644 --- a/docs/integrations/scanners/fortify.md +++ b/docs/integrations/scanners/fortify.md @@ -55,4 +55,4 @@ Fortify identifies vulnerabilities but does not generate automated code fixes. P **Prerequisites:** Fortify SCA or SSC with findings, SARIF export capability, Pixee platform integration configured. -See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/gitlab-sast.md b/docs/integrations/scanners/gitlab-sast.md index 7b34bb79..38a0bf4c 100644 --- a/docs/integrations/scanners/gitlab-sast.md +++ b/docs/integrations/scanners/gitlab-sast.md @@ -58,4 +58,4 @@ GitLab SAST findings often lack the contextual detail needed for efficient manua **Prerequisites:** GitLab Ultimate license (for SAST), Pixee GitLab integration installed -See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/gitlab-sca.md b/docs/integrations/scanners/gitlab-sca.md index 1d4190a6..ca2895c5 100644 --- a/docs/integrations/scanners/gitlab-sca.md +++ b/docs/integrations/scanners/gitlab-sca.md @@ -64,4 +64,4 @@ Pixee's SCA remediation is deterministic: for each TRUE_POSITIVE with a fix avai **Prerequisites:** GitLab Ultimate license (Dependency Scanning is part of GitLab's Secure category, which requires Ultimate), Pixee GitLab integration installed. -See the [SCA](/platform/sca) page for details on how Pixee handles dependency findings end-to-end. See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See the [SCA](/platform/sca) page for details on how Pixee handles dependency findings end-to-end. See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/polaris.md b/docs/integrations/scanners/polaris.md index 30d0a8a0..cf18cca3 100644 --- a/docs/integrations/scanners/polaris.md +++ b/docs/integrations/scanners/polaris.md @@ -59,4 +59,4 @@ Polaris provides findings and remediation guidance but does not generate automat - **Buffer overflow false positives in managed languages:** Coverity rules designed for C/C++ may produce findings in managed-language code (Java, C#) where memory management is handled by the runtime - **Test and example code at production severity:** Findings in non-production code flagged at production severity levels -See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/semgrep.md b/docs/integrations/scanners/semgrep.md index b772c56d..91b6ce36 100644 --- a/docs/integrations/scanners/semgrep.md +++ b/docs/integrations/scanners/semgrep.md @@ -78,4 +78,4 @@ Pixee generates fixes using deterministic codemods and AI-powered MagicMods. The - **Test code flagged at production severity:** Test fixtures, example code, and mock data triggering rules intended for production code - **Stale API warnings:** Generic rules that lack language-version awareness, flagging deprecated API usage on code that has already been migrated -See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/snyk-code.md b/docs/integrations/scanners/snyk-code.md index 5f29618e..5f400ca8 100644 --- a/docs/integrations/scanners/snyk-code.md +++ b/docs/integrations/scanners/snyk-code.md @@ -69,4 +69,4 @@ Fixes are generated using deterministic codemods and AI-powered MagicMods for co - **Test code at production severity:** Intentionally vulnerable test fixtures, mock data, or example code flagged as production security issues - **Context-dependent findings:** Findings that depend on runtime configuration or deployment context that static analysis cannot determine -See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/sonarqube.md b/docs/integrations/scanners/sonarqube.md index 1e8fc827..3ceec5ab 100644 --- a/docs/integrations/scanners/sonarqube.md +++ b/docs/integrations/scanners/sonarqube.md @@ -75,7 +75,7 @@ Connect SonarQube by providing your instance URL and a user token with Browse an ### What Happens with Large Backlogs -If your SonarQube instance has thousands of findings, Pixee does not open thousands of PRs simultaneously. Findings are prioritized by severity (Critical and High first), and PR creation is controlled by your configured batch settings. See [Operations](/configuration/operations-config) for PR volume controls. +If your SonarQube instance has thousands of findings, Pixee does not open thousands of PRs simultaneously. Findings are prioritized by severity (Critical and High first), and PR creation is controlled by your configured batch settings. See [Operations](/configuration/operations) for PR volume controls. ## SonarQube Finding Examples @@ -120,4 +120,4 @@ ResultSet rs = ps.executeQuery(); - **Framework-mitigated injection patterns:** Findings where the application framework provides protection (parameterized queries via ORM, CSRF tokens via framework middleware) - **Test code at production severity:** SonarQube scans test directories by default; Pixee adjusts classification for non-production code -See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/trivy.md b/docs/integrations/scanners/trivy.md index 78fb6c1a..eb9cfd49 100644 --- a/docs/integrations/scanners/trivy.md +++ b/docs/integrations/scanners/trivy.md @@ -67,4 +67,4 @@ Trivy container scans often surface hundreds of CVEs in OS packages. Pixee's tri Yes. Configure Trivy with `--format sarif` to produce SARIF 2.1.0 output. Pixee also supports Trivy's native JSON format through the dedicated Trivy handler. -See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/veracode.md b/docs/integrations/scanners/veracode.md index ec68c169..4b51fe04 100644 --- a/docs/integrations/scanners/veracode.md +++ b/docs/integrations/scanners/veracode.md @@ -68,4 +68,4 @@ Veracode's own "Veracode Fix" provides AI-assisted remediation suggestions, but - **Test code at production severity:** Pixee distinguishes test fixtures, example code, and documentation snippets from production code - **Framework-mitigated findings:** Code protected by framework-level security controls (Spring Security, Django middleware) that Veracode's static analysis cannot resolve -See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scms/azure-devops.md b/docs/integrations/scms/azure-devops.md index 82c80947..33c54677 100644 --- a/docs/integrations/scms/azure-devops.md +++ b/docs/integrations/scms/azure-devops.md @@ -52,4 +52,4 @@ Pixee Enterprise Server supports both Azure DevOps Services (cloud) and Azure De For on-premises configuration, see the [enterprise deployment documentation](/enterprise/deployment). -See [Integrations Overview](/integrations/integrations-overview) for the full integration coverage matrix. +See [Integrations Overview](/integrations/overview) for the full integration coverage matrix. diff --git a/docs/integrations/scms/bitbucket.md b/docs/integrations/scms/bitbucket.md index 86882d00..f9f17733 100644 --- a/docs/integrations/scms/bitbucket.md +++ b/docs/integrations/scms/bitbucket.md @@ -62,4 +62,4 @@ For the install-time walkthrough, see [Getting Started with Bitbucket](/getting- Bitbucket Server (formerly Data Center) is a separate Atlassian product from Bitbucket Cloud. The integration mechanics — credentials, scopes, and configuration paths — differ. For Bitbucket Server deployments running on Pixee Enterprise, see the [enterprise deployment documentation](/enterprise/deployment) for the supported connection model and current configuration details. -See [Integrations Overview](/integrations/integrations-overview) for the full integration coverage matrix. +See [Integrations Overview](/integrations/overview) for the full integration coverage matrix. diff --git a/docs/integrations/scms/github.md b/docs/integrations/scms/github.md index dc94c969..51f7dd49 100644 --- a/docs/integrations/scms/github.md +++ b/docs/integrations/scms/github.md @@ -89,7 +89,7 @@ The Pixee GitHub App requests the following permissions during installation. Pix **Webhook events the App subscribes to:** Code scanning alert, Check run, Create, Dependabot alert, Issue comment, Issues, Pull request, Pull request review, Pull request review comment, Pull request review thread, Push, Repository. -See [Integrations Overview](/integrations/integrations-overview) for the full scanner coverage matrix. +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. ## GitHub Enterprise Server diff --git a/docs/integrations/scms/gitlab.md b/docs/integrations/scms/gitlab.md index 503ffe5f..12da378e 100644 --- a/docs/integrations/scms/gitlab.md +++ b/docs/integrations/scms/gitlab.md @@ -80,4 +80,4 @@ Pixee Enterprise Server connects to self-hosted GitLab via the same PAT integrat For self-hosted GitLab configuration, see the [enterprise deployment documentation](/enterprise/deployment). -See [Integrations Overview](/integrations/integrations-overview) for the full integration coverage matrix. +See [Integrations Overview](/integrations/overview) for the full integration coverage matrix. diff --git a/docs/languages/dotnet.md b/docs/languages/dotnet.md index 1056229d..98882ebb 100644 --- a/docs/languages/dotnet.md +++ b/docs/languages/dotnet.md @@ -10,7 +10,7 @@ sidebar_position: 5 Pixee remediates .NET vulnerabilities automatically using deterministic codemods and AI-powered fixes for custom patterns. Coverage includes ASP.NET Core and Blazor applications with fixes for injection vulnerabilities, insecure cryptography, and dependency vulnerabilities. Pixee uses full AST analysis for C# source code and manages dependency upgrades across both .csproj and packages.config formats, delivering fixes as pull requests that match your codebase conventions. -.NET support uses Pixee's full AST parsing tier, providing deep cross-file analysis on par with Java and Python. Deterministic codemod coverage is growing alongside comprehensive AI-powered MagicMod support. For the full language coverage matrix, see the [Language Support Overview](/languages/languages-overview). +.NET support uses Pixee's full AST parsing tier, providing deep cross-file analysis on par with Java and Python. Deterministic codemod coverage is growing alongside comprehensive AI-powered MagicMod support. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). ## What Pixee Fixes in .NET diff --git a/docs/languages/go.md b/docs/languages/go.md index 6260f0ac..25412fea 100644 --- a/docs/languages/go.md +++ b/docs/languages/go.md @@ -10,7 +10,7 @@ sidebar_position: 6 Pixee remediates Go vulnerabilities using Tree-sitter-based analysis and AI-powered fixes for standard library, Gin, and Echo applications. Coverage includes injection vulnerabilities, insecure cryptography, and dependency vulnerabilities in go.mod-managed projects. Go support uses lighter parsing than Pixee's full AST languages (Java, Python, JS/TS, .NET) with expanding coverage for standard security patterns and framework-specific fixes. -Go's adoption in infrastructure and cloud-native environments makes it a strategic language for Pixee. Coverage is actively expanding. For the full language coverage matrix, see the [Language Support Overview](/languages/languages-overview). +Go's adoption in infrastructure and cloud-native environments makes it a strategic language for Pixee. Coverage is actively expanding. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). ## What Pixee Fixes in Go diff --git a/docs/languages/java.md b/docs/languages/java.md index 84afb971..04d082ca 100644 --- a/docs/languages/java.md +++ b/docs/languages/java.md @@ -10,7 +10,7 @@ sidebar_position: 2 Pixee remediates Java vulnerabilities automatically using 51+ deterministic codemods and AI-powered fixes for custom patterns. Coverage spans Spring Boot, Jakarta EE, and Micronaut applications with fixes for SQL injection, SSRF, insecure deserialization, weak cryptography, and dependency vulnerabilities. Pixee analyzes Java source code using full AST parsing for deep cross-file dataflow analysis, delivering fixes as pull requests. -Java is Pixee's most mature language ecosystem. The open-source [codemodder-java](https://github.com/pixee/codemodder-java) engine is publicly inspectable, and deterministic codemods cover the broadest range of vulnerability types. For the full language coverage matrix, see the [Language Support Overview](/languages/languages-overview). +Java is Pixee's most mature language ecosystem. The open-source [codemodder-java](https://github.com/pixee/codemodder-java) engine is publicly inspectable, and deterministic codemods cover the broadest range of vulnerability types. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). ## What Pixee Fixes in Java diff --git a/docs/languages/javascript.md b/docs/languages/javascript.md index e3f955cb..001a4266 100644 --- a/docs/languages/javascript.md +++ b/docs/languages/javascript.md @@ -10,7 +10,7 @@ sidebar_position: 4 Pixee remediates JavaScript and TypeScript vulnerabilities automatically using deterministic codemods and AI-powered fixes. Coverage spans Express, React, and Node.js applications with fixes for injection vulnerabilities, prototype pollution, insecure dependencies, and OWASP Top 10 patterns. Pixee uses full AST analysis for deep cross-file dataflow tracking and manages package.json dependency upgrades coordinated with source-file refactoring in a single pull request. -JavaScript/TypeScript support is actively expanding. Deterministic codemod coverage is growing alongside comprehensive AI-powered MagicMod support. For the full language coverage matrix, see the [Language Support Overview](/languages/languages-overview). +JavaScript/TypeScript support is actively expanding. Deterministic codemod coverage is growing alongside comprehensive AI-powered MagicMod support. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). ## What Pixee Fixes in JavaScript/TypeScript diff --git a/docs/languages/languages-overview.md b/docs/languages/languages-overview.md index 495056a6..44793d46 100644 --- a/docs/languages/languages-overview.md +++ b/docs/languages/languages-overview.md @@ -10,7 +10,7 @@ sidebar_position: 1 Pixee supports six language ecosystems: Java, Python, JavaScript/TypeScript, .NET, Go, and PHP. Coverage varies by language. Java and Python have the deepest support with 120+ deterministic codemods plus AI-powered fixes for custom patterns. Each language includes framework-specific remediation (Spring Boot, Django, Express, ASP.NET) and fixes for OWASP Top 10 vulnerability categories. The coverage matrix below shows exactly what Pixee fixes in your stack. -Language support is one half of the integration picture. Pixee also integrates with [13 native scanners](/integrations/integrations-overview) across all supported languages. +Language support is one half of the integration picture. Pixee also integrates with [13 native scanners](/integrations/overview) across all supported languages. ## Coverage Matrix @@ -85,7 +85,7 @@ Python's five packaging conventions are worth calling out. Most tools handle onl ## Scanner Compatibility -Pixee remediates findings from [13 native scanner integrations](/integrations/integrations-overview) plus any scanner that exports SARIF. Scanner compatibility applies across all supported languages, though individual scanner coverage depth varies by language. +Pixee remediates findings from [13 native scanner integrations](/integrations/overview) plus any scanner that exports SARIF. Scanner compatibility applies across all supported languages, though individual scanner coverage depth varies by language. | Scanner | Java | Python | JS/TS | .NET | Go | PHP | | --------------- | ---- | ------ | ----- | ---- | --- | --- | @@ -99,7 +99,7 @@ Pixee remediates findings from [13 native scanner integrations](/integrations/in | AppScan | Yes | -- | -- | -- | -- | -- | | Universal SARIF | Yes | Yes | Yes | Yes | Yes | Yes | -For scanner-specific details, see the [Integrations](/integrations/integrations-overview) section. +For scanner-specific details, see the [Integrations](/integrations/overview) section. ## Roadmap diff --git a/docs/languages/php.md b/docs/languages/php.md index 62f69e09..b52ddd41 100644 --- a/docs/languages/php.md +++ b/docs/languages/php.md @@ -10,7 +10,7 @@ sidebar_position: 7 Pixee remediates PHP vulnerabilities using Tree-sitter-based analysis and AI-powered fixes for Laravel and Symfony applications. Coverage includes injection vulnerabilities, insecure cryptography, and dependency vulnerabilities managed through Composer. PHP support uses Tree-sitter parsing with expanding deterministic coverage and AI-powered fixes for custom framework patterns. Fixes are delivered as pull requests that match your codebase conventions. -PHP powers significant enterprise web infrastructure through Laravel, Symfony, and WordPress. Pixee's PHP support ensures teams running these frameworks have automated remediation in their pipeline. For the full language coverage matrix, see the [Language Support Overview](/languages/languages-overview). +PHP powers significant enterprise web infrastructure through Laravel, Symfony, and WordPress. Pixee's PHP support ensures teams running these frameworks have automated remediation in their pipeline. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). ## What Pixee Fixes in PHP diff --git a/docs/languages/python.md b/docs/languages/python.md index 74fe1974..4f52ce22 100644 --- a/docs/languages/python.md +++ b/docs/languages/python.md @@ -10,7 +10,7 @@ sidebar_position: 3 Pixee remediates Python vulnerabilities automatically using 60+ deterministic codemods and AI-powered fixes for custom patterns. Coverage includes Django, Flask, and FastAPI applications with fixes for SQL injection, SSRF, insecure deserialization (PyYAML hardening, defused XML), weak cryptography, and dependency vulnerabilities. Pixee uses full AST-level analysis for deep cross-file dataflow tracking and framework-aware transformations across all five Python packaging formats. -Python is Pixee's second-deepest language ecosystem alongside Java. The open-source [codemodder-python](https://github.com/pixee/codemodder-python) engine is publicly inspectable, and support for five packaging conventions (requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg) sets Pixee apart from tools that handle only one. For the full language coverage matrix, see the [Language Support Overview](/languages/languages-overview). +Python is Pixee's second-deepest language ecosystem alongside Java. The open-source [codemodder-python](https://github.com/pixee/codemodder-python) engine is publicly inspectable, and support for five packaging conventions (requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg) sets Pixee apart from tools that handle only one. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). ## What Pixee Fixes in Python diff --git a/docs/platform/scanner-integration.md b/docs/platform/scanner-integration.md index bd4f4f86..f9d00864 100644 --- a/docs/platform/scanner-integration.md +++ b/docs/platform/scanner-integration.md @@ -56,7 +56,7 @@ Both tiers feed into the same downstream [triage](/platform/triage) and [remedia | **Trivy** | GA | SARIF pipeline with MagicMod dispatcher support | | **DefectDojo** | GA | SARIF pipeline (aggregates findings from multiple scanners) | -All 13 named scanners are GA. See individual scanner integration pages under [Integrations](/integrations/integrations-overview) for per-tool setup guides. +All 13 named scanners are GA. See individual scanner integration pages under [Integrations](/integrations/overview) for per-tool setup guides. ## Universal SARIF Support From 8503bed0e8699df287d890b89567e2754ed36032 Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 16:50:13 -0700 Subject: [PATCH 05/20] =?UTF-8?q?docs:=20Phase=203=20=E2=80=94=20targeted?= =?UTF-8?q?=20edits=20across=20site?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Remove stale version callouts (SARIF 2.1.0, scanner counts, K8s/Helm versions) - Collapse 4 SCM getting-started pages → single source-control.md - New platform/what-pixee-fixes.md — superset vulnerability/fix-mode reference - New platform/context-memory.md — context, memory & preferences - Enterprise deployment pages nested under enterprise/deployment/ subdirectory - security-architecture.md: add Pixee Trust Center link - byom.md: expand to 7 provider platforms (AWS Bedrock, Google Vertex AI, OCI, etc.) + model families + recommendation section - Language support: collapse to single overview page, delete all 6 individual language pages - Delete api/changelog.md - Update docusaurus.config.js redirects for deleted getting-started SCM pages Co-Authored-By: Claude Sonnet 4.5 --- docs/api/api-overview.md | 3 +- docs/api/changelog.md | 151 - docs/api/sarif.md | 1 - docs/api/webhooks.md | 1 - docs/enterprise/byom.md | 73 +- docs/enterprise/deployment/_category_.json | 10 + docs/enterprise/{ => deployment}/air-gap.md | 0 .../deployment-overview.md} | 8 +- .../{ => deployment}/embedded-cluster.md | 2 +- docs/enterprise/{ => deployment}/helm.md | 4 +- docs/enterprise/phased-rollout.md | 4 +- docs/enterprise/security-architecture.md | 2 + docs/enterprise/troubleshooting.md | 2 +- docs/faq/faq.md | 8 +- docs/getting-started/azure-devops.md | 75 - docs/getting-started/bitbucket.md | 80 - docs/getting-started/first-fix.md | 2 +- docs/getting-started/getting-started.md | 13 +- docs/getting-started/github.md | 124 - docs/getting-started/gitlab.md | 74 - docs/getting-started/source-control.md | 105 + docs/integrations/ci-cd.md | 22 +- docs/integrations/integrations-overview.md | 14 +- docs/integrations/sarif-universal.md | 12 +- docs/integrations/scanners/appscan.md | 10 +- docs/integrations/scanners/checkmarx.md | 10 +- docs/integrations/scanners/codeql.md | 8 +- docs/integrations/scanners/contrast.md | 11 +- docs/integrations/scanners/defectdojo.md | 8 +- docs/integrations/scanners/fortify.md | 9 +- docs/integrations/scanners/gitlab-sast.md | 11 +- docs/integrations/scanners/gitlab-sca.md | 11 +- docs/integrations/scanners/polaris.md | 10 +- docs/integrations/scanners/semgrep.md | 9 +- docs/integrations/scanners/snyk-code.md | 10 +- docs/integrations/scanners/sonarqube.md | 8 +- docs/integrations/scanners/trivy.md | 13 +- docs/integrations/scanners/veracode.md | 11 +- docs/integrations/scms/azure-devops.md | 2 +- docs/integrations/scms/bitbucket.md | 2 +- docs/integrations/scms/github.md | 4 +- docs/integrations/scms/gitlab.md | 2 +- docs/languages/dotnet.md | 129 - docs/languages/go.md | 122 - docs/languages/java.md | 159 - docs/languages/javascript.md | 140 - docs/languages/languages-overview.md | 140 +- docs/languages/php.md | 97 - docs/languages/python.md | 172 - docs/open-source/codemodder.md | 2 +- docs/platform/architecture.md | 4 +- docs/platform/context-memory.md | 80 + docs/platform/scanner-integration.md | 8 +- docs/platform/triage.md | 4 +- .../what-is-agentic-security-engineering.md | 2 +- docs/platform/what-pixee-fixes.md | 57 + docusaurus.config.js | 6 +- package-lock.json | 18594 ++++++++++++++++ yarn.lock | 2679 +-- 59 files changed, 20377 insertions(+), 2957 deletions(-) delete mode 100644 docs/api/changelog.md create mode 100644 docs/enterprise/deployment/_category_.json rename docs/enterprise/{ => deployment}/air-gap.md (100%) rename docs/enterprise/{deployment.md => deployment/deployment-overview.md} (96%) rename docs/enterprise/{ => deployment}/embedded-cluster.md (93%) rename docs/enterprise/{ => deployment}/helm.md (98%) delete mode 100644 docs/getting-started/azure-devops.md delete mode 100644 docs/getting-started/bitbucket.md delete mode 100644 docs/getting-started/github.md delete mode 100644 docs/getting-started/gitlab.md create mode 100644 docs/getting-started/source-control.md delete mode 100644 docs/languages/dotnet.md delete mode 100644 docs/languages/go.md delete mode 100644 docs/languages/java.md delete mode 100644 docs/languages/javascript.md delete mode 100644 docs/languages/php.md delete mode 100644 docs/languages/python.md create mode 100644 docs/platform/context-memory.md create mode 100644 docs/platform/what-pixee-fixes.md create mode 100644 package-lock.json diff --git a/docs/api/api-overview.md b/docs/api/api-overview.md index 1e64d97f..684bae2e 100644 --- a/docs/api/api-overview.md +++ b/docs/api/api-overview.md @@ -145,7 +145,7 @@ for fix in fixes["data"]: ## Input format -Pixee consumes scanner output in **SARIF** -- the OASIS standard for static analysis results -- from 13 native scanner integrations and any SARIF-producing tool. See the [SARIF Reference](/api/sarif). +Pixee consumes scanner output in **SARIF** -- the OASIS standard for static analysis results -- from natively integrated scanners and any SARIF-producing tool. See the [SARIF Reference](/api/sarif). ## SDKs and OpenAPI specification @@ -171,6 +171,5 @@ npx @openapitools/openapi-generator-cli generate \ - [SARIF Reference](/api/sarif) -- How Pixee consumes SARIF from scanners - [Webhooks](/api/webhooks) -- Event-driven integration for CI/CD and automation -- [Changelog](/api/changelog) -- API version history and release notes - [CI/CD Integration](/integrations/ci-cd) -- Common API consumer patterns - [Configuration Overview](/configuration/overview) -- Repository management diff --git a/docs/api/changelog.md b/docs/api/changelog.md deleted file mode 100644 index 1debee23..00000000 --- a/docs/api/changelog.md +++ /dev/null @@ -1,151 +0,0 @@ ---- -title: Changelog -slug: /api/changelog -track: dev -content_type: reference -seo_title: Changelog -- Pixee Docs -description: "Pixee platform changelog: new features, improvements, bug fixes, and API changes." -sidebar_position: 4 ---- - -# Changelog - -This changelog tracks all notable changes to the Pixee platform, including new language support, scanner integrations, API updates, and bug fixes. Entries follow [Keep a Changelog](https://keepachangelog.com/) conventions and semantic versioning. For enterprise deployment-specific changes, see [Enterprise Troubleshooting](/enterprise/troubleshooting). - -## Entry format - -Each release follows this template: - -``` -## [Version] - YYYY-MM-DD - -### Added -- New features and capabilities - -### Changed -- Changes to existing functionality - -### Fixed -- Bug fixes - -### Deprecated -- Features marked for future removal - -### Removed -- Features removed in this release - -### Security -- Security-related changes and patches -``` - -Categories are omitted when a release has no entries of that type. - ---- - -## [5.4.22] - 2026-04-14 - -### Added - -- **OpenAI Responses API support.** New API type toggle for OpenAI providers supporting the `/v1/responses` endpoint in addition to the existing `/v1/chat/completions` endpoint. Configure via the LLM provider settings in the admin console. -- **TLS-intercepting proxy CA certificate injection.** Enterprise deployments behind TLS-intercepting proxies can now inject custom CA certificates into the analysis service HTTP clients. Resolves connectivity failures in environments with mandatory traffic inspection. See [Enterprise Deployment](/enterprise/deployment). - -### Changed - -- SCA model preflight validation now aligns across all LLM provider families (OpenAI, Azure AI Foundry, Anthropic, Azure Anthropic), catching model misconfiguration at install time. - -### Fixed - -- CA certificate handling for analysis-service outbound connections in proxy-heavy environments (follow-up to v5.4.22 initial support). - ---- - -## [5.4.15] - 2026-04-01 - -### Added - -- **Datadog SAST integration.** Native scanner handler for Datadog SAST findings. See [Integrations Overview](/integrations/overview). -- **Activity feed with SSE streaming.** Triage outcomes and remediation activity are now streamed in real time via Server-Sent Events to the Pixee dashboard. Includes drawer auto-transition and outcome banners. - -### Changed - -- Activity persistence is now backfilled for findings analyzed before the activity feed was added. Historical triage decisions appear in the feed retroactively. - ---- - -## [5.4.11] - 2026-03-24 - -### Added - -- **Decision-tree triage analyzer.** New triage strategy option (`decision-tree`) for deterministic, rules-based triage routing. Complements existing ReACT and agent-based strategies. -- **Arnica SAST integration.** Native scanner handler for Arnica SAST findings. See [Integrations Overview](/integrations/overview). -- **Anthropic-optimized triage prompts.** Provider-family-aware prompting for Anthropic LLM providers. Triage prompts are now optimized per provider family rather than using a lowest-common-denominator approach. -- **Authentik IdP federation and RP-Initiated Logout.** Embedded Authentik OIDC provider now federates to upstream corporate identity providers (Google Workspace, Microsoft Entra ID, Okta) with auto-redirect and direct login. RP-Initiated Logout enables clean session termination. -- **Bring-your-own database secret support.** CloudNativePG now supports `existingSecret` for external secret managers (Vault, External Secrets Operator, SOPS). See [Enterprise Deployment](/enterprise/deployment). -- **Bitbucket API token migration.** Bitbucket authentication migrated from deprecated app passwords to API tokens. Supports Bitbucket Cloud and Server. -- **SCA smart fix strategies.** Improved dependency upgrade logic with breakage prediction for software composition analysis remediations. - -### Changed - -- Embedded cluster bumped to Replicated v2.13.3+ with Kubernetes 1.32 and upgrade-path fixes. -- Observability stack upgraded: VictoriaMetrics v1.138.0, Victoria-logs v1.48.0, Victoria-logs agent v1.48.0, Victoria-traces v0.8.0. -- Analysis-service now emits trace telemetry for distributed tracing through the observability stack. - ---- - -## [5.6.0] - 2026-03-10 (Helm chart) - -### Added - -- **Helm chart v5.6.0** for BYO Kubernetes deployments (EKS, GKE, AKS, self-managed). Conditional subcharts for object storage, database, observability, and authentication. See [Enterprise Deployment](/enterprise/deployment). - -### Changed - -- Storage class matrix documented for EKS (`gp2`/`gp3`), GKE (`standard-rwo`), AKS (`managed-csi`), and K3s/local default. -- Pod-identity support (IRSA, workload identity) for object store credentials alongside static key configuration. - ---- - -## [5.4.0] - 2026-02-15 - -### Added - -- **Hierarchical LLM routing.** Seven named LLM tiers (default, reasoning, fast, web-search, SCA, deep-research, codegen) with per-tier model and endpoint configuration. Enables cost/quality/latency tuning per workflow stage. -- **Global concurrency control.** Process-wide semaphore for LLM calls prevents rate-limit (429) errors across all tiers and providers. -- **Backpressure management.** Proactive cancellation of analyses that cannot complete within platform timeout limits. - -### Changed - -- LLM provider configuration now supports custom endpoint URLs and custom header name/value pairs for authenticated enterprise gateways. - ---- - -## Enterprise server versioning - -Pixee Enterprise Server releases are versioned independently of the Pixee cloud platform. The Helm chart version (e.g., v5.6.0) and embedded cluster version share the same release notes. - -| Deployment Model | Version Source | Update Method | -| --------------------- | ------------------ | ------------------------------------- | -| Cloud (SaaS) | Automatic | Managed by Pixee | -| Embedded Cluster | KOTS admin console | One-click update via admin console | -| Helm / BYO Kubernetes | Helm chart version | `helm upgrade` with new chart version | -| Air-gapped | Offline bundle | Download bundle, apply via KOTS | - -For upgrade procedures and troubleshooting, see [Enterprise Deployment](/enterprise/deployment) and [Enterprise Troubleshooting](/enterprise/troubleshooting). - -## API versioning - -API versions are independent of platform versions. The current API version is `v1`. Breaking API changes will ship under a new version prefix (`v2`) with a documented migration period. - -Non-breaking additions (new fields in response bodies, new event types, new endpoints) are added to the current API version without a version bump. - -## Subscribe to updates - -- **Dashboard notifications:** Enable release notifications in **Settings > Notifications**. -- **GitHub releases:** Watch the [Pixee Enterprise Server releases](https://github.com/pixee/pixee-enterprise-server) for new version announcements. - -## Related pages - -- [API Overview](/api/overview) -- Endpoint reference and authentication -- [Enterprise Deployment](/enterprise/deployment) -- Upgrade procedures -- [Enterprise Troubleshooting](/enterprise/troubleshooting) -- Version-specific issues -- [Integrations Overview](/integrations/overview) -- Scanner integration details diff --git a/docs/api/sarif.md b/docs/api/sarif.md index f47b95b1..397bfe6e 100644 --- a/docs/api/sarif.md +++ b/docs/api/sarif.md @@ -189,4 +189,3 @@ For full setup guides per scanner, see [Integrations Overview](/integrations/ove - [Universal SARIF Integration](/integrations/sarif-universal) -- Setup guide for SARIF ingestion - [Integrations Overview](/integrations/overview) -- All supported scanners - [Scanner Integration](/platform/scanner-integration) -- Technical depth on scanner normalization -- [Changelog](/api/changelog) -- API and format version history diff --git a/docs/api/webhooks.md b/docs/api/webhooks.md index 7f56b57b..db2d669f 100644 --- a/docs/api/webhooks.md +++ b/docs/api/webhooks.md @@ -302,4 +302,3 @@ if event["type"] == "triage.completed": - [API Overview](/api/overview) -- Authentication and endpoint reference - [SARIF Reference](/api/sarif) -- Input format that triggers scan events - [CI/CD Integration](/integrations/ci-cd) -- Common webhook consumer patterns -- [Changelog](/api/changelog) -- Webhook event version history diff --git a/docs/enterprise/byom.md b/docs/enterprise/byom.md index 774f75df..1ebfbeed 100644 --- a/docs/enterprise/byom.md +++ b/docs/enterprise/byom.md @@ -4,38 +4,62 @@ slug: /enterprise/byom track: leader content_type: guide seo_title: Bring Your Own Model - Choose Your LLM Provider for Pixee -description: Configure Pixee with your preferred LLM provider. Supports OpenAI, Azure AI Foundry, Anthropic, and Azure Anthropic with hierarchical model routing. +description: Configure Pixee with your preferred LLM provider. Supports OpenAI, Anthropic, Azure AI Foundry, AWS Bedrock, Google Vertex AI, and more with hierarchical model routing. sidebar_position: 8 --- -Pixee lets you choose your LLM provider instead of locking you into a single vendor. Four provider families are supported: OpenAI, Azure AI Foundry, Anthropic, and Azure Anthropic. You own the API keys, pick the vendor, control the bill, and decide which model handles which task through seven named LLM routing tiers. This is the opposite of a black-box AI product. +Pixee lets you choose your LLM provider instead of locking you into a single vendor. You own the API keys, pick the vendor, control the bill, and decide which model handles which task through seven named LLM routing tiers. This is the opposite of a black-box AI product. ## Supported Providers -| Provider | Description | Use Case | -| -------------------- | ----------------------------------------------------- | ----------------------------------------------------------------- | -| **OpenAI** | Public API or OpenAI-compatible private endpoints | General purpose; air-gapped deployments with a compatible gateway | -| **Azure AI Foundry** | Azure-hosted models in customer's Azure tenant | Azure-centric enterprises with existing Azure agreements | -| **Anthropic** | Direct Anthropic API with Anthropic-optimized prompts | Teams preferring Anthropic models | -| **Azure Anthropic** | Anthropic models via Azure marketplace | Azure-centric organizations that want Anthropic models | +| Provider | Description | Hosted Model Families | Use Case | +|---|---|---|---| +| **OpenAI** | Direct OpenAI API | GPT-4 family | General purpose; developer-friendly API | +| **Anthropic** | Direct Anthropic API with Anthropic-optimized prompts | Claude 3 / Claude 3.5+ family | Teams preferring Anthropic models directly | +| **Azure AI Foundry** | Azure-hosted models in customer's Azure tenant | GPT-4 family (OpenAI via Azure), Claude family (Anthropic via Azure) | Azure-centric enterprises with existing Azure agreements | +| **AWS Bedrock** | AWS-hosted model marketplace in customer's AWS account | Claude family (Anthropic), Llama family (Meta), Mistral family, Amazon Nova | AWS-centric enterprises; broad model choice with AWS IAM controls | +| **Google Cloud Vertex AI** | Google Cloud-hosted model platform | Gemini family; third-party models available on Vertex | GCP-centric enterprises; Google Cloud IAM integration | +| **Oracle Cloud OCI Generative AI** | Oracle Cloud-hosted generative AI service | [NEEDS VERIFICATION: specific model families available on OCI Gen AI] | Organizations standardized on Oracle Cloud | +| **Any OpenAI-compatible endpoint** | Self-hosted, private, or custom API gateway that implements the OpenAI API interface | Any model served behind an OpenAI-compatible interface | Air-gapped deployments, self-hosted models, enterprise API gateways | **Custom endpoint support** allows routing through enterprise API gateways. Custom header name/value pairs handle gateway authentication, so Pixee fits into your existing API management infrastructure. -**Provider-family-aware prompting** is a design decision worth understanding: when configured for Anthropic, Pixee uses Anthropic-optimized triage prompts -- not a lowest-common-denominator approach that treats all providers identically. This matters for triage accuracy and fix quality. Most single-model AI products cannot do this because they are built around a single provider. +**Provider-family-aware prompting** is a design decision worth understanding: when configured for Anthropic, Pixee uses Anthropic-optimized triage prompts — not a lowest-common-denominator approach that treats all providers identically. This matters for triage accuracy and fix quality. Most single-model AI products cannot do this because they are built around a single provider. + +## Model Families + +Pixee supports the following model families across provider platforms. Model versions evolve rapidly — Pixee tracks the current generation of each family rather than locking to specific version strings. + +| Model Family | Provider Platforms | Typical Use in Pixee | +|---|---|---| +| **GPT-4 family** | OpenAI, Azure AI Foundry | General-purpose triage and fix generation | +| **Claude 3 / Claude 3.5+ family** | Anthropic, AWS Bedrock, Azure AI Foundry | Triage reasoning, complex dataflow analysis, fix generation | +| **Gemini family** | Google Cloud Vertex AI | Triage and generation for GCP-standardized environments | +| **Meta Llama family** | AWS Bedrock, self-hosted | Cost-efficient classification tiers | +| **Mistral family** | AWS Bedrock, Azure AI Foundry, self-hosted | Fast classification and generation | +| **Amazon Nova family** | AWS Bedrock | AWS-native cost-efficient generation | + +[NEEDS VERIFICATION: confirm which model families are tested and supported in current Pixee releases. The table above reflects provider platform support; actual tested model coverage may be a subset.] + +## Model Recommendations + +Pixee benchmarks model performance for security triage and fix generation tasks across quality, speed, and cost dimensions. The right model configuration depends on your cloud platform, compliance constraints, data residency requirements, and cost targets — there is no single best answer. + +Based on your available cloud platforms and constraints, Pixee provides a recommended model configuration for your deployment. Contact your account team or [reach out here](https://pixee.ai/demo) for a model recommendation tailored to your environment. ## Hierarchical Model Routing Seven named tiers let enterprises control which model handles which workflow stage. Each tier is independently configurable for model selection, endpoint, and effort level. -| Tier | Purpose | What You Control | -| ----------------- | ------------------------------------------------ | --------------------------------------------------- | -| **Default** | General-purpose calls | Model selection, endpoint | -| **Reasoning** | Deep triage decisions requiring careful analysis | Higher-capability model for complex classifications | -| **Fast** | Quick classification of straightforward findings | Lower-latency model for speed | -| **Web Search** | External research augmentation | Model with web access capability | -| **SCA** | Software composition analysis | Model tuned for dependency analysis | -| **Deep Research** | In-depth vulnerability investigation | Research-capable model | -| **Codegen** | Fix generation | Generation strategy selection | +| Tier | Purpose | What You Control | +|---|---|---| +| **Default** | General-purpose calls | Model selection, endpoint | +| **Reasoning** | Deep triage decisions requiring careful analysis | Higher-capability model for complex classifications | +| **Fast** | Quick classification of straightforward findings | Lower-latency model for speed | +| **Web Search** | External research augmentation | Model with web access capability | +| **SCA** | Software composition analysis | Model tuned for dependency analysis | +| **Deep Research** | In-depth vulnerability investigation | Research-capable model | +| **Codegen** | Fix generation | Generation strategy selection | ### Why This Matters @@ -59,14 +83,14 @@ Most competitors in the AI-assisted AppSec space use a single model for all task ## Governance Controls -Bring Your Own Model is not just a technical feature -- it is a governance feature. +Bring Your Own Model is not just a technical feature — it is a governance feature. -| Control | Detail | -| ------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | -| **Key ownership** | Customer owns all API keys. Pixee never stores or accesses customer LLM credentials. | -| **Traffic routing** | All LLM traffic routes through the customer's account. Pixee does not proxy LLM calls for self-hosted deployments. | +| Control | Detail | +|---|---| +| **Key ownership** | Customer owns all API keys. Pixee never stores or accesses customer LLM credentials. | +| **Traffic routing** | All LLM traffic routes through the customer's account. Pixee does not proxy LLM calls for self-hosted deployments. | | **Cost visibility** | LLM usage appears on the customer's standard cloud billing. No hidden costs or Pixee-side LLM charges for self-hosted deployments. | -| **Audit trail** | Every triage decision includes the LLM justification. Auditors can see what the model was asked and what it answered. | +| **Audit trail** | Every triage decision includes the LLM justification. Auditors can see what the model was asked and what it answered. | For full data flow details and credential handling, see [Security Architecture](/enterprise/security-architecture). @@ -79,4 +103,3 @@ When an LLM provider is unavailable, Pixee handles the degradation: - **Existing results are unaffected.** Triage decisions and PRs that have already been delivered are not affected by provider unavailability. Historical data persists independently. This resilience architecture means an LLM outage degrades Pixee's capability without halting it entirely. - diff --git a/docs/enterprise/deployment/_category_.json b/docs/enterprise/deployment/_category_.json new file mode 100644 index 00000000..aaa5f769 --- /dev/null +++ b/docs/enterprise/deployment/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Deployment Options", + "position": 2, + "collapsible": true, + "collapsed": true, + "link": { + "type": "doc", + "id": "enterprise/deployment/deployment-overview" + } +} diff --git a/docs/enterprise/air-gap.md b/docs/enterprise/deployment/air-gap.md similarity index 100% rename from docs/enterprise/air-gap.md rename to docs/enterprise/deployment/air-gap.md diff --git a/docs/enterprise/deployment.md b/docs/enterprise/deployment/deployment-overview.md similarity index 96% rename from docs/enterprise/deployment.md rename to docs/enterprise/deployment/deployment-overview.md index 26173240..f270bf8d 100644 --- a/docs/enterprise/deployment.md +++ b/docs/enterprise/deployment/deployment-overview.md @@ -5,7 +5,7 @@ track: leader content_type: guide seo_title: Deployment Options - SaaS, Self-Hosted, and Air-Gapped Security Automation description: "Compare Pixee deployment models: cloud SaaS, embedded cluster, Helm/BYO Kubernetes, and air-gapped. Includes data flow tables and infrastructure requirements." -sidebar_position: 2 +sidebar_position: 1 --- Pixee offers four deployment models: cloud SaaS, a turnkey embedded cluster for organizations without Kubernetes, a standard Helm chart for existing EKS/GKE/AKS clusters, and a fully air-gapped deployment with private LLM endpoints. Every model delivers the same triage and remediation engine. The only difference is where the infrastructure runs and how data flows through your network. @@ -22,7 +22,7 @@ Pixee manages all infrastructure. The customer installs a GitHub App, GitLab PAT ### Embedded Cluster Architecture -A single Linux VM hosts the complete Pixee platform as a turnkey appliance. The installer provisions K3s (Kubernetes 1.32), storage, authentication, and observability automatically. The KOTS admin console provides a form-based UI for configuration. No Kubernetes expertise is required. +A single Linux VM hosts the complete Pixee platform as a turnkey appliance. The installer provisions K3s (current stable Kubernetes), storage, authentication, and observability automatically. The KOTS admin console provides a form-based UI for configuration. No Kubernetes expertise is required. **Component layout:** Customer VM runs Pixee platform, analysis service, and user platform. LLM inference routes to the customer's chosen provider (OpenAI, Azure AI Foundry, Anthropic, or Azure Anthropic) from within the customer network. SCM integration connects to internal or cloud-hosted SCM. Admin console runs on port 30000. @@ -67,8 +67,8 @@ This table answers the question security teams ask first: "What data leaves my n | **Compute** | 8 vCPU, 32 GB RAM | 8+ vCPU, 32+ GB RAM | | **Storage** | 100 GB+ SSD/NVMe (under 10 ms write latency) | 100 GB+ SSD/NVMe | | **Operating system** | Ubuntu 24.04+ (recommended), RHEL 9, Rocky Linux, AlmaLinux | N/A (Kubernetes cluster) | -| **Kubernetes** | K3s bundled (v1.32) | EKS, GKE, AKS, or self-managed | -| **Helm CLI** | N/A | v3.15+ | +| **Kubernetes** | K3s bundled (current stable) | EKS, GKE, AKS, or self-managed | +| **Helm CLI** | N/A | Current stable version | | **Network** | Port 443 (HTTPS), Port 30000 (admin console) | Port 443 (HTTPS) | | **Internet** | Required for initial install; proxy support available | Required for initial install; proxy support available | diff --git a/docs/enterprise/embedded-cluster.md b/docs/enterprise/deployment/embedded-cluster.md similarity index 93% rename from docs/enterprise/embedded-cluster.md rename to docs/enterprise/deployment/embedded-cluster.md index b91f1800..d2f7e191 100644 --- a/docs/enterprise/embedded-cluster.md +++ b/docs/enterprise/deployment/embedded-cluster.md @@ -41,7 +41,7 @@ The VM can run on any infrastructure: physical servers, VMware, Hyper-V, cloud V ## Installation -The embedded cluster installs with a single command on a Linux VM meeting the prerequisites above. The installer provisions K3s (Kubernetes 1.32), deploys the Pixee platform, and starts a KOTS-powered admin console on port 30000. The admin console provides a form-based UI for all configuration -- domain, TLS, authentication, LLM provider, and SCM connections. No YAML editing or manual Kubernetes configuration is required at any point. For the current installer command and step-by-step walkthrough, see the [deployment guide](https://app.pixee.ai/docs/deploy). +The embedded cluster installs with a single command on a Linux VM meeting the prerequisites above. The installer provisions K3s (current stable Kubernetes), deploys the Pixee platform, and starts a KOTS-powered admin console on port 30000. The admin console provides a form-based UI for all configuration -- domain, TLS, authentication, LLM provider, and SCM connections. No YAML editing or manual Kubernetes configuration is required at any point. For the current installer command and step-by-step walkthrough, see the [deployment guide](https://app.pixee.ai/docs/deploy). **Configuration options available in the admin console:** diff --git a/docs/enterprise/helm.md b/docs/enterprise/deployment/helm.md similarity index 98% rename from docs/enterprise/helm.md rename to docs/enterprise/deployment/helm.md index afb4ab0c..e2040743 100644 --- a/docs/enterprise/helm.md +++ b/docs/enterprise/deployment/helm.md @@ -24,11 +24,11 @@ Compared to legacy on-premises AppSec products that ship as VM images, a native | Requirement | Specification | | -------------- | --------------------------------------- | -| **Kubernetes** | EKS, GKE, AKS, or self-managed (v1.32+) | +| **Kubernetes** | EKS, GKE, AKS, or self-managed (current stable) | | **CPU** | 8+ vCPU | | **RAM** | 32+ GB | | **Storage** | 100 GB+ SSD/NVMe | -| **Helm CLI** | v3.15+ | +| **Helm CLI** | Current stable version | | **Network** | Port 443 (HTTPS) | **Namespace isolation.** Pixee runs in a dedicated namespace. The Helm chart does not require cluster-admin privileges for day-to-day operation. Installation requires namespace creation and secret management permissions. diff --git a/docs/enterprise/phased-rollout.md b/docs/enterprise/phased-rollout.md index 2fe257b2..696a79eb 100644 --- a/docs/enterprise/phased-rollout.md +++ b/docs/enterprise/phased-rollout.md @@ -39,9 +39,9 @@ Phase 1 is where most readers will start and where the most specific guidance ma ### Security Engineer Execution Track -**Installation.** Connect Pixee to the pilot repositories. See the Getting Started guides for [GitHub](/getting-started/github), [GitLab](/getting-started/gitlab), [Azure DevOps](/getting-started/azure-devops), or [Bitbucket](/getting-started/bitbucket). +**Installation.** Connect Pixee to the pilot repositories. See [Connect Source Control](/getting-started/source-control) for a platform-by-platform quick-start guide. -**Scanner connection.** Connect your existing scanners to Pixee so it can triage and remediate findings from your current tooling. Pixee works with 13 native scanner integrations and any SARIF-producing scanner. +**Scanner connection.** Connect your existing scanners to Pixee so it can triage and remediate findings from your current tooling. Pixee works with natively integrated scanners and any SARIF-producing scanner. **First fix review.** Walk through the first Pixee PR with the development team. Explain what changed, why it changed, and the quality scores. diff --git a/docs/enterprise/security-architecture.md b/docs/enterprise/security-architecture.md index 24eb7da6..a9fea104 100644 --- a/docs/enterprise/security-architecture.md +++ b/docs/enterprise/security-architecture.md @@ -10,6 +10,8 @@ sidebar_position: 7 Pixee's security architecture is built on three principles: minimize data exposure (send only relevant code snippets to LLM inference, never entire repositories), preserve human authority (PR-only workflow, never direct commits), and isolate analysis (stateless inference calls that cannot persist or affect other analyses). This page details data flow, access control, credential management, and AI governance for enterprise deployments. +For Pixee's latest security certifications, audit reports, and data processing policies, visit the [Pixee Trust Center](https://trust.pixee.ai). + Security teams evaluating Pixee should read this page alongside [Compliance](/enterprise/compliance). Together, they cover the technical architecture and the compliance mapping that enterprise reviews require. ## Security Principles diff --git a/docs/enterprise/troubleshooting.md b/docs/enterprise/troubleshooting.md index 574213ea..6b1d3535 100644 --- a/docs/enterprise/troubleshooting.md +++ b/docs/enterprise/troubleshooting.md @@ -28,7 +28,7 @@ For detailed setup procedures, see [Embedded Cluster](/enterprise/embedded-clust | Symptom | Likely Cause | Resolution | | --------------------------------------- | ------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | -| Scanner findings not appearing in Pixee | SARIF file format mismatch or upload path error | Verify the scanner output conforms to the SARIF 2.1.0 specification and the upload endpoint is correctly configured. | +| Scanner findings not appearing in Pixee | SARIF file format mismatch or upload path error | Verify the scanner output conforms to the SARIF specification and the upload endpoint is correctly configured. | | Partial findings ingestion | Scanner output exceeds size limits or contains unsupported rule IDs | Check the scanner output for unsupported finding types. Verify the scanner is producing complete SARIF output. | | Duplicate findings after re-scan | Deduplication key mismatch between scan runs | Verify the scanner configuration produces consistent finding identifiers across runs. | | Findings appear but no fixes generated | Scanner findings are in an unsupported language or CWE category | Check the [Languages Overview](/languages/overview) for supported language and finding type coverage. | diff --git a/docs/faq/faq.md b/docs/faq/faq.md index e3e5ff6e..51f46cc7 100644 --- a/docs/faq/faq.md +++ b/docs/faq/faq.md @@ -26,7 +26,7 @@ A codemod is a deterministic code transformation rule that rewrites source code ### What scanners does Pixee work with? -Pixee integrates natively with 13 scanners: CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, and Trivy. Any scanner that produces SARIF output can also connect through the Universal SARIF integration — over 50 additional scanners validated. You do not need to change your detection stack. +Pixee integrates natively with a growing list of scanners including CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, and Trivy. Any scanner that produces SARIF output can also connect through the Universal SARIF integration — over 50 additional scanners validated. You do not need to change your detection stack. ### Does Pixee replace my existing scanners? @@ -42,7 +42,7 @@ Yes. SCA findings flow through the same triage and remediation pipeline as SAST ### What is the difference between Pixee and GitHub Copilot Autofix? -Copilot Autofix is limited to GitHub Advanced Security (CodeQL) findings on GitHub. Pixee works with 13 natively integrated scanners across GitHub, GitLab, Azure DevOps, and Bitbucket. Pixee also provides triage automation, which Copilot Autofix does not offer. Pixee uses deterministic codemods alongside constrained AI, while Copilot Autofix relies on general-purpose AI code generation. Pixee also supports self-hosted and air-gapped deployment with Bring Your Own Model (BYOM). +Copilot Autofix is limited to GitHub Advanced Security (CodeQL) findings on GitHub. Pixee works with a growing list of natively integrated scanners across GitHub, GitLab, Azure DevOps, and Bitbucket. Pixee also provides triage automation, which Copilot Autofix does not offer. Pixee uses deterministic codemods alongside constrained AI, while Copilot Autofix relies on general-purpose AI code generation. Pixee also supports self-hosted and air-gapped deployment with Bring Your Own Model (BYOM). ### How long does it take to set up Pixee? @@ -142,14 +142,14 @@ Most likely cause: no scanner findings exist for the connected repository. **Con 1. Connect at least one scanner. See the [Integrations Overview](/integrations/overview) for setup instructions. 2. Verify the scanner has produced findings for the repository. -3. For custom or unsupported scanners, verify findings are in SARIF 2.1.0 format and are being uploaded correctly. +3. For custom or unsupported scanners, verify findings are in SARIF format and are being uploaded correctly. ### Why are scanner findings not showing up in Pixee? Three common causes, in order of likelihood: 1. **Integration not configured.** Each scanner requires its own integration configuration. -2. **Format mismatch.** Scanner output does not match the expected specification. Verify SARIF 2.1.0 compliance for custom scanners. +2. **Format mismatch.** Scanner output does not match the expected specification. Verify SARIF compliance for custom scanners. 3. **Upload path incorrect.** Scanner results are not being delivered to the correct endpoint. Check the integration documentation for the expected delivery method. ### Scanner findings appear in Pixee but no fixes are generated. Why? diff --git a/docs/getting-started/azure-devops.md b/docs/getting-started/azure-devops.md deleted file mode 100644 index 60068dad..00000000 --- a/docs/getting-started/azure-devops.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: Azure DevOps Setup -slug: /getting-started/azure-devops -track: dev -content_type: tutorial -seo_title: "Set Up Pixee for Azure DevOps | Automated Security PRs" -description: Install Pixee for Azure DevOps to receive automated vulnerability triage and remediation as pull requests in Azure Repos. -sidebar_position: 4 ---- - -Install Pixee for Azure DevOps to receive automated vulnerability triage and remediation as standard pull requests in Azure Repos. Connect your Azure DevOps organization, select your projects, and Pixee begins delivering fixes that developers review and complete using the same PR workflow they already use. Works with Azure Pipelines for CI/CD integration. No new tools, no separate interface to learn. - -## Prerequisites - -Before you start, confirm the following: - -- **Azure DevOps permissions.** You need Project Administrator or Project Collection Administrator permissions on the target projects. Organization-level settings may require Organization Administrator access. -- **Azure DevOps instance.** Azure DevOps Services (cloud, dev.azure.com) or Azure DevOps Server (on-premises). For on-premises, see [Azure DevOps Server (On-Premises)](#azure-devops-server-on-premises) below. -- **Supported language.** At least one repository in Azure Repos with code in Java, Python, JavaScript/TypeScript, .NET, Go, or PHP. -- **Scanner results (required).** Pixee needs scanner findings to perform triage and generate fixes. If you run scanners through Azure Pipelines (CodeQL, Checkmarx, SonarQube, or others), Pixee can ingest those results. - -No extensions to install from the Visual Studio Marketplace. No pipeline YAML changes needed to start. - -## Setup - -Create an Azure DevOps personal access token for a dedicated service account with a custom scope that includes full _Code_ access (not "Full access" — that grants more than needed). Connect it in Pixee's Azure DevOps integration settings, along with your organization name. Webhook user/password credentials are optional and enable real-time event delivery. See [Azure DevOps Integration → Authentication](/integrations/scms/azure-devops#authentication) for the full credential reference. For step-by-step install instructions, see the [installation guide](https://app.pixee.ai/docs/setup). - -After connecting, choose which projects and repositories Pixee should analyze -- at the organization, project, or individual repository level. Pixee targets the default branch of each connected repository. You can customize branch targeting and other behavior later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the repository root. - -**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If your Azure Pipelines run security scanners, Pixee can ingest findings from those pipeline runs. Any scanner producing SARIF output can also be connected through Pixee's [Integrations](/integrations/overview) page. - -After setup, Pixee begins its initial analysis and opens pull requests for actionable findings within the first hour. If no PRs appear, verify PAT scopes, organization-level admin consent, and supported language coverage. - -## What You'll See - -When Pixee identifies a fixable vulnerability, it opens a standard pull request in Azure Repos. Here is what the PR contains: - -**PR title:** Describes the vulnerability type and location — for example, `Fix insecure deserialization in ApiHandler.cs`. - -**PR description includes:** - -| Section | What It Contains | -| --------------------- | ---------------------------------------------------------------- | -| Vulnerability details | CVE or CWE reference, severity, and the scanner that detected it | -| Triage justification | Why Pixee classified this as a true positive worth fixing | -| Fix explanation | What the code change does and why it resolves the vulnerability | -| Quality scores | Safety, effectiveness, and cleanliness ratings for the fix | -| Linked work items | Work item reference if configured during setup | -| Diff | Standard Azure Repos diff showing 1-5 lines changed | - -**How to review:** Open the PR in Azure Repos and read the diff like any other pull request. Pixee fixes are typically 1-5 lines. - -**How to complete:** Standard Azure DevOps completion flow — approve, set merge type (merge, squash, rebase), and complete. Pixee PRs respect your existing branch policies, required reviewers, and build validation pipelines. - -**How to abandon:** Abandon the PR with a comment. Pixee does not recreate abandoned PRs for the same finding. - -**Build validation:** Pixee-generated PRs trigger your existing Azure Pipelines build validation policies like any other PR. If your branch policies require a successful build before completion, the Pixee fix branch goes through the same gates. - -For merge rate data, see [Security & Trust](/platform/security). - -## What Data Leaves Your Network - -Pixee's cloud SaaS deployment works as follows: - -- **Code access.** Pixee reads repository contents through the personal access token's authorized API access. Code is processed for analysis and is not stored after the analysis completes. -- **Scanner findings.** Pixee reads findings from connected scanners through pipeline results or direct integration. These findings are used to generate fixes. -- **PRs.** Pixee writes pull requests back to Azure Repos through the API. PR content (diffs, descriptions) lives in your Azure DevOps instance. -- **No pipeline secrets, no service connections, no deployment data.** Pixee does not access Azure Pipelines variable groups, service connections, key vaults, or deployment gate configurations. - -For teams that require code to remain within their own infrastructure, Pixee offers [self-hosted deployment options](/enterprise/deployment) including embedded cluster, Helm / BYO Kubernetes, and air-gapped configurations. - -## Azure DevOps Server (On-Premises) - -Azure DevOps Server is supported. See [Azure DevOps Integration → Azure DevOps Server (On-Premises)](/integrations/scms/azure-devops#azure-devops-server-on-premises) for the connection model and Entra ID notes, and [Enterprise Deployment Options](/enterprise/deployment) for air-gapped and on-prem Pixee deployments. - diff --git a/docs/getting-started/bitbucket.md b/docs/getting-started/bitbucket.md deleted file mode 100644 index 52926d60..00000000 --- a/docs/getting-started/bitbucket.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: Bitbucket Setup -slug: /getting-started/bitbucket -track: dev -content_type: tutorial -seo_title: "Set Up Pixee for Bitbucket | Automated Security PRs" -description: Install Pixee for Bitbucket to receive automated vulnerability triage and remediation as pull requests. -sidebar_position: 5 ---- - -Install Pixee for Bitbucket to receive automated vulnerability triage and remediation as standard pull requests in your existing Bitbucket workflow. Connect your Bitbucket workspace, select your repositories, and Pixee begins delivering fixes that developers review and merge using the same PR process they already use. Works with Bitbucket Cloud and Bitbucket Server. No separate tools, no new dashboards to learn. - -## Prerequisites - -Before you start, confirm the following: - -- **Bitbucket permissions.** You need Admin permissions on the target workspace (Bitbucket Cloud) or Project Admin permissions (Bitbucket Server). -- **Bitbucket instance.** Bitbucket Cloud (bitbucket.org) or Bitbucket Data Center / Server. See [Bitbucket Data Center / Server](#bitbucket-data-center--server) below for on-premises details. -- **Supported language.** At least one repository with code in Java, Python, JavaScript/TypeScript, .NET, Go, or PHP. -- **Scanner results (required).** Pixee needs scanner findings to perform triage and generate fixes. If you run scanners through Bitbucket Pipelines or a separate CI system (Snyk, SonarQube, Checkmarx, or others), Pixee can ingest those findings. - -No Bitbucket app marketplace installs required. No `bitbucket-pipelines.yml` changes needed to start. - -## Setup - -Create a Bitbucket Cloud API token for a dedicated service account ([Atlassian instructions](https://support.atlassian.com/bitbucket-cloud/docs/create-a-repository-access-token/)), then connect it in Pixee's Bitbucket integration settings. You will provide three values: the service account's **username** (used for Git operations), its **email address** (used for API authentication — Bitbucket API tokens require email, not username), and the **API token** itself. The token needs six scopes: `read:user:bitbucket`, `read:workspace:bitbucket`, `read:repository:bitbucket`, `read:pullrequest:bitbucket`, `write:repository:bitbucket`, `write:pullrequest:bitbucket`. See [Bitbucket Integration → Authentication](/integrations/scms/bitbucket#authentication) for the full credential reference. For step-by-step install instructions, see the [installation guide](https://app.pixee.ai/docs/setup). - -After connecting, choose which repositories Pixee should analyze -- all repositories in the workspace or specific repositories. Pixee analyzes the default branch (typically `main` or `master`) of each connected repository. You can customize branch targeting and other behavior later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the repository root. - -**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If your Bitbucket Pipelines include security scanner steps, Pixee can ingest findings from those pipeline runs. Any scanner producing SARIF output can also be connected through Pixee's [Integrations](/integrations/overview) page. - -After setup, Pixee begins its initial analysis and opens pull requests for actionable findings within the first hour. If no PRs appear, verify API token permissions, workspace-level admin approval, and supported language coverage. - -## What You'll See - -When Pixee identifies a fixable vulnerability, it opens a standard Bitbucket pull request. Here is what the PR contains: - -**PR title:** Describes the vulnerability type and location — for example, `Fix XSS vulnerability in TemplateRenderer.py`. - -**PR description includes:** - -| Section | What It Contains | -| --------------------- | ---------------------------------------------------------------- | -| Vulnerability details | CVE or CWE reference, severity, and the scanner that detected it | -| Triage justification | Why Pixee classified this as a true positive worth fixing | -| Fix explanation | What the code change does and why it resolves the vulnerability | -| Quality scores | Safety, effectiveness, and cleanliness ratings for the fix | -| Diff | Standard Bitbucket diff showing 1-5 lines changed | - -**How to review:** Open the PR in Bitbucket and read the diff like any other pull request. Pixee fixes are typically 1-5 lines. No new dependencies are introduced unless the fix requires it. - -**How to merge:** Standard Bitbucket merge flow. Merge commit, squash, or fast-forward — whatever your repository settings require. Pixee PRs respect your existing merge checks and required approvals. - -**How to decline:** Decline the PR with a comment. Pixee does not reopen declined PRs for the same finding. - -**Pipeline behavior:** Pixee-generated PRs trigger your existing Bitbucket Pipelines like any other pull request. If your pipeline includes security scans, tests, or linting steps, those run against the Pixee fix branch automatically. - -For merge rate data, see [Security & Trust](/platform/security). - -## What Data Leaves Your Network - -Pixee's cloud SaaS deployment works as follows: - -- **Code access.** Pixee reads repository contents through the API token's authorized access. Code is processed for analysis and is not stored after the analysis completes. -- **Scanner findings.** Pixee reads findings from connected scanners through pipeline results or direct integration. These findings are used to generate fixes. -- **PRs.** Pixee writes pull requests back to your Bitbucket workspace through the API. PR content (diffs, descriptions) lives in your Bitbucket instance. -- **No pipeline variables, no deployment settings, no SSH keys.** Pixee does not access Bitbucket Pipelines variables, deployment environments, or SSH key configurations. - -For teams that require code to remain within their own infrastructure, Pixee offers [self-hosted deployment options](/enterprise/deployment) including embedded cluster, Helm / BYO Kubernetes, and air-gapped configurations. - -## Bitbucket Data Center / Server - -Bitbucket Server (formerly Data Center) is a separate Atlassian product from Bitbucket Cloud, with different credential and configuration mechanics. See [Bitbucket Integration → Bitbucket Server / Data Center](/integrations/scms/bitbucket#bitbucket-server--data-center) for the supported connection model and [Enterprise Deployment Options](/enterprise/deployment) for air-gapped and on-prem Pixee deployments. - -## Jira Integration - -If your team uses Jira alongside Bitbucket, Pixee PRs can reference Jira issue keys in their descriptions when configured. This allows Jira to automatically link the Pixee-generated PR to the relevant security issue, keeping your Atlassian workflow intact. - -For Jira integration details, see [Integrations Overview](/integrations/overview). - diff --git a/docs/getting-started/first-fix.md b/docs/getting-started/first-fix.md index 905e2c0c..8f1faf57 100644 --- a/docs/getting-started/first-fix.md +++ b/docs/getting-started/first-fix.md @@ -90,7 +90,7 @@ If you do not see a PR within an hour of installation: Once the workflow is proven: -- **Connect additional scanners** to expand coverage. Pixee works with 13 natively integrated scanners and any SARIF-producing tool. +- **Connect additional scanners** to expand coverage. Pixee works with natively integrated scanners and any SARIF-producing tool. - **Roll out to more repositories** as confidence builds. - **Track your merge rate** — see [Security & Trust](/platform/security) for merge rate data and context. diff --git a/docs/getting-started/getting-started.md b/docs/getting-started/getting-started.md index 33938efe..2e633c5a 100644 --- a/docs/getting-started/getting-started.md +++ b/docs/getting-started/getting-started.md @@ -24,7 +24,7 @@ Both capabilities work together. Triage eliminates the noise. Remediation fixes | Capability | What It Does | Proof Point | |---|---|---| -| Triage | Exploitability analysis across 13 native scanner integrations | Up to 98% false positive reduction | +| Triage | Exploitability analysis across natively integrated scanners | Up to 98% false positive reduction | | Remediation | Context-aware fixes as pull requests | 76% merge rate on production deployments | | Delivery | Standard PRs in GitHub, GitLab, ADO, Bitbucket | Native platform integration | @@ -34,7 +34,7 @@ Setting up Pixee takes three steps: | Step | Page | Time | |---|---|---| -| 1. Install the platform integration | [GitHub](/getting-started/github), [GitLab](/getting-started/gitlab), [Azure DevOps](/getting-started/azure-devops), or [Bitbucket](/getting-started/bitbucket) | 3-5 min | +| 1. Connect your source control platform | [Connect Source Control](/getting-started/source-control) | 3-5 min | | 2. Connect your scanners | See below — required | 5-10 min | | 3. Review and merge your first fix | [Your First Fix](/getting-started/first-fix) | 5 min | @@ -49,16 +49,11 @@ Pixee requires scanner findings to perform triage and generate fixes. Without co - For scanners that write to your SCM's code-scanning surface (GitHub Code Scanning, GitLab Security Dashboard, etc.), Pixee ingests findings automatically through the SCM integration — no additional step required. - For scanners that don't write to the SCM's code-scanning surface, upload SARIF results to the SCM's code-scanning API as a CI step. Pixee then ingests them through the SCM integration. -Pixee integrates natively with 13 scanners: CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, and Trivy. Any SARIF-producing scanner also works. See [Scanner Integration](/platform/scanner-integration) for the full list and [CI/CD Integration](/integrations/ci-cd) for pipeline setup examples. +Pixee integrates natively with a growing list of scanners including CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, and Trivy. Any SARIF-producing scanner also works. See [Scanner Integration](/platform/scanner-integration) for the full list and [CI/CD Integration](/integrations/ci-cd) for pipeline setup examples. ## Choose Your Platform -| Platform | Setup Time | Guide | -|---|---|---| -| **GitHub** | ~3 minutes | [GitHub Setup →](/getting-started/github) | -| **GitLab** | ~5 minutes | [GitLab Setup →](/getting-started/gitlab) | -| **Azure DevOps** | ~5 minutes | [Azure DevOps Setup →](/getting-started/azure-devops) | -| **Bitbucket** | ~5 minutes | [Bitbucket Setup →](/getting-started/bitbucket) | +See [Connect Source Control](/getting-started/source-control) for a quick-start summary of all four platforms (GitHub, GitLab, Azure DevOps, Bitbucket) with connection requirements and step summaries. Full setup guides live under [Integrations → Source Control](/integrations/overview). Need enterprise deployment (self-hosted, air-gapped, BYOM)? Start with [Enterprise Deployment Options](/enterprise/deployment). diff --git a/docs/getting-started/github.md b/docs/getting-started/github.md deleted file mode 100644 index 197c6a97..00000000 --- a/docs/getting-started/github.md +++ /dev/null @@ -1,124 +0,0 @@ ---- -title: GitHub Setup -slug: /getting-started/github -track: dev -content_type: tutorial -seo_title: "Set Up Pixee for GitHub | Automated Security Fixes in PRs" -description: Install the Pixee GitHub App for automated vulnerability triage and remediation delivered as pull requests. -sidebar_position: 2 ---- - -Install the Pixee GitHub App to receive automated vulnerability triage and remediation as standard pull requests in your existing repositories. Authorize the app, select which repositories to connect, and Pixee begins analyzing your code and scanner results immediately. Developers review and merge fixes the same way they handle any other PR. No CLI installs, no config files, no new dashboards. - -## Prerequisites - -Before you start, confirm the following: - -- **GitHub permissions.** You need admin or owner permissions on the target repositories, or organization-level install permissions for org-wide deployment. -- **Supported language.** At least one repository with code in Java, Python, JavaScript/TypeScript, .NET, Go, or PHP. -- **Scanner results (required).** Pixee needs scanner findings to perform triage and generate fixes. If you already run CodeQL, Semgrep, Snyk Code, Checkmarx, SonarQube, or another scanner that uploads SARIF to GitHub Code Scanning, Pixee ingests those results automatically. - -No agents to install. No CLI required. No configuration files needed to start. - -## Setup - -Install the Pixee GitHub App from the GitHub Marketplace, select your organization, and choose which repositories to connect. The app requests permissions for repository contents, pull requests, code scanning alerts, checks, webhooks, and metadata; it does not request access to secrets, environments, Actions workflows, or deployment configurations. See [GitHub Integration → Required Permissions](/integrations/scms/github#required-permissions) for the full table and rationale. For step-by-step install instructions, see the [installation guide](https://app.pixee.ai/docs/setup). - -Pixee analyzes the default branch of each connected repository. Branch targeting and other behavior can be customized later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the repository root. - -**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If you use GitHub Code Scanning (which includes CodeQL, Semgrep via SARIF upload, and others), Pixee ingests those results automatically through the GitHub App. For scanners outside the GitHub Code Scanning ecosystem, connect them through Pixee's [Integrations](/integrations/overview) page. - -After installation, Pixee begins its initial analysis. Within the first hour, Pixee opens pull requests for any actionable findings it identifies. If no PRs appear, the repository may have no actionable findings, or you may need to verify repository access and supported language coverage. - -## Public Repositories Without an Existing Scanner - -If you are setting up Pixee on a public GitHub repository that does not yet have a scanner configured, you can stand up the full pipeline in three steps using free tooling. CodeQL through GitHub Advanced Security (GHAS) and SonarQube Cloud are both free for public repositories. - -### 1. Enable GitHub Issues for the dashboard view - -Pixee can publish a status dashboard as a GitHub Issue in your repository. To enable it: - -1. In your repository, go to **Settings → General**. -2. Under **Features**, check **Issues**. - -You can disable Issues later if you prefer the Pixee dashboard at [app.pixee.ai](https://app.pixee.ai). - -### 2. Connect a scanner - -Pick either CodeQL via GHAS or SonarQube Cloud. Both are free for public repositories and integrate with Pixee through GitHub Code Scanning. - -**Option A: CodeQL via GitHub Advanced Security** - -1. In your repository, go to **Settings → Code security**. -2. Under **Tools → CodeQL analysis**, click **Set up**, then choose **Default**. -3. Wait for the first CodeQL run to finish. You can watch progress in the **Actions** tab. - -For deeper detail on what Pixee extracts from CodeQL findings, see [CodeQL Integration](/integrations/scanners/codeql). - -**Option B: SonarQube Cloud** - -Follow the [SonarQube Cloud GitHub setup instructions](https://docs.sonarsource.com/sonarqube-cloud/getting-started/github/). Logging in with your GitHub identity is the simplest path. SonarQube Cloud is free for public repositories. - -For Pixee's handling of SonarQube findings, see [SonarQube Integration](/integrations/scanners/sonarqube). - -### 3. Install Pixeebot - -Once the scanner has finished its first run: - -1. Go to the [Pixeebot GitHub App page](https://github.com/apps/pixeebot/). -2. Click **Install** (or **Configure** if it is already installed) and follow the prompts. -3. After installation, you are redirected to the Pixee dashboard. - -Pixee processes the scanner output for the default branch and, within a few minutes, opens pull requests for any actionable findings. If you enabled Issues in step 1, a Pixee status issue is also created with a summary of fixes available, in progress, and applied. - -## What You'll See - -When Pixee identifies a fixable vulnerability, it opens a standard GitHub pull request. Here is what the PR contains: - -**PR title:** Describes the vulnerability type and location — for example, `Fix SQL injection in UserController.java`. - -**PR description includes:** - -| Section | What It Contains | -| --------------------- | ---------------------------------------------------------------- | -| Vulnerability details | CVE or CWE reference, severity, and the scanner that detected it | -| Triage justification | Why Pixee classified this as a true positive worth fixing | -| Fix explanation | What the code change does and why it resolves the vulnerability | -| Quality scores | Safety, effectiveness, and cleanliness ratings for the fix | -| Diff | Standard GitHub diff showing 1-5 lines changed | - -**How to review:** Read the diff like any other pull request. The fix is typically 1-5 lines. Pixee does not restructure your code or introduce new dependencies unless the fix requires it (for example, adding an input validation library). - -**How to merge:** Standard GitHub merge flow. Squash, merge commit, or rebase — whatever your branch protection rules require. - -**How to reject:** Close the PR with a comment. Pixee does not reopen closed PRs for the same finding. - -For merge rate data, see [Security & Trust](/platform/security). - -## What Data Leaves Your Network - -Pixee's cloud SaaS deployment works as follows: - -- **Code access.** Pixee reads repository contents through the GitHub App's authorized API access. Code is processed for analysis and is not stored after the analysis completes. -- **Scanner findings.** If you use GitHub Code Scanning, Pixee reads SARIF results through the Checks API. These findings are used to generate fixes. -- **PRs.** Pixee writes pull requests back to your repository through the GitHub API. PR content (diffs, descriptions) lives in your GitHub instance. -- **No secrets, no env vars, no deployment data.** Pixee does not access GitHub Actions secrets, environment variables, or deployment configurations. - -For teams that require code to remain within their own infrastructure, Pixee offers [self-hosted deployment options](/enterprise/deployment) including embedded cluster, Helm / BYO Kubernetes, and air-gapped configurations. - -## Repository Configuration - -Pixee works with sensible defaults — no configuration file is needed to start. When you want to customize behavior, create a `PIXEE.yaml` file in the repository root. - -Common customizations include: - -- Excluding specific paths or files from analysis -- Adjusting which fix categories Pixee generates PRs for -- Configuring branch targeting - -See the full [PIXEE.yaml Reference](/configuration/pixee-yaml) for all options. - -## GitHub Enterprise Server (GHES) - -GHES is supported via Pixee Enterprise (self-hosted) — not on the cloud SaaS. See [GitHub Integration → GitHub Enterprise Server](/integrations/scms/github#github-enterprise-server) for the connection model and network requirements, and [Enterprise Deployment Options](/enterprise/deployment) for infrastructure setup. - diff --git a/docs/getting-started/gitlab.md b/docs/getting-started/gitlab.md deleted file mode 100644 index 8be16618..00000000 --- a/docs/getting-started/gitlab.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: GitLab Setup -slug: /getting-started/gitlab -track: dev -content_type: tutorial -seo_title: "Set Up Pixee for GitLab | Automated Security Merge Requests" -description: Install Pixee for GitLab to receive automated vulnerability triage and remediation as merge requests. -sidebar_position: 3 ---- - -Install Pixee for GitLab to receive automated vulnerability triage and remediation as standard merge requests in your existing GitLab workflow. Connect your GitLab instance, select your projects, and Pixee begins delivering fixes that developers review and merge using the same MR process they already use. Works with GitLab SaaS and self-managed instances. No new interfaces, no separate dashboard. - -## Prerequisites - -Before you start, confirm the following: - -- **GitLab permissions.** You need Maintainer or Owner role on the target projects. For group-level setup, you need Owner on the parent group. -- **GitLab instance.** GitLab SaaS (gitlab.com) or a self-managed GitLab instance. For self-managed, you will provide your instance URL during setup. -- **Supported language.** At least one project with code in Java, Python, JavaScript/TypeScript, .NET, Go, or PHP. -- **Scanner results (required).** Pixee needs scanner findings to perform triage and generate fixes. If you run GitLab SAST, Semgrep, Checkmarx, or other scanners through GitLab CI, Pixee ingests those findings automatically. - -No agents to install. No runner configuration changes. No `.gitlab-ci.yml` edits needed to start. - -## Setup - -Create a GitLab personal access token for a dedicated service account, then connect it in Pixee's GitLab integration settings. The token needs `api`, `read_user`, `read_repository`, `read_api`, and `write_repository` scopes. See [GitLab Integration → Authentication](/integrations/scms/gitlab#authentication) for the full scope table and rationale, including the `member_projects_only` toggle. For step-by-step install instructions, see the [installation guide](https://app.pixee.ai/docs/setup). - -After connecting, choose which GitLab projects Pixee should analyze -- all projects, member projects only, or specific projects. Pixee analyzes the default branch of each connected project. You can customize branch targeting and other behavior later via a [PIXEE.yaml](/configuration/pixee-yaml) file in the project root. - -**Scanner integration (required):** Pixee needs scanner findings to generate fixes. Pixee natively integrates with 13 scanners. If your `.gitlab-ci.yml` includes the GitLab SAST template, Pixee ingests those findings directly. Third-party scanners producing SARIF output can be connected through Pixee's [Integrations](/integrations/overview) page. - -After setup, Pixee begins its initial analysis and opens merge requests for actionable findings within the first hour. If no MRs appear, verify PAT scopes, network connectivity (for self-managed instances), and supported language coverage. - -## What You'll See - -When Pixee identifies a fixable vulnerability, it opens a standard GitLab merge request. Here is what the MR contains: - -**MR title:** Describes the vulnerability type and location — for example, `Fix path traversal in FileService.java`. - -**MR description includes:** - -| Section | What It Contains | -| --------------------- | ---------------------------------------------------------------- | -| Vulnerability details | CVE or CWE reference, severity, and the scanner that detected it | -| Triage justification | Why Pixee classified this as a true positive worth fixing | -| Fix explanation | What the code change does and why it resolves the vulnerability | -| Quality scores | Safety, effectiveness, and cleanliness ratings for the fix | -| Diff | Standard GitLab diff showing 1-5 lines changed | - -**How to review:** Read the diff like any other merge request. Pixee fixes are typically 1-5 lines. No new dependencies are introduced unless the fix requires it. - -**How to merge:** Standard GitLab merge flow. If your project has merge request approval rules or CI pipeline requirements, Pixee MRs go through the same gates as any developer-authored MR. - -**How to reject:** Close the MR with a comment. Pixee does not reopen closed MRs for the same finding. - -**CI pipeline behavior:** Pixee-generated MRs trigger your existing GitLab CI pipeline like any other merge request. If your pipeline includes SAST, tests, or linting stages, those run against the Pixee fix branch automatically. - -For merge rate data, see [Security & Trust](/platform/security). - -## What Data Leaves Your Network - -Pixee's cloud SaaS deployment works as follows: - -- **Code access.** Pixee reads repository contents through the personal access token's authorized API access. Code is processed for analysis and is not stored after the analysis completes. -- **Scanner findings.** Pixee reads findings from GitLab SAST reports or connected third-party scanners. These findings are used to generate fixes. -- **MRs.** Pixee writes merge requests back to your GitLab instance through the API. MR content (diffs, descriptions) lives in your GitLab instance. -- **No CI secrets, no variables, no deployment data.** Pixee does not access CI/CD variables, runner tokens, or deployment configurations. - -For teams that require code to remain within their own infrastructure, Pixee offers [self-hosted deployment options](/enterprise/deployment) including embedded cluster, Helm / BYO Kubernetes, and air-gapped configurations. - -## Self-Managed GitLab - -Self-managed GitLab is supported. See [GitLab Integration → Self-Hosted GitLab](/integrations/scms/gitlab#self-hosted-gitlab) for the connection model and network requirements, and [Enterprise Deployment Options](/enterprise/deployment) for air-gapped and on-prem Pixee deployments. - diff --git a/docs/getting-started/source-control.md b/docs/getting-started/source-control.md new file mode 100644 index 00000000..dc6f5957 --- /dev/null +++ b/docs/getting-started/source-control.md @@ -0,0 +1,105 @@ +--- +title: Connect Source Control +slug: /getting-started/source-control +track: dev +content_type: tutorial +seo_title: "Connect Source Control to Pixee | GitHub, GitLab, Azure DevOps, Bitbucket" +description: Connect your source control platform to Pixee. Quick-start summary for GitHub, GitLab, Azure DevOps, and Bitbucket with links to full setup guides. +sidebar_position: 2 +--- + +Pixee delivers automated vulnerability fixes as pull requests (or merge requests) directly in your existing SCM workflow. Connect your SCM platform once, and Pixee starts triaging scanner findings and opening fix PRs. Setup takes under five minutes for most platforms. + +Choose your platform below for the connection summary, then follow the link to the full setup guide for detailed instructions, permissions tables, and troubleshooting. + +## GitHub + +| Item | Detail | +|---|---| +| **Integration type** | GitHub App (installed from GitHub Marketplace) | +| **Required permissions** | Repository contents, pull requests, code scanning alerts, checks, webhooks, metadata | +| **What you need** | Admin or owner permissions on target repositories or org | +| **Scanner ingestion** | Automatic via GitHub Code Scanning (GHAS API) — no extra step if you run CodeQL, Semgrep, or other SARIF-uploading scanners | + +**Quick steps:** +1. Install the Pixee GitHub App from the GitHub Marketplace and select your organization. +2. Choose which repositories to connect (org-wide or specific repos). +3. Pixee ingests scanner findings and opens fix PRs — typically within the first hour. + +For public repositories without an existing scanner, see the [GitHub Setup guide](/integrations/scms/github) for a walkthrough using CodeQL (free for public repos). + +**Full setup guide:** [GitHub Integration →](/integrations/scms/github) + +--- + +## GitLab + +| Item | Detail | +|---|---| +| **Integration type** | Personal access token (service account recommended) | +| **Required scopes** | `api`, `read_user`, `read_repository`, `read_api`, `write_repository` | +| **What you need** | Maintainer or Owner role on target projects; Owner on parent group for group-level setup | +| **Instances supported** | GitLab SaaS (gitlab.com) and self-managed GitLab | +| **Scanner ingestion** | Automatic via GitLab Security Dashboard if you use GitLab SAST or other CI-integrated scanners | + +**Quick steps:** +1. Create a GitLab personal access token for a dedicated service account with the required scopes. +2. Connect the token in Pixee's GitLab integration settings, providing your instance URL (for self-managed). +3. Choose which projects Pixee should analyze (all, member-only, or specific). + +**Full setup guide:** [GitLab Integration →](/integrations/scms/gitlab) + +--- + +## Azure DevOps + +| Item | Detail | +|---|---| +| **Integration type** | Personal access token + optional webhook credentials | +| **Required scopes** | Full **Code** access (not "Full access") | +| **What you need** | Project Administrator or Project Collection Administrator on target projects | +| **Instances supported** | Azure DevOps Services (dev.azure.com) and Azure DevOps Server (on-premises) | +| **Scanner ingestion** | Via Azure Pipelines scanner integrations; SARIF upload supported | + +**Quick steps:** +1. Create an Azure DevOps PAT for a dedicated service account with full Code access. +2. Connect the PAT and your organization name in Pixee's Azure DevOps integration settings. +3. Choose which projects and repositories to analyze. + +**Full setup guide:** [Azure DevOps Integration →](/integrations/scms/azure-devops) + +--- + +## Bitbucket + +| Item | Detail | +|---|---| +| **Integration type** | API token (Bitbucket Cloud) or repository access token | +| **Required scopes** | `read:user`, `read:workspace`, `read:repository`, `read:pullrequest`, `write:repository`, `write:pullrequest` | +| **What you need** | Admin on the target workspace (Cloud) or Project Admin (Server) | +| **Instances supported** | Bitbucket Cloud (bitbucket.org) and Bitbucket Data Center / Server | +| **Credentials** | Three values required: service account username, email address, and API token | +| **Scanner ingestion** | Via Bitbucket Pipelines scanner steps; SARIF upload supported | + +**Quick steps:** +1. Create a Bitbucket Cloud API token for a dedicated service account. +2. Connect the token, username, and email address in Pixee's Bitbucket integration settings. +3. Choose which repositories in the workspace to analyze. + +**Full setup guide:** [Bitbucket Integration →](/integrations/scms/bitbucket) + +--- + +## After Connecting + +Once your SCM platform is connected: + +1. Pixee analyzes the default branch of each connected repository. +2. Scanner findings are ingested automatically (or via SARIF upload for scanners outside your SCM's native security surface). +3. Pixee opens fix pull requests for actionable findings — typically within the first hour. + +**Next step:** [Your First Fix →](/getting-started/first-fix) + +To customize behavior (branch targeting, severity filters, excluded paths), create a [PIXEE.yaml](/configuration/pixee-yaml) file in your repository root. + +Need enterprise deployment (self-hosted, air-gapped, BYOM)? See [Enterprise Deployment Options](/enterprise/deployment). diff --git a/docs/integrations/ci-cd.md b/docs/integrations/ci-cd.md index e3f1365a..bedc6530 100644 --- a/docs/integrations/ci-cd.md +++ b/docs/integrations/ci-cd.md @@ -49,10 +49,10 @@ This is the question teams ask first, and the answer depends on your deployment | Platform | Common Pattern | Setup Time | Prerequisites | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | ---------------------------------------------------------------------------------- | -| **GitHub Actions** | Scanner publishes SARIF to GitHub Code Scanning; GHAS-native scanners (CodeQL) need no extra step | ~5 min | Pixee GitHub App installed ([setup guide](/getting-started/github)) | -| **GitLab CI** | GitLab SAST + Dependency Scanning are ingested natively; external scanners upload SARIF to GitLab's vulnerability API | ~10 min | GitLab integration configured ([setup guide](/getting-started/gitlab)) | -| **Azure Pipelines** | Scanner runs in pipeline; SARIF is uploaded via Azure DevOps Code Scanning or directly to Pixee | ~10 min | Azure DevOps integration configured ([setup guide](/getting-started/azure-devops)) | -| **Bitbucket Pipelines** | Scanner runs in pipeline; SARIF is uploaded to Pixee | ~10 min | Bitbucket connector configured ([setup guide](/getting-started/bitbucket)) | +| **GitHub Actions** | Scanner publishes SARIF to GitHub Code Scanning; GHAS-native scanners (CodeQL) need no extra step | ~5 min | Pixee GitHub App installed ([setup guide](/getting-started/source-control#github)) | +| **GitLab CI** | GitLab SAST + Dependency Scanning are ingested natively; external scanners upload SARIF to GitLab's vulnerability API | ~10 min | GitLab integration configured ([setup guide](/getting-started/source-control#gitlab)) | +| **Azure Pipelines** | Scanner runs in pipeline; SARIF is uploaded via Azure DevOps Code Scanning or directly to Pixee | ~10 min | Azure DevOps integration configured ([setup guide](/getting-started/source-control#azure-devops)) | +| **Bitbucket Pipelines** | Scanner runs in pipeline; SARIF is uploaded to Pixee | ~10 min | Bitbucket connector configured ([setup guide](/getting-started/source-control#bitbucket)) | | **Jenkins / other CI** | Scanner runs anywhere; the SCM-native path still applies if your scanner publishes to GitHub Code Scanning, GitLab Security Dashboard, etc. | varies | One of the four SCM integrations configured | Setup times are wall-clock time from "I have a pipeline" to "Pixee is processing scanner results." This does not include scanner setup — that is your existing infrastructure. @@ -94,7 +94,7 @@ For scanners that don't write to Code Scanning natively, upload the SARIF afterw sarif_file: results.sarif ``` -**Prerequisites:** Install the Pixee GitHub App ([GitHub Setup](/getting-started/github)). +**Prerequisites:** Install the Pixee GitHub App ([GitHub Setup](/getting-started/source-control#github)). ## GitLab CI @@ -113,7 +113,7 @@ stages: For external scanners, run them in CI and emit GitLab-compatible reports (or upload SARIF to GitLab's security dashboard via the security report artifacts). Pixee picks them up through the same GitLab integration. -**Prerequisites:** Configure the GitLab integration with a service-account PAT ([GitLab Setup](/getting-started/gitlab)). +**Prerequisites:** Configure the GitLab integration with a service-account PAT ([GitLab Setup](/getting-started/source-control#gitlab)). **Self-hosted GitLab:** supported. Configure the custom base URI in the Pixee integration settings. @@ -142,7 +142,7 @@ steps: After the scanner publishes results to your repository's code-scanning surface (or to Pixee directly), the Pixee Azure DevOps integration ingests them and opens fix PRs. -**Prerequisites:** Configure the Azure DevOps integration ([Azure DevOps Setup](/getting-started/azure-devops)). +**Prerequisites:** Configure the Azure DevOps integration ([Azure DevOps Setup](/getting-started/source-control#azure-devops)). **Work-item linking:** If your organization requires linked work items on PRs, configure the work item ID in the Pixee integration settings. @@ -170,7 +170,7 @@ pipelines: After the scan step, the SARIF file is available to the Pixee Bitbucket connector. Configuration of the upload step depends on your scanner — check the per-scanner integration page for specifics. -**Prerequisites:** Configure the Bitbucket connector ([Bitbucket Setup](/getting-started/bitbucket)). Supports Bitbucket Cloud and Bitbucket Server. +**Prerequisites:** Configure the Bitbucket connector ([Bitbucket Setup](/getting-started/source-control#bitbucket)). Supports Bitbucket Cloud and Bitbucket Server. ## Jenkins and Other CI Systems @@ -202,15 +202,15 @@ Pixee accepts scanner results through three paths: 1. **SCM-native APIs.** GitHub Code Scanning, GitLab vulnerability reports, Azure DevOps Code Scanning, Bitbucket reports. Pixee reads findings through the SCM integration. 2. **Direct SARIF upload to Pixee.** Use the [Pixee CLI](/api/cli) (`pixee api`) or an HTTP client. Useful when your CI system doesn't have a clean upload path to the SCM. -3. **Native scanner integrations.** For 13 named scanners (CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy) Pixee uses dedicated handlers that extract scanner-specific metadata for richer triage. See the per-scanner pages under [Integrations](/integrations/overview). +3. **Native scanner integrations.** For named scanners (CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy, and others) Pixee uses dedicated handlers that extract scanner-specific metadata for richer triage. See the per-scanner pages under [Integrations](/integrations/overview). -**Universal SARIF.** Any SARIF 2.1.0–producing scanner works through the universal SARIF integration. See [Universal SARIF Integration](/integrations/sarif-universal). +**Universal SARIF.** Any SARIF-producing scanner works through the universal SARIF integration. See [Universal SARIF Integration](/integrations/sarif-universal). ## Troubleshooting **Scanner findings not reaching Pixee.** Verify the SCM integration's read access to code-scanning results. For GitHub, confirm the App has `code_scanning_alerts: read`. For GitLab, confirm the PAT has `read_api`. For Azure DevOps and Bitbucket, confirm the credentials authorize reading the security/reports endpoints. -**SARIF parsing errors.** Confirm the SARIF file conforms to SARIF 2.1.0 and is valid JSON. Most scanner export options include a SARIF format flag — check your scanner's documentation. +**SARIF parsing errors.** Confirm the SARIF file is valid and conforms to the SARIF standard. Validate it is valid JSON. Most scanner export options include a SARIF format flag — check your scanner's documentation. **Fix PRs not appearing.** Check that the Pixee integration has write access to the target repository. For GitHub, the App needs `pull_requests: write`. Fix generation is asynchronous — allow a few minutes after findings are ingested. diff --git a/docs/integrations/integrations-overview.md b/docs/integrations/integrations-overview.md index 455bc09f..f2d55fce 100644 --- a/docs/integrations/integrations-overview.md +++ b/docs/integrations/integrations-overview.md @@ -4,7 +4,7 @@ slug: /integrations/overview track: both content_type: guide seo_title: "Pixee Integrations: Scanners, SCMs, and Universal SARIF" -description: Coverage matrix for Pixee integrations. 13 named scanners, 4 SCM platforms, and universal SARIF support. +description: Coverage matrix for Pixee integrations. Natively integrated scanners, 4 SCM platforms, and universal SARIF support. sidebar_position: 1 --- @@ -20,14 +20,14 @@ Pixee delivers remediation as pull requests (or merge requests) on the four majo | Platform | PR/MR Delivery | Authentication | Setup Guide | | ----------------------------------------------- | --------------------- | --------------------- | -------------------------------------------- | -| [GitHub](/integrations/scms/github) | Native pull requests | GitHub App | [Get started](/getting-started/github) | -| [GitLab](/integrations/scms/gitlab) | Native merge requests | Personal access token | [Get started](/getting-started/gitlab) | -| [Azure DevOps](/integrations/scms/azure-devops) | Native pull requests | PAT + webhooks | [Get started](/getting-started/azure-devops) | -| [Bitbucket](/integrations/scms/bitbucket) | Native pull requests | API token | [Get started](/getting-started/bitbucket) | +| [GitHub](/integrations/scms/github) | Native pull requests | GitHub App | [Get started](/getting-started/source-control#github) | +| [GitLab](/integrations/scms/gitlab) | Native merge requests | Personal access token | [Get started](/getting-started/source-control#gitlab) | +| [Azure DevOps](/integrations/scms/azure-devops) | Native pull requests | PAT + webhooks | [Get started](/getting-started/source-control#azure-devops) | +| [Bitbucket](/integrations/scms/bitbucket) | Native pull requests | API token | [Get started](/getting-started/source-control#bitbucket) | ## Scanner Coverage Matrix -Pixee provides 13 named scanner integrations plus universal SARIF support for any other tool. Every scanner's findings flow through the same triage and remediation pipeline; the only difference is the depth of metadata extraction. +Pixee provides a growing list of named scanner integrations plus universal SARIF support for any other tool. Every scanner's findings flow through the same triage and remediation pipeline; the only difference is the depth of metadata extraction. | Scanner | Integration Tier | Finding Types | Triage | Remediation | Input Method | | --------------------------------------------------------------------- | ---------------- | -------------- | ------ | ----------- | ---------------- | @@ -72,7 +72,7 @@ Scanner runs > SARIF output > Pixee ingests > Triage pipeline > TP / FP / WONT_F The result: one triage and remediation pipeline across every scanner in your stack, from CodeQL to your internal proprietary scanner — all through the same workflow. -**Why SARIF matters.** SARIF (Static Analysis Results Interchange Format) is the OASIS open standard for static analysis results. Most modern SAST, SCA, and secret-scanning tools produce SARIF output natively or via converters. By standardizing on SARIF as the ingestion format, Pixee ensures that any scanner — commercial, open source, or proprietary — can feed into the triage and remediation pipeline without custom integration work. +**Why SARIF matters.** SARIF (Static Analysis Results Interchange Format) is the OASIS open standard for static analysis results. Pixee supports the current SARIF standard. Most modern SAST, SCA, and secret-scanning tools produce SARIF output natively or via converters. By standardizing on SARIF as the ingestion format, Pixee ensures that any scanner — commercial, open source, or proprietary — can feed into the triage and remediation pipeline without custom integration work. **What this means in practice:** diff --git a/docs/integrations/sarif-universal.md b/docs/integrations/sarif-universal.md index d8c2e93f..3805f262 100644 --- a/docs/integrations/sarif-universal.md +++ b/docs/integrations/sarif-universal.md @@ -4,13 +4,13 @@ slug: /integrations/sarif-universal track: both content_type: guide seo_title: Universal SARIF Integration with Pixee -description: Connect any SARIF-producing scanner to Pixee for automated triage and remediation. Covers SARIF 2.1.0 requirements and upload methods. +description: Connect any SARIF-producing scanner to Pixee for automated triage and remediation. Covers SARIF format requirements and upload methods. sidebar_position: 2 --- # Universal SARIF Integration -Pixee's Universal SARIF integration accepts findings from any security scanner that produces SARIF 2.1.0 output. This means you are not limited to Pixee's 13 natively integrated scanners — if your tool can export SARIF, Pixee can triage and remediate its findings. Universal SARIF is how Pixee stays scanner-agnostic: your choice of detection tools is independent of your choice of resolution platform. +Pixee's Universal SARIF integration accepts findings from any security scanner that produces SARIF output. This means you are not limited to Pixee's natively integrated scanners — if your tool can export SARIF, Pixee can triage and remediate its findings. Universal SARIF is how Pixee stays scanner-agnostic: your choice of detection tools is independent of your choice of resolution platform. This page covers the SARIF format requirements, upload methods, what metadata Pixee extracts, and the differences between Universal SARIF and native integrations. @@ -25,15 +25,15 @@ Use Universal SARIF when: Use a native integration when available — native integrations extract richer metadata and provide deeper triage context than Universal SARIF. -## SARIF 2.1.0 Requirements +## SARIF Requirements -Pixee supports SARIF version 2.1.0 (the OASIS standard). Your SARIF file must include: +Pixee supports the current SARIF standard (OASIS SARIF). Your SARIF file must include: ### Required Fields | Field | Path | Description | | -------------- | ---------------------------------------- | -------------------------------------- | -| Schema version | `$schema` | Must reference SARIF 2.1.0 schema | +| Schema version | `$schema` | Must reference a valid SARIF schema | | Tool info | `runs[].tool.driver.name` | Scanner name | | Results | `runs[].results[]` | Array of findings | | Rule ID | `results[].ruleId` | Unique identifier for the finding type | @@ -103,7 +103,7 @@ For evaluation or one-time use, upload SARIF files through the Pixee dashboard. ## Supported SARIF Producers -Any scanner producing valid SARIF 2.1.0 output works with Universal SARIF. Scanners known to produce compatible output include: +Any scanner producing valid SARIF output works with Universal SARIF. Scanners known to produce compatible output include: - ESLint (with SARIF formatter) - Psalm diff --git a/docs/integrations/scanners/appscan.md b/docs/integrations/scanners/appscan.md index 92e0c472..4482d390 100644 --- a/docs/integrations/scanners/appscan.md +++ b/docs/integrations/scanners/appscan.md @@ -42,15 +42,7 @@ True positive findings receive automated code fixes delivered as pull requests. Fixes use deterministic codemods and AI-powered MagicMods. -## Finding Types - -| Category | Examples | Fix Mode | -| ------------------------ | ------------------------------------------------ | ------------------ | -| Injection flaws | SQL injection, command injection, LDAP injection | Deterministic + AI | -| Cross-site scripting | Reflected XSS, stored XSS | Deterministic + AI | -| Authentication issues | Broken authentication, credential exposure | AI | -| Cryptographic weaknesses | Weak algorithms, insecure key management | Deterministic | -| API security | Insecure API configurations, missing validation | AI | +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Setup diff --git a/docs/integrations/scanners/checkmarx.md b/docs/integrations/scanners/checkmarx.md index 4d1792e4..850079d8 100644 --- a/docs/integrations/scanners/checkmarx.md +++ b/docs/integrations/scanners/checkmarx.md @@ -56,15 +56,7 @@ Beyond these dedicated codemods, Pixee's general-purpose codemod library and AI- - Fixes match your team's code conventions - Developers review and merge Pixee PRs through their standard workflow -## Finding Types - -| Category | Examples | Checkmarx-Specific Codemods | -| -------------------- | --------------------------------- | --------------------------- | -| SQL injection | Parameterized query fixes | .NET SQL, JavaScript SQL | -| NoSQL injection | Parameterized NoSQL fixes | JavaScript NoSQL | -| XSS | Output encoding, sanitization | General codemods | -| Path traversal | Input validation | General codemods | -| Authentication flaws | Session and auth misconfiguration | General codemods | +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Setup diff --git a/docs/integrations/scanners/codeql.md b/docs/integrations/scanners/codeql.md index 58f14423..977db3bc 100644 --- a/docs/integrations/scanners/codeql.md +++ b/docs/integrations/scanners/codeql.md @@ -50,13 +50,7 @@ Pixee generates fixes using a combination of deterministic codemods and AI-power - Fixes match your team's code conventions -- naming patterns, preferred libraries, existing security utilities - Developers review and merge Pixee PRs through the standard GitHub workflow -## Finding Types - -| Category | Examples | codeFlows Extraction | -| -------------------------------- | ---------------------------------- | --------------------------------- | -| Dataflow vulnerabilities | SQL injection, XSS, path traversal | Yes -- full source-to-sink traces | -| Security misconfigurations | Insecure defaults, missing headers | No (location-based findings) | -| Code quality (security-relevant) | CodeQL query suite findings | Varies by rule | +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Setup diff --git a/docs/integrations/scanners/contrast.md b/docs/integrations/scanners/contrast.md index 295d4854..67034b01 100644 --- a/docs/integrations/scanners/contrast.md +++ b/docs/integrations/scanners/contrast.md @@ -48,16 +48,7 @@ True-positive findings receive automated code fixes delivered as pull requests, Developers review and merge Pixee PRs through the standard development workflow. -## Finding Types - -| Category | Examples | Fix Mode | -| --------------------------- | --------------------------------- | ------------------------------- | -| Injection flaws | SQL, command, LDAP, NoSQL | Deterministic + AI | -| Cross-site scripting | Reflected, stored, DOM-based | Deterministic + AI | -| Authentication / session | Weak randomness, insecure cookies | Deterministic | -| Insecure deserialization | Java/JS deserialization sinks | AI | -| Cryptographic weaknesses | Weak algorithms, hardcoded keys | Deterministic | -| Open-source vulnerabilities | Contrast SCA findings | Deterministic (version updates) | +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Setup diff --git a/docs/integrations/scanners/defectdojo.md b/docs/integrations/scanners/defectdojo.md index a495a422..a6f48839 100644 --- a/docs/integrations/scanners/defectdojo.md +++ b/docs/integrations/scanners/defectdojo.md @@ -32,13 +32,7 @@ DefectDojo aggregates findings from multiple scanners, but triaging is still man DefectDojo tracks vulnerability status but does not generate code fixes. Pixee delivers fixes as pull requests for confirmed vulnerabilities, moving findings from "open" to "mitigated" with actual code changes. -## Finding Types - -| Category | Examples | Fix Mode | -| -------------------------- | --------------------------- | ----------------------------- | -| SAST findings (aggregated) | Injection, XSS, auth issues | Deterministic + AI | -| SCA findings (aggregated) | Dependency CVEs | Deterministic (version bumps) | -| Custom scanner findings | Organization-specific rules | AI | +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Setup diff --git a/docs/integrations/scanners/fortify.md b/docs/integrations/scanners/fortify.md index f99f8d8d..2f3611a4 100644 --- a/docs/integrations/scanners/fortify.md +++ b/docs/integrations/scanners/fortify.md @@ -36,14 +36,7 @@ Fortify's rich dataflow analysis provides source-to-sink traces that Pixee's tri Fortify identifies vulnerabilities but does not generate automated code fixes. Pixee delivers remediation as pull requests, applying deterministic codemods for known vulnerability patterns and AI-powered generation for complex scenarios. -## Finding Types - -| Category | Examples | Fix Mode | -| ------------------------- | ------------------------------------- | ------------------ | -| Injection vulnerabilities | SQL injection, XSS, command injection | Deterministic | -| Authentication weaknesses | Insecure session management | Deterministic + AI | -| Cryptographic issues | Weak algorithms, hardcoded keys | Deterministic | -| Dataflow vulnerabilities | Taint propagation across functions | AI | +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Setup diff --git a/docs/integrations/scanners/gitlab-sast.md b/docs/integrations/scanners/gitlab-sast.md index 38a0bf4c..2c90015f 100644 --- a/docs/integrations/scanners/gitlab-sast.md +++ b/docs/integrations/scanners/gitlab-sast.md @@ -40,18 +40,11 @@ GitLab shows SAST findings in the merge request security widget and vulnerabilit GitLab SAST findings often lack the contextual detail needed for efficient manual remediation. Pixee's fix generation adds the missing context — vulnerability explanation, fix rationale, and quality scores — directly in the MR. -## Finding Types - -| Category | Examples | Analyzers | -| -------------------------- | ------------------------------------------- | ----------------------- | -| Injection vulnerabilities | SQL injection, XSS, command injection | Semgrep, SpotBugs | -| Authentication weaknesses | Insecure session handling, weak credentials | Semgrep, Bandit | -| Security misconfigurations | Insecure defaults, missing headers | Multiple analyzers | -| Language-specific patterns | Java deserialization, Python eval() | SpotBugs, Bandit, Gosec | +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Setup -1. **Connect GitLab to Pixee** — follow the [GitLab Setup](/getting-started/gitlab) guide to install the Pixee integration +1. **Connect GitLab to Pixee** — follow the [GitLab quick-start](/getting-started/source-control#gitlab) guide to install the Pixee integration 2. **Ensure GitLab SAST is enabled** — GitLab SAST runs via CI/CD pipeline templates. Verify your `.gitlab-ci.yml` includes the SAST template 3. **Pixee ingests findings automatically** — when GitLab SAST runs in your pipeline, Pixee receives the findings via the GitLab API 4. **Review triage results and merge fixes** — Pixee opens MRs for remediable findings in your existing GitLab workflow diff --git a/docs/integrations/scanners/gitlab-sca.md b/docs/integrations/scanners/gitlab-sca.md index ca2895c5..8718bdf0 100644 --- a/docs/integrations/scanners/gitlab-sca.md +++ b/docs/integrations/scanners/gitlab-sca.md @@ -46,18 +46,11 @@ GitLab shows dependency findings in the merge request security widget and vulner Pixee's SCA remediation is deterministic: for each TRUE_POSITIVE with a fix available, Pixee opens an MR that updates the dependency to the lowest version in the fixed range, runs lockfile updates, and includes the CVE rationale in the MR description. Multi-vulnerability fixes can be batched per dependency to minimize MR churn. -## Finding Types - -| Category | Examples | Fix Mode | -| -------------------------- | ------------------------------------------------------ | ----------------------------- | -| Direct dependency CVEs | Known vulnerability in a top-level declared dependency | Deterministic (version bump) | -| Transitive dependency CVEs | Vulnerable package pulled in by another dependency | Deterministic (lockfile bump) | -| Multi-CVE per dependency | Multiple CVEs fixed by the same target version | Deterministic (batched) | -| No-fix CVEs | CVEs without a published fixed version | WONT_FIX with rationale | +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Setup -1. **Connect GitLab to Pixee** — follow the [GitLab Setup](/getting-started/gitlab) guide to install the Pixee integration. +1. **Connect GitLab to Pixee** — follow the [GitLab quick-start](/getting-started/source-control#gitlab) guide to install the Pixee integration. 2. **Ensure Dependency Scanning is enabled** — verify your `.gitlab-ci.yml` includes the `Dependency-Scanning.gitlab-ci.yml` template (or your own equivalent that runs `gemnasium-dependency_scanning`). 3. **Pixee ingests findings automatically** — when Dependency Scanning runs in your pipeline, Pixee receives the findings via the GitLab API. 4. **Review triage results and merge fixes** — Pixee opens MRs for remediable findings in your existing GitLab workflow. diff --git a/docs/integrations/scanners/polaris.md b/docs/integrations/scanners/polaris.md index cf18cca3..7589b789 100644 --- a/docs/integrations/scanners/polaris.md +++ b/docs/integrations/scanners/polaris.md @@ -32,15 +32,7 @@ The Coverity engine is known for thorough, conservative analysis. This thoroughn Polaris provides findings and remediation guidance but does not generate automated code fixes or pull requests. Pixee closes this gap. True positive findings are automatically fixed using deterministic codemods and AI-powered MagicMods. Fixes are delivered as pull requests matching the team's code conventions. -## Finding Types - -| Category | Examples | Fix Mode | -| ---------------------------------- | --------------------------------------- | ------------------ | -| Dataflow vulnerabilities | SQL injection, XSS, path traversal | Deterministic + AI | -| Buffer overflows and memory safety | Buffer overruns, use-after-free (C/C++) | AI | -| Concurrency issues | Race conditions, deadlocks | AI | -| Cryptographic issues | Weak algorithms, insecure random | Deterministic | -| Security misconfigurations | Insecure defaults, missing headers | Deterministic | +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Setup diff --git a/docs/integrations/scanners/semgrep.md b/docs/integrations/scanners/semgrep.md index 91b6ce36..c0483751 100644 --- a/docs/integrations/scanners/semgrep.md +++ b/docs/integrations/scanners/semgrep.md @@ -51,14 +51,7 @@ Pixee generates fixes using deterministic codemods and AI-powered MagicMods. The - Semgrep identifies what is wrong; Pixee delivers the fix as a PR - Developers review Pixee PRs through the same workflow they use for all code changes -## Finding Types - -| Category | Examples | Coverage | -| -------------------------------- | ----------------------------------------- | ---------------------- | -| OWASP Top 10 | SQL injection, XSS, broken authentication | OSS + Pro rules | -| Language-specific security | Framework misuse, insecure defaults | Per-language rule sets | -| Custom organizational rules | Team-specific patterns and policies | Custom Semgrep rules | -| Code quality (security-relevant) | Hardcoded secrets, weak crypto | OSS + Pro rules | +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Setup diff --git a/docs/integrations/scanners/snyk-code.md b/docs/integrations/scanners/snyk-code.md index 5f400ca8..fc93f887 100644 --- a/docs/integrations/scanners/snyk-code.md +++ b/docs/integrations/scanners/snyk-code.md @@ -42,15 +42,7 @@ Snyk's "DeepCode AI Fix" provides remediation suggestions within the Snyk UI. Pi Fixes are generated using deterministic codemods and AI-powered MagicMods for complex scenarios. Every fix matches the team's code conventions -- naming patterns, preferred libraries, and existing security utilities. -## Finding Types - -| Category | Examples | Fix Mode | -| ------------------------- | ------------------------------------------------ | ------------------ | -| Injection flaws | SQL injection, XSS, command injection | Deterministic + AI | -| Authentication issues | Broken authentication, session weaknesses | AI | -| Cryptographic weaknesses | Weak algorithms, insecure random, hardcoded keys | Deterministic | -| Secrets detection | Hardcoded credentials, API keys, tokens | Deterministic | -| Data flow vulnerabilities | Taint tracking findings, unsanitized inputs | Deterministic + AI | +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Setup diff --git a/docs/integrations/scanners/sonarqube.md b/docs/integrations/scanners/sonarqube.md index 3ceec5ab..33aa6bb4 100644 --- a/docs/integrations/scanners/sonarqube.md +++ b/docs/integrations/scanners/sonarqube.md @@ -40,13 +40,7 @@ SonarQube shows what is wrong but does not generate fixes. Pixee fills this gap Fixes match your team's code conventions. -## Finding Types - -| Category | Examples | Fix Mode | -| -------------------------------- | -------------------------------------------------------------- | ------------------ | -| Security vulnerabilities | SQL injection, XSS, path traversal, insecure crypto | Deterministic + AI | -| Security hotspots | Hardcoded credentials, weak hashing, CSRF-related patterns | AI | -| Code quality (security-relevant) | Null pointer dereferences, resource leaks with security impact | AI | +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Supported Languages diff --git a/docs/integrations/scanners/trivy.md b/docs/integrations/scanners/trivy.md index eb9cfd49..6f2e4dd4 100644 --- a/docs/integrations/scanners/trivy.md +++ b/docs/integrations/scanners/trivy.md @@ -35,18 +35,11 @@ Trivy's breadth is its strength and its challenge. Container image scans can sur Trivy identifies vulnerabilities but does not generate code fixes. Pixee delivers fixes as pull requests — updating dependency versions, fixing IaC misconfigurations, and remediating code-level findings using both deterministic codemods and AI-powered generation. -## Finding Types - -| Category | Examples | Fix Mode | -| -------------------------- | ----------------------------------------------------- | ----------------------------- | -| Dependency vulnerabilities | CVEs in direct and transitive dependencies | Deterministic (version bumps) | -| IaC misconfigurations | Insecure Dockerfile directives, K8s security contexts | Deterministic + AI | -| Code-level SAST findings | Injection, XSS (via Trivy's fs scanning) | Deterministic + AI | -| Secret detection | Hardcoded credentials, API keys | AI | +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Setup -1. **Install Pixee** for your platform ([GitHub](/getting-started/github), [GitLab](/getting-started/gitlab), [Azure DevOps](/getting-started/azure-devops), or [Bitbucket](/getting-started/bitbucket)). +1. **Install Pixee** for your platform — see [Connect Source Control](/getting-started/source-control) for GitHub, GitLab, Azure DevOps, and Bitbucket. 2. **Configure Trivy to output SARIF** — add `--format sarif` to your Trivy command or CI pipeline step. 3. **Upload SARIF to Pixee** — configure SARIF upload in your CI pipeline or use the Pixee integration endpoint. 4. **Review and merge** — Pixee triages findings and opens PRs for remediable issues. @@ -65,6 +58,6 @@ Trivy container scans often surface hundreds of CVEs in OS packages. Pixee's tri ### Does Trivy need to output SARIF for this integration? -Yes. Configure Trivy with `--format sarif` to produce SARIF 2.1.0 output. Pixee also supports Trivy's native JSON format through the dedicated Trivy handler. +Yes. Configure Trivy with `--format sarif` to produce SARIF output. Pixee also supports Trivy's native JSON format through the dedicated Trivy handler. See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/veracode.md b/docs/integrations/scanners/veracode.md index 4b51fe04..4deb4c4e 100644 --- a/docs/integrations/scanners/veracode.md +++ b/docs/integrations/scanners/veracode.md @@ -40,16 +40,7 @@ True positive findings receive automated code fixes delivered as pull requests. Veracode's own "Veracode Fix" provides AI-assisted remediation suggestions, but it does not deliver merged pull requests at scale. Pixee closes that gap: findings move from classification to fix to developer review in one pipeline. Developers review and merge Pixee PRs through their standard workflow. -## Finding Types - -| Category | Examples | Fix Mode | -| -------------------------- | ------------------------------------------------ | ------------------ | -| Injection flaws | SQL injection, command injection, LDAP injection | Deterministic + AI | -| Cross-site scripting | Reflected XSS, stored XSS, DOM-based XSS | Deterministic + AI | -| Authentication and session | Broken authentication, session fixation | AI | -| Cryptographic issues | Weak algorithms, hardcoded keys | Deterministic | -| Path traversal | Directory traversal, file inclusion | Deterministic + AI | -| Security misconfigurations | Insecure defaults, missing headers | Deterministic | +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Setup diff --git a/docs/integrations/scms/azure-devops.md b/docs/integrations/scms/azure-devops.md index 33c54677..cc7e4068 100644 --- a/docs/integrations/scms/azure-devops.md +++ b/docs/integrations/scms/azure-devops.md @@ -44,7 +44,7 @@ Pixee works with any scanner that produces SARIF output run from Azure Pipelines 4. **(Optional) Set up Azure DevOps webhooks** to deliver repository and PR events to your Pixee endpoint, using HTTP Basic auth with the credentials from step 2. 5. **Pixee begins monitoring** for scanner findings and generating remediation PRs. -For the install-time walkthrough, see [Getting Started with Azure DevOps](/getting-started/azure-devops). +For the quick-start walkthrough, see [Connect Source Control → Azure DevOps](/getting-started/source-control#azure-devops). ## Azure DevOps Server (On-Premises) diff --git a/docs/integrations/scms/bitbucket.md b/docs/integrations/scms/bitbucket.md index f9f17733..64914b83 100644 --- a/docs/integrations/scms/bitbucket.md +++ b/docs/integrations/scms/bitbucket.md @@ -56,7 +56,7 @@ Bitbucket Pipelines is one option for running scanners, but many teams use Jenki 3. **Configure Pixee** with the username, email address, and API token. For Pixee Enterprise (Helm), the values live under `platform.scm.bitbucket.{username, emailAddress, apiToken}`. For SaaS, use the settings UI. For embedded-cluster Enterprise, the admin console exposes these fields under **Config → Development Platforms → BitBucket**. 4. **Pixee begins monitoring** for scanner findings and generating remediation PRs. -For the install-time walkthrough, see [Getting Started with Bitbucket](/getting-started/bitbucket). +For the quick-start walkthrough, see [Connect Source Control → Bitbucket](/getting-started/source-control#bitbucket). ## Bitbucket Server / Data Center diff --git a/docs/integrations/scms/github.md b/docs/integrations/scms/github.md index 51f7dd49..648b7f53 100644 --- a/docs/integrations/scms/github.md +++ b/docs/integrations/scms/github.md @@ -28,7 +28,7 @@ Pixee connects to GitHub through a first-class GitHub App -- the same integratio ## What Developers See -Fixes arrive as standard GitHub pull requests — no new tools, no new dashboards. Existing branch protection rules, required reviewers, and CI checks apply to Pixee PRs exactly as they would to any other PR. See [GitHub Setup → What You'll See](/getting-started/github#what-youll-see) for the full PR contents and review/merge/reject flow. +Fixes arrive as standard GitHub pull requests — no new tools, no new dashboards. Existing branch protection rules, required reviewers, and CI checks apply to Pixee PRs exactly as they would to any other PR. See [Connect Source Control → GitHub](/getting-started/source-control#github) for the quick-start steps, or [Your First Fix](/getting-started/first-fix) for what a Pixee PR looks like. ## Scanner Integration via GitHub @@ -55,7 +55,7 @@ There is no need to modify existing `.github/workflows/` files. Pixee operates a 4. **Configure preferences** in `PIXEE.yaml` (optional) to tune triage behavior and fix scope. 5. **Review and merge** your first Pixee PR. -For a detailed walkthrough, see [Getting Started with GitHub](/getting-started/github). +For a quick-start walkthrough, see [Connect Source Control → GitHub](/getting-started/source-control#github). ### Required Permissions diff --git a/docs/integrations/scms/gitlab.md b/docs/integrations/scms/gitlab.md index 12da378e..27abbc8a 100644 --- a/docs/integrations/scms/gitlab.md +++ b/docs/integrations/scms/gitlab.md @@ -62,7 +62,7 @@ Pixee works alongside existing GitLab CI/CD pipelines without requiring modifica 4. **Configure repository access** — either grant the service account access to all relevant projects, or use `member_projects_only` for explicit per-project membership. 5. **Pixee begins monitoring** projects, ingesting scanner findings, and generating remediation MRs. -For the install-time walkthrough, see [Getting Started with GitLab](/getting-started/gitlab). +For the quick-start walkthrough, see [Connect Source Control → GitLab](/getting-started/source-control#gitlab). ### Webhook Configuration diff --git a/docs/languages/dotnet.md b/docs/languages/dotnet.md deleted file mode 100644 index 98882ebb..00000000 --- a/docs/languages/dotnet.md +++ /dev/null @@ -1,129 +0,0 @@ ---- -title: .NET -slug: /languages/dotnet -track: both -content_type: guide -seo_title: .NET Language Support -- Pixee Docs -description: "Pixee .NET support: deterministic codemods and AI-powered fixes for ASP.NET Core and Blazor." -sidebar_position: 5 ---- - -Pixee remediates .NET vulnerabilities automatically using deterministic codemods and AI-powered fixes for custom patterns. Coverage includes ASP.NET Core and Blazor applications with fixes for injection vulnerabilities, insecure cryptography, and dependency vulnerabilities. Pixee uses full AST analysis for C# source code and manages dependency upgrades across both .csproj and packages.config formats, delivering fixes as pull requests that match your codebase conventions. - -.NET support uses Pixee's full AST parsing tier, providing deep cross-file analysis on par with Java and Python. Deterministic codemod coverage is growing alongside comprehensive AI-powered MagicMod support. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). - -## What Pixee Fixes in .NET - -| Vulnerability Type | CWE | Example Fix | Fix Mode | -| -------------------------- | ------- | ------------------------------------------------------------------ | ---------------- | -| SQL Injection | CWE-89 | Parameterized query / Entity Framework Core safe patterns | Deterministic/AI | -| Cross-Site Scripting | CWE-79 | Output encoding, Razor view sanitization | AI-powered | -| Insecure Cryptography | CWE-327 | RNGCryptoServiceProvider, secure defaults | Deterministic/AI | -| SSRF | CWE-918 | HttpClient URL validation | Deterministic/AI | -| Path Traversal | CWE-22 | Canonical path validation | Deterministic/AI | -| Dependency Vulnerabilities | N/A | NuGet version upgrade in .csproj/packages.config + source refactor | Hybrid | -| Custom Framework Patterns | Various | ASP.NET-specific sanitization | AI-powered | - -## ASP.NET Core - -ASP.NET Core is the primary .NET web framework in modern enterprise development. Pixee provides framework-aware support for common ASP.NET Core security patterns. - -**What Pixee understands about your ASP.NET Core code:** - -- Controller patterns (`[ApiController]`, `[HttpGet]`, `[HttpPost]`) and action method signatures -- Middleware pipeline ordering and security middleware configuration -- ASP.NET Core Identity configuration and authentication schemes -- Entity Framework Core query patterns, including raw SQL and LINQ -- Razor view rendering and output encoding -- Dependency injection patterns and service registration - -**ASP.NET Core-specific fixes include:** - -- SQL injection remediation that converts raw SQL to Entity Framework Core parameterized queries -- Controller input validation hardening using model binding and `[FromBody]`/`[FromQuery]` attributes -- Identity configuration hardening (password policies, lockout settings, token lifetimes) -- Razor view XSS prevention through proper encoding and `@Html.Raw` audit -- Middleware ordering corrections where security middleware is registered after routing - -## Blazor - -Pixee supports Blazor Server applications with security patterns relevant to server-side component rendering. Blazor WebAssembly security considerations differ from server-side patterns; Pixee focuses on the server-side execution model where vulnerability remediation has the highest impact. - -## How It Works for .NET - -**Analysis depth:** Full AST parsing for C# source code. Pixee analyzes class hierarchies, interface implementations, and cross-file dataflow from controller actions through service layers to data access code. - -**Fix routing:** Known vulnerability patterns receive deterministic, zero-LLM-cost fixes. Novel or custom patterns route to AI-powered MagicMods with .NET-specific context including framework detection, NuGet dependency analysis, and your PIXEE.yaml configuration. - -**Dependency support:** Pixee manages vulnerable NuGet packages across both modern (.csproj with `PackageReference`) and legacy (packages.config) project formats. A single pull request contains the version bump and any required source-file refactoring. - -**Scanner compatibility:** Pixee remediates .NET findings from enterprise scanners commonly used in Microsoft-stack environments. - -## Fix Examples - -**SQL Injection (CWE-89) -- ASP.NET Core Controller** - -Before: - -```csharp -[HttpGet("users")] -public IActionResult GetUser(string userId) -{ - var query = $"SELECT * FROM Users WHERE Id = '{userId}'"; - var users = _context.Users.FromSqlRaw(query).ToList(); - return Ok(users); -} -``` - -After: - -```csharp -[HttpGet("users")] -public IActionResult GetUser(string userId) -{ - var users = _context.Users - .FromSqlRaw("SELECT * FROM Users WHERE Id = {0}", userId) - .ToList(); - return Ok(users); -} -``` - -**Dependency Upgrade -- Vulnerable NuGet Package** - -Before (.csproj): - -```xml - -``` - -After (.csproj): - -```xml - -``` - -The pull request includes any source-file changes required by the version upgrade. - -## Scanner Compatibility - -| Scanner | .NET Support | -| --------------- | ------------ | -| CodeQL | Yes | -| SonarQube | Yes | -| Checkmarx | Yes | -| Veracode | Yes | -| Fortify | Yes | -| Universal SARIF | Yes | - -Any scanner that produces SARIF output can feed .NET findings to Pixee through the [universal SARIF integration](/integrations/sarif-universal). - -## Compatibility - -| Dimension | Details | -| --------------- | ------------------------------------------------------------ | -| Package manager | NuGet | -| Project formats | .csproj (PackageReference), packages.config | -| CI/CD platforms | GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines | -| Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | -| Frameworks | ASP.NET Core, Blazor Server | - diff --git a/docs/languages/go.md b/docs/languages/go.md deleted file mode 100644 index 25412fea..00000000 --- a/docs/languages/go.md +++ /dev/null @@ -1,122 +0,0 @@ ---- -title: Go -slug: /languages/go -track: both -content_type: guide -seo_title: Go Language Support -- Pixee Docs -description: "Pixee Go support: Tree-sitter analysis and AI-powered fixes for standard library, Gin, and Echo applications." -sidebar_position: 6 ---- - -Pixee remediates Go vulnerabilities using Tree-sitter-based analysis and AI-powered fixes for standard library, Gin, and Echo applications. Coverage includes injection vulnerabilities, insecure cryptography, and dependency vulnerabilities in go.mod-managed projects. Go support uses lighter parsing than Pixee's full AST languages (Java, Python, JS/TS, .NET) with expanding coverage for standard security patterns and framework-specific fixes. - -Go's adoption in infrastructure and cloud-native environments makes it a strategic language for Pixee. Coverage is actively expanding. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). - -## What Pixee Fixes in Go - -| Vulnerability Type | CWE | Example Fix | Fix Mode | -| -------------------------- | ------- | ----------------------------------------- | ---------- | -| SQL Injection | CWE-89 | Parameterized query conversion | AI-powered | -| SSRF | CWE-918 | URL validation and allowlist enforcement | AI-powered | -| Insecure Cryptography | CWE-327 | crypto/rand usage, secure defaults | AI-powered | -| Path Traversal | CWE-22 | filepath.Clean validation | AI-powered | -| Dependency Vulnerabilities | N/A | go.mod version upgrades + source refactor | Hybrid | -| Custom Patterns | Various | Framework-specific sanitization | AI-powered | - -Go fixes are primarily AI-powered through MagicMods. Deterministic codemod coverage for Go is growing. AI-powered MagicMods receive Go-specific context, including knowledge of Go idioms like explicit error handling and interface patterns. - -## Frameworks - -**Go standard library:** Pixee handles security patterns in core packages including `net/http` (request handling, URL parsing), `crypto` (secure random, cipher selection, TLS configuration), and `os` (file path handling, temp file creation). - -**Gin:** Pixee recognizes Gin route handlers, middleware chains, and request binding patterns. Fixes address injection through `c.Param`, `c.Query`, and `c.PostForm` into database queries or system calls. - -**Echo:** Pixee supports Echo framework route handlers, middleware, and context parameter extraction. Security fixes address the same vulnerability categories as Gin with Echo-specific handler patterns. - -Pixee understands Go's idiomatic patterns. Fixes respect explicit error handling conventions (`if err != nil`), interface-based dependency injection, and Go module structure. - -## How It Works for Go - -**Analysis approach:** Pixee uses Tree-sitter for Go source code parsing. Tree-sitter provides reliable syntax-level analysis effective for standard vulnerability patterns. The analysis identifies function call patterns, variable flows within files, and framework-specific handler structures. - -**Comparison to full AST languages:** Java, Python, JavaScript/TypeScript, and .NET use full AST parsing with deeper cross-file dataflow analysis and larger deterministic codemod libraries. Go's Tree-sitter approach provides effective coverage for standard patterns while AI-powered MagicMods extend reach to complex, multi-file scenarios. Coverage is expanding over time. - -**Fix routing:** Go findings primarily route to AI-powered MagicMods, which receive Go-specific context including package dependency graphs, framework detection, and your PIXEE.yaml configuration. As deterministic codemod coverage grows, more patterns will route to zero-LLM-cost fixes. - -**Dependency support:** Pixee manages vulnerable dependencies in go.mod. A single pull request contains the version change and any source-file refactoring required by the upgrade. - -## govulncheck Integration - -Go developers commonly use `govulncheck` for vulnerability scanning. Pixee can remediate govulncheck findings exported in SARIF format through the [universal SARIF integration](/integrations/sarif-universal). The workflow: - -1. Run `govulncheck` on your Go project -2. Export results in SARIF format -3. Pixee consumes the SARIF findings and generates fixes -4. Fixes arrive as pull requests for your team to review and merge - -This creates a Go-native vulnerability scanning and remediation pipeline: govulncheck detects, Pixee remediates. - -## Fix Examples - -**SQL Injection (CWE-89) -- Gin Route Handler** - -Before: - -```go -func GetUser(c *gin.Context) { - userID := c.Query("id") - query := fmt.Sprintf("SELECT * FROM users WHERE id = '%s'", userID) - rows, err := db.Query(query) - // ... -} -``` - -After: - -```go -func GetUser(c *gin.Context) { - userID := c.Query("id") - rows, err := db.Query("SELECT * FROM users WHERE id = ?", userID) - // ... -} -``` - -**Dependency Upgrade -- go.mod Vulnerable Module** - -Before: - -``` -require ( - golang.org/x/crypto v0.1.0 -) -``` - -After: - -``` -require ( - golang.org/x/crypto v0.17.0 -) -``` - -The pull request includes any source-file changes required by the upgraded module version. - -## Scanner Compatibility - -| Scanner | Go Support | -| ----------------------- | ---------- | -| CodeQL | Yes | -| Semgrep | Yes | -| Snyk Code | Yes | -| govulncheck (via SARIF) | Yes | -| Universal SARIF | Yes | - -## Compatibility - -| Dimension | Details | -| --------------------- | ------------------------------------------------------------ | -| Dependency management | go.mod | -| CI/CD platforms | GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines | -| Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | -| Frameworks | Standard library, Gin, Echo | - diff --git a/docs/languages/java.md b/docs/languages/java.md deleted file mode 100644 index 04d082ca..00000000 --- a/docs/languages/java.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -title: Java -slug: /languages/java -track: both -content_type: guide -seo_title: Java Language Support -- Pixee Docs -description: "Pixee Java support: 51+ deterministic codemods and AI-powered fixes for Spring Boot, Jakarta EE, and Micronaut." -sidebar_position: 2 ---- - -Pixee remediates Java vulnerabilities automatically using 51+ deterministic codemods and AI-powered fixes for custom patterns. Coverage spans Spring Boot, Jakarta EE, and Micronaut applications with fixes for SQL injection, SSRF, insecure deserialization, weak cryptography, and dependency vulnerabilities. Pixee analyzes Java source code using full AST parsing for deep cross-file dataflow analysis, delivering fixes as pull requests. - -Java is Pixee's most mature language ecosystem. The open-source [codemodder-java](https://github.com/pixee/codemodder-java) engine is publicly inspectable, and deterministic codemods cover the broadest range of vulnerability types. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). - -## What Pixee Fixes in Java - -| Vulnerability Type | CWE | Example Fix | Fix Mode | -| -------------------------- | ------- | --------------------------------------------------------- | ------------- | -| SQL Injection | CWE-89 | Parameterized query conversion | Deterministic | -| SSRF | CWE-918 | URL validation and allowlist enforcement | Deterministic | -| Insecure Deserialization | CWE-502 | Safe deserialization wrappers | Deterministic | -| Weak Cryptography | CWE-327 | SecureRandom replacement, JWT verification hardening | Deterministic | -| Path Traversal | CWE-22 | Canonical path validation | Deterministic | -| Insecure Temp Files | CWE-377 | Secure temp file creation | Deterministic | -| SSL/TLS Protocol | CWE-326 | Protocol version upgrade | Deterministic | -| Cross-Site Scripting | CWE-79 | Output encoding, template sanitization | Deterministic | -| Custom Framework Patterns | Various | Framework-specific sanitization, multi-file fixes | AI-powered | -| Dependency Vulnerabilities | N/A | Version upgrade in pom.xml/build.gradle + source refactor | Hybrid | - -"Deterministic" fixes use pre-built codemods with zero LLM involvement. "AI-powered" fixes use MagicMods with dataflow-bounded context. "Hybrid" dependency fixes combine manifest changes with AI-assisted source refactoring. - -## Spring Boot - -Spring Boot applications represent the most common Java framework Pixee encounters in production. Pixee provides deep, framework-aware support: - -**What Pixee understands about your Spring Boot code:** - -- Spring Security configuration patterns and common misconfigurations -- Controller annotations (`@RestController`, `@RequestMapping`, `@GetMapping`) and request handler patterns -- Service layer conventions, including `@Service` and `@Repository` injection -- Spring Data JPA query patterns and JPQL injection risks -- Spring Boot dependency management across both pom.xml and build.gradle - -**Spring-specific fixes include:** - -- SQL injection remediation that uses Spring Data parameterized queries rather than raw JDBC -- Security configuration hardening for CSRF protection, session management, and authentication filters -- Dependency upgrades coordinated through Spring Boot's managed dependency versions (BOM alignment) -- Serialization fixes that respect Jackson configuration and Spring's `@JsonProperty` conventions - -Pixee recognizes Spring Boot idioms. Fixes use your existing Spring Security configurations and preferred libraries rather than introducing unfamiliar patterns. - -## Jakarta EE and Micronaut - -**Jakarta EE:** Pixee handles servlet-based vulnerability patterns including `HttpServletRequest` input validation, JSP/JSTL output encoding, and JNDI injection prevention. Jakarta EE dependency management follows the same pom.xml/build.gradle workflow as Spring Boot applications. - -**Micronaut:** Pixee supports Micronaut controller patterns and injection-based request handling. Micronaut applications benefit from the same deterministic codemod library as other Java frameworks, with AI-powered MagicMods extending coverage to Micronaut-specific patterns. - -## How It Works for Java - -**Codemod engine:** [codemodder-java](https://github.com/pixee/codemodder-java) is an open-source engine with 51+ core codemods. The engine uses full AST parsing for precise, structure-aware transformations. Customers and auditors can inspect every transformation rule on GitHub. - -**Analysis depth:** Full abstract syntax tree parsing enables cross-file dataflow tracking. Pixee follows taint propagation from request handlers through service layers to data access code, understanding the full path a vulnerability travels. - -**Fix routing:** When a scanner finding arrives, Pixee checks for a matching deterministic codemod. Known patterns (SQL injection parameterization, SSRF prevention, insecure deserialization) get instant, zero-LLM-cost fixes. Novel or custom patterns route to AI-powered MagicMods, which receive dataflow-bounded context and Java-specific knowledge base guidance. - -**Dependency support:** Pixee manages vulnerable dependencies in both pom.xml (Maven) and build.gradle (Gradle). A single pull request contains the version bump and any required source-file refactoring. No "upgrade the library, break the build" half-states. - -## Fix Examples - -**SQL Injection (CWE-89) -- Parameterized Query Conversion** - -Before: - -```java -String query = "SELECT * FROM users WHERE id = '" + userId + "'"; -Statement stmt = connection.createStatement(); -ResultSet rs = stmt.executeQuery(query); -``` - -After: - -```java -String query = "SELECT * FROM users WHERE id = ?"; -PreparedStatement stmt = connection.prepareStatement(query); -stmt.setString(1, userId); -ResultSet rs = stmt.executeQuery(); -``` - -**Insecure Deserialization (CWE-502) -- Safe Deserialization** - -Before: - -```java -ObjectInputStream ois = new ObjectInputStream(inputStream); -Object obj = ois.readObject(); -``` - -After: - -```java -ObjectInputFilter filter = ObjectInputFilter.Config - .createFilter("java.base/*;!*"); -ObjectInputStream ois = new ObjectInputStream(inputStream); -ois.setObjectInputFilter(filter); -Object obj = ois.readObject(); -``` - -**Dependency Upgrade -- Vulnerable Library Version Bump** - -Before (pom.xml): - -```xml - - com.fasterxml.jackson.core - jackson-databind - 2.13.1 - -``` - -After (pom.xml): - -```xml - - com.fasterxml.jackson.core - jackson-databind - 2.13.5 - -``` - -The accompanying pull request includes any source-file changes required by the version upgrade (updated method signatures, renamed classes, deprecated API replacements). - -## Scanner Compatibility - -Pixee remediates Java findings from a broad set of scanners. Java is the most widely supported language across enterprise SAST tools, and Pixee matches that breadth. - -| Scanner | Java Support | -| --------------- | ------------ | -| CodeQL | Yes | -| Semgrep | Yes | -| SonarQube | Yes | -| Checkmarx | Yes | -| Snyk Code | Yes | -| Veracode | Yes | -| Fortify | Yes | -| AppScan | Yes | -| Universal SARIF | Yes | - -Any scanner that produces SARIF output can feed Java findings to Pixee through the [universal SARIF integration](/integrations/sarif-universal). - -## Compatibility - -| Dimension | Details | -| -------------------- | ------------------------------------------------------------ | -| Build tools | Maven, Gradle | -| CI/CD platforms | GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines | -| Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | -| Dependency manifests | pom.xml, build.gradle | - diff --git a/docs/languages/javascript.md b/docs/languages/javascript.md deleted file mode 100644 index 001a4266..00000000 --- a/docs/languages/javascript.md +++ /dev/null @@ -1,140 +0,0 @@ ---- -title: JavaScript / TypeScript -slug: /languages/javascript -track: both -content_type: guide -seo_title: JavaScript / TypeScript Language Support -- Pixee Docs -description: "Pixee JavaScript/TypeScript support: deterministic codemods and AI-powered fixes for Express, React, and Node.js." -sidebar_position: 4 ---- - -Pixee remediates JavaScript and TypeScript vulnerabilities automatically using deterministic codemods and AI-powered fixes. Coverage spans Express, React, and Node.js applications with fixes for injection vulnerabilities, prototype pollution, insecure dependencies, and OWASP Top 10 patterns. Pixee uses full AST analysis for deep cross-file dataflow tracking and manages package.json dependency upgrades coordinated with source-file refactoring in a single pull request. - -JavaScript/TypeScript support is actively expanding. Deterministic codemod coverage is growing alongside comprehensive AI-powered MagicMod support. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). - -## What Pixee Fixes in JavaScript/TypeScript - -| Vulnerability Type | CWE | Example Fix | Fix Mode | -| ------------------------- | -------- | ------------------------------------------- | ---------------- | -| SQL Injection | CWE-89 | Parameterized query conversion | Deterministic/AI | -| Cross-Site Scripting | CWE-79 | Output encoding, template sanitization | Deterministic/AI | -| Prototype Pollution | CWE-1321 | Object.freeze, safe merge patterns | AI-powered | -| SSRF | CWE-918 | URL validation and allowlist enforcement | Deterministic/AI | -| Path Traversal | CWE-22 | Canonical path validation | Deterministic/AI | -| Weak Cryptography | CWE-327 | crypto.randomBytes, secure defaults | Deterministic/AI | -| Insecure Dependencies | N/A | npm/yarn version upgrades + source refactor | Hybrid | -| Custom Framework Patterns | Various | Framework-specific sanitization | AI-powered | - -## Node.js and Express - -Node.js applications running Express are the most common server-side JavaScript pattern Pixee encounters. Pixee provides targeted support for Express-specific security concerns. - -**What Pixee understands about your Express code:** - -- Route handler patterns (`app.get`, `app.post`, `router.use`) and parameter extraction -- Middleware chains, including authentication and validation middleware ordering -- Request object handling (`req.params`, `req.query`, `req.body`) and injection vectors -- Express-specific session management and cookie configuration - -**Express-specific fixes include:** - -- SQL injection remediation in database query builders (Knex, Sequelize, raw queries) -- Input validation for Express request parameters that flow into sensitive operations -- Middleware security hardening (helmet configuration, CORS policy, rate limiting) -- Cookie and session configuration fixes (httpOnly, secure, sameSite flags) - -**Node.js crypto module hardening:** Pixee identifies and fixes insecure cryptographic patterns including `Math.random()` for tokens (replaced with `crypto.randomBytes`), weak hash algorithms, and insecure cipher configurations. - -## TypeScript Support - -Pixee analyzes TypeScript files with full type awareness. Fixes preserve type annotations, generic type parameters, and interface contracts. When Pixee generates a fix for a TypeScript file, the result compiles cleanly with your existing `tsconfig.json` settings. - -This matters because many tools treat TypeScript as plain JavaScript and strip type annotations during fix generation. Pixee treats `.ts` and `.tsx` files as first-class targets. - -## React and Frontend Frameworks - -Pixee addresses React-specific security patterns on the server side and in server-rendered contexts: - -- **dangerouslySetInnerHTML patterns:** Pixee identifies and remediates XSS risks from unsanitized HTML injection in React components -- **Server-side rendering (SSR):** Fixes cover injection vulnerabilities in Next.js and other SSR frameworks where server-side data flows into rendered HTML -- **Client-side scope:** Pixee's primary focus is server-side vulnerabilities. Client-side-only patterns (e.g., React state management) are not in scope for automated remediation - -If your security concern is a server-side JavaScript vulnerability, Pixee covers it. Pure client-side browser security patterns are outside Pixee's current focus. - -## How It Works for JavaScript/TypeScript - -**Analysis depth:** Full AST parsing with cross-file dataflow analysis. Pixee follows taint propagation from Express route handlers through middleware chains to database calls and response rendering. - -**Fix routing:** When a scanner finding matches a deterministic codemod, the fix fires instantly with zero LLM cost. Novel or custom patterns route to AI-powered MagicMods, which receive JavaScript/TypeScript-specific context including framework detection, dependency analysis, and your PIXEE.yaml configuration. - -**Dependency support:** Pixee manages vulnerable packages in package.json (npm, yarn). A single pull request contains the version bump and any source-file changes required by the upgrade, such as updated import paths or changed API signatures. - -**Scanner compatibility:** MagicMod dispatchers for 8+ scanner types mean JavaScript/TypeScript findings from any supported scanner receive appropriate, scanner-aware context during fix generation. - -## Fix Examples - -**SQL Injection (CWE-89) -- Express Route Handler** - -Before: - -```javascript -app.get("/users", (req, res) => { - const userId = req.query.id; - db.query(`SELECT * FROM users WHERE id = '${userId}'`, (err, results) => { - res.json(results); - }); -}); -``` - -After: - -```javascript -app.get("/users", (req, res) => { - const userId = req.query.id; - db.query("SELECT * FROM users WHERE id = ?", [userId], (err, results) => { - res.json(results); - }); -}); -``` - -**Weak Cryptography (CWE-327) -- Secure Token Generation** - -Before: - -```javascript -const token = Math.random().toString(36).substring(2); -``` - -After: - -```javascript -const crypto = require("crypto"); -const token = crypto.randomBytes(24).toString("hex"); -``` - -**Dependency Upgrade -- Vulnerable npm Package** - -Pixee upgrades the vulnerable package version in package.json and includes any source-file changes required by the new version in the same pull request. If the upgrade includes breaking API changes, the PR addresses those changes across affected files. - -## Scanner Compatibility - -| Scanner | JS/TS Support | -| --------------- | ------------- | -| CodeQL | Yes | -| Semgrep | Yes | -| SonarQube | Yes | -| Snyk Code | Yes | -| Universal SARIF | Yes | - -npm audit findings can be exported in SARIF format and consumed through the [universal SARIF integration](/integrations/sarif-universal). - -## Compatibility - -| Dimension | Details | -| -------------------- | ------------------------------------------------------------ | -| Package managers | npm, yarn | -| CI/CD platforms | GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines | -| Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | -| Dependency manifests | package.json | -| Frameworks | Express, React, Next.js, Node.js standard library | - diff --git a/docs/languages/languages-overview.md b/docs/languages/languages-overview.md index 44793d46..88ba8982 100644 --- a/docs/languages/languages-overview.md +++ b/docs/languages/languages-overview.md @@ -1,113 +1,41 @@ --- -title: Language Support Overview +title: Language Support slug: /languages/overview track: both content_type: guide -seo_title: Language Support Overview -- Pixee Docs -description: Pixee supports Java, Python, JavaScript/TypeScript, .NET, Go, and PHP. Coverage matrix by language, framework, and fix type. +seo_title: Language Support -- Pixee Docs +description: Programming languages and IaC formats supported by Pixee for security triage and remediation. sidebar_position: 1 --- -Pixee supports six language ecosystems: Java, Python, JavaScript/TypeScript, .NET, Go, and PHP. Coverage varies by language. Java and Python have the deepest support with 120+ deterministic codemods plus AI-powered fixes for custom patterns. Each language includes framework-specific remediation (Spring Boot, Django, Express, ASP.NET) and fixes for OWASP Top 10 vulnerability categories. The coverage matrix below shows exactly what Pixee fixes in your stack. - -Language support is one half of the integration picture. Pixee also integrates with [13 native scanners](/integrations/overview) across all supported languages. - -## Coverage Matrix - -This table shows what Pixee supports across each language ecosystem. Use it to evaluate coverage for your stack, then visit individual language pages for framework details and fix examples. - -| Language | Frameworks | Fix Types | Deterministic Codemods | AI Fixes (MagicMods) | Analysis Depth | -| ---------------------------------------------- | ---------------------------------- | ---------- | ---------------------- | -------------------- | -------------- | -| [Java](/languages/java) | Spring Boot, Jakarta EE, Micronaut | SAST + SCA | 51+ core | Yes | Full AST | -| [Python](/languages/python) | Django, Flask, FastAPI | SAST + SCA | 60+ core | Yes | Full AST | -| [JavaScript/TypeScript](/languages/javascript) | Express, React, Node.js | SAST + SCA | Growing | Yes | Full AST | -| [.NET](/languages/dotnet) | ASP.NET Core, Blazor | SAST + SCA | Growing | Yes | Full AST | -| [Go](/languages/go) | Standard library, Gin, Echo | SAST + SCA | Growing | Yes | Tree-sitter | -| [PHP](/languages/php) | Laravel, Symfony | SAST + SCA | Growing | Yes | Tree-sitter | - -**Polyglot repositories:** Pixee analyzes each language independently within a single repository and generates language-appropriate fixes. No additional configuration is required for multi-language projects. - -## Vulnerability Coverage by Language - -The table below maps common vulnerability categories (by CWE) to fix availability per language. Deterministic codemods provide predictable, zero-variance fixes. AI-powered MagicMods extend coverage to custom patterns, multi-file dataflows, and framework-specific code. - -| Vulnerability Category | CWE | Java | Python | JS/TS | .NET | Go | PHP | -| -------------------------- | ----------- | ------------- | ------------- | ---------------- | ---------------- | ------ | ------ | -| SQL Injection | CWE-89 | Deterministic | Deterministic | Deterministic/AI | Deterministic/AI | AI | AI | -| Cross-Site Scripting | CWE-79 | Deterministic | Deterministic | Deterministic/AI | AI | AI | AI | -| SSRF | CWE-918 | Deterministic | Deterministic | Deterministic/AI | Deterministic/AI | AI | AI | -| Insecure Deserialization | CWE-502 | Deterministic | Deterministic | AI | AI | AI | AI | -| Path Traversal | CWE-22 | Deterministic | Deterministic | Deterministic/AI | Deterministic/AI | AI | AI | -| Weak Cryptography | CWE-327/328 | Deterministic | Deterministic | Deterministic/AI | Deterministic/AI | AI | AI | -| Insecure Temp Files | CWE-377 | Deterministic | Deterministic | AI | AI | -- | -- | -| SSL/TLS Protocol | CWE-326 | Deterministic | Deterministic | AI | AI | -- | -- | -| Dependency Vulnerabilities | SCA | Hybrid | Hybrid | Hybrid | Hybrid | Hybrid | Hybrid | - -"Deterministic" means a pre-built codemod handles the fix with zero LLM involvement. "AI" means a MagicMod generates a context-aware fix. "Hybrid" means dependency upgrades combine manifest changes with AI-assisted source refactoring. "--" means coverage is on the roadmap. - -## How Language Support Works - -Every language uses the same hybrid-intelligence architecture, but the analysis tooling and codemod depth vary by ecosystem maturity. - -**Two fix modes, routed automatically:** - -- **Deterministic codemods** are rule-based, language-specific code transformations. They apply OWASP/SANS security patterns with zero LLM involvement. Same input produces the same output every time. Java and Python have the deepest codemod libraries (51+ and 60+ core codemods, respectively). The open-source engines ([codemodder-java](https://github.com/pixee/codemodder-java), [codemodder-python](https://github.com/pixee/codemodder-python)) are publicly inspectable. - -- **AI-powered MagicMods** handle custom framework patterns, multi-file dataflow vulnerabilities, and novel vulnerability types. MagicMods use dataflow-bounded context, per-rule knowledge base guidance, and your project-level PIXEE.yaml configuration to generate fixes that match your codebase conventions. Every AI-generated fix passes through an independent quality evaluation before reaching a pull request. - -Routing is automatic. The system checks whether a deterministic codemod exists for the finding. If one does, it fires instantly at zero LLM cost. If not, a MagicMod generates a fix with the appropriate scanner-aware context. - -## Analysis Depth - -Pixee uses two parsing approaches depending on the language. Both produce working fixes, but analysis depth differs. - -| Analysis Tier | Languages | What It Means | -| --------------- | ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| **Full AST** | Java, Python, JS/TS, .NET | Deep abstract syntax tree parsing with cross-file dataflow analysis. Framework-aware transformations understand controller patterns, service layers, and dependency injection. | -| **Tree-sitter** | Go, PHP | Reliable syntax-level parsing effective for standard vulnerability patterns. Coverage is expanding. AI-powered MagicMods extend reach beyond what the parser alone covers. | - -Full AST languages benefit from deeper semantic understanding of code structure, which enables more precise deterministic codemods and richer context for AI-powered fixes. Tree-sitter languages rely more heavily on MagicMods for fix generation, with growing deterministic coverage over time. - -## Dependency Management by Language - -Pixee upgrades vulnerable dependencies in your manifest files and coordinates the version bump with downstream source-file refactoring in a single pull request. No "upgrade succeeded, tests broken" half-states. - -| Language | Manifest Formats | -| --------------------- | -------------------------------------------------------------- | -| Java | pom.xml, build.gradle | -| Python | requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg | -| JavaScript/TypeScript | package.json | -| .NET | .csproj, packages.config | -| Go | go.mod | -| PHP | composer.json | - -Python's five packaging conventions are worth calling out. Most tools handle only requirements.txt. Pixee handles all five. - -## Scanner Compatibility - -Pixee remediates findings from [13 native scanner integrations](/integrations/overview) plus any scanner that exports SARIF. Scanner compatibility applies across all supported languages, though individual scanner coverage depth varies by language. - -| Scanner | Java | Python | JS/TS | .NET | Go | PHP | -| --------------- | ---- | ------ | ----- | ---- | --- | --- | -| CodeQL | Yes | Yes | Yes | Yes | Yes | -- | -| Semgrep | Yes | Yes | Yes | Yes | Yes | Yes | -| SonarQube | Yes | Yes | Yes | Yes | -- | Yes | -| Checkmarx | Yes | Yes | -- | Yes | -- | Yes | -| Snyk Code | Yes | Yes | Yes | -- | Yes | -- | -| Veracode | Yes | -- | -- | Yes | -- | -- | -| Fortify | Yes | -- | -- | Yes | -- | -- | -| AppScan | Yes | -- | -- | -- | -- | -- | -| Universal SARIF | Yes | Yes | Yes | Yes | Yes | Yes | - -For scanner-specific details, see the [Integrations](/integrations/overview) section. - -## Roadmap - -Pixee is actively expanding language coverage. Current priorities: - -- **Go and PHP:** Growing deterministic codemod library and deeper framework-specific patterns -- **JavaScript/TypeScript:** Expanding Node.js server-side coverage and additional framework support -- **.NET:** Broadening ASP.NET Core patterns and legacy .NET Framework coverage - -If your language or framework is not listed, [contact the team](https://pixee.ai/demo) to discuss your stack. Pixee's [universal SARIF integration](/integrations/sarif-universal) can remediate findings from any scanner in any language. - +Pixee supports a broad and growing set of languages and IaC formats. Coverage expands continuously as the platform evolves. + +## Programming Languages + +| Language | Notes | +|---|---| +| **Java** | Spring Boot, Jakarta EE, Micronaut | +| **Python** | Django, Flask, FastAPI | +| **JavaScript / TypeScript / Node.js** | Express, React, Node.js server-side | +| **C# / .NET** | ASP.NET Core, Blazor | +| **Go** | Standard library, Gin, Echo | +| **Ruby** | Rails, Sinatra | +| **PHP** | Laravel, Symfony | +| **Kotlin** | JVM ecosystem, Spring Boot | +| **Rust** | | +| **Scala** | JVM ecosystem | +| **Swift** | iOS/macOS | +| **Objective-C** | iOS/macOS | + +## Infrastructure as Code + +| Format | Notes | +|---|---| +| **Terraform / HCL** | | +| **Dockerfile / Containerfile** | | +| **Kubernetes / Helm** | | +| **CloudFormation** | | +| **Ansible** | | +| **Docker Compose** | | + +For what Pixee triages and fixes across these languages and formats, see [What Pixee Fixes](/platform/what-pixee-fixes). For questions about a specific language or framework not listed here, [contact the team](https://pixee.ai/demo). diff --git a/docs/languages/php.md b/docs/languages/php.md deleted file mode 100644 index b52ddd41..00000000 --- a/docs/languages/php.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: PHP -slug: /languages/php -track: both -content_type: guide -seo_title: PHP Language Support -- Pixee Docs -description: "Pixee PHP support: Tree-sitter analysis and AI-powered fixes for Laravel and Symfony applications." -sidebar_position: 7 ---- - -Pixee remediates PHP vulnerabilities using Tree-sitter-based analysis and AI-powered fixes for Laravel and Symfony applications. Coverage includes injection vulnerabilities, insecure cryptography, and dependency vulnerabilities managed through Composer. PHP support uses Tree-sitter parsing with expanding deterministic coverage and AI-powered fixes for custom framework patterns. Fixes are delivered as pull requests that match your codebase conventions. - -PHP powers significant enterprise web infrastructure through Laravel, Symfony, and WordPress. Pixee's PHP support ensures teams running these frameworks have automated remediation in their pipeline. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). - -## What Pixee Fixes in PHP - -| Vulnerability Type | CWE | Example Fix | Fix Mode | -| -------------------------- | ------- | ------------------------------------------- | ---------- | -| SQL Injection | CWE-89 | Parameterized queries via PDO | AI-powered | -| Cross-Site Scripting | CWE-79 | Output encoding, htmlspecialchars | AI-powered | -| Insecure Deserialization | CWE-502 | Safe unserialize patterns | AI-powered | -| Path Traversal | CWE-22 | realpath validation | AI-powered | -| Insecure Cryptography | CWE-327 | random_bytes, sodium functions | AI-powered | -| Dependency Vulnerabilities | N/A | Composer version upgrades + source refactor | Hybrid | -| Custom Framework Patterns | Various | Framework-specific sanitization | AI-powered | - -PHP fixes are primarily AI-powered through MagicMods, with growing deterministic coverage. MagicMods receive PHP-specific context including framework detection, Composer dependency analysis, and your PIXEE.yaml configuration. - -## Laravel and Symfony - -**Laravel:** Pixee recognizes Laravel-specific patterns and provides targeted fixes: - -- Eloquent ORM injection prevention (raw queries, `whereRaw`, `DB::select` with string interpolation) -- Laravel middleware security patterns and authentication guard configuration -- Blade template XSS prevention and `{!! !!}` unescaped output audit -- Mass assignment protection (`$fillable`, `$guarded` configuration) -- CSRF token verification and session configuration hardening - -**Symfony:** Pixee supports Symfony security component patterns including: - -- Doctrine DBAL and ORM query parameterization -- Twig template output encoding -- Security voter and access control patterns -- Symfony form validation and input sanitization - -## How It Works for PHP - -**Analysis approach:** Pixee uses Tree-sitter for PHP source code parsing. Tree-sitter provides reliable syntax-level analysis effective for identifying standard vulnerability patterns in PHP applications. - -**Comparison to full AST languages:** Like Go, PHP uses Tree-sitter rather than full AST parsing. This means lighter cross-file analysis compared to Java, Python, JavaScript/TypeScript, and .NET. AI-powered MagicMods compensate by providing deep, context-aware fixes for complex patterns. Deterministic codemod coverage is expanding. - -**Dependency support:** Pixee manages vulnerable packages in composer.json and composer.lock. A single pull request contains the version bump and any source-file refactoring required by the upgrade. - -**Scanner compatibility:** Pixee remediates PHP findings from common scanners used in PHP development environments. - -## Fix Example - -**SQL Injection (CWE-89) -- PDO Parameterization** - -Before: - -```php -$userId = $_GET['id']; -$stmt = $pdo->query("SELECT * FROM users WHERE id = '$userId'"); -$user = $stmt->fetch(); -``` - -After: - -```php -$userId = $_GET['id']; -$stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?"); -$stmt->execute([$userId]); -$user = $stmt->fetch(); -``` - -## Scanner Compatibility - -| Scanner | PHP Support | -| --------------- | ----------- | -| Semgrep | Yes | -| SonarQube | Yes | -| Checkmarx | Yes | -| Universal SARIF | Yes | - -Any scanner that produces SARIF output can feed PHP findings to Pixee through the [universal SARIF integration](/integrations/sarif-universal). - -## Compatibility - -| Dimension | Details | -| -------------------- | ------------------------------------------------------------ | -| Package manager | Composer | -| Dependency manifests | composer.json, composer.lock | -| CI/CD platforms | GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines | -| Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | -| Frameworks | Laravel, Symfony | - diff --git a/docs/languages/python.md b/docs/languages/python.md deleted file mode 100644 index 4f52ce22..00000000 --- a/docs/languages/python.md +++ /dev/null @@ -1,172 +0,0 @@ ---- -title: Python -slug: /languages/python -track: both -content_type: guide -seo_title: Python Language Support -- Pixee Docs -description: "Pixee Python support: 60+ deterministic codemods and AI-powered fixes for Django, Flask, and FastAPI." -sidebar_position: 3 ---- - -Pixee remediates Python vulnerabilities automatically using 60+ deterministic codemods and AI-powered fixes for custom patterns. Coverage includes Django, Flask, and FastAPI applications with fixes for SQL injection, SSRF, insecure deserialization (PyYAML hardening, defused XML), weak cryptography, and dependency vulnerabilities. Pixee uses full AST-level analysis for deep cross-file dataflow tracking and framework-aware transformations across all five Python packaging formats. - -Python is Pixee's second-deepest language ecosystem alongside Java. The open-source [codemodder-python](https://github.com/pixee/codemodder-python) engine is publicly inspectable, and support for five packaging conventions (requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg) sets Pixee apart from tools that handle only one. For the full language coverage matrix, see the [Language Support Overview](/languages/overview). - -## What Pixee Fixes in Python - -| Vulnerability Type | CWE | Example Fix | Fix Mode | -| -------------------------- | ------- | ----------------------------------------------------------- | ------------- | -| SQL Injection | CWE-89 | Parameterized query conversion | Deterministic | -| SSRF | CWE-918 | URL validation and allowlist enforcement | Deterministic | -| Insecure Deserialization | CWE-502 | PyYAML safe_load, defused XML parsing | Deterministic | -| Weak Cryptography | CWE-327 | secrets module usage, JWT decode verification | Deterministic | -| Path Traversal | CWE-22 | Canonical path validation | Deterministic | -| Insecure Temp Files | CWE-377 | tempfile.mkstemp usage | Deterministic | -| SSL/TLS Protocol | CWE-326 | Protocol version enforcement | Deterministic | -| Cross-Site Scripting | CWE-79 | Output encoding, template sanitization | Deterministic | -| Custom Framework Patterns | Various | Framework-specific sanitization, multi-file fixes | AI-powered | -| Dependency Vulnerabilities | N/A | Version upgrade across 5 manifest formats + source refactor | Hybrid | - -## Django - -Django is the most common Python web framework in enterprise environments, and Pixee provides dedicated support for Django-specific security patterns. - -**What Pixee understands about your Django code:** - -- Django ORM query patterns and raw SQL injection risks via `extra()`, `raw()`, and `RawSQL()` -- Template injection and XSS prevention in Django templates and Jinja2 -- Django settings security hardening (SECRET_KEY exposure, DEBUG mode in production, ALLOWED_HOSTS configuration) -- Django REST Framework serializer validation patterns -- Model, view, and URL configuration conventions - -**Django-specific fixes include:** - -- ORM injection remediation that converts raw queries to parameterized Django ORM calls -- Template XSS prevention using Django's auto-escaping and `mark_safe` audit -- Settings hardening for common misconfigurations flagged by security scanners -- REST Framework input validation tightening on serializer fields -- CSRF middleware configuration fixes - -Pixee recognizes Django idioms. Fixes use Django-native security utilities (e.g., `django.utils.html.escape`, ORM parameterization) rather than introducing external libraries. - -## Flask and FastAPI - -**Flask:** Pixee handles Flask request handling patterns including `request.args`, `request.form`, and `request.json` input validation. Fixes for Flask applications address injection in Jinja2 templates, insecure session configuration, and debug mode exposure. - -**FastAPI:** Pixee supports FastAPI's dependency injection and Pydantic validation patterns. Fixes respect FastAPI's async patterns and type-annotated request handling. - -Both frameworks receive the same deterministic codemod coverage for common vulnerability types plus AI-powered MagicMods for framework-specific patterns. - -## How It Works for Python - -**Codemod engine:** [codemodder-python](https://github.com/pixee/codemodder-python) is an open-source engine with 60+ core codemods. Customers and auditors can inspect every transformation rule on GitHub. - -**Transformer strategies:** codemodder-python uses multiple rewriting approaches. LibCST handles AST-level transformations for Python source code. Regex transformers handle configuration files. XML transformers handle manifest and config files. A single codemod can target Python source, configuration files, and dependency manifests in one pass. - -**Analysis depth:** Full AST parsing via LibCST enables cross-file dataflow tracking. Pixee follows taint propagation from request handlers through business logic to database calls, understanding the full path a vulnerability travels through your Python application. - -**Fix routing:** Known vulnerability patterns (SQL injection, insecure deserialization, weak cryptography) get instant, deterministic fixes. Novel or custom patterns route to AI-powered MagicMods with Python-specific context and your PIXEE.yaml configuration. - -## Dependency Management - -Python has the most fragmented packaging ecosystem of any language Pixee supports. Pixee handles all five conventions: - -| Manifest Format | Tool | -| ---------------- | ------------------------ | -| requirements.txt | pip | -| pyproject.toml | Poetry, Flit, Hatch, pip | -| Pipfile | Pipenv | -| setup.py | setuptools | -| setup.cfg | setuptools | - -Each format has its own writer module. A single pull request contains the version bump in the correct manifest file and any downstream source-file changes required by the upgrade. If your project uses pyproject.toml with Poetry, Pixee updates pyproject.toml -- not requirements.txt. - -Most tools handle only requirements.txt. Pixee handles all five, which matters for enterprise Python projects where packaging conventions vary across teams and repositories. - -## Fix Examples - -**Insecure Deserialization (CWE-502) -- PyYAML safe_load** - -Before: - -```python -import yaml - -with open("config.yml") as f: - config = yaml.load(f) -``` - -After: - -```python -import yaml - -with open("config.yml") as f: - config = yaml.safe_load(f) -``` - -**SQL Injection (CWE-89) -- Django ORM Parameterization** - -Before: - -```python -def get_user(request): - user_id = request.GET.get("id") - users = User.objects.raw( - f"SELECT * FROM auth_user WHERE id = '{user_id}'" - ) - return render(request, "user.html", {"users": users}) -``` - -After: - -```python -def get_user(request): - user_id = request.GET.get("id") - users = User.objects.raw( - "SELECT * FROM auth_user WHERE id = %s", [user_id] - ) - return render(request, "user.html", {"users": users}) -``` - -**Weak Cryptography (CWE-327) -- Secure Random** - -Before: - -```python -import random - -token = ''.join(random.choice('abcdef0123456789') for _ in range(32)) -``` - -After: - -```python -import secrets - -token = secrets.token_hex(16) -``` - -## Scanner Compatibility - -| Scanner | Python Support | -| ------------------ | -------------- | -| CodeQL | Yes | -| Semgrep | Yes | -| SonarQube | Yes | -| Checkmarx | Yes | -| Snyk Code | Yes | -| Bandit (via SARIF) | Yes | -| Universal SARIF | Yes | - -Bandit findings can be exported in SARIF format and consumed by Pixee through the [universal SARIF integration](/integrations/sarif-universal). - -## Compatibility - -| Dimension | Details | -| -------------------- | -------------------------------------------------------------- | -| Packaging tools | pip, Poetry, Pipenv, setuptools | -| CI/CD platforms | GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines | -| Code hosting | GitHub, GitLab, Azure DevOps, Bitbucket | -| Dependency manifests | requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg | - diff --git a/docs/open-source/codemodder.md b/docs/open-source/codemodder.md index 4a29648c..635a5d15 100644 --- a/docs/open-source/codemodder.md +++ b/docs/open-source/codemodder.md @@ -121,7 +121,7 @@ Codemodder powers the deterministic remediation layer of the Pixee platform. The - **MagicMods** -- AI-powered fixes for patterns that deterministic rules cannot reach (custom framework wrappers, multi-file dataflows, context-dependent sanitization) - **Triage Automation** -- false positive reduction before fixes are generated -- **Scanner integration** -- 13 native scanner integrations plus universal SARIF support +- **Scanner integration** -- natively integrated scanners plus universal SARIF support - **PR workflow** -- fixes delivered as pull requests through GitHub, GitLab, Azure DevOps, or Bitbucket Codemodder handles the known, well-understood vulnerability patterns. MagicMods extend coverage to the long tail. Both produce fixes that pass through the same quality evaluation before reaching a developer. diff --git a/docs/platform/architecture.md b/docs/platform/architecture.md index 1bc609bb..50304335 100644 --- a/docs/platform/architecture.md +++ b/docs/platform/architecture.md @@ -28,9 +28,9 @@ SAST and SCA findings both flow through this same pipeline. There is no separate ## Scan Ingestion -Findings arrive from 13 native scanner integrations or any SARIF-producing tool: +Findings arrive from natively integrated scanners or any SARIF-producing tool: -**Native integrations with dedicated handlers:** CodeQL (GitHub Advanced Security), SonarQube/SonarCloud, Checkmarx, Veracode, Snyk Code, Semgrep, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, and Trivy — 13 named scanners. +**Native integrations with dedicated handlers:** CodeQL (GitHub Advanced Security), SonarQube/SonarCloud, Checkmarx, Veracode, Snyk Code, Semgrep, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, and Trivy. Each native integration has a tool-specific handler that extracts maximum metadata from the scanner's output format. CodeQL findings include codeFlows and help documentation. Semgrep findings carry full rule descriptions. Metadata-poor tools like Checkmarx use rule-ID-based strategies to compensate for sparse SARIF output. diff --git a/docs/platform/context-memory.md b/docs/platform/context-memory.md new file mode 100644 index 00000000..39eb54ae --- /dev/null +++ b/docs/platform/context-memory.md @@ -0,0 +1,80 @@ +--- +title: "Context, Memory & Preferences" +slug: /platform/context-memory +track: both +content_type: conceptual +seo_title: "Context, Memory & Preferences | How Pixee Learns Your Codebase" +description: How Pixee reads your codebase, adapts to team conventions, and improves from feedback signals to deliver context-aware fixes. +sidebar_position: 4 +--- + +Pixee is not a generic code scanner that applies one-size-fits-all patches. It reads your repository, learns your team's conventions and frameworks, and improves from the feedback your team provides when it reviews and merges fixes. This page explains how that context is gathered, stored, and used. + +## Codebase Context + +Before Pixee generates a fix, it analyzes the repository for the patterns, frameworks, and security controls already in use. This context shapes every fix Pixee produces. + +**What Pixee reads:** + +- **Existing patterns and conventions** — naming conventions, preferred utility classes, error handling patterns, code style. If your team wraps SQL calls in a `DatabaseHelper`, Pixee generates fixes that use `DatabaseHelper`, not a raw JDBC pattern. +- **Frameworks and libraries in use** — Spring Boot, Django, Express, ASP.NET Core, and others each have idiomatic secure coding patterns. Pixee's framework-aware fixes match what your team already uses. +- **Dependencies** — the libraries and versions in your manifest files inform what fix patterns are available and safe. If your project already includes an input validation library, Pixee prefers it over introducing a new dependency. +- **Existing security controls** — middleware, sanitization utilities, authentication layers, and framework-provided security features. A finding protected by framework-level controls is classified differently from the same pattern without protection. + +This analysis is performed at the repository level for each analysis run. Code is not stored after the analysis completes. See [Security Architecture](/enterprise/security-architecture) for data handling details. + +## PIXEE.yaml + +Team-level preferences and repository configuration are specified in a `PIXEE.yaml` file in the repository root. PIXEE.yaml is the primary mechanism for telling Pixee how to behave in your repository. + +Common configuration includes: + +- Scoping fix generation to specific severity levels, vulnerability types, or repository paths +- Excluding files, directories, or patterns from analysis +- Setting branch targeting preferences +- Configuring PR batching and delivery behavior + +PIXEE.yaml is optional — Pixee works with sensible defaults without it. For the full schema and all available options, see [PIXEE.yaml Reference](/configuration/pixee-yaml). + +## Learning from Feedback + +Pixee improves from the signals your team sends when it interacts with Pixee-generated PRs. These signals are the primary mechanism by which Pixee adapts to your team's preferences and risk tolerance over time. + +**Signals Pixee collects:** + +| Signal | What It Means | +|---|---| +| PR merged (as-is) | Fix was correct and matched team conventions — positive signal for this fix pattern | +| PR merged (with modifications) | Fix was directionally correct but needed adjustment — Pixee notes the delta | +| PR closed / declined | Fix was not accepted — negative signal for this finding type or fix approach | +| Triage override | Team disagreed with Pixee's classification — updates classification logic for similar findings | + +**Scope of learning:** [NEEDS VERIFICATION: whether feedback signals apply at per-repo scope, org-level scope, or both. Current understanding is that signals apply at the repository level and may aggregate to org level over time.] + +**Observing improvement:** Teams that have been using Pixee for several weeks typically see reduced false positive rates and higher merge rates as the system calibrates to their codebase and review preferences. [NEEDS VERIFICATION: specific time windows and observable metrics for feedback loop effects.] + +## Triage Overrides + +When Pixee classifies a finding as a true positive but your team disagrees — or vice versa — you can override the triage verdict. Overrides are the strongest feedback signal available. + +**How to override:** [NEEDS VERIFICATION: specific UI mechanics for submitting a triage override — whether this is done via PR comment, dashboard action, or PIXEE.yaml configuration.] + +**What happens when you override:** +- The specific finding's verdict is updated immediately. +- The override is recorded with the rationale (if provided). +- Future findings matching the same pattern in the same codebase context receive adjusted classification. + +**Influence on future classifications:** Triage overrides influence how Pixee classifies similar findings going forward. The more specific the context (same rule ID, same file pattern, same framework), the more targeted the adjustment. [NEEDS VERIFICATION: the exact scope and mechanism by which overrides propagate to future similar findings.] + +## Enterprise Context + +For organizations with specific policies — approved libraries, banned patterns, internal framework conventions — surfacing that context to Pixee allows fix generation to align with enterprise standards rather than generic open-source patterns. + +**Mechanisms for providing enterprise context:** + +- **PIXEE.yaml** — per-repository configuration for fix scope and behavior preferences. +- **Codebase reading** — Pixee automatically detects internal libraries and frameworks by analyzing imports, dependency manifests, and usage patterns. If your organization uses an internal HTTP client wrapper, Pixee detects it and uses it in fixes. + +[NEEDS VERIFICATION: whether there is a dedicated enterprise-level configuration mechanism beyond PIXEE.yaml for specifying approved libraries, banned patterns, or internal framework conventions at the organization level. Contact your Pixee account team for current enterprise context configuration options.] + +For organizations managing hundreds of repositories, the [Phased Rollout Guide](/enterprise/phased-rollout) covers organization-wide deployment strategy that accounts for repository-level variation in conventions and risk tolerance. diff --git a/docs/platform/scanner-integration.md b/docs/platform/scanner-integration.md index f9d00864..cf07d3ca 100644 --- a/docs/platform/scanner-integration.md +++ b/docs/platform/scanner-integration.md @@ -3,12 +3,12 @@ title: Scanner Integration slug: /platform/scanner-integration track: both content_type: guide -seo_title: "Scanner Integration | 13 Native Scanners + Universal SARIF" -description: How Pixee integrates with 13 native scanners and any SARIF-producing tool. Two-tier integration architecture and metadata extraction. +seo_title: "Scanner Integration | Native Scanners + Universal SARIF" +description: How Pixee integrates with natively supported scanners and any SARIF-producing tool. Two-tier integration architecture and metadata extraction. sidebar_position: 7 --- -Pixee integrates with 13 natively supported scanners and any SARIF-producing tool through a two-tier architecture. Dedicated handlers extract scanner-specific metadata from tools like CodeQL, Semgrep, and Checkmarx for maximum triage accuracy. Universal SARIF ingestion handles everything else — including proprietary and internal scanners — with zero pre-built integration required. +Pixee integrates with a growing list of natively supported scanners and any SARIF-producing tool through a two-tier architecture. Dedicated handlers extract scanner-specific metadata from tools like CodeQL, Semgrep, and Checkmarx for maximum triage accuracy. Universal SARIF ingestion handles everything else — including proprietary and internal scanners — with zero pre-built integration required. Pixee does not replace your scanners. It sits downstream of them. Your existing SAST tools continue to scan your code exactly as they do today. Pixee consumes each tool's output, triages every finding, and delivers remediation as pull requests for confirmed vulnerabilities. @@ -56,7 +56,7 @@ Both tiers feed into the same downstream [triage](/platform/triage) and [remedia | **Trivy** | GA | SARIF pipeline with MagicMod dispatcher support | | **DefectDojo** | GA | SARIF pipeline (aggregates findings from multiple scanners) | -All 13 named scanners are GA. See individual scanner integration pages under [Integrations](/integrations/overview) for per-tool setup guides. +All named scanner integrations are GA. See individual scanner integration pages under [Integrations](/integrations/overview) for per-tool setup guides. ## Universal SARIF Support diff --git a/docs/platform/triage.md b/docs/platform/triage.md index 31ad002e..287ff4d9 100644 --- a/docs/platform/triage.md +++ b/docs/platform/triage.md @@ -8,7 +8,7 @@ description: How Pixee's three-tier triage engine classifies every vulnerability sidebar_position: 3 --- -Pixee's triage engine classifies every vulnerability finding as true positive, false positive, or won't-fix through codebase-aware exploitability analysis. The three-tier progressive architecture handles known patterns at sub-second speed, investigates ambiguous cases via AI agents, and generates custom analyzers for novel vulnerability types. The result: up to 98% false positive reduction with structured evidence on every verdict, across findings from 13 native scanner integrations. +Pixee's triage engine classifies every vulnerability finding as true positive, false positive, or won't-fix through codebase-aware exploitability analysis. The three-tier progressive architecture handles known patterns at sub-second speed, investigates ambiguous cases via AI agents, and generates custom analyzers for novel vulnerability types. The result: up to 98% false positive reduction with structured evidence on every verdict, across findings from natively integrated scanners. Triage is co-equal with [remediation](/platform/remediation). Together they close the loop from "scanner found something" to "vulnerability is fixed." @@ -89,7 +89,7 @@ Every triage verdict is a structured, machine-processable artifact. Triage works across any SARIF-producing scanner. Customers with heterogeneous stacks — multiple commercial scanners plus custom rules — get a single triage layer that handles all of it. -- **13 native integrations** with scanner-specific metadata extraction (CodeQL, SonarQube, Checkmarx, Veracode, Snyk Code, Semgrep, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy) +- **Natively integrated scanners** with scanner-specific metadata extraction (CodeQL, SonarQube, Checkmarx, Veracode, Snyk Code, Semgrep, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy, and others) - **Universal SARIF ingestion** for any additional scanner (50+ validated) - **Custom rule coverage** — proprietary Semgrep rules, internal CodeQL queries, and custom scanner rulesets are handled by Tier 2 and Tier 3 without vendor integration work - **Cross-tool deduplication** — when multiple scanners flag the same finding, the system eliminates duplicates diff --git a/docs/platform/what-is-agentic-security-engineering.md b/docs/platform/what-is-agentic-security-engineering.md index 482071b2..d8d9bba5 100644 --- a/docs/platform/what-is-agentic-security-engineering.md +++ b/docs/platform/what-is-agentic-security-engineering.md @@ -21,7 +21,7 @@ Pixee adds triage, remediation, and delivery layers on top of your existing dete | **3. Remediation** | Generate validated code fixes | Pixee — deterministic + AI hybrid. See [Remediation](/platform/remediation) | | **4. Delivery** | Ship fixes through existing workflow | Pixee — PRs in GitHub, GitLab, ADO, Bitbucket | -Pixee integrates natively with 13 scanners and accepts any SARIF-producing tool. No changes to your detection stack are required. +Pixee integrates natively with a growing list of scanners and accepts any SARIF-producing tool. No changes to your detection stack are required. ## Two Co-Equal Capabilities diff --git a/docs/platform/what-pixee-fixes.md b/docs/platform/what-pixee-fixes.md new file mode 100644 index 00000000..e695f013 --- /dev/null +++ b/docs/platform/what-pixee-fixes.md @@ -0,0 +1,57 @@ +--- +title: What Pixee Fixes +slug: /platform/what-pixee-fixes +track: both +content_type: reference +seo_title: "What Pixee Fixes | Vulnerability Types, Triage, and Fix Modes" +description: Canonical reference for all vulnerability types, finding categories, and fix modes Pixee handles across SAST, SCA, and IaC findings. +sidebar_position: 3 +--- + +This page is the canonical reference for what Pixee can triage and fix. It covers all vulnerability types and finding categories across SAST, SCA, and IaC findings, and shows the fix mode (Deterministic, AI, or Both) for each category. + +## Vulnerability Coverage Table + +| Vulnerability Category | Examples | Triage | Fix Mode | +|---|---|---|---| +| **Injection — SQL** | SQL injection via string concatenation, unparameterized queries | Yes | Deterministic / Both | +| **Injection — Command** | OS command injection, shell metacharacters in exec calls | Yes | Deterministic / Both | +| **Injection — LDAP** | LDAP injection via unsanitized directory search filters | Yes | AI | +| **Injection — XPath** | XPath injection via user-controlled node selection | Yes | AI | +| **Injection — NoSQL** | NoSQL injection in MongoDB, Redis, and similar query patterns | Yes | AI | +| **Injection — Expression Language** | EL/OGNL injection via template or framework evaluation | Yes | AI | +| **Cross-Site Scripting (XSS) — Reflected** | Reflected XSS via unencoded user input in HTTP responses | Yes | Deterministic / Both | +| **Cross-Site Scripting (XSS) — Stored** | Stored XSS persisted in database and rendered to other users | Yes | Both | +| **Cross-Site Scripting (XSS) — DOM-Based** | DOM XSS via document.write, innerHTML, eval with user data | Yes | Both | +| **Path Traversal** | Directory traversal via `../` sequences, file inclusion flaws | Yes | Deterministic / Both | +| **Server-Side Request Forgery (SSRF)** | SSRF via unvalidated URL parameters to internal or cloud metadata endpoints | Yes | Deterministic / Both | +| **Insecure Deserialization** | Unsafe Java ObjectInputStream, Python pickle, .NET BinaryFormatter | Yes | Both | +| **Weak Cryptography** | MD5, SHA-1 for security-sensitive operations; ECB mode; short key lengths | Yes | Deterministic / Both | +| **Insecure Randomness** | `java.util.Random`, `Math.random()`, `random.random()` for security tokens | Yes | Deterministic / Both | +| **Hardcoded Secrets** | Hardcoded API keys, passwords, tokens in source code | Yes | AI | +| **Authentication / Session Weaknesses** | Broken authentication, session fixation, missing session invalidation, insecure cookie flags | Yes | Both | +| **Insecure Direct Object Reference (IDOR)** | Missing authorization checks on resource identifiers | Yes | AI | +| **XML / XXE Vulnerabilities** | XML External Entity injection, DTD processing, XXE via SSRF | Yes | Deterministic / Both | +| **Insecure Temp Files** | Predictable temp file creation, race conditions on tempfile usage | Yes | Deterministic / Both | +| **Logging Sensitive Data** | PII, credentials, tokens written to logs | Yes | AI | +| **Security Misconfigurations** | Missing security headers, insecure defaults, disabled CSRF protection | Yes | Both | +| **SSL/TLS Weaknesses** | Disabled hostname verification, accepting all certificates, weak protocols | Yes | Deterministic / Both | +| **Dependency Vulnerabilities (SCA)** | CVEs in direct and transitive open-source dependencies | Yes | Deterministic (version bumps + source refactoring) | +| **Container / Dockerfile Misconfigurations** | Running as root, insecure base image patterns, exposed secrets in layers | Yes | Both | +| **Infrastructure as Code (IaC) Misconfigurations** | Terraform / CloudFormation / Kubernetes / Helm security misconfigurations, overly permissive IAM, unencrypted storage | Yes | Both | + +## Fix Modes Explained + +**Deterministic** — A pre-built codemod applies a rule-based transformation. Same input always produces the same output. Zero LLM involvement. Fastest fix path and most predictable output. + +**AI (MagicMod)** — An AI-powered fix is generated for patterns where deterministic rules do not reach — custom framework wrappers, multi-file dataflows, context-dependent sanitization, or novel vulnerability patterns. Every AI-generated fix passes through an independent quality evaluation before delivery. + +**Both** — A deterministic codemod handles well-understood patterns (standard libraries, known frameworks), while AI handles custom or complex variants. Routing is automatic. + +## Notes on Coverage + +Fix mode depends on the language and scanner context. Not every vulnerability type has a deterministic codemod for every language. Java and Python have the deepest deterministic codemod libraries. Go and PHP rely more heavily on AI-powered fixes. + +For per-language coverage depth, see [Language Support](/languages/overview) for the full coverage matrix across all supported languages and IaC formats. + +For per-scanner handling details, see the scanner integration pages under [Integrations](/integrations/overview). diff --git a/docusaurus.config.js b/docusaurus.config.js index 74f79a14..9bd531a1 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -78,10 +78,10 @@ const config = { { from: "/open-pixee", to: "/open-source/overview" }, { from: "/running_on_public_github_repos", - to: "/getting-started/github", + to: "/getting-started/source-control", }, - { from: "/supported-scms", to: "/" }, - { from: "/using-pixeebot", to: "/getting-started/github" }, + { from: "/supported-scms", to: "/getting-started/source-control" }, + { from: "/using-pixeebot", to: "/getting-started/source-control" }, { from: "/getting-started", to: "/" }, { from: "/configuration/scheduling", diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 00000000..bc9e5f6c --- /dev/null +++ b/package-lock.json @@ -0,0 +1,18594 @@ +{ + "name": "pixee-doc-site", + "version": "0.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "pixee-doc-site", + "version": "0.0.0", + "dependencies": { + "@docusaurus/core": "^3.8.1", + "@docusaurus/plugin-client-redirects": "^3.8.1", + "@docusaurus/preset-classic": "^3.8.1", + "@mdx-js/react": "^3.0.0", + "clsx": "^2.0.0", + "docusaurus-plugin-llms": "^0.4.0", + "prism-react-renderer": "^2.3.1", + "react": "^19.0.0", + "react-dom": "^19.0.0", + "yarn": "^1.22.22" + }, + "devDependencies": { + "@docusaurus/module-type-aliases": "^3.8.1", + "@docusaurus/types": "^3.8.1", + "prettier": "^3.2.5" + }, + "engines": { + "node": ">=18.0" + } + }, + "node_modules/@ai-sdk/gateway": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@ai-sdk/gateway/-/gateway-2.0.0.tgz", + "integrity": "sha512-Gj0PuawK7NkZuyYgO/h5kDK/l6hFOjhLdTq3/Lli1FTl47iGmwhH1IZQpAL3Z09BeFYWakcwUmn02ovIm2wy9g==", + "license": "Apache-2.0", + "dependencies": { + "@ai-sdk/provider": "2.0.0", + "@ai-sdk/provider-utils": "3.0.12", + "@vercel/oidc": "3.0.3" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "zod": "^3.25.76 || ^4.1.8" + } + }, + "node_modules/@ai-sdk/provider": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@ai-sdk/provider/-/provider-2.0.0.tgz", + "integrity": "sha512-6o7Y2SeO9vFKB8lArHXehNuusnpddKPk7xqL7T2/b+OvXMRIXUO1rR4wcv1hAFUAT9avGZshty3Wlua/XA7TvA==", + "license": "Apache-2.0", + "dependencies": { + "json-schema": "^0.4.0" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/@ai-sdk/provider-utils": { + "version": "3.0.12", + "resolved": "https://registry.npmjs.org/@ai-sdk/provider-utils/-/provider-utils-3.0.12.tgz", + "integrity": "sha512-ZtbdvYxdMoria+2SlNarEk6Hlgyf+zzcznlD55EAl+7VZvJaSg2sqPvwArY7L6TfDEDJsnCq0fdhBSkYo0Xqdg==", + "license": "Apache-2.0", + "dependencies": { + "@ai-sdk/provider": "2.0.0", + "@standard-schema/spec": "^1.0.0", + "eventsource-parser": "^3.0.5" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "zod": "^3.25.76 || ^4.1.8" + } + }, + "node_modules/@ai-sdk/react": { + "version": "2.0.76", + "resolved": "https://registry.npmjs.org/@ai-sdk/react/-/react-2.0.76.tgz", + "integrity": "sha512-ggAPzyaKJTqUWigpxMzI5DuC0Y3iEpDUPCgz6/6CpnKZY/iok+x5xiZhDemeaP0ILw5IQekV0kdgBR8JPgI8zQ==", + "license": "Apache-2.0", + "dependencies": { + "@ai-sdk/provider-utils": "3.0.12", + "ai": "5.0.76", + "swr": "^2.2.5", + "throttleit": "2.1.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "react": "^18 || ^19 || ^19.0.0-rc", + "zod": "^3.25.76 || ^4.1.8" + }, + "peerDependenciesMeta": { + "zod": { + "optional": true + } + } + }, + "node_modules/@algolia/abtesting": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/@algolia/abtesting/-/abtesting-1.6.1.tgz", + "integrity": "sha512-wV/gNRkzb7sI9vs1OneG129hwe3Q5zPj7zigz3Ps7M5Lpo2hSorrOnXNodHEOV+yXE/ks4Pd+G3CDFIjFTWhMQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1", + "@algolia/requester-browser-xhr": "5.40.1", + "@algolia/requester-fetch": "5.40.1", + "@algolia/requester-node-http": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/abtesting/node_modules/@algolia/client-common": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.40.1.tgz", + "integrity": "sha512-gWfQuQUBtzUboJv/apVGZMoxSaB0M4Imwl1c9Ap+HpCW7V0KhjBddqF2QQt5tJZCOFsfNIgBbZDGsEPaeKUosw==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/abtesting/node_modules/@algolia/requester-browser-xhr": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.40.1.tgz", + "integrity": "sha512-PbidVsPurUSQIr6X9/7s34mgOMdJnn0i6p+N6Ab+lsNhY5eiu+S33kZEpZwkITYBCIbhzDLOvb7xZD3gDi+USA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/abtesting/node_modules/@algolia/requester-fetch": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.40.1.tgz", + "integrity": "sha512-ThZ5j6uOZCF11fMw9IBkhigjOYdXGXQpj6h4k+T9UkZrF2RlKcPynFzDeRgaLdpYk8Yn3/MnFbwUmib7yxj5Lw==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/abtesting/node_modules/@algolia/requester-node-http": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.40.1.tgz", + "integrity": "sha512-H1gYPojO6krWHnUXu/T44DrEun/Wl95PJzMXRcM/szstNQczSbwq6wIFJPI9nyE95tarZfUNU3rgorT+wZ6iCQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/autocomplete-core": { + "version": "1.19.2", + "resolved": "https://registry.npmjs.org/@algolia/autocomplete-core/-/autocomplete-core-1.19.2.tgz", + "integrity": "sha512-mKv7RyuAzXvwmq+0XRK8HqZXt9iZ5Kkm2huLjgn5JoCPtDy+oh9yxUMfDDaVCw0oyzZ1isdJBc7l9nuCyyR7Nw==", + "license": "MIT", + "dependencies": { + "@algolia/autocomplete-plugin-algolia-insights": "1.19.2", + "@algolia/autocomplete-shared": "1.19.2" + } + }, + "node_modules/@algolia/autocomplete-plugin-algolia-insights": { + "version": "1.19.2", + "resolved": "https://registry.npmjs.org/@algolia/autocomplete-plugin-algolia-insights/-/autocomplete-plugin-algolia-insights-1.19.2.tgz", + "integrity": "sha512-TjxbcC/r4vwmnZaPwrHtkXNeqvlpdyR+oR9Wi2XyfORkiGkLTVhX2j+O9SaCCINbKoDfc+c2PB8NjfOnz7+oKg==", + "license": "MIT", + "dependencies": { + "@algolia/autocomplete-shared": "1.19.2" + }, + "peerDependencies": { + "search-insights": ">= 1 < 3" + } + }, + "node_modules/@algolia/autocomplete-shared": { + "version": "1.19.2", + "resolved": "https://registry.npmjs.org/@algolia/autocomplete-shared/-/autocomplete-shared-1.19.2.tgz", + "integrity": "sha512-jEazxZTVD2nLrC+wYlVHQgpBoBB5KPStrJxLzsIFl6Kqd1AlG9sIAGl39V5tECLpIQzB3Qa2T6ZPJ1ChkwMK/w==", + "license": "MIT", + "peerDependencies": { + "@algolia/client-search": ">= 4.9.1 < 6", + "algoliasearch": ">= 4.9.1 < 6" + } + }, + "node_modules/@algolia/client-abtesting": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-abtesting/-/client-abtesting-5.40.1.tgz", + "integrity": "sha512-cxKNATPY5t+Mv8XAVTI57altkaPH+DZi4uMrnexPxPHODMljhGYY+GDZyHwv9a+8CbZHcY372OkxXrDMZA4Lnw==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1", + "@algolia/requester-browser-xhr": "5.40.1", + "@algolia/requester-fetch": "5.40.1", + "@algolia/requester-node-http": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-abtesting/node_modules/@algolia/client-common": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.40.1.tgz", + "integrity": "sha512-gWfQuQUBtzUboJv/apVGZMoxSaB0M4Imwl1c9Ap+HpCW7V0KhjBddqF2QQt5tJZCOFsfNIgBbZDGsEPaeKUosw==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-abtesting/node_modules/@algolia/requester-browser-xhr": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.40.1.tgz", + "integrity": "sha512-PbidVsPurUSQIr6X9/7s34mgOMdJnn0i6p+N6Ab+lsNhY5eiu+S33kZEpZwkITYBCIbhzDLOvb7xZD3gDi+USA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-abtesting/node_modules/@algolia/requester-fetch": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.40.1.tgz", + "integrity": "sha512-ThZ5j6uOZCF11fMw9IBkhigjOYdXGXQpj6h4k+T9UkZrF2RlKcPynFzDeRgaLdpYk8Yn3/MnFbwUmib7yxj5Lw==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-abtesting/node_modules/@algolia/requester-node-http": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.40.1.tgz", + "integrity": "sha512-H1gYPojO6krWHnUXu/T44DrEun/Wl95PJzMXRcM/szstNQczSbwq6wIFJPI9nyE95tarZfUNU3rgorT+wZ6iCQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-analytics": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-analytics/-/client-analytics-5.40.1.tgz", + "integrity": "sha512-XP008aMffJCRGAY8/70t+hyEyvqqV7YKm502VPu0+Ji30oefrTn2al7LXkITz7CK6I4eYXWRhN6NaIUi65F1OA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1", + "@algolia/requester-browser-xhr": "5.40.1", + "@algolia/requester-fetch": "5.40.1", + "@algolia/requester-node-http": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-analytics/node_modules/@algolia/client-common": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.40.1.tgz", + "integrity": "sha512-gWfQuQUBtzUboJv/apVGZMoxSaB0M4Imwl1c9Ap+HpCW7V0KhjBddqF2QQt5tJZCOFsfNIgBbZDGsEPaeKUosw==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-analytics/node_modules/@algolia/requester-browser-xhr": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.40.1.tgz", + "integrity": "sha512-PbidVsPurUSQIr6X9/7s34mgOMdJnn0i6p+N6Ab+lsNhY5eiu+S33kZEpZwkITYBCIbhzDLOvb7xZD3gDi+USA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-analytics/node_modules/@algolia/requester-fetch": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.40.1.tgz", + "integrity": "sha512-ThZ5j6uOZCF11fMw9IBkhigjOYdXGXQpj6h4k+T9UkZrF2RlKcPynFzDeRgaLdpYk8Yn3/MnFbwUmib7yxj5Lw==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-analytics/node_modules/@algolia/requester-node-http": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.40.1.tgz", + "integrity": "sha512-H1gYPojO6krWHnUXu/T44DrEun/Wl95PJzMXRcM/szstNQczSbwq6wIFJPI9nyE95tarZfUNU3rgorT+wZ6iCQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-common": { + "version": "5.52.1", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.52.1.tgz", + "integrity": "sha512-qCDoZfx5MpX7XQzvQ3bC4tSEMkQWQMaF/ABtLuoze03Y/flR563CCSws02qIJ23oX7lxl92LsilZjINVyTdtLw==", + "license": "MIT", + "peer": true, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-insights": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-insights/-/client-insights-5.40.1.tgz", + "integrity": "sha512-RTLjST/t+lsLMouQ4zeLJq2Ss+UNkLGyNVu+yWHanx6kQ3LT5jv8UvPwyht9s7R6jCPnlSI77WnL80J32ZuyJg==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1", + "@algolia/requester-browser-xhr": "5.40.1", + "@algolia/requester-fetch": "5.40.1", + "@algolia/requester-node-http": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-insights/node_modules/@algolia/client-common": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.40.1.tgz", + "integrity": "sha512-gWfQuQUBtzUboJv/apVGZMoxSaB0M4Imwl1c9Ap+HpCW7V0KhjBddqF2QQt5tJZCOFsfNIgBbZDGsEPaeKUosw==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-insights/node_modules/@algolia/requester-browser-xhr": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.40.1.tgz", + "integrity": "sha512-PbidVsPurUSQIr6X9/7s34mgOMdJnn0i6p+N6Ab+lsNhY5eiu+S33kZEpZwkITYBCIbhzDLOvb7xZD3gDi+USA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-insights/node_modules/@algolia/requester-fetch": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.40.1.tgz", + "integrity": "sha512-ThZ5j6uOZCF11fMw9IBkhigjOYdXGXQpj6h4k+T9UkZrF2RlKcPynFzDeRgaLdpYk8Yn3/MnFbwUmib7yxj5Lw==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-insights/node_modules/@algolia/requester-node-http": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.40.1.tgz", + "integrity": "sha512-H1gYPojO6krWHnUXu/T44DrEun/Wl95PJzMXRcM/szstNQczSbwq6wIFJPI9nyE95tarZfUNU3rgorT+wZ6iCQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-personalization": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-personalization/-/client-personalization-5.40.1.tgz", + "integrity": "sha512-2FEK6bUomBzEYkTKzD0iRs7Ljtjb45rKK/VSkyHqeJnG+77qx557IeSO0qVFE3SfzapNcoytTofnZum0BQ6r3Q==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1", + "@algolia/requester-browser-xhr": "5.40.1", + "@algolia/requester-fetch": "5.40.1", + "@algolia/requester-node-http": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-personalization/node_modules/@algolia/client-common": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.40.1.tgz", + "integrity": "sha512-gWfQuQUBtzUboJv/apVGZMoxSaB0M4Imwl1c9Ap+HpCW7V0KhjBddqF2QQt5tJZCOFsfNIgBbZDGsEPaeKUosw==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-personalization/node_modules/@algolia/requester-browser-xhr": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.40.1.tgz", + "integrity": "sha512-PbidVsPurUSQIr6X9/7s34mgOMdJnn0i6p+N6Ab+lsNhY5eiu+S33kZEpZwkITYBCIbhzDLOvb7xZD3gDi+USA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-personalization/node_modules/@algolia/requester-fetch": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.40.1.tgz", + "integrity": "sha512-ThZ5j6uOZCF11fMw9IBkhigjOYdXGXQpj6h4k+T9UkZrF2RlKcPynFzDeRgaLdpYk8Yn3/MnFbwUmib7yxj5Lw==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-personalization/node_modules/@algolia/requester-node-http": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.40.1.tgz", + "integrity": "sha512-H1gYPojO6krWHnUXu/T44DrEun/Wl95PJzMXRcM/szstNQczSbwq6wIFJPI9nyE95tarZfUNU3rgorT+wZ6iCQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-query-suggestions": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-query-suggestions/-/client-query-suggestions-5.40.1.tgz", + "integrity": "sha512-Nju4NtxAvXjrV2hHZNLKVJLXjOlW6jAXHef/CwNzk1b2qIrCWDO589ELi5ZHH1uiWYoYyBXDQTtHmhaOVVoyXg==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1", + "@algolia/requester-browser-xhr": "5.40.1", + "@algolia/requester-fetch": "5.40.1", + "@algolia/requester-node-http": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-query-suggestions/node_modules/@algolia/client-common": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.40.1.tgz", + "integrity": "sha512-gWfQuQUBtzUboJv/apVGZMoxSaB0M4Imwl1c9Ap+HpCW7V0KhjBddqF2QQt5tJZCOFsfNIgBbZDGsEPaeKUosw==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-query-suggestions/node_modules/@algolia/requester-browser-xhr": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.40.1.tgz", + "integrity": "sha512-PbidVsPurUSQIr6X9/7s34mgOMdJnn0i6p+N6Ab+lsNhY5eiu+S33kZEpZwkITYBCIbhzDLOvb7xZD3gDi+USA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-query-suggestions/node_modules/@algolia/requester-fetch": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.40.1.tgz", + "integrity": "sha512-ThZ5j6uOZCF11fMw9IBkhigjOYdXGXQpj6h4k+T9UkZrF2RlKcPynFzDeRgaLdpYk8Yn3/MnFbwUmib7yxj5Lw==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-query-suggestions/node_modules/@algolia/requester-node-http": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.40.1.tgz", + "integrity": "sha512-H1gYPojO6krWHnUXu/T44DrEun/Wl95PJzMXRcM/szstNQczSbwq6wIFJPI9nyE95tarZfUNU3rgorT+wZ6iCQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-search": { + "version": "5.52.1", + "resolved": "https://registry.npmjs.org/@algolia/client-search/-/client-search-5.52.1.tgz", + "integrity": "sha512-gA8oJOV1LnQQkDf91iebNnFInHuW0gRPEgLSOQ7EfipCEjYTHm5swm1DlH9H5RaRw4RrHuzHBegnlzc0MAstcg==", + "license": "MIT", + "peer": true, + "dependencies": { + "@algolia/client-common": "5.52.1", + "@algolia/requester-browser-xhr": "5.52.1", + "@algolia/requester-fetch": "5.52.1", + "@algolia/requester-node-http": "5.52.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/events": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/@algolia/events/-/events-4.0.1.tgz", + "integrity": "sha512-FQzvOCgoFXAbf5Y6mYozw2aj5KCJoA3m4heImceldzPSMbdyS4atVjJzXKMsfX3wnZTFYwkkt8/z8UesLHlSBQ==", + "license": "MIT" + }, + "node_modules/@algolia/ingestion": { + "version": "1.40.1", + "resolved": "https://registry.npmjs.org/@algolia/ingestion/-/ingestion-1.40.1.tgz", + "integrity": "sha512-z+BPlhs45VURKJIxsR99NNBWpUEEqIgwt10v/fATlNxc4UlXvALdOsWzaFfe89/lbP5Bu4+mbO59nqBC87ZM/g==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1", + "@algolia/requester-browser-xhr": "5.40.1", + "@algolia/requester-fetch": "5.40.1", + "@algolia/requester-node-http": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/ingestion/node_modules/@algolia/client-common": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.40.1.tgz", + "integrity": "sha512-gWfQuQUBtzUboJv/apVGZMoxSaB0M4Imwl1c9Ap+HpCW7V0KhjBddqF2QQt5tJZCOFsfNIgBbZDGsEPaeKUosw==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/ingestion/node_modules/@algolia/requester-browser-xhr": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.40.1.tgz", + "integrity": "sha512-PbidVsPurUSQIr6X9/7s34mgOMdJnn0i6p+N6Ab+lsNhY5eiu+S33kZEpZwkITYBCIbhzDLOvb7xZD3gDi+USA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/ingestion/node_modules/@algolia/requester-fetch": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.40.1.tgz", + "integrity": "sha512-ThZ5j6uOZCF11fMw9IBkhigjOYdXGXQpj6h4k+T9UkZrF2RlKcPynFzDeRgaLdpYk8Yn3/MnFbwUmib7yxj5Lw==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/ingestion/node_modules/@algolia/requester-node-http": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.40.1.tgz", + "integrity": "sha512-H1gYPojO6krWHnUXu/T44DrEun/Wl95PJzMXRcM/szstNQczSbwq6wIFJPI9nyE95tarZfUNU3rgorT+wZ6iCQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/monitoring": { + "version": "1.40.1", + "resolved": "https://registry.npmjs.org/@algolia/monitoring/-/monitoring-1.40.1.tgz", + "integrity": "sha512-VJMUMbO0wD8Rd2VVV/nlFtLJsOAQvjnVNGkMkspFiFhpBA7s/xJOb+fJvvqwKFUjbKTUA7DjiSi1ljSMYBasXg==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1", + "@algolia/requester-browser-xhr": "5.40.1", + "@algolia/requester-fetch": "5.40.1", + "@algolia/requester-node-http": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/monitoring/node_modules/@algolia/client-common": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.40.1.tgz", + "integrity": "sha512-gWfQuQUBtzUboJv/apVGZMoxSaB0M4Imwl1c9Ap+HpCW7V0KhjBddqF2QQt5tJZCOFsfNIgBbZDGsEPaeKUosw==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/monitoring/node_modules/@algolia/requester-browser-xhr": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.40.1.tgz", + "integrity": "sha512-PbidVsPurUSQIr6X9/7s34mgOMdJnn0i6p+N6Ab+lsNhY5eiu+S33kZEpZwkITYBCIbhzDLOvb7xZD3gDi+USA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/monitoring/node_modules/@algolia/requester-fetch": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.40.1.tgz", + "integrity": "sha512-ThZ5j6uOZCF11fMw9IBkhigjOYdXGXQpj6h4k+T9UkZrF2RlKcPynFzDeRgaLdpYk8Yn3/MnFbwUmib7yxj5Lw==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/monitoring/node_modules/@algolia/requester-node-http": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.40.1.tgz", + "integrity": "sha512-H1gYPojO6krWHnUXu/T44DrEun/Wl95PJzMXRcM/szstNQczSbwq6wIFJPI9nyE95tarZfUNU3rgorT+wZ6iCQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/recommend": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/recommend/-/recommend-5.40.1.tgz", + "integrity": "sha512-ehvJLadKVwTp9Scg9NfzVSlBKH34KoWOQNTaN8i1Ac64AnO6iH2apJVSP6GOxssaghZ/s8mFQsDH3QIZoluFHA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1", + "@algolia/requester-browser-xhr": "5.40.1", + "@algolia/requester-fetch": "5.40.1", + "@algolia/requester-node-http": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/recommend/node_modules/@algolia/client-common": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.40.1.tgz", + "integrity": "sha512-gWfQuQUBtzUboJv/apVGZMoxSaB0M4Imwl1c9Ap+HpCW7V0KhjBddqF2QQt5tJZCOFsfNIgBbZDGsEPaeKUosw==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/recommend/node_modules/@algolia/requester-browser-xhr": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.40.1.tgz", + "integrity": "sha512-PbidVsPurUSQIr6X9/7s34mgOMdJnn0i6p+N6Ab+lsNhY5eiu+S33kZEpZwkITYBCIbhzDLOvb7xZD3gDi+USA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/recommend/node_modules/@algolia/requester-fetch": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.40.1.tgz", + "integrity": "sha512-ThZ5j6uOZCF11fMw9IBkhigjOYdXGXQpj6h4k+T9UkZrF2RlKcPynFzDeRgaLdpYk8Yn3/MnFbwUmib7yxj5Lw==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/recommend/node_modules/@algolia/requester-node-http": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.40.1.tgz", + "integrity": "sha512-H1gYPojO6krWHnUXu/T44DrEun/Wl95PJzMXRcM/szstNQczSbwq6wIFJPI9nyE95tarZfUNU3rgorT+wZ6iCQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/requester-browser-xhr": { + "version": "5.52.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.52.1.tgz", + "integrity": "sha512-CI7+/0I11QeZM59Uc8whd2or0kqzFVjpaPn9Qpwll/krHcBAxk24WkAQ6WX+IwDVMfpont4YGbKwAmCre3vE8Q==", + "license": "MIT", + "peer": true, + "dependencies": { + "@algolia/client-common": "5.52.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/requester-fetch": { + "version": "5.52.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.52.1.tgz", + "integrity": "sha512-S6bDuw9byfOvm3T71cgdoZgrgnZq6hpdMLkx52Louh57nUAmvGQESz2aojOynQHjbTiV55smvAFbgn0qT4tJrg==", + "license": "MIT", + "peer": true, + "dependencies": { + "@algolia/client-common": "5.52.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/requester-node-http": { + "version": "5.52.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.52.1.tgz", + "integrity": "sha512-tqZXM+54rWo4mk5jL5Z/flE11nPmNEdXwFBM5py9DkOmbjeCNemfVd45FyM97XdzfZ0dl9uOJC6PYn1FpkeyQg==", + "license": "MIT", + "peer": true, + "dependencies": { + "@algolia/client-common": "5.52.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@babel/code-frame": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz", + "integrity": "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==", + "license": "MIT", + "dependencies": { + "@babel/helper-validator-identifier": "^7.27.1", + "js-tokens": "^4.0.0", + "picocolors": "^1.1.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/compat-data": { + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.28.4.tgz", + "integrity": "sha512-YsmSKC29MJwf0gF8Rjjrg5LQCmyh+j/nD8/eP7f+BeoQTKYqs9RoWbjGOdy0+1Ekr68RJZMUOPVQaQisnIo4Rw==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/core": { + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.4.tgz", + "integrity": "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA==", + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.27.1", + "@babel/generator": "^7.28.3", + "@babel/helper-compilation-targets": "^7.27.2", + "@babel/helper-module-transforms": "^7.28.3", + "@babel/helpers": "^7.28.4", + "@babel/parser": "^7.28.4", + "@babel/template": "^7.27.2", + "@babel/traverse": "^7.28.4", + "@babel/types": "^7.28.4", + "@jridgewell/remapping": "^2.3.5", + "convert-source-map": "^2.0.0", + "debug": "^4.1.0", + "gensync": "^1.0.0-beta.2", + "json5": "^2.2.3", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/babel" + } + }, + "node_modules/@babel/core/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/generator": { + "version": "7.28.3", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.28.3.tgz", + "integrity": "sha512-3lSpxGgvnmZznmBkCRnVREPUFJv2wrv9iAoFDvADJc0ypmdOxdUtcLeBgBJ6zE0PMeTKnxeQzyk0xTBq4Ep7zw==", + "license": "MIT", + "dependencies": { + "@babel/parser": "^7.28.3", + "@babel/types": "^7.28.2", + "@jridgewell/gen-mapping": "^0.3.12", + "@jridgewell/trace-mapping": "^0.3.28", + "jsesc": "^3.0.2" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-annotate-as-pure": { + "version": "7.27.3", + "resolved": "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.27.3.tgz", + "integrity": "sha512-fXSwMQqitTGeHLBC08Eq5yXz2m37E4pJX1qAU1+2cNedz/ifv/bVXft90VeSav5nFO61EcNgwr0aJxbyPaWBPg==", + "license": "MIT", + "dependencies": { + "@babel/types": "^7.27.3" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-compilation-targets": { + "version": "7.27.2", + "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.27.2.tgz", + "integrity": "sha512-2+1thGUUWWjLTYTHZWK1n8Yga0ijBz1XAhUXcKy81rd5g6yh7hGqMp45v7cadSbEHc9G3OTv45SyneRN3ps4DQ==", + "license": "MIT", + "dependencies": { + "@babel/compat-data": "^7.27.2", + "@babel/helper-validator-option": "^7.27.1", + "browserslist": "^4.24.0", + "lru-cache": "^5.1.1", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-compilation-targets/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/helper-create-class-features-plugin": { + "version": "7.28.3", + "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.28.3.tgz", + "integrity": "sha512-V9f6ZFIYSLNEbuGA/92uOvYsGCJNsuA8ESZ4ldc09bWk/j8H8TKiPw8Mk1eG6olpnO0ALHJmYfZvF4MEE4gajg==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.27.3", + "@babel/helper-member-expression-to-functions": "^7.27.1", + "@babel/helper-optimise-call-expression": "^7.27.1", + "@babel/helper-replace-supers": "^7.27.1", + "@babel/helper-skip-transparent-expression-wrappers": "^7.27.1", + "@babel/traverse": "^7.28.3", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-create-class-features-plugin/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/helper-create-regexp-features-plugin": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.27.1.tgz", + "integrity": "sha512-uVDC72XVf8UbrH5qQTc18Agb8emwjTiZrQE11Nv3CuBEZmVvTwwE9CBUEvHku06gQCAyYf8Nv6ja1IN+6LMbxQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.27.1", + "regexpu-core": "^6.2.0", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-create-regexp-features-plugin/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/helper-define-polyfill-provider": { + "version": "0.6.5", + "resolved": "https://registry.npmjs.org/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.6.5.tgz", + "integrity": "sha512-uJnGFcPsWQK8fvjgGP5LZUZZsYGIoPeRjSF5PGwrelYgq7Q15/Ft9NGFp1zglwgIv//W0uG4BevRuSJRyylZPg==", + "license": "MIT", + "dependencies": { + "@babel/helper-compilation-targets": "^7.27.2", + "@babel/helper-plugin-utils": "^7.27.1", + "debug": "^4.4.1", + "lodash.debounce": "^4.0.8", + "resolve": "^1.22.10" + }, + "peerDependencies": { + "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" + } + }, + "node_modules/@babel/helper-globals": { + "version": "7.28.0", + "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz", + "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-member-expression-to-functions": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.27.1.tgz", + "integrity": "sha512-E5chM8eWjTp/aNoVpcbfM7mLxu9XGLWYise2eBKGQomAk/Mb4XoxyqXTZbuTohbsl8EKqdlMhnDI2CCLfcs9wA==", + "license": "MIT", + "dependencies": { + "@babel/traverse": "^7.27.1", + "@babel/types": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-module-imports": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.27.1.tgz", + "integrity": "sha512-0gSFWUPNXNopqtIPQvlD5WgXYI5GY2kP2cCvoT8kczjbfcfuIljTbcWrulD1CIPIX2gt1wghbDy08yE1p+/r3w==", + "license": "MIT", + "dependencies": { + "@babel/traverse": "^7.27.1", + "@babel/types": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-module-transforms": { + "version": "7.28.3", + "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.3.tgz", + "integrity": "sha512-gytXUbs8k2sXS9PnQptz5o0QnpLL51SwASIORY6XaBKF88nsOT0Zw9szLqlSGQDP/4TljBAD5y98p2U1fqkdsw==", + "license": "MIT", + "dependencies": { + "@babel/helper-module-imports": "^7.27.1", + "@babel/helper-validator-identifier": "^7.27.1", + "@babel/traverse": "^7.28.3" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-optimise-call-expression": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.27.1.tgz", + "integrity": "sha512-URMGH08NzYFhubNSGJrpUEphGKQwMQYBySzat5cAByY1/YgIRkULnIy3tAMeszlL/so2HbeilYloUmSpd7GdVw==", + "license": "MIT", + "dependencies": { + "@babel/types": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-plugin-utils": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.27.1.tgz", + "integrity": "sha512-1gn1Up5YXka3YYAHGKpbideQ5Yjf1tDa9qYcgysz+cNCXukyLl6DjPXhD3VRwSb8c0J9tA4b2+rHEZtc6R0tlw==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-remap-async-to-generator": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.27.1.tgz", + "integrity": "sha512-7fiA521aVw8lSPeI4ZOD3vRFkoqkJcS+z4hFo82bFSH/2tNd6eJ5qCVMS5OzDmZh/kaHQeBaeyxK6wljcPtveA==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.27.1", + "@babel/helper-wrap-function": "^7.27.1", + "@babel/traverse": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-replace-supers": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.27.1.tgz", + "integrity": "sha512-7EHz6qDZc8RYS5ElPoShMheWvEgERonFCs7IAonWLLUTXW59DP14bCZt89/GKyreYn8g3S83m21FelHKbeDCKA==", + "license": "MIT", + "dependencies": { + "@babel/helper-member-expression-to-functions": "^7.27.1", + "@babel/helper-optimise-call-expression": "^7.27.1", + "@babel/traverse": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-skip-transparent-expression-wrappers": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.27.1.tgz", + "integrity": "sha512-Tub4ZKEXqbPjXgWLl2+3JpQAYBJ8+ikpQ2Ocj/q/r0LwE3UhENh7EUabyHjz2kCEsrRY83ew2DQdHluuiDQFzg==", + "license": "MIT", + "dependencies": { + "@babel/traverse": "^7.27.1", + "@babel/types": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-string-parser": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz", + "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-identifier": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.27.1.tgz", + "integrity": "sha512-D2hP9eA+Sqx1kBZgzxZh0y1trbuU+JoDkiEwqhQ36nodYqJwyEIhPSdMNd7lOm/4io72luTPWH20Yda0xOuUow==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-option": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz", + "integrity": "sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-wrap-function": { + "version": "7.28.3", + "resolved": "https://registry.npmjs.org/@babel/helper-wrap-function/-/helper-wrap-function-7.28.3.tgz", + "integrity": "sha512-zdf983tNfLZFletc0RRXYrHrucBEg95NIFMkn6K9dbeMYnsgHaSBGcQqdsCSStG2PYwRre0Qc2NNSCXbG+xc6g==", + "license": "MIT", + "dependencies": { + "@babel/template": "^7.27.2", + "@babel/traverse": "^7.28.3", + "@babel/types": "^7.28.2" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helpers": { + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.28.4.tgz", + "integrity": "sha512-HFN59MmQXGHVyYadKLVumYsA9dBFun/ldYxipEjzA4196jpLZd8UjEEBLkbEkvfYreDqJhZxYAWFPtrfhNpj4w==", + "license": "MIT", + "dependencies": { + "@babel/template": "^7.27.2", + "@babel/types": "^7.28.4" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/parser": { + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.4.tgz", + "integrity": "sha512-yZbBqeM6TkpP9du/I2pUZnJsRMGGvOuIrhjzC1AwHwW+6he4mni6Bp/m8ijn0iOuZuPI2BfkCoSRunpyjnrQKg==", + "license": "MIT", + "dependencies": { + "@babel/types": "^7.28.4" + }, + "bin": { + "parser": "bin/babel-parser.js" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@babel/plugin-bugfix-firefox-class-in-computed-class-key": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.27.1.tgz", + "integrity": "sha512-QPG3C9cCVRQLxAVwmefEmwdTanECuUBMQZ/ym5kiw3XKCGA7qkuQLcjWWHcrD/GKbn/WmJwaezfuuAOcyKlRPA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/traverse": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-bugfix-safari-class-field-initializer-scope": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-safari-class-field-initializer-scope/-/plugin-bugfix-safari-class-field-initializer-scope-7.27.1.tgz", + "integrity": "sha512-qNeq3bCKnGgLkEXUuFry6dPlGfCdQNZbn7yUAPCInwAJHMU7THJfrBSozkcWq5sNM6RcF3S8XyQL2A52KNR9IA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.27.1.tgz", + "integrity": "sha512-g4L7OYun04N1WyqMNjldFwlfPCLVkgB54A/YCXICZYBsvJJE3kByKv9c9+R/nAfmIfjl2rKYLNyMHboYbZaWaA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.27.1.tgz", + "integrity": "sha512-oO02gcONcD5O1iTLi/6frMJBIwWEHceWGSGqrpCmEL8nogiS6J9PBlE48CaK20/Jx1LuRml9aDftLgdjXT8+Cw==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-skip-transparent-expression-wrappers": "^7.27.1", + "@babel/plugin-transform-optional-chaining": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.13.0" + } + }, + "node_modules/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": { + "version": "7.28.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.28.3.tgz", + "integrity": "sha512-b6YTX108evsvE4YgWyQ921ZAFFQm3Bn+CA3+ZXlNVnPhx+UfsVURoPjfGAPCjBgrqo30yX/C2nZGX96DxvR9Iw==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/traverse": "^7.28.3" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-proposal-private-property-in-object": { + "version": "7.21.0-placeholder-for-preset-env.2", + "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0-placeholder-for-preset-env.2.tgz", + "integrity": "sha512-SOSkfJDddaM7mak6cPEpswyTRnuRltl429hMraQEglW+OkovnCzsiszTmsrlY//qLFjCpQDFRvjdm2wA5pPm9w==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-dynamic-import": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-dynamic-import/-/plugin-syntax-dynamic-import-7.8.3.tgz", + "integrity": "sha512-5gdGbFon+PszYzqs83S3E5mpi7/y/8M9eC90MRTZfduQOYW76ig6SOSPNe41IG5LoP3FGBn2N0RjVDSQiS94kQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-import-assertions": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.27.1.tgz", + "integrity": "sha512-UT/Jrhw57xg4ILHLFnzFpPDlMbcdEicaAtjPQpbj9wa8T4r5KVWCimHcL/460g8Ht0DMxDyjsLgiWSkVjnwPFg==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-import-attributes": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.27.1.tgz", + "integrity": "sha512-oFT0FrKHgF53f4vOsZGi2Hh3I35PfSmVs4IBFLFj4dnafP+hIWDLg3VyKmUHfLoLHlyxY4C7DGtmHuJgn+IGww==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-jsx": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.27.1.tgz", + "integrity": "sha512-y8YTNIeKoyhGd9O0Jiyzyyqk8gdjnumGTQPsz0xOZOQ2RmkVJeZ1vmmfIvFEKqucBG6axJGBZDE/7iI5suUI/w==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-typescript": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.27.1.tgz", + "integrity": "sha512-xfYCBMxveHrRMnAWl1ZlPXOZjzkN82THFvLhQhFXFt81Z5HnN+EtUkZhv/zcKpmT3fzmWZB0ywiBrbC3vogbwQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-unicode-sets-regex": { + "version": "7.18.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-unicode-sets-regex/-/plugin-syntax-unicode-sets-regex-7.18.6.tgz", + "integrity": "sha512-727YkEAPwSIQTv5im8QHz3upqp92JTWhidIC81Tdx4VJYIte/VndKf1qKrfnnhPLiPghStWfvC/iFaMCQu7Nqg==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.18.6", + "@babel/helper-plugin-utils": "^7.18.6" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-transform-arrow-functions": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.27.1.tgz", + "integrity": "sha512-8Z4TGic6xW70FKThA5HYEKKyBpOOsucTOD1DjU3fZxDg+K3zBJcXMFnt/4yQiZnf5+MiOMSXQ9PaEK/Ilh1DeA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-async-generator-functions": { + "version": "7.28.0", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.28.0.tgz", + "integrity": "sha512-BEOdvX4+M765icNPZeidyADIvQ1m1gmunXufXxvRESy/jNNyfovIqUyE7MVgGBjWktCoJlzvFA1To2O4ymIO3Q==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-remap-async-to-generator": "^7.27.1", + "@babel/traverse": "^7.28.0" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-async-to-generator": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.27.1.tgz", + "integrity": "sha512-NREkZsZVJS4xmTr8qzE5y8AfIPqsdQfRuUiLRTEzb7Qii8iFWCyDKaUV2c0rCuh4ljDZ98ALHP/PetiBV2nddA==", + "license": "MIT", + "dependencies": { + "@babel/helper-module-imports": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-remap-async-to-generator": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-block-scoped-functions": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.27.1.tgz", + "integrity": "sha512-cnqkuOtZLapWYZUYM5rVIdv1nXYuFVIltZ6ZJ7nIj585QsjKM5dhL2Fu/lICXZ1OyIAFc7Qy+bvDAtTXqGrlhg==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-block-scoping": { + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.28.4.tgz", + "integrity": "sha512-1yxmvN0MJHOhPVmAsmoW5liWwoILobu/d/ShymZmj867bAdxGbehIrew1DuLpw2Ukv+qDSSPQdYW1dLNE7t11A==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-class-properties": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.27.1.tgz", + "integrity": "sha512-D0VcalChDMtuRvJIu3U/fwWjf8ZMykz5iZsg77Nuj821vCKI3zCyRLwRdWbsuJ/uRwZhZ002QtCqIkwC/ZkvbA==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-class-features-plugin": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-class-static-block": { + "version": "7.28.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.28.3.tgz", + "integrity": "sha512-LtPXlBbRoc4Njl/oh1CeD/3jC+atytbnf/UqLoqTDcEYGUPj022+rvfkbDYieUrSj3CaV4yHDByPE+T2HwfsJg==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-class-features-plugin": "^7.28.3", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.12.0" + } + }, + "node_modules/@babel/plugin-transform-classes": { + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.28.4.tgz", + "integrity": "sha512-cFOlhIYPBv/iBoc+KS3M6et2XPtbT2HiCRfBXWtfpc9OAyostldxIf9YAYB6ypURBBbx+Qv6nyrLzASfJe+hBA==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.27.3", + "@babel/helper-compilation-targets": "^7.27.2", + "@babel/helper-globals": "^7.28.0", + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-replace-supers": "^7.27.1", + "@babel/traverse": "^7.28.4" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-computed-properties": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.27.1.tgz", + "integrity": "sha512-lj9PGWvMTVksbWiDT2tW68zGS/cyo4AkZ/QTp0sQT0mjPopCmrSkzxeXkznjqBxzDI6TclZhOJbBmbBLjuOZUw==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/template": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-destructuring": { + "version": "7.28.0", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.28.0.tgz", + "integrity": "sha512-v1nrSMBiKcodhsyJ4Gf+Z0U/yawmJDBOTpEB3mcQY52r9RIyPneGyAS/yM6seP/8I+mWI3elOMtT5dB8GJVs+A==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/traverse": "^7.28.0" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-dotall-regex": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.27.1.tgz", + "integrity": "sha512-gEbkDVGRvjj7+T1ivxrfgygpT7GUd4vmODtYpbs0gZATdkX8/iSnOtZSxiZnsgm1YjTgjI6VKBGSJJevkrclzw==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-duplicate-keys": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.27.1.tgz", + "integrity": "sha512-MTyJk98sHvSs+cvZ4nOauwTTG1JeonDjSGvGGUNHreGQns+Mpt6WX/dVzWBHgg+dYZhkC4X+zTDfkTU+Vy9y7Q==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-duplicate-named-capturing-groups-regex": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-named-capturing-groups-regex/-/plugin-transform-duplicate-named-capturing-groups-regex-7.27.1.tgz", + "integrity": "sha512-hkGcueTEzuhB30B3eJCbCYeCaaEQOmQR0AdvzpD4LoN0GXMWzzGSuRrxR2xTnCrvNbVwK9N6/jQ92GSLfiZWoQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-transform-dynamic-import": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.27.1.tgz", + "integrity": "sha512-MHzkWQcEmjzzVW9j2q8LGjwGWpG2mjwaaB0BNQwst3FIjqsg8Ct/mIZlvSPJvfi9y2AC8mi/ktxbFVL9pZ1I4A==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-explicit-resource-management": { + "version": "7.28.0", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-explicit-resource-management/-/plugin-transform-explicit-resource-management-7.28.0.tgz", + "integrity": "sha512-K8nhUcn3f6iB+P3gwCv/no7OdzOZQcKchW6N389V6PD8NUWKZHzndOd9sPDVbMoBsbmjMqlB4L9fm+fEFNVlwQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/plugin-transform-destructuring": "^7.28.0" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-exponentiation-operator": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.27.1.tgz", + "integrity": "sha512-uspvXnhHvGKf2r4VVtBpeFnuDWsJLQ6MF6lGJLC89jBR1uoVeqM416AZtTuhTezOfgHicpJQmoD5YUakO/YmXQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-export-namespace-from": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.27.1.tgz", + "integrity": "sha512-tQvHWSZ3/jH2xuq/vZDy0jNn+ZdXJeM8gHvX4lnJmsc3+50yPlWdZXIc5ay+umX+2/tJIqHqiEqcJvxlmIvRvQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-for-of": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.27.1.tgz", + "integrity": "sha512-BfbWFFEJFQzLCQ5N8VocnCtA8J1CLkNTe2Ms2wocj75dd6VpiqS5Z5quTYcUoo4Yq+DN0rtikODccuv7RU81sw==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-skip-transparent-expression-wrappers": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-function-name": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.27.1.tgz", + "integrity": "sha512-1bQeydJF9Nr1eBCMMbC+hdwmRlsv5XYOMu03YSWFwNs0HsAmtSxxF1fyuYPqemVldVyFmlCU7w8UE14LupUSZQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-compilation-targets": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/traverse": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-json-strings": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.27.1.tgz", + "integrity": "sha512-6WVLVJiTjqcQauBhn1LkICsR2H+zm62I3h9faTDKt1qP4jn2o72tSvqMwtGFKGTpojce0gJs+76eZ2uCHRZh0Q==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-literals": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-literals/-/plugin-transform-literals-7.27.1.tgz", + "integrity": "sha512-0HCFSepIpLTkLcsi86GG3mTUzxV5jpmbv97hTETW3yzrAij8aqlD36toB1D0daVFJM8NK6GvKO0gslVQmm+zZA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-logical-assignment-operators": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.27.1.tgz", + "integrity": "sha512-SJvDs5dXxiae4FbSL1aBJlG4wvl594N6YEVVn9e3JGulwioy6z3oPjx/sQBO3Y4NwUu5HNix6KJ3wBZoewcdbw==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-member-expression-literals": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.27.1.tgz", + "integrity": "sha512-hqoBX4dcZ1I33jCSWcXrP+1Ku7kdqXf1oeah7ooKOIiAdKQ+uqftgCFNOSzA5AMS2XIHEYeGFg4cKRCdpxzVOQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-modules-amd": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.27.1.tgz", + "integrity": "sha512-iCsytMg/N9/oFq6n+gFTvUYDZQOMK5kEdeYxmxt91fcJGycfxVP9CnrxoliM0oumFERba2i8ZtwRUCMhvP1LnA==", + "license": "MIT", + "dependencies": { + "@babel/helper-module-transforms": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-modules-commonjs": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.27.1.tgz", + "integrity": "sha512-OJguuwlTYlN0gBZFRPqwOGNWssZjfIUdS7HMYtN8c1KmwpwHFBwTeFZrg9XZa+DFTitWOW5iTAG7tyCUPsCCyw==", + "license": "MIT", + "dependencies": { + "@babel/helper-module-transforms": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-modules-systemjs": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.27.1.tgz", + "integrity": "sha512-w5N1XzsRbc0PQStASMksmUeqECuzKuTJer7kFagK8AXgpCMkeDMO5S+aaFb7A51ZYDF7XI34qsTX+fkHiIm5yA==", + "license": "MIT", + "dependencies": { + "@babel/helper-module-transforms": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-validator-identifier": "^7.27.1", + "@babel/traverse": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-modules-umd": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.27.1.tgz", + "integrity": "sha512-iQBE/xC5BV1OxJbp6WG7jq9IWiD+xxlZhLrdwpPkTX3ydmXdvoCpyfJN7acaIBZaOqTfr76pgzqBJflNbeRK+w==", + "license": "MIT", + "dependencies": { + "@babel/helper-module-transforms": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-named-capturing-groups-regex": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.27.1.tgz", + "integrity": "sha512-SstR5JYy8ddZvD6MhV0tM/j16Qds4mIpJTOd1Yu9J9pJjH93bxHECF7pgtc28XvkzTD6Pxcm/0Z73Hvk7kb3Ng==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-transform-new-target": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.27.1.tgz", + "integrity": "sha512-f6PiYeqXQ05lYq3TIfIDu/MtliKUbNwkGApPUvyo6+tc7uaR4cPjPe7DFPr15Uyycg2lZU6btZ575CuQoYh7MQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-nullish-coalescing-operator": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.27.1.tgz", + "integrity": "sha512-aGZh6xMo6q9vq1JGcw58lZ1Z0+i0xB2x0XaauNIUXd6O1xXc3RwoWEBlsTQrY4KQ9Jf0s5rgD6SiNkaUdJegTA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-numeric-separator": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.27.1.tgz", + "integrity": "sha512-fdPKAcujuvEChxDBJ5c+0BTaS6revLV7CJL08e4m3de8qJfNIuCc2nc7XJYOjBoTMJeqSmwXJ0ypE14RCjLwaw==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-object-rest-spread": { + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.28.4.tgz", + "integrity": "sha512-373KA2HQzKhQCYiRVIRr+3MjpCObqzDlyrM6u4I201wL8Mp2wHf7uB8GhDwis03k2ti8Zr65Zyyqs1xOxUF/Ew==", + "license": "MIT", + "dependencies": { + "@babel/helper-compilation-targets": "^7.27.2", + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/plugin-transform-destructuring": "^7.28.0", + "@babel/plugin-transform-parameters": "^7.27.7", + "@babel/traverse": "^7.28.4" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-object-super": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.27.1.tgz", + "integrity": "sha512-SFy8S9plRPbIcxlJ8A6mT/CxFdJx/c04JEctz4jf8YZaVS2px34j7NXRrlGlHkN/M2gnpL37ZpGRGVFLd3l8Ng==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-replace-supers": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-optional-catch-binding": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.27.1.tgz", + "integrity": "sha512-txEAEKzYrHEX4xSZN4kJ+OfKXFVSWKB2ZxM9dpcE3wT7smwkNmXo5ORRlVzMVdJbD+Q8ILTgSD7959uj+3Dm3Q==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-optional-chaining": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.27.1.tgz", + "integrity": "sha512-BQmKPPIuc8EkZgNKsv0X4bPmOoayeu4F1YCwx2/CfmDSXDbp7GnzlUH+/ul5VGfRg1AoFPsrIThlEBj2xb4CAg==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-skip-transparent-expression-wrappers": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-parameters": { + "version": "7.27.7", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.27.7.tgz", + "integrity": "sha512-qBkYTYCb76RRxUM6CcZA5KRu8K4SM8ajzVeUgVdMVO9NN9uI/GaVmBg/WKJJGnNokV9SY8FxNOVWGXzqzUidBg==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-private-methods": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.27.1.tgz", + "integrity": "sha512-10FVt+X55AjRAYI9BrdISN9/AQWHqldOeZDUoLyif1Kn05a56xVBXb8ZouL8pZ9jem8QpXaOt8TS7RHUIS+GPA==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-class-features-plugin": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-private-property-in-object": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.27.1.tgz", + "integrity": "sha512-5J+IhqTi1XPa0DXF83jYOaARrX+41gOewWbkPyjMNRDqgOCqdffGh8L3f/Ek5utaEBZExjSAzcyjmV9SSAWObQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.27.1", + "@babel/helper-create-class-features-plugin": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-property-literals": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.27.1.tgz", + "integrity": "sha512-oThy3BCuCha8kDZ8ZkgOg2exvPYUlprMukKQXI1r1pJ47NCvxfkEy8vK+r/hT9nF0Aa4H1WUPZZjHTFtAhGfmQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-react-constant-elements": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-constant-elements/-/plugin-transform-react-constant-elements-7.27.1.tgz", + "integrity": "sha512-edoidOjl/ZxvYo4lSBOQGDSyToYVkTAwyVoa2tkuYTSmjrB1+uAedoL5iROVLXkxH+vRgA7uP4tMg2pUJpZ3Ug==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-react-display-name": { + "version": "7.28.0", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.28.0.tgz", + "integrity": "sha512-D6Eujc2zMxKjfa4Zxl4GHMsmhKKZ9VpcqIchJLvwTxad9zWIYulwYItBovpDOoNLISpcZSXoDJ5gaGbQUDqViA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-react-jsx": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.27.1.tgz", + "integrity": "sha512-2KH4LWGSrJIkVf5tSiBFYuXDAoWRq2MMwgivCf+93dd0GQi8RXLjKA/0EvRnVV5G0hrHczsquXuD01L8s6dmBw==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.27.1", + "@babel/helper-module-imports": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/plugin-syntax-jsx": "^7.27.1", + "@babel/types": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-react-jsx-development": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.27.1.tgz", + "integrity": "sha512-ykDdF5yI4f1WrAolLqeF3hmYU12j9ntLQl/AOG1HAS21jxyg1Q0/J/tpREuYLfatGdGmXp/3yS0ZA76kOlVq9Q==", + "license": "MIT", + "dependencies": { + "@babel/plugin-transform-react-jsx": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-react-pure-annotations": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.27.1.tgz", + "integrity": "sha512-JfuinvDOsD9FVMTHpzA/pBLisxpv1aSf+OIV8lgH3MuWrks19R27e6a6DipIg4aX1Zm9Wpb04p8wljfKrVSnPA==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-regenerator": { + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.28.4.tgz", + "integrity": "sha512-+ZEdQlBoRg9m2NnzvEeLgtvBMO4tkFBw5SQIUgLICgTrumLoU7lr+Oghi6km2PFj+dbUt2u1oby2w3BDO9YQnA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-regexp-modifiers": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regexp-modifiers/-/plugin-transform-regexp-modifiers-7.27.1.tgz", + "integrity": "sha512-TtEciroaiODtXvLZv4rmfMhkCv8jx3wgKpL68PuiPh2M4fvz5jhsA7697N1gMvkvr/JTF13DrFYyEbY9U7cVPA==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-transform-reserved-words": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.27.1.tgz", + "integrity": "sha512-V2ABPHIJX4kC7HegLkYoDpfg9PVmuWy/i6vUM5eGK22bx4YVFD3M5F0QQnWQoDs6AGsUWTVOopBiMFQgHaSkVw==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-runtime": { + "version": "7.28.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.28.3.tgz", + "integrity": "sha512-Y6ab1kGqZ0u42Zv/4a7l0l72n9DKP/MKoKWaUSBylrhNZO2prYuqFOLbn5aW5SIFXwSH93yfjbgllL8lxuGKLg==", + "license": "MIT", + "dependencies": { + "@babel/helper-module-imports": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1", + "babel-plugin-polyfill-corejs2": "^0.4.14", + "babel-plugin-polyfill-corejs3": "^0.13.0", + "babel-plugin-polyfill-regenerator": "^0.6.5", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-runtime/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/plugin-transform-shorthand-properties": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.27.1.tgz", + "integrity": "sha512-N/wH1vcn4oYawbJ13Y/FxcQrWk63jhfNa7jef0ih7PHSIHX2LB7GWE1rkPrOnka9kwMxb6hMl19p7lidA+EHmQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-spread": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.27.1.tgz", + "integrity": "sha512-kpb3HUqaILBJcRFVhFUs6Trdd4mkrzcGXss+6/mxUd273PfbWqSDHRzMT2234gIg2QYfAjvXLSquP1xECSg09Q==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-skip-transparent-expression-wrappers": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-sticky-regex": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.27.1.tgz", + "integrity": "sha512-lhInBO5bi/Kowe2/aLdBAawijx+q1pQzicSgnkB6dUPc1+RC8QmJHKf2OjvU+NZWitguJHEaEmbV6VWEouT58g==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-template-literals": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.27.1.tgz", + "integrity": "sha512-fBJKiV7F2DxZUkg5EtHKXQdbsbURW3DZKQUWphDum0uRP6eHGGa/He9mc0mypL680pb+e/lDIthRohlv8NCHkg==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-typeof-symbol": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.27.1.tgz", + "integrity": "sha512-RiSILC+nRJM7FY5srIyc4/fGIwUhyDuuBSdWn4y6yT6gm652DpCHZjIipgn6B7MQ1ITOUnAKWixEUjQRIBIcLw==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-typescript": { + "version": "7.28.0", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.28.0.tgz", + "integrity": "sha512-4AEiDEBPIZvLQaWlc9liCavE0xRM0dNca41WtBeM3jgFptfUOSG9z0uteLhq6+3rq+WB6jIvUwKDTpXEHPJ2Vg==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.27.3", + "@babel/helper-create-class-features-plugin": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-skip-transparent-expression-wrappers": "^7.27.1", + "@babel/plugin-syntax-typescript": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-unicode-escapes": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.27.1.tgz", + "integrity": "sha512-Ysg4v6AmF26k9vpfFuTZg8HRfVWzsh1kVfowA23y9j/Gu6dOuahdUVhkLqpObp3JIv27MLSii6noRnuKN8H0Mg==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-unicode-property-regex": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.27.1.tgz", + "integrity": "sha512-uW20S39PnaTImxp39O5qFlHLS9LJEmANjMG7SxIhap8rCHqu0Ik+tLEPX5DKmHn6CsWQ7j3lix2tFOa5YtL12Q==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-unicode-regex": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.27.1.tgz", + "integrity": "sha512-xvINq24TRojDuyt6JGtHmkVkrfVV3FPT16uytxImLeBZqW3/H52yN+kM1MGuyPkIQxrzKwPHs5U/MP3qKyzkGw==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-unicode-sets-regex": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.27.1.tgz", + "integrity": "sha512-EtkOujbc4cgvb0mlpQefi4NTPBzhSIevblFevACNLUspmrALgmEBdL/XfnyyITfd8fKBZrZys92zOWcik7j9Tw==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.27.1", + "@babel/helper-plugin-utils": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/preset-env": { + "version": "7.28.3", + "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.28.3.tgz", + "integrity": "sha512-ROiDcM+GbYVPYBOeCR6uBXKkQpBExLl8k9HO1ygXEyds39j+vCCsjmj7S8GOniZQlEs81QlkdJZe76IpLSiqpg==", + "license": "MIT", + "dependencies": { + "@babel/compat-data": "^7.28.0", + "@babel/helper-compilation-targets": "^7.27.2", + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-validator-option": "^7.27.1", + "@babel/plugin-bugfix-firefox-class-in-computed-class-key": "^7.27.1", + "@babel/plugin-bugfix-safari-class-field-initializer-scope": "^7.27.1", + "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": "^7.27.1", + "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": "^7.27.1", + "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": "^7.28.3", + "@babel/plugin-proposal-private-property-in-object": "7.21.0-placeholder-for-preset-env.2", + "@babel/plugin-syntax-import-assertions": "^7.27.1", + "@babel/plugin-syntax-import-attributes": "^7.27.1", + "@babel/plugin-syntax-unicode-sets-regex": "^7.18.6", + "@babel/plugin-transform-arrow-functions": "^7.27.1", + "@babel/plugin-transform-async-generator-functions": "^7.28.0", + "@babel/plugin-transform-async-to-generator": "^7.27.1", + "@babel/plugin-transform-block-scoped-functions": "^7.27.1", + "@babel/plugin-transform-block-scoping": "^7.28.0", + "@babel/plugin-transform-class-properties": "^7.27.1", + "@babel/plugin-transform-class-static-block": "^7.28.3", + "@babel/plugin-transform-classes": "^7.28.3", + "@babel/plugin-transform-computed-properties": "^7.27.1", + "@babel/plugin-transform-destructuring": "^7.28.0", + "@babel/plugin-transform-dotall-regex": "^7.27.1", + "@babel/plugin-transform-duplicate-keys": "^7.27.1", + "@babel/plugin-transform-duplicate-named-capturing-groups-regex": "^7.27.1", + "@babel/plugin-transform-dynamic-import": "^7.27.1", + "@babel/plugin-transform-explicit-resource-management": "^7.28.0", + "@babel/plugin-transform-exponentiation-operator": "^7.27.1", + "@babel/plugin-transform-export-namespace-from": "^7.27.1", + "@babel/plugin-transform-for-of": "^7.27.1", + "@babel/plugin-transform-function-name": "^7.27.1", + "@babel/plugin-transform-json-strings": "^7.27.1", + "@babel/plugin-transform-literals": "^7.27.1", + "@babel/plugin-transform-logical-assignment-operators": "^7.27.1", + "@babel/plugin-transform-member-expression-literals": "^7.27.1", + "@babel/plugin-transform-modules-amd": "^7.27.1", + "@babel/plugin-transform-modules-commonjs": "^7.27.1", + "@babel/plugin-transform-modules-systemjs": "^7.27.1", + "@babel/plugin-transform-modules-umd": "^7.27.1", + "@babel/plugin-transform-named-capturing-groups-regex": "^7.27.1", + "@babel/plugin-transform-new-target": "^7.27.1", + "@babel/plugin-transform-nullish-coalescing-operator": "^7.27.1", + "@babel/plugin-transform-numeric-separator": "^7.27.1", + "@babel/plugin-transform-object-rest-spread": "^7.28.0", + "@babel/plugin-transform-object-super": "^7.27.1", + "@babel/plugin-transform-optional-catch-binding": "^7.27.1", + "@babel/plugin-transform-optional-chaining": "^7.27.1", + "@babel/plugin-transform-parameters": "^7.27.7", + "@babel/plugin-transform-private-methods": "^7.27.1", + "@babel/plugin-transform-private-property-in-object": "^7.27.1", + "@babel/plugin-transform-property-literals": "^7.27.1", + "@babel/plugin-transform-regenerator": "^7.28.3", + "@babel/plugin-transform-regexp-modifiers": "^7.27.1", + "@babel/plugin-transform-reserved-words": "^7.27.1", + "@babel/plugin-transform-shorthand-properties": "^7.27.1", + "@babel/plugin-transform-spread": "^7.27.1", + "@babel/plugin-transform-sticky-regex": "^7.27.1", + "@babel/plugin-transform-template-literals": "^7.27.1", + "@babel/plugin-transform-typeof-symbol": "^7.27.1", + "@babel/plugin-transform-unicode-escapes": "^7.27.1", + "@babel/plugin-transform-unicode-property-regex": "^7.27.1", + "@babel/plugin-transform-unicode-regex": "^7.27.1", + "@babel/plugin-transform-unicode-sets-regex": "^7.27.1", + "@babel/preset-modules": "0.1.6-no-external-plugins", + "babel-plugin-polyfill-corejs2": "^0.4.14", + "babel-plugin-polyfill-corejs3": "^0.13.0", + "babel-plugin-polyfill-regenerator": "^0.6.5", + "core-js-compat": "^3.43.0", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/preset-env/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/preset-modules": { + "version": "0.1.6-no-external-plugins", + "resolved": "https://registry.npmjs.org/@babel/preset-modules/-/preset-modules-0.1.6-no-external-plugins.tgz", + "integrity": "sha512-HrcgcIESLm9aIR842yhJ5RWan/gebQUJ6E/E5+rf0y9o6oj7w0Br+sWuL6kEQ/o/AdfvR1Je9jG18/gnpwjEyA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.0.0", + "@babel/types": "^7.4.4", + "esutils": "^2.0.2" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0 || ^8.0.0-0 <8.0.0" + } + }, + "node_modules/@babel/preset-react": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/preset-react/-/preset-react-7.27.1.tgz", + "integrity": "sha512-oJHWh2gLhU9dW9HHr42q0cI0/iHHXTLGe39qvpAZZzagHy0MzYLCnCVV0symeRvzmjHyVU7mw2K06E6u/JwbhA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-validator-option": "^7.27.1", + "@babel/plugin-transform-react-display-name": "^7.27.1", + "@babel/plugin-transform-react-jsx": "^7.27.1", + "@babel/plugin-transform-react-jsx-development": "^7.27.1", + "@babel/plugin-transform-react-pure-annotations": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/preset-typescript": { + "version": "7.27.1", + "resolved": "https://registry.npmjs.org/@babel/preset-typescript/-/preset-typescript-7.27.1.tgz", + "integrity": "sha512-l7WfQfX0WK4M0v2RudjuQK4u99BS6yLHYEmdtVPP7lKV013zr9DygFuWNlnbvQ9LR+LS0Egz/XAvGx5U9MX0fQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.27.1", + "@babel/helper-validator-option": "^7.27.1", + "@babel/plugin-syntax-jsx": "^7.27.1", + "@babel/plugin-transform-modules-commonjs": "^7.27.1", + "@babel/plugin-transform-typescript": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/runtime": { + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.28.4.tgz", + "integrity": "sha512-Q/N6JNWvIvPnLDvjlE1OUBLPQHH6l3CltCEsHIujp45zQUSSh8K+gHnaEX45yAT1nyngnINhvWtzN+Nb9D8RAQ==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/runtime-corejs3": { + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.28.4.tgz", + "integrity": "sha512-h7iEYiW4HebClDEhtvFObtPmIvrd1SSfpI9EhOeKk4CtIK/ngBWFpuhCzhdmRKtg71ylcue+9I6dv54XYO1epQ==", + "license": "MIT", + "dependencies": { + "core-js-pure": "^3.43.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/template": { + "version": "7.27.2", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.2.tgz", + "integrity": "sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw==", + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.27.1", + "@babel/parser": "^7.27.2", + "@babel/types": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/traverse": { + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.28.4.tgz", + "integrity": "sha512-YEzuboP2qvQavAcjgQNVgsvHIDv6ZpwXvcvjmyySP2DIMuByS/6ioU5G9pYrWHM6T2YDfc7xga9iNzYOs12CFQ==", + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.27.1", + "@babel/generator": "^7.28.3", + "@babel/helper-globals": "^7.28.0", + "@babel/parser": "^7.28.4", + "@babel/template": "^7.27.2", + "@babel/types": "^7.28.4", + "debug": "^4.3.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/types": { + "version": "7.28.4", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.4.tgz", + "integrity": "sha512-bkFqkLhh3pMBUQQkpVgWDWq/lqzc2678eUyDlTBhRqhCHFguYYGM0Efga7tYk4TogG/3x0EEl66/OQ+WGbWB/Q==", + "license": "MIT", + "dependencies": { + "@babel/helper-string-parser": "^7.27.1", + "@babel/helper-validator-identifier": "^7.27.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@colors/colors": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz", + "integrity": "sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==", + "license": "MIT", + "optional": true, + "engines": { + "node": ">=0.1.90" + } + }, + "node_modules/@csstools/cascade-layer-name-parser": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@csstools/cascade-layer-name-parser/-/cascade-layer-name-parser-2.0.5.tgz", + "integrity": "sha512-p1ko5eHgV+MgXFVa4STPKpvPxr6ReS8oS2jzTukjR74i5zJNyWO1ZM1m8YKBXnzDKWfBN1ztLYlHxbVemDD88A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4" + } + }, + "node_modules/@csstools/color-helpers": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/@csstools/color-helpers/-/color-helpers-5.1.0.tgz", + "integrity": "sha512-S11EXWJyy0Mz5SYvRmY8nJYTFFd1LCNV+7cXyAgQtOOuzb4EsgfqDufL+9esx72/eLhsRdGZwaldu/h+E4t4BA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + } + }, + "node_modules/@csstools/css-calc": { + "version": "2.1.4", + "resolved": "https://registry.npmjs.org/@csstools/css-calc/-/css-calc-2.1.4.tgz", + "integrity": "sha512-3N8oaj+0juUw/1H3YwmDDJXCgTB1gKU6Hc/bB502u9zR0q2vd786XJH9QfrKIEgFlZmhZiq6epXl4rHqhzsIgQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4" + } + }, + "node_modules/@csstools/css-color-parser": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@csstools/css-color-parser/-/css-color-parser-3.1.0.tgz", + "integrity": "sha512-nbtKwh3a6xNVIp/VRuXV64yTKnb1IjTAEEh3irzS+HkKjAOYLTGNb9pmVNntZ8iVBHcWDA2Dof0QtPgFI1BaTA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "@csstools/color-helpers": "^5.1.0", + "@csstools/css-calc": "^2.1.4" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4" + } + }, + "node_modules/@csstools/css-parser-algorithms": { + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-3.0.5.tgz", + "integrity": "sha512-DaDeUkXZKjdGhgYaHNJTV9pV7Y9B3b644jCLs9Upc3VeNGg6LWARAT6O+Q+/COo+2gg/bM5rhpMAtf70WqfBdQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "@csstools/css-tokenizer": "^3.0.4" + } + }, + "node_modules/@csstools/css-tokenizer": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-3.0.4.tgz", + "integrity": "sha512-Vd/9EVDiu6PPJt9yAh6roZP6El1xHrdvIVGjyBsHR0RYwNHgL7FJPyIIW4fANJNG6FtyZfvlRPpFI4ZM/lubvw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "engines": { + "node": ">=18" + } + }, + "node_modules/@csstools/media-query-list-parser": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/@csstools/media-query-list-parser/-/media-query-list-parser-4.0.3.tgz", + "integrity": "sha512-HAYH7d3TLRHDOUQK4mZKf9k9Ph/m8Akstg66ywKR4SFAigjs3yBiUeZtFxywiTm5moZMAp/5W/ZuFnNXXYLuuQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4" + } + }, + "node_modules/@csstools/postcss-alpha-function": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@csstools/postcss-alpha-function/-/postcss-alpha-function-1.0.1.tgz", + "integrity": "sha512-isfLLwksH3yHkFXfCI2Gcaqg7wGGHZZwunoJzEZk0yKYIokgre6hYVFibKL3SYAoR1kBXova8LB+JoO5vZzi9w==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.1.0", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-cascade-layers": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/@csstools/postcss-cascade-layers/-/postcss-cascade-layers-5.0.2.tgz", + "integrity": "sha512-nWBE08nhO8uWl6kSAeCx4im7QfVko3zLrtgWZY4/bP87zrSPpSyN/3W3TDqz1jJuH+kbKOHXg5rJnK+ZVYcFFg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/selector-specificity": "^5.0.0", + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-cascade-layers/node_modules/@csstools/selector-specificity": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-5.0.0.tgz", + "integrity": "sha512-PCqQV3c4CoVm3kdPhyeZ07VmBRdH2EpMFA/pd9OASpOEC3aXNGoqPDAZ80D0cLpMBxnmk0+yNhGsEx31hq7Gtw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss-selector-parser": "^7.0.0" + } + }, + "node_modules/@csstools/postcss-cascade-layers/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@csstools/postcss-color-function": { + "version": "4.0.12", + "resolved": "https://registry.npmjs.org/@csstools/postcss-color-function/-/postcss-color-function-4.0.12.tgz", + "integrity": "sha512-yx3cljQKRaSBc2hfh8rMZFZzChaFgwmO2JfFgFr1vMcF3C/uyy5I4RFIBOIWGq1D+XbKCG789CGkG6zzkLpagA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.1.0", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-color-function-display-p3-linear": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@csstools/postcss-color-function-display-p3-linear/-/postcss-color-function-display-p3-linear-1.0.1.tgz", + "integrity": "sha512-E5qusdzhlmO1TztYzDIi8XPdPoYOjoTY6HBYBCYSj+Gn4gQRBlvjgPQXzfzuPQqt8EhkC/SzPKObg4Mbn8/xMg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.1.0", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-color-mix-function": { + "version": "3.0.12", + "resolved": "https://registry.npmjs.org/@csstools/postcss-color-mix-function/-/postcss-color-mix-function-3.0.12.tgz", + "integrity": "sha512-4STERZfCP5Jcs13P1U5pTvI9SkgLgfMUMhdXW8IlJWkzOOOqhZIjcNhWtNJZes2nkBDsIKJ0CJtFtuaZ00moag==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.1.0", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-color-mix-variadic-function-arguments": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/@csstools/postcss-color-mix-variadic-function-arguments/-/postcss-color-mix-variadic-function-arguments-1.0.2.tgz", + "integrity": "sha512-rM67Gp9lRAkTo+X31DUqMEq+iK+EFqsidfecmhrteErxJZb6tUoJBVQca1Vn1GpDql1s1rD1pKcuYzMsg7Z1KQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.1.0", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-content-alt-text": { + "version": "2.0.8", + "resolved": "https://registry.npmjs.org/@csstools/postcss-content-alt-text/-/postcss-content-alt-text-2.0.8.tgz", + "integrity": "sha512-9SfEW9QCxEpTlNMnpSqFaHyzsiRpZ5J5+KqCu1u5/eEJAWsMhzT40qf0FIbeeglEvrGRMdDzAxMIz3wqoGSb+Q==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-contrast-color-function": { + "version": "2.0.12", + "resolved": "https://registry.npmjs.org/@csstools/postcss-contrast-color-function/-/postcss-contrast-color-function-2.0.12.tgz", + "integrity": "sha512-YbwWckjK3qwKjeYz/CijgcS7WDUCtKTd8ShLztm3/i5dhh4NaqzsbYnhm4bjrpFpnLZ31jVcbK8YL77z3GBPzA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.1.0", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-exponential-functions": { + "version": "2.0.9", + "resolved": "https://registry.npmjs.org/@csstools/postcss-exponential-functions/-/postcss-exponential-functions-2.0.9.tgz", + "integrity": "sha512-abg2W/PI3HXwS/CZshSa79kNWNZHdJPMBXeZNyPQFbbj8sKO3jXxOt/wF7juJVjyDTc6JrvaUZYFcSBZBhaxjw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-calc": "^2.1.4", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-font-format-keywords": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-font-format-keywords/-/postcss-font-format-keywords-4.0.0.tgz", + "integrity": "sha512-usBzw9aCRDvchpok6C+4TXC57btc4bJtmKQWOHQxOVKen1ZfVqBUuCZ/wuqdX5GHsD0NRSr9XTP+5ID1ZZQBXw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-gamut-mapping": { + "version": "2.0.11", + "resolved": "https://registry.npmjs.org/@csstools/postcss-gamut-mapping/-/postcss-gamut-mapping-2.0.11.tgz", + "integrity": "sha512-fCpCUgZNE2piVJKC76zFsgVW1apF6dpYsqGyH8SIeCcM4pTEsRTWTLCaJIMKFEundsCKwY1rwfhtrio04RJ4Dw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.1.0", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-gradients-interpolation-method": { + "version": "5.0.12", + "resolved": "https://registry.npmjs.org/@csstools/postcss-gradients-interpolation-method/-/postcss-gradients-interpolation-method-5.0.12.tgz", + "integrity": "sha512-jugzjwkUY0wtNrZlFeyXzimUL3hN4xMvoPnIXxoZqxDvjZRiSh+itgHcVUWzJ2VwD/VAMEgCLvtaJHX+4Vj3Ow==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.1.0", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-hwb-function": { + "version": "4.0.12", + "resolved": "https://registry.npmjs.org/@csstools/postcss-hwb-function/-/postcss-hwb-function-4.0.12.tgz", + "integrity": "sha512-mL/+88Z53KrE4JdePYFJAQWFrcADEqsLprExCM04GDNgHIztwFzj0Mbhd/yxMBngq0NIlz58VVxjt5abNs1VhA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.1.0", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-ic-unit": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/@csstools/postcss-ic-unit/-/postcss-ic-unit-4.0.4.tgz", + "integrity": "sha512-yQ4VmossuOAql65sCPppVO1yfb7hDscf4GseF0VCA/DTDaBc0Wtf8MTqVPfjGYlT5+2buokG0Gp7y0atYZpwjg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-initial": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@csstools/postcss-initial/-/postcss-initial-2.0.1.tgz", + "integrity": "sha512-L1wLVMSAZ4wovznquK0xmC7QSctzO4D0Is590bxpGqhqjboLXYA16dWZpfwImkdOgACdQ9PqXsuRroW6qPlEsg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-is-pseudo-class": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/@csstools/postcss-is-pseudo-class/-/postcss-is-pseudo-class-5.0.3.tgz", + "integrity": "sha512-jS/TY4SpG4gszAtIg7Qnf3AS2pjcUM5SzxpApOrlndMeGhIbaTzWBzzP/IApXoNWEW7OhcjkRT48jnAUIFXhAQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/selector-specificity": "^5.0.0", + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-is-pseudo-class/node_modules/@csstools/selector-specificity": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-5.0.0.tgz", + "integrity": "sha512-PCqQV3c4CoVm3kdPhyeZ07VmBRdH2EpMFA/pd9OASpOEC3aXNGoqPDAZ80D0cLpMBxnmk0+yNhGsEx31hq7Gtw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss-selector-parser": "^7.0.0" + } + }, + "node_modules/@csstools/postcss-is-pseudo-class/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@csstools/postcss-light-dark-function": { + "version": "2.0.11", + "resolved": "https://registry.npmjs.org/@csstools/postcss-light-dark-function/-/postcss-light-dark-function-2.0.11.tgz", + "integrity": "sha512-fNJcKXJdPM3Lyrbmgw2OBbaioU7yuKZtiXClf4sGdQttitijYlZMD5K7HrC/eF83VRWRrYq6OZ0Lx92leV2LFA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-logical-float-and-clear": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-logical-float-and-clear/-/postcss-logical-float-and-clear-3.0.0.tgz", + "integrity": "sha512-SEmaHMszwakI2rqKRJgE+8rpotFfne1ZS6bZqBoQIicFyV+xT1UF42eORPxJkVJVrH9C0ctUgwMSn3BLOIZldQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-logical-overflow": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-logical-overflow/-/postcss-logical-overflow-2.0.0.tgz", + "integrity": "sha512-spzR1MInxPuXKEX2csMamshR4LRaSZ3UXVaRGjeQxl70ySxOhMpP2252RAFsg8QyyBXBzuVOOdx1+bVO5bPIzA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-logical-overscroll-behavior": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-logical-overscroll-behavior/-/postcss-logical-overscroll-behavior-2.0.0.tgz", + "integrity": "sha512-e/webMjoGOSYfqLunyzByZj5KKe5oyVg/YSbie99VEaSDE2kimFm0q1f6t/6Jo+VVCQ/jbe2Xy+uX+C4xzWs4w==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-logical-resize": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-logical-resize/-/postcss-logical-resize-3.0.0.tgz", + "integrity": "sha512-DFbHQOFW/+I+MY4Ycd/QN6Dg4Hcbb50elIJCfnwkRTCX05G11SwViI5BbBlg9iHRl4ytB7pmY5ieAFk3ws7yyg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-logical-viewport-units": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@csstools/postcss-logical-viewport-units/-/postcss-logical-viewport-units-3.0.4.tgz", + "integrity": "sha512-q+eHV1haXA4w9xBwZLKjVKAWn3W2CMqmpNpZUk5kRprvSiBEGMgrNH3/sJZ8UA3JgyHaOt3jwT9uFa4wLX4EqQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-media-minmax": { + "version": "2.0.9", + "resolved": "https://registry.npmjs.org/@csstools/postcss-media-minmax/-/postcss-media-minmax-2.0.9.tgz", + "integrity": "sha512-af9Qw3uS3JhYLnCbqtZ9crTvvkR+0Se+bBqSr7ykAnl9yKhk6895z9rf+2F4dClIDJWxgn0iZZ1PSdkhrbs2ig==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "@csstools/css-calc": "^2.1.4", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/media-query-list-parser": "^4.0.3" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-media-queries-aspect-ratio-number-values": { + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@csstools/postcss-media-queries-aspect-ratio-number-values/-/postcss-media-queries-aspect-ratio-number-values-3.0.5.tgz", + "integrity": "sha512-zhAe31xaaXOY2Px8IYfoVTB3wglbJUVigGphFLj6exb7cjZRH9A6adyE22XfFK3P2PzwRk0VDeTJmaxpluyrDg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/media-query-list-parser": "^4.0.3" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-nested-calc": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-nested-calc/-/postcss-nested-calc-4.0.0.tgz", + "integrity": "sha512-jMYDdqrQQxE7k9+KjstC3NbsmC063n1FTPLCgCRS2/qHUbHM0mNy9pIn4QIiQGs9I/Bg98vMqw7mJXBxa0N88A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-normalize-display-values": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-normalize-display-values/-/postcss-normalize-display-values-4.0.0.tgz", + "integrity": "sha512-HlEoG0IDRoHXzXnkV4in47dzsxdsjdz6+j7MLjaACABX2NfvjFS6XVAnpaDyGesz9gK2SC7MbNwdCHusObKJ9Q==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-oklab-function": { + "version": "4.0.12", + "resolved": "https://registry.npmjs.org/@csstools/postcss-oklab-function/-/postcss-oklab-function-4.0.12.tgz", + "integrity": "sha512-HhlSmnE1NKBhXsTnNGjxvhryKtO7tJd1w42DKOGFD6jSHtYOrsJTQDKPMwvOfrzUAk8t7GcpIfRyM7ssqHpFjg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.1.0", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-progressive-custom-properties": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/@csstools/postcss-progressive-custom-properties/-/postcss-progressive-custom-properties-4.2.1.tgz", + "integrity": "sha512-uPiiXf7IEKtUQXsxu6uWtOlRMXd2QWWy5fhxHDnPdXKCQckPP3E34ZgDoZ62r2iT+UOgWsSbM4NvHE5m3mAEdw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-random-function": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@csstools/postcss-random-function/-/postcss-random-function-2.0.1.tgz", + "integrity": "sha512-q+FQaNiRBhnoSNo+GzqGOIBKoHQ43lYz0ICrV+UudfWnEF6ksS6DsBIJSISKQT2Bvu3g4k6r7t0zYrk5pDlo8w==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-calc": "^2.1.4", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-relative-color-syntax": { + "version": "3.0.12", + "resolved": "https://registry.npmjs.org/@csstools/postcss-relative-color-syntax/-/postcss-relative-color-syntax-3.0.12.tgz", + "integrity": "sha512-0RLIeONxu/mtxRtf3o41Lq2ghLimw0w9ByLWnnEVuy89exmEEq8bynveBxNW3nyHqLAFEeNtVEmC1QK9MZ8Huw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.1.0", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-scope-pseudo-class": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/@csstools/postcss-scope-pseudo-class/-/postcss-scope-pseudo-class-4.0.1.tgz", + "integrity": "sha512-IMi9FwtH6LMNuLea1bjVMQAsUhFxJnyLSgOp/cpv5hrzWmrUYU5fm0EguNDIIOHUqzXode8F/1qkC/tEo/qN8Q==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-scope-pseudo-class/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@csstools/postcss-sign-functions": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/@csstools/postcss-sign-functions/-/postcss-sign-functions-1.1.4.tgz", + "integrity": "sha512-P97h1XqRPcfcJndFdG95Gv/6ZzxUBBISem0IDqPZ7WMvc/wlO+yU0c5D/OCpZ5TJoTt63Ok3knGk64N+o6L2Pg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-calc": "^2.1.4", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-stepped-value-functions": { + "version": "4.0.9", + "resolved": "https://registry.npmjs.org/@csstools/postcss-stepped-value-functions/-/postcss-stepped-value-functions-4.0.9.tgz", + "integrity": "sha512-h9btycWrsex4dNLeQfyU3y3w40LMQooJWFMm/SK9lrKguHDcFl4VMkncKKoXi2z5rM9YGWbUQABI8BT2UydIcA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-calc": "^2.1.4", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-text-decoration-shorthand": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/@csstools/postcss-text-decoration-shorthand/-/postcss-text-decoration-shorthand-4.0.3.tgz", + "integrity": "sha512-KSkGgZfx0kQjRIYnpsD7X2Om9BUXX/Kii77VBifQW9Ih929hK0KNjVngHDH0bFB9GmfWcR9vJYJJRvw/NQjkrA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/color-helpers": "^5.1.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-trigonometric-functions": { + "version": "4.0.9", + "resolved": "https://registry.npmjs.org/@csstools/postcss-trigonometric-functions/-/postcss-trigonometric-functions-4.0.9.tgz", + "integrity": "sha512-Hnh5zJUdpNrJqK9v1/E3BbrQhaDTj5YiX7P61TOvUhoDHnUmsNNxcDAgkQ32RrcWx9GVUvfUNPcUkn8R3vIX6A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-calc": "^2.1.4", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-unset-value": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-unset-value/-/postcss-unset-value-4.0.0.tgz", + "integrity": "sha512-cBz3tOCI5Fw6NIFEwU3RiwK6mn3nKegjpJuzCndoGq3BZPkUjnsq7uQmIeMNeMbMk7YD2MfKcgCpZwX5jyXqCA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/utilities": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@csstools/utilities/-/utilities-2.0.0.tgz", + "integrity": "sha512-5VdOr0Z71u+Yp3ozOx8T11N703wIFGVRgOWbOZMKgglPJsWA54MRIoMNVMa7shUToIhx5J8vX4sOZgD2XiihiQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@discoveryjs/json-ext": { + "version": "0.5.7", + "resolved": "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz", + "integrity": "sha512-dBVuXR082gk3jsFp7Rd/JI4kytwGHecnCoTtXFb7DB6CNHp4rg5k1bhg0nWdLGLnOV71lmDzGQaLMy8iPLY0pw==", + "license": "MIT", + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/@docsearch/css": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/@docsearch/css/-/css-4.2.0.tgz", + "integrity": "sha512-65KU9Fw5fGsPPPlgIghonMcndyx1bszzrDQYLfierN+Ha29yotMHzVS94bPkZS6On9LS8dE4qmW4P/fGjtCf/g==", + "license": "MIT" + }, + "node_modules/@docsearch/react": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/@docsearch/react/-/react-4.2.0.tgz", + "integrity": "sha512-zSN/KblmtBcerf7Z87yuKIHZQmxuXvYc6/m0+qnjyNu+Ir67AVOagTa1zBqcxkVUVkmBqUExdcyrdo9hbGbqTw==", + "license": "MIT", + "dependencies": { + "@ai-sdk/react": "^2.0.30", + "@algolia/autocomplete-core": "1.19.2", + "@docsearch/css": "4.2.0", + "ai": "^5.0.30", + "algoliasearch": "^5.28.0", + "marked": "^16.3.0", + "zod": "^4.1.8" + }, + "peerDependencies": { + "@types/react": ">= 16.8.0 < 20.0.0", + "react": ">= 16.8.0 < 20.0.0", + "react-dom": ">= 16.8.0 < 20.0.0", + "search-insights": ">= 1 < 3" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "react": { + "optional": true + }, + "react-dom": { + "optional": true + }, + "search-insights": { + "optional": true + } + } + }, + "node_modules/@docusaurus/babel": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/babel/-/babel-3.9.2.tgz", + "integrity": "sha512-GEANdi/SgER+L7Japs25YiGil/AUDnFFHaCGPBbundxoWtCkA2lmy7/tFmgED4y1htAy6Oi4wkJEQdGssnw9MA==", + "license": "MIT", + "dependencies": { + "@babel/core": "^7.25.9", + "@babel/generator": "^7.25.9", + "@babel/plugin-syntax-dynamic-import": "^7.8.3", + "@babel/plugin-transform-runtime": "^7.25.9", + "@babel/preset-env": "^7.25.9", + "@babel/preset-react": "^7.25.9", + "@babel/preset-typescript": "^7.25.9", + "@babel/runtime": "^7.25.9", + "@babel/runtime-corejs3": "^7.25.9", + "@babel/traverse": "^7.25.9", + "@docusaurus/logger": "3.9.2", + "@docusaurus/utils": "3.9.2", + "babel-plugin-dynamic-import-node": "^2.3.3", + "fs-extra": "^11.1.1", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + } + }, + "node_modules/@docusaurus/bundler": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/bundler/-/bundler-3.9.2.tgz", + "integrity": "sha512-ZOVi6GYgTcsZcUzjblpzk3wH1Fya2VNpd5jtHoCCFcJlMQ1EYXZetfAnRHLcyiFeBABaI1ltTYbOBtH/gahGVA==", + "license": "MIT", + "dependencies": { + "@babel/core": "^7.25.9", + "@docusaurus/babel": "3.9.2", + "@docusaurus/cssnano-preset": "3.9.2", + "@docusaurus/logger": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils": "3.9.2", + "babel-loader": "^9.2.1", + "clean-css": "^5.3.3", + "copy-webpack-plugin": "^11.0.0", + "css-loader": "^6.11.0", + "css-minimizer-webpack-plugin": "^5.0.1", + "cssnano": "^6.1.2", + "file-loader": "^6.2.0", + "html-minifier-terser": "^7.2.0", + "mini-css-extract-plugin": "^2.9.2", + "null-loader": "^4.0.1", + "postcss": "^8.5.4", + "postcss-loader": "^7.3.4", + "postcss-preset-env": "^10.2.1", + "terser-webpack-plugin": "^5.3.9", + "tslib": "^2.6.0", + "url-loader": "^4.1.1", + "webpack": "^5.95.0", + "webpackbar": "^6.0.1" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "@docusaurus/faster": "*" + }, + "peerDependenciesMeta": { + "@docusaurus/faster": { + "optional": true + } + } + }, + "node_modules/@docusaurus/core": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/core/-/core-3.9.2.tgz", + "integrity": "sha512-HbjwKeC+pHUFBfLMNzuSjqFE/58+rLVKmOU3lxQrpsxLBOGosYco/Q0GduBb0/jEMRiyEqjNT/01rRdOMWq5pw==", + "license": "MIT", + "dependencies": { + "@docusaurus/babel": "3.9.2", + "@docusaurus/bundler": "3.9.2", + "@docusaurus/logger": "3.9.2", + "@docusaurus/mdx-loader": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-common": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "boxen": "^6.2.1", + "chalk": "^4.1.2", + "chokidar": "^3.5.3", + "cli-table3": "^0.6.3", + "combine-promises": "^1.1.0", + "commander": "^5.1.0", + "core-js": "^3.31.1", + "detect-port": "^1.5.1", + "escape-html": "^1.0.3", + "eta": "^2.2.0", + "eval": "^0.1.8", + "execa": "5.1.1", + "fs-extra": "^11.1.1", + "html-tags": "^3.3.1", + "html-webpack-plugin": "^5.6.0", + "leven": "^3.1.0", + "lodash": "^4.17.21", + "open": "^8.4.0", + "p-map": "^4.0.0", + "prompts": "^2.4.2", + "react-helmet-async": "npm:@slorber/react-helmet-async@1.3.0", + "react-loadable": "npm:@docusaurus/react-loadable@6.0.0", + "react-loadable-ssr-addon-v5-slorber": "^1.0.1", + "react-router": "^5.3.4", + "react-router-config": "^5.1.1", + "react-router-dom": "^5.3.4", + "semver": "^7.5.4", + "serve-handler": "^6.1.6", + "tinypool": "^1.0.2", + "tslib": "^2.6.0", + "update-notifier": "^6.0.2", + "webpack": "^5.95.0", + "webpack-bundle-analyzer": "^4.10.2", + "webpack-dev-server": "^5.2.2", + "webpack-merge": "^6.0.1" + }, + "bin": { + "docusaurus": "bin/docusaurus.mjs" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "@mdx-js/react": "^3.0.0", + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/cssnano-preset": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/cssnano-preset/-/cssnano-preset-3.9.2.tgz", + "integrity": "sha512-8gBKup94aGttRduABsj7bpPFTX7kbwu+xh3K9NMCF5K4bWBqTFYW+REKHF6iBVDHRJ4grZdIPbvkiHd/XNKRMQ==", + "license": "MIT", + "dependencies": { + "cssnano-preset-advanced": "^6.1.2", + "postcss": "^8.5.4", + "postcss-sort-media-queries": "^5.2.0", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + } + }, + "node_modules/@docusaurus/logger": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/logger/-/logger-3.9.2.tgz", + "integrity": "sha512-/SVCc57ByARzGSU60c50rMyQlBuMIJCjcsJlkphxY6B0GV4UH3tcA1994N8fFfbJ9kX3jIBe/xg3XP5qBtGDbA==", + "license": "MIT", + "dependencies": { + "chalk": "^4.1.2", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + } + }, + "node_modules/@docusaurus/mdx-loader": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.9.2.tgz", + "integrity": "sha512-wiYoGwF9gdd6rev62xDU8AAM8JuLI/hlwOtCzMmYcspEkzecKrP8J8X+KpYnTlACBUUtXNJpSoCwFWJhLRevzQ==", + "license": "MIT", + "dependencies": { + "@docusaurus/logger": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "@mdx-js/mdx": "^3.0.0", + "@slorber/remark-comment": "^1.0.0", + "escape-html": "^1.0.3", + "estree-util-value-to-estree": "^3.0.1", + "file-loader": "^6.2.0", + "fs-extra": "^11.1.1", + "image-size": "^2.0.2", + "mdast-util-mdx": "^3.0.0", + "mdast-util-to-string": "^4.0.0", + "rehype-raw": "^7.0.0", + "remark-directive": "^3.0.0", + "remark-emoji": "^4.0.0", + "remark-frontmatter": "^5.0.0", + "remark-gfm": "^4.0.0", + "stringify-object": "^3.3.0", + "tslib": "^2.6.0", + "unified": "^11.0.3", + "unist-util-visit": "^5.0.0", + "url-loader": "^4.1.1", + "vfile": "^6.0.1", + "webpack": "^5.88.1" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/module-type-aliases": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/module-type-aliases/-/module-type-aliases-3.9.2.tgz", + "integrity": "sha512-8qVe2QA9hVLzvnxP46ysuofJUIc/yYQ82tvA/rBTrnpXtCjNSFLxEZfd5U8cYZuJIVlkPxamsIgwd5tGZXfvew==", + "license": "MIT", + "dependencies": { + "@docusaurus/types": "3.9.2", + "@types/history": "^4.7.11", + "@types/react": "*", + "@types/react-router-config": "*", + "@types/react-router-dom": "*", + "react-helmet-async": "npm:@slorber/react-helmet-async@1.3.0", + "react-loadable": "npm:@docusaurus/react-loadable@6.0.0" + }, + "peerDependencies": { + "react": "*", + "react-dom": "*" + } + }, + "node_modules/@docusaurus/plugin-client-redirects": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-client-redirects/-/plugin-client-redirects-3.9.2.tgz", + "integrity": "sha512-lUgMArI9vyOYMzLRBUILcg9vcPTCyyI2aiuXq/4npcMVqOr6GfmwtmBYWSbNMlIUM0147smm4WhpXD0KFboffw==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.9.2", + "@docusaurus/logger": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-common": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "eta": "^2.2.0", + "fs-extra": "^11.1.1", + "lodash": "^4.17.21", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/plugin-content-blog": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.9.2.tgz", + "integrity": "sha512-3I2HXy3L1QcjLJLGAoTvoBnpOwa6DPUa3Q0dMK19UTY9mhPkKQg/DYhAGTiBUKcTR0f08iw7kLPqOhIgdV3eVQ==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.9.2", + "@docusaurus/logger": "3.9.2", + "@docusaurus/mdx-loader": "3.9.2", + "@docusaurus/theme-common": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-common": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "cheerio": "1.0.0-rc.12", + "feed": "^4.2.2", + "fs-extra": "^11.1.1", + "lodash": "^4.17.21", + "schema-dts": "^1.1.2", + "srcset": "^4.0.0", + "tslib": "^2.6.0", + "unist-util-visit": "^5.0.0", + "utility-types": "^3.10.0", + "webpack": "^5.88.1" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "@docusaurus/plugin-content-docs": "*", + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/plugin-content-docs": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.9.2.tgz", + "integrity": "sha512-C5wZsGuKTY8jEYsqdxhhFOe1ZDjH0uIYJ9T/jebHwkyxqnr4wW0jTkB72OMqNjsoQRcb0JN3PcSeTwFlVgzCZg==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.9.2", + "@docusaurus/logger": "3.9.2", + "@docusaurus/mdx-loader": "3.9.2", + "@docusaurus/module-type-aliases": "3.9.2", + "@docusaurus/theme-common": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-common": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "@types/react-router-config": "^5.0.7", + "combine-promises": "^1.1.0", + "fs-extra": "^11.1.1", + "js-yaml": "^4.1.0", + "lodash": "^4.17.21", + "schema-dts": "^1.1.2", + "tslib": "^2.6.0", + "utility-types": "^3.10.0", + "webpack": "^5.88.1" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/plugin-content-pages": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.9.2.tgz", + "integrity": "sha512-s4849w/p4noXUrGpPUF0BPqIAfdAe76BLaRGAGKZ1gTDNiGxGcpsLcwJ9OTi1/V8A+AzvsmI9pkjie2zjIQZKA==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.9.2", + "@docusaurus/mdx-loader": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "fs-extra": "^11.1.1", + "tslib": "^2.6.0", + "webpack": "^5.88.1" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/plugin-css-cascade-layers": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-css-cascade-layers/-/plugin-css-cascade-layers-3.9.2.tgz", + "integrity": "sha512-w1s3+Ss+eOQbscGM4cfIFBlVg/QKxyYgj26k5AnakuHkKxH6004ZtuLe5awMBotIYF2bbGDoDhpgQ4r/kcj4rQ==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + } + }, + "node_modules/@docusaurus/plugin-debug": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-debug/-/plugin-debug-3.9.2.tgz", + "integrity": "sha512-j7a5hWuAFxyQAkilZwhsQ/b3T7FfHZ+0dub6j/GxKNFJp2h9qk/P1Bp7vrGASnvA9KNQBBL1ZXTe7jlh4VdPdA==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils": "3.9.2", + "fs-extra": "^11.1.1", + "react-json-view-lite": "^2.3.0", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/plugin-google-analytics": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.9.2.tgz", + "integrity": "sha512-mAwwQJ1Us9jL/lVjXtErXto4p4/iaLlweC54yDUK1a97WfkC6Z2k5/769JsFgwOwOP+n5mUQGACXOEQ0XDuVUw==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/plugin-google-gtag": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.9.2.tgz", + "integrity": "sha512-YJ4lDCphabBtw19ooSlc1MnxtYGpjFV9rEdzjLsUnBCeis2djUyCozZaFhCg6NGEwOn7HDDyMh0yzcdRpnuIvA==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "@types/gtag.js": "^0.0.12", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/plugin-google-tag-manager": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.9.2.tgz", + "integrity": "sha512-LJtIrkZN/tuHD8NqDAW1Tnw0ekOwRTfobWPsdO15YxcicBo2ykKF0/D6n0vVBfd3srwr9Z6rzrIWYrMzBGrvNw==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/plugin-sitemap": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.9.2.tgz", + "integrity": "sha512-WLh7ymgDXjG8oPoM/T4/zUP7KcSuFYRZAUTl8vR6VzYkfc18GBM4xLhcT+AKOwun6kBivYKUJf+vlqYJkm+RHw==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.9.2", + "@docusaurus/logger": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-common": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "fs-extra": "^11.1.1", + "sitemap": "^7.1.1", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/plugin-svgr": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-svgr/-/plugin-svgr-3.9.2.tgz", + "integrity": "sha512-n+1DE+5b3Lnf27TgVU5jM1d4x5tUh2oW5LTsBxJX4PsAPV0JGcmI6p3yLYtEY0LRVEIJh+8RsdQmRE66wSV8mw==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "@svgr/core": "8.1.0", + "@svgr/webpack": "^8.1.0", + "tslib": "^2.6.0", + "webpack": "^5.88.1" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/preset-classic": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/preset-classic/-/preset-classic-3.9.2.tgz", + "integrity": "sha512-IgyYO2Gvaigi21LuDIe+nvmN/dfGXAiMcV/murFqcpjnZc7jxFAxW+9LEjdPt61uZLxG4ByW/oUmX/DDK9t/8w==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.9.2", + "@docusaurus/plugin-content-blog": "3.9.2", + "@docusaurus/plugin-content-docs": "3.9.2", + "@docusaurus/plugin-content-pages": "3.9.2", + "@docusaurus/plugin-css-cascade-layers": "3.9.2", + "@docusaurus/plugin-debug": "3.9.2", + "@docusaurus/plugin-google-analytics": "3.9.2", + "@docusaurus/plugin-google-gtag": "3.9.2", + "@docusaurus/plugin-google-tag-manager": "3.9.2", + "@docusaurus/plugin-sitemap": "3.9.2", + "@docusaurus/plugin-svgr": "3.9.2", + "@docusaurus/theme-classic": "3.9.2", + "@docusaurus/theme-common": "3.9.2", + "@docusaurus/theme-search-algolia": "3.9.2", + "@docusaurus/types": "3.9.2" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/theme-classic": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/theme-classic/-/theme-classic-3.9.2.tgz", + "integrity": "sha512-IGUsArG5hhekXd7RDb11v94ycpJpFdJPkLnt10fFQWOVxAtq5/D7hT6lzc2fhyQKaaCE62qVajOMKL7OiAFAIA==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.9.2", + "@docusaurus/logger": "3.9.2", + "@docusaurus/mdx-loader": "3.9.2", + "@docusaurus/module-type-aliases": "3.9.2", + "@docusaurus/plugin-content-blog": "3.9.2", + "@docusaurus/plugin-content-docs": "3.9.2", + "@docusaurus/plugin-content-pages": "3.9.2", + "@docusaurus/theme-common": "3.9.2", + "@docusaurus/theme-translations": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-common": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "@mdx-js/react": "^3.0.0", + "clsx": "^2.0.0", + "infima": "0.2.0-alpha.45", + "lodash": "^4.17.21", + "nprogress": "^0.2.0", + "postcss": "^8.5.4", + "prism-react-renderer": "^2.3.0", + "prismjs": "^1.29.0", + "react-router-dom": "^5.3.4", + "rtlcss": "^4.1.0", + "tslib": "^2.6.0", + "utility-types": "^3.10.0" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/theme-common": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/theme-common/-/theme-common-3.9.2.tgz", + "integrity": "sha512-6c4DAbR6n6nPbnZhY2V3tzpnKnGL+6aOsLvFL26VRqhlczli9eWG0VDUNoCQEPnGwDMhPS42UhSAnz5pThm5Ag==", + "license": "MIT", + "dependencies": { + "@docusaurus/mdx-loader": "3.9.2", + "@docusaurus/module-type-aliases": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-common": "3.9.2", + "@types/history": "^4.7.11", + "@types/react": "*", + "@types/react-router-config": "*", + "clsx": "^2.0.0", + "parse-numeric-range": "^1.3.0", + "prism-react-renderer": "^2.3.0", + "tslib": "^2.6.0", + "utility-types": "^3.10.0" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "@docusaurus/plugin-content-docs": "*", + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/theme-search-algolia": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.9.2.tgz", + "integrity": "sha512-GBDSFNwjnh5/LdkxCKQHkgO2pIMX1447BxYUBG2wBiajS21uj64a+gH/qlbQjDLxmGrbrllBrtJkUHxIsiwRnw==", + "license": "MIT", + "dependencies": { + "@docsearch/react": "^3.9.0 || ^4.1.0", + "@docusaurus/core": "3.9.2", + "@docusaurus/logger": "3.9.2", + "@docusaurus/plugin-content-docs": "3.9.2", + "@docusaurus/theme-common": "3.9.2", + "@docusaurus/theme-translations": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-validation": "3.9.2", + "algoliasearch": "^5.37.0", + "algoliasearch-helper": "^3.26.0", + "clsx": "^2.0.0", + "eta": "^2.2.0", + "fs-extra": "^11.1.1", + "lodash": "^4.17.21", + "tslib": "^2.6.0", + "utility-types": "^3.10.0" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/theme-translations": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/theme-translations/-/theme-translations-3.9.2.tgz", + "integrity": "sha512-vIryvpP18ON9T9rjgMRFLr2xJVDpw1rtagEGf8Ccce4CkTrvM/fRB8N2nyWYOW5u3DdjkwKw5fBa+3tbn9P4PA==", + "license": "MIT", + "dependencies": { + "fs-extra": "^11.1.1", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + } + }, + "node_modules/@docusaurus/types": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/types/-/types-3.9.2.tgz", + "integrity": "sha512-Ux1JUNswg+EfUEmajJjyhIohKceitY/yzjRUpu04WXgvVz+fbhVC0p+R0JhvEu4ytw8zIAys2hrdpQPBHRIa8Q==", + "license": "MIT", + "dependencies": { + "@mdx-js/mdx": "^3.0.0", + "@types/history": "^4.7.11", + "@types/mdast": "^4.0.2", + "@types/react": "*", + "commander": "^5.1.0", + "joi": "^17.9.2", + "react-helmet-async": "npm:@slorber/react-helmet-async@1.3.0", + "utility-types": "^3.10.0", + "webpack": "^5.95.0", + "webpack-merge": "^5.9.0" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/@docusaurus/types/node_modules/webpack-merge": { + "version": "5.10.0", + "resolved": "https://registry.npmjs.org/webpack-merge/-/webpack-merge-5.10.0.tgz", + "integrity": "sha512-+4zXKdx7UnO+1jaN4l2lHVD+mFvnlZQP/6ljaJVb4SZiwIKeUnrT5l0gkT8z+n4hKpC+jpOv6O9R+gLtag7pSA==", + "license": "MIT", + "dependencies": { + "clone-deep": "^4.0.1", + "flat": "^5.0.2", + "wildcard": "^2.0.0" + }, + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/@docusaurus/utils": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/utils/-/utils-3.9.2.tgz", + "integrity": "sha512-lBSBiRruFurFKXr5Hbsl2thmGweAPmddhF3jb99U4EMDA5L+e5Y1rAkOS07Nvrup7HUMBDrCV45meaxZnt28nQ==", + "license": "MIT", + "dependencies": { + "@docusaurus/logger": "3.9.2", + "@docusaurus/types": "3.9.2", + "@docusaurus/utils-common": "3.9.2", + "escape-string-regexp": "^4.0.0", + "execa": "5.1.1", + "file-loader": "^6.2.0", + "fs-extra": "^11.1.1", + "github-slugger": "^1.5.0", + "globby": "^11.1.0", + "gray-matter": "^4.0.3", + "jiti": "^1.20.0", + "js-yaml": "^4.1.0", + "lodash": "^4.17.21", + "micromatch": "^4.0.5", + "p-queue": "^6.6.2", + "prompts": "^2.4.2", + "resolve-pathname": "^3.0.0", + "tslib": "^2.6.0", + "url-loader": "^4.1.1", + "utility-types": "^3.10.0", + "webpack": "^5.88.1" + }, + "engines": { + "node": ">=20.0" + } + }, + "node_modules/@docusaurus/utils-common": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/utils-common/-/utils-common-3.9.2.tgz", + "integrity": "sha512-I53UC1QctruA6SWLvbjbhCpAw7+X7PePoe5pYcwTOEXD/PxeP8LnECAhTHHwWCblyUX5bMi4QLRkxvyZ+IT8Aw==", + "license": "MIT", + "dependencies": { + "@docusaurus/types": "3.9.2", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + } + }, + "node_modules/@docusaurus/utils-validation": { + "version": "3.9.2", + "resolved": "https://registry.npmjs.org/@docusaurus/utils-validation/-/utils-validation-3.9.2.tgz", + "integrity": "sha512-l7yk3X5VnNmATbwijJkexdhulNsQaNDwoagiwujXoxFbWLcxHQqNQ+c/IAlzrfMMOfa/8xSBZ7KEKDesE/2J7A==", + "license": "MIT", + "dependencies": { + "@docusaurus/logger": "3.9.2", + "@docusaurus/utils": "3.9.2", + "@docusaurus/utils-common": "3.9.2", + "fs-extra": "^11.2.0", + "joi": "^17.9.2", + "js-yaml": "^4.1.0", + "lodash": "^4.17.21", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + } + }, + "node_modules/@hapi/hoek": { + "version": "9.3.0", + "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.3.0.tgz", + "integrity": "sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ==", + "license": "BSD-3-Clause" + }, + "node_modules/@hapi/topo": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/@hapi/topo/-/topo-5.1.0.tgz", + "integrity": "sha512-foQZKJig7Ob0BMAYBfcJk8d77QtOe7Wo4ox7ff1lQYoNNAb6jwcY1ncdoy2e9wQZzvNy7ODZCYJkK8kzmcAnAg==", + "license": "BSD-3-Clause", + "dependencies": { + "@hapi/hoek": "^9.0.0" + } + }, + "node_modules/@jest/schemas": { + "version": "29.6.3", + "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", + "integrity": "sha512-mo5j5X+jIZmJQveBKeS/clAueipV7KgiX1vMgCxam1RNYiqE1w62n0/tJJnHtjW8ZHcQco5gY85jA3mi0L+nSA==", + "license": "MIT", + "dependencies": { + "@sinclair/typebox": "^0.27.8" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jest/types": { + "version": "29.6.3", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", + "integrity": "sha512-u3UPsIilWKOM3F9CXtrG8LEJmNxwoCQC/XVj4IKYXvvpx7QIi/Kg1LI5uDmDpKlac62NUtX7eLjRh+jVZcLOzw==", + "license": "MIT", + "dependencies": { + "@jest/schemas": "^29.6.3", + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^17.0.8", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jridgewell/gen-mapping": { + "version": "0.3.13", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz", + "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==", + "license": "MIT", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.5.0", + "@jridgewell/trace-mapping": "^0.3.24" + } + }, + "node_modules/@jridgewell/remapping": { + "version": "2.3.5", + "resolved": "https://registry.npmjs.org/@jridgewell/remapping/-/remapping-2.3.5.tgz", + "integrity": "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==", + "license": "MIT", + "dependencies": { + "@jridgewell/gen-mapping": "^0.3.5", + "@jridgewell/trace-mapping": "^0.3.24" + } + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "license": "MIT", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/source-map": { + "version": "0.3.11", + "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.11.tgz", + "integrity": "sha512-ZMp1V8ZFcPG5dIWnQLr3NSI1MiCU7UETdS/A0G8V/XWHvJv3ZsFqutJn1Y5RPmAPX6F3BiE397OqveU/9NCuIA==", + "license": "MIT", + "dependencies": { + "@jridgewell/gen-mapping": "^0.3.5", + "@jridgewell/trace-mapping": "^0.3.25" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.5.5", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz", + "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==", + "license": "MIT" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.31", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz", + "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==", + "license": "MIT", + "dependencies": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, + "node_modules/@jsonjoy.com/base64": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/base64/-/base64-1.1.2.tgz", + "integrity": "sha512-q6XAnWQDIMA3+FTiOYajoYqySkO+JSat0ytXGSuRdq9uXE7o92gzuQwQM14xaCRlBLGq3v5miDGC4vkVTn54xA==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/buffers": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/buffers/-/buffers-1.2.1.tgz", + "integrity": "sha512-12cdlDwX4RUM3QxmUbVJWqZ/mrK6dFQH4Zxq6+r1YXKXYBNgZXndx2qbCJwh3+WWkCSn67IjnlG3XYTvmvYtgA==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/codegen": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/codegen/-/codegen-1.0.0.tgz", + "integrity": "sha512-E8Oy+08cmCf0EK/NMxpaJZmOxPqM+6iSe2S4nlSBrPZOORoDJILxtbSUEDKQyTamm/BVAhIGllOBNU79/dwf0g==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/json-pack": { + "version": "1.21.0", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/json-pack/-/json-pack-1.21.0.tgz", + "integrity": "sha512-+AKG+R2cfZMShzrF2uQw34v3zbeDYUqnQ+jg7ORic3BGtfw9p/+N6RJbq/kkV8JmYZaINknaEQ2m0/f693ZPpg==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/base64": "^1.1.2", + "@jsonjoy.com/buffers": "^1.2.0", + "@jsonjoy.com/codegen": "^1.0.0", + "@jsonjoy.com/json-pointer": "^1.0.2", + "@jsonjoy.com/util": "^1.9.0", + "hyperdyperid": "^1.2.0", + "thingies": "^2.5.0", + "tree-dump": "^1.1.0" + }, + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/json-pointer": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/json-pointer/-/json-pointer-1.0.2.tgz", + "integrity": "sha512-Fsn6wM2zlDzY1U+v4Nc8bo3bVqgfNTGcn6dMgs6FjrEnt4ZCe60o6ByKRjOGlI2gow0aE/Q41QOigdTqkyK5fg==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/codegen": "^1.0.0", + "@jsonjoy.com/util": "^1.9.0" + }, + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@jsonjoy.com/util": { + "version": "1.9.0", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/util/-/util-1.9.0.tgz", + "integrity": "sha512-pLuQo+VPRnN8hfPqUTLTHk126wuYdXVxE6aDmjSeV4NCAgyxWbiOIeNJVtID3h1Vzpoi9m4jXezf73I6LgabgQ==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/buffers": "^1.0.0", + "@jsonjoy.com/codegen": "^1.0.0" + }, + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/@keyv/serialize": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/@keyv/serialize/-/serialize-1.1.1.tgz", + "integrity": "sha512-dXn3FZhPv0US+7dtJsIi2R+c7qWYiReoEh5zUntWCf4oSpMNib8FDhSoed6m3QyZdx5hK7iLFkYk3rNxwt8vTA==", + "license": "MIT" + }, + "node_modules/@leichtgewicht/ip-codec": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@leichtgewicht/ip-codec/-/ip-codec-2.0.5.tgz", + "integrity": "sha512-Vo+PSpZG2/fmgmiNzYK9qWRh8h/CHrwD0mo1h1DzL4yzHNSfWYujGTYsWGreD000gcgmZ7K4Ys6Tx9TxtsKdDw==", + "license": "MIT" + }, + "node_modules/@mdx-js/mdx": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@mdx-js/mdx/-/mdx-3.1.1.tgz", + "integrity": "sha512-f6ZO2ifpwAQIpzGWaBQT2TXxPv6z3RBzQKpVftEWN78Vl/YweF1uwussDx8ECAXVtr3Rs89fKyG9YlzUs9DyGQ==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "@types/estree-jsx": "^1.0.0", + "@types/hast": "^3.0.0", + "@types/mdx": "^2.0.0", + "acorn": "^8.0.0", + "collapse-white-space": "^2.0.0", + "devlop": "^1.0.0", + "estree-util-is-identifier-name": "^3.0.0", + "estree-util-scope": "^1.0.0", + "estree-walker": "^3.0.0", + "hast-util-to-jsx-runtime": "^2.0.0", + "markdown-extensions": "^2.0.0", + "recma-build-jsx": "^1.0.0", + "recma-jsx": "^1.0.0", + "recma-stringify": "^1.0.0", + "rehype-recma": "^1.0.0", + "remark-mdx": "^3.0.0", + "remark-parse": "^11.0.0", + "remark-rehype": "^11.0.0", + "source-map": "^0.7.0", + "unified": "^11.0.0", + "unist-util-position-from-estree": "^2.0.0", + "unist-util-stringify-position": "^4.0.0", + "unist-util-visit": "^5.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/@mdx-js/react": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@mdx-js/react/-/react-3.1.1.tgz", + "integrity": "sha512-f++rKLQgUVYDAtECQ6fn/is15GkEH9+nZPM3MS0RcxVqoTfawHvDlSCH7JbMhAM6uJ32v3eXLvLmLvjGu7PTQw==", + "license": "MIT", + "dependencies": { + "@types/mdx": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + }, + "peerDependencies": { + "@types/react": ">=16", + "react": ">=16" + } + }, + "node_modules/@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", + "license": "MIT", + "dependencies": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.stat": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", + "license": "MIT", + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.walk": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", + "license": "MIT", + "dependencies": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@opentelemetry/api": { + "version": "1.9.0", + "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.9.0.tgz", + "integrity": "sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg==", + "license": "Apache-2.0", + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/@pnpm/config.env-replace": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@pnpm/config.env-replace/-/config.env-replace-1.1.0.tgz", + "integrity": "sha512-htyl8TWnKL7K/ESFa1oW2UB5lVDxuF5DpM7tBi6Hu2LNL3mWkIzNLG6N4zoCUP1lCKNxWy/3iu8mS8MvToGd6w==", + "license": "MIT", + "engines": { + "node": ">=12.22.0" + } + }, + "node_modules/@pnpm/network.ca-file": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/@pnpm/network.ca-file/-/network.ca-file-1.0.2.tgz", + "integrity": "sha512-YcPQ8a0jwYU9bTdJDpXjMi7Brhkr1mXsXrUJvjqM2mQDgkRiz8jFaQGOdaLxgjtUfQgZhKy/O3cG/YwmgKaxLA==", + "license": "MIT", + "dependencies": { + "graceful-fs": "4.2.10" + }, + "engines": { + "node": ">=12.22.0" + } + }, + "node_modules/@pnpm/network.ca-file/node_modules/graceful-fs": { + "version": "4.2.10", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz", + "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==", + "license": "ISC" + }, + "node_modules/@pnpm/npm-conf": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/@pnpm/npm-conf/-/npm-conf-2.3.1.tgz", + "integrity": "sha512-c83qWb22rNRuB0UaVCI0uRPNRr8Z0FWnEIvT47jiHAmOIUHbBOg5XvV7pM5x+rKn9HRpjxquDbXYSXr3fAKFcw==", + "license": "MIT", + "dependencies": { + "@pnpm/config.env-replace": "^1.1.0", + "@pnpm/network.ca-file": "^1.0.1", + "config-chain": "^1.1.11" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/@polka/url": { + "version": "1.0.0-next.29", + "resolved": "https://registry.npmjs.org/@polka/url/-/url-1.0.0-next.29.tgz", + "integrity": "sha512-wwQAWhWSuHaag8c4q/KN/vCoeOJYshAIvMQwD4GpSb3OiZklFfvAgmj0VCBBImRpuF/aFgIRzllXlVX93Jevww==", + "license": "MIT" + }, + "node_modules/@sec-ant/readable-stream": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/@sec-ant/readable-stream/-/readable-stream-0.4.1.tgz", + "integrity": "sha512-831qok9r2t8AlxLko40y2ebgSDhenenCatLVeW/uBtnHPyhHOvG0C7TvfgecV+wHzIm5KUICgzmVpWS+IMEAeg==", + "license": "MIT" + }, + "node_modules/@sideway/address": { + "version": "4.1.5", + "resolved": "https://registry.npmjs.org/@sideway/address/-/address-4.1.5.tgz", + "integrity": "sha512-IqO/DUQHUkPeixNQ8n0JA6102hT9CmaljNTPmQ1u8MEhBo/R4Q8eKLN/vGZxuebwOroDB4cbpjheD4+/sKFK4Q==", + "license": "BSD-3-Clause", + "dependencies": { + "@hapi/hoek": "^9.0.0" + } + }, + "node_modules/@sideway/formula": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@sideway/formula/-/formula-3.0.1.tgz", + "integrity": "sha512-/poHZJJVjx3L+zVD6g9KgHfYnb443oi7wLu/XKojDviHy6HOEOA6z1Trk5aR1dGcmPenJEgb2sK2I80LeS3MIg==", + "license": "BSD-3-Clause" + }, + "node_modules/@sideway/pinpoint": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@sideway/pinpoint/-/pinpoint-2.0.0.tgz", + "integrity": "sha512-RNiOoTPkptFtSVzQevY/yWtZwf/RxyVnPy/OcA9HBM3MlGDnBEYL5B41H0MTn0Uec8Hi+2qUtTfG2WWZBmMejQ==", + "license": "BSD-3-Clause" + }, + "node_modules/@sinclair/typebox": { + "version": "0.27.8", + "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", + "integrity": "sha512-+Fj43pSMwJs4KRrH/938Uf+uAELIgVBmQzg/q1YG10djyfA3TnrU8N8XzqCh/okZdszqBQTZf96idMfE5lnwTA==", + "license": "MIT" + }, + "node_modules/@sindresorhus/is": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-4.6.0.tgz", + "integrity": "sha512-t09vSN3MdfsyCHoFcTRCH/iUtG7OJ0CsjzB8cjAmKc/va/kIgeDI/TxsigdncE/4be734m0cvIYwNaV4i2XqAw==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sindresorhus/is?sponsor=1" + } + }, + "node_modules/@slorber/remark-comment": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@slorber/remark-comment/-/remark-comment-1.0.0.tgz", + "integrity": "sha512-RCE24n7jsOj1M0UPvIQCHTe7fI0sFL4S2nwKVWwHyVr/wI/H8GosgsJGyhnsZoGFnD/P2hLf1mSbrrgSLN93NA==", + "license": "MIT", + "dependencies": { + "micromark-factory-space": "^1.0.0", + "micromark-util-character": "^1.1.0", + "micromark-util-symbol": "^1.0.1" + } + }, + "node_modules/@standard-schema/spec": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@standard-schema/spec/-/spec-1.0.0.tgz", + "integrity": "sha512-m2bOd0f2RT9k8QJx1JN85cZYyH1RqFBdlwtkSlf4tBDYLCiiZnv1fIIwacK6cqwXavOydf0NPToMQgpKq+dVlA==", + "license": "MIT" + }, + "node_modules/@svgr/babel-plugin-add-jsx-attribute": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-add-jsx-attribute/-/babel-plugin-add-jsx-attribute-8.0.0.tgz", + "integrity": "sha512-b9MIk7yhdS1pMCZM8VeNfUlSKVRhsHZNMl5O9SfaX0l0t5wjdgu4IDzGB8bpnGBBOjGST3rRFVsaaEtI4W6f7g==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-plugin-remove-jsx-attribute": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-remove-jsx-attribute/-/babel-plugin-remove-jsx-attribute-8.0.0.tgz", + "integrity": "sha512-BcCkm/STipKvbCl6b7QFrMh/vx00vIP63k2eM66MfHJzPr6O2U0jYEViXkHJWqXqQYjdeA9cuCl5KWmlwjDvbA==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-plugin-remove-jsx-empty-expression": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-remove-jsx-empty-expression/-/babel-plugin-remove-jsx-empty-expression-8.0.0.tgz", + "integrity": "sha512-5BcGCBfBxB5+XSDSWnhTThfI9jcO5f0Ai2V24gZpG+wXF14BzwxxdDb4g6trdOux0rhibGs385BeFMSmxtS3uA==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-plugin-replace-jsx-attribute-value": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-replace-jsx-attribute-value/-/babel-plugin-replace-jsx-attribute-value-8.0.0.tgz", + "integrity": "sha512-KVQ+PtIjb1BuYT3ht8M5KbzWBhdAjjUPdlMtpuw/VjT8coTrItWX6Qafl9+ji831JaJcu6PJNKCV0bp01lBNzQ==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-plugin-svg-dynamic-title": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-svg-dynamic-title/-/babel-plugin-svg-dynamic-title-8.0.0.tgz", + "integrity": "sha512-omNiKqwjNmOQJ2v6ge4SErBbkooV2aAWwaPFs2vUY7p7GhVkzRkJ00kILXQvRhA6miHnNpXv7MRnnSjdRjK8og==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-plugin-svg-em-dimensions": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-svg-em-dimensions/-/babel-plugin-svg-em-dimensions-8.0.0.tgz", + "integrity": "sha512-mURHYnu6Iw3UBTbhGwE/vsngtCIbHE43xCRK7kCw4t01xyGqb2Pd+WXekRRoFOBIY29ZoOhUCTEweDMdrjfi9g==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-plugin-transform-react-native-svg": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-transform-react-native-svg/-/babel-plugin-transform-react-native-svg-8.1.0.tgz", + "integrity": "sha512-Tx8T58CHo+7nwJ+EhUwx3LfdNSG9R2OKfaIXXs5soiy5HtgoAEkDay9LIimLOcG8dJQH1wPZp/cnAv6S9CrR1Q==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-plugin-transform-svg-component": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-transform-svg-component/-/babel-plugin-transform-svg-component-8.0.0.tgz", + "integrity": "sha512-DFx8xa3cZXTdb/k3kfPeaixecQLgKh5NVBMwD0AQxOzcZawK4oo1Jh9LbrcACUivsCA7TLG8eeWgrDXjTMhRmw==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-preset": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-preset/-/babel-preset-8.1.0.tgz", + "integrity": "sha512-7EYDbHE7MxHpv4sxvnVPngw5fuR6pw79SkcrILHJ/iMpuKySNCl5W1qcwPEpU+LgyRXOaAFgH0KhwD18wwg6ug==", + "license": "MIT", + "dependencies": { + "@svgr/babel-plugin-add-jsx-attribute": "8.0.0", + "@svgr/babel-plugin-remove-jsx-attribute": "8.0.0", + "@svgr/babel-plugin-remove-jsx-empty-expression": "8.0.0", + "@svgr/babel-plugin-replace-jsx-attribute-value": "8.0.0", + "@svgr/babel-plugin-svg-dynamic-title": "8.0.0", + "@svgr/babel-plugin-svg-em-dimensions": "8.0.0", + "@svgr/babel-plugin-transform-react-native-svg": "8.1.0", + "@svgr/babel-plugin-transform-svg-component": "8.0.0" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/core": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/@svgr/core/-/core-8.1.0.tgz", + "integrity": "sha512-8QqtOQT5ACVlmsvKOJNEaWmRPmcojMOzCz4Hs2BGG/toAp/K38LcsMRyLp349glq5AzJbCEeimEoxaX6v/fLrA==", + "license": "MIT", + "dependencies": { + "@babel/core": "^7.21.3", + "@svgr/babel-preset": "8.1.0", + "camelcase": "^6.2.0", + "cosmiconfig": "^8.1.3", + "snake-case": "^3.0.4" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + } + }, + "node_modules/@svgr/hast-util-to-babel-ast": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/hast-util-to-babel-ast/-/hast-util-to-babel-ast-8.0.0.tgz", + "integrity": "sha512-EbDKwO9GpfWP4jN9sGdYwPBU0kdomaPIL2Eu4YwmgP+sJeXT+L7bMwJUBnhzfH8Q2qMBqZ4fJwpCyYsAN3mt2Q==", + "license": "MIT", + "dependencies": { + "@babel/types": "^7.21.3", + "entities": "^4.4.0" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + } + }, + "node_modules/@svgr/plugin-jsx": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/@svgr/plugin-jsx/-/plugin-jsx-8.1.0.tgz", + "integrity": "sha512-0xiIyBsLlr8quN+WyuxooNW9RJ0Dpr8uOnH/xrCVO8GLUcwHISwj1AG0k+LFzteTkAA0GbX0kj9q6Dk70PTiPA==", + "license": "MIT", + "dependencies": { + "@babel/core": "^7.21.3", + "@svgr/babel-preset": "8.1.0", + "@svgr/hast-util-to-babel-ast": "8.0.0", + "svg-parser": "^2.0.4" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@svgr/core": "*" + } + }, + "node_modules/@svgr/plugin-svgo": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/@svgr/plugin-svgo/-/plugin-svgo-8.1.0.tgz", + "integrity": "sha512-Ywtl837OGO9pTLIN/onoWLmDQ4zFUycI1g76vuKGEz6evR/ZTJlJuz3G/fIkb6OVBJ2g0o6CGJzaEjfmEo3AHA==", + "license": "MIT", + "dependencies": { + "cosmiconfig": "^8.1.3", + "deepmerge": "^4.3.1", + "svgo": "^3.0.2" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@svgr/core": "*" + } + }, + "node_modules/@svgr/webpack": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/@svgr/webpack/-/webpack-8.1.0.tgz", + "integrity": "sha512-LnhVjMWyMQV9ZmeEy26maJk+8HTIbd59cH4F2MJ439k9DqejRisfFNGAPvRYlKETuh9LrImlS8aKsBgKjMA8WA==", + "license": "MIT", + "dependencies": { + "@babel/core": "^7.21.3", + "@babel/plugin-transform-react-constant-elements": "^7.21.3", + "@babel/preset-env": "^7.20.2", + "@babel/preset-react": "^7.18.6", + "@babel/preset-typescript": "^7.21.0", + "@svgr/core": "8.1.0", + "@svgr/plugin-jsx": "8.1.0", + "@svgr/plugin-svgo": "8.1.0" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + } + }, + "node_modules/@szmarczak/http-timer": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", + "integrity": "sha512-+PmQX0PiAYPMeVYe237LJAYvOMYW1j2rH5YROyS3b4CTVJum34HfRvKvAzozHAQG0TnHNdUfY9nCeUyRAs//cw==", + "license": "MIT", + "dependencies": { + "defer-to-connect": "^2.0.1" + }, + "engines": { + "node": ">=14.16" + } + }, + "node_modules/@trysound/sax": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/@trysound/sax/-/sax-0.2.0.tgz", + "integrity": "sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==", + "license": "ISC", + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/@types/body-parser": { + "version": "1.19.6", + "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.6.tgz", + "integrity": "sha512-HLFeCYgz89uk22N5Qg3dvGvsv46B8GLvKKo1zKG4NybA8U2DiEO3w9lqGg29t/tfLRJpJ6iQxnVw4OnB7MoM9g==", + "license": "MIT", + "dependencies": { + "@types/connect": "*", + "@types/node": "*" + } + }, + "node_modules/@types/bonjour": { + "version": "3.5.13", + "resolved": "https://registry.npmjs.org/@types/bonjour/-/bonjour-3.5.13.tgz", + "integrity": "sha512-z9fJ5Im06zvUL548KvYNecEVlA7cVDkGUi6kZusb04mpyEFKCIZJvloCcmpmLaIahDpOQGHaHmG6imtPMmPXGQ==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/connect": { + "version": "3.4.38", + "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", + "integrity": "sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/connect-history-api-fallback": { + "version": "1.5.4", + "resolved": "https://registry.npmjs.org/@types/connect-history-api-fallback/-/connect-history-api-fallback-1.5.4.tgz", + "integrity": "sha512-n6Cr2xS1h4uAulPRdlw6Jl6s1oG8KrVilPN2yUITEs+K48EzMJJ3W1xy8K5eWuFvjp3R74AOIGSmp2UfBJ8HFw==", + "license": "MIT", + "dependencies": { + "@types/express-serve-static-core": "*", + "@types/node": "*" + } + }, + "node_modules/@types/debug": { + "version": "4.1.12", + "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.12.tgz", + "integrity": "sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==", + "license": "MIT", + "dependencies": { + "@types/ms": "*" + } + }, + "node_modules/@types/eslint": { + "version": "9.6.1", + "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-9.6.1.tgz", + "integrity": "sha512-FXx2pKgId/WyYo2jXw63kk7/+TY7u7AziEJxJAnSFzHlqTAS3Ync6SvgYAN/k4/PQpnnVuzoMuVnByKK2qp0ag==", + "license": "MIT", + "dependencies": { + "@types/estree": "*", + "@types/json-schema": "*" + } + }, + "node_modules/@types/eslint-scope": { + "version": "3.7.7", + "resolved": "https://registry.npmjs.org/@types/eslint-scope/-/eslint-scope-3.7.7.tgz", + "integrity": "sha512-MzMFlSLBqNF2gcHWO0G1vP/YQyfvrxZ0bF+u7mzUdZ1/xK4A4sru+nraZz5i3iEIk1l1uyicaDVTB4QbbEkAYg==", + "license": "MIT", + "dependencies": { + "@types/eslint": "*", + "@types/estree": "*" + } + }, + "node_modules/@types/estree": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz", + "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==", + "license": "MIT" + }, + "node_modules/@types/estree-jsx": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/@types/estree-jsx/-/estree-jsx-1.0.5.tgz", + "integrity": "sha512-52CcUVNFyfb1A2ALocQw/Dd1BQFNmSdkuC3BkZ6iqhdMfQz7JWOFRuJFloOzjk+6WijU56m9oKXFAXc7o3Towg==", + "license": "MIT", + "dependencies": { + "@types/estree": "*" + } + }, + "node_modules/@types/express": { + "version": "4.17.23", + "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.23.tgz", + "integrity": "sha512-Crp6WY9aTYP3qPi2wGDo9iUe/rceX01UMhnF1jmwDcKCFM6cx7YhGP/Mpr3y9AASpfHixIG0E6azCcL5OcDHsQ==", + "license": "MIT", + "dependencies": { + "@types/body-parser": "*", + "@types/express-serve-static-core": "^4.17.33", + "@types/qs": "*", + "@types/serve-static": "*" + } + }, + "node_modules/@types/express-serve-static-core": { + "version": "4.19.7", + "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.7.tgz", + "integrity": "sha512-FvPtiIf1LfhzsaIXhv/PHan/2FeQBbtBDtfX2QfvPxdUelMDEckK08SM6nqo1MIZY3RUlfA+HV8+hFUSio78qg==", + "license": "MIT", + "dependencies": { + "@types/node": "*", + "@types/qs": "*", + "@types/range-parser": "*", + "@types/send": "*" + } + }, + "node_modules/@types/gtag.js": { + "version": "0.0.12", + "resolved": "https://registry.npmjs.org/@types/gtag.js/-/gtag.js-0.0.12.tgz", + "integrity": "sha512-YQV9bUsemkzG81Ea295/nF/5GijnD2Af7QhEofh7xu+kvCN6RdodgNwwGWXB5GMI3NoyvQo0odNctoH/qLMIpg==", + "license": "MIT" + }, + "node_modules/@types/hast": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@types/hast/-/hast-3.0.4.tgz", + "integrity": "sha512-WPs+bbQw5aCj+x6laNGWLH3wviHtoCv/P3+otBhbOhJgG8qtpdAMlTCxLtsTWA7LH1Oh/bFCHsBn0TPS5m30EQ==", + "license": "MIT", + "dependencies": { + "@types/unist": "*" + } + }, + "node_modules/@types/history": { + "version": "4.7.11", + "resolved": "https://registry.npmjs.org/@types/history/-/history-4.7.11.tgz", + "integrity": "sha512-qjDJRrmvBMiTx+jyLxvLfJU7UznFuokDv4f3WRuriHKERccVpFU+8XMQUAbDzoiJCsmexxRExQeMwwCdamSKDA==", + "license": "MIT" + }, + "node_modules/@types/html-minifier-terser": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/@types/html-minifier-terser/-/html-minifier-terser-6.1.0.tgz", + "integrity": "sha512-oh/6byDPnL1zeNXFrDXFLyZjkr1MsBG667IM792caf1L2UPOOMf65NFzjUH/ltyfwjAGfs1rsX1eftK0jC/KIg==", + "license": "MIT" + }, + "node_modules/@types/http-cache-semantics": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", + "integrity": "sha512-1m0bIFVc7eJWyve9S0RnuRgcQqF/Xd5QsUZAZeQFr1Q3/p9JWoQQEqmVy+DPTNpGXwhgIetAoYF8JSc33q29QA==", + "license": "MIT" + }, + "node_modules/@types/http-errors": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.5.tgz", + "integrity": "sha512-r8Tayk8HJnX0FztbZN7oVqGccWgw98T/0neJphO91KkmOzug1KkofZURD4UaD5uH8AqcFLfdPErnBod0u71/qg==", + "license": "MIT" + }, + "node_modules/@types/http-proxy": { + "version": "1.17.16", + "resolved": "https://registry.npmjs.org/@types/http-proxy/-/http-proxy-1.17.16.tgz", + "integrity": "sha512-sdWoUajOB1cd0A8cRRQ1cfyWNbmFKLAqBB89Y8x5iYyG/mkJHc0YUH8pdWBy2omi9qtCpiIgGjuwO0dQST2l5w==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/istanbul-lib-coverage": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", + "integrity": "sha512-2QF/t/auWm0lsy8XtKVPG19v3sSOQlJe/YHZgfjb/KBBHOGSV+J2q/S671rcq9uTBrLAXmZpqJiaQbMT+zNU1w==", + "license": "MIT" + }, + "node_modules/@types/istanbul-lib-report": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", + "integrity": "sha512-NQn7AHQnk/RSLOxrBbGyJM/aVQ+pjj5HCgasFxc0K/KhoATfQ/47AyUl15I2yBUpihjmas+a+VJBOqecrFH+uA==", + "license": "MIT", + "dependencies": { + "@types/istanbul-lib-coverage": "*" + } + }, + "node_modules/@types/istanbul-reports": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "integrity": "sha512-pk2B1NWalF9toCRu6gjBzR69syFjP4Od8WRAX+0mmf9lAjCRicLOWc+ZrxZHx/0XRjotgkF9t6iaMJ+aXcOdZQ==", + "license": "MIT", + "dependencies": { + "@types/istanbul-lib-report": "*" + } + }, + "node_modules/@types/json-schema": { + "version": "7.0.15", + "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==", + "license": "MIT" + }, + "node_modules/@types/mdast": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/@types/mdast/-/mdast-4.0.4.tgz", + "integrity": "sha512-kGaNbPh1k7AFzgpud/gMdvIm5xuECykRR+JnWKQno9TAXVa6WIVCGTPvYGekIDL4uwCZQSYbUxNBSb1aUo79oA==", + "license": "MIT", + "dependencies": { + "@types/unist": "*" + } + }, + "node_modules/@types/mdx": { + "version": "2.0.13", + "resolved": "https://registry.npmjs.org/@types/mdx/-/mdx-2.0.13.tgz", + "integrity": "sha512-+OWZQfAYyio6YkJb3HLxDrvnx6SWWDbC0zVPfBRzUk0/nqoDyf6dNxQi3eArPe8rJ473nobTMQ/8Zk+LxJ+Yuw==", + "license": "MIT" + }, + "node_modules/@types/mime": { + "version": "1.3.5", + "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", + "integrity": "sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w==", + "license": "MIT" + }, + "node_modules/@types/ms": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz", + "integrity": "sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==", + "license": "MIT" + }, + "node_modules/@types/node": { + "version": "24.8.1", + "resolved": "https://registry.npmjs.org/@types/node/-/node-24.8.1.tgz", + "integrity": "sha512-alv65KGRadQVfVcG69MuB4IzdYVpRwMG/mq8KWOaoOdyY617P5ivaDiMCGOFDWD2sAn5Q0mR3mRtUOgm99hL9Q==", + "license": "MIT", + "dependencies": { + "undici-types": "~7.14.0" + } + }, + "node_modules/@types/node-forge": { + "version": "1.3.14", + "resolved": "https://registry.npmjs.org/@types/node-forge/-/node-forge-1.3.14.tgz", + "integrity": "sha512-mhVF2BnD4BO+jtOp7z1CdzaK4mbuK0LLQYAvdOLqHTavxFNq4zA1EmYkpnFjP8HOUzedfQkRnp0E2ulSAYSzAw==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/prismjs": { + "version": "1.26.5", + "resolved": "https://registry.npmjs.org/@types/prismjs/-/prismjs-1.26.5.tgz", + "integrity": "sha512-AUZTa7hQ2KY5L7AmtSiqxlhWxb4ina0yd8hNbl4TWuqnv/pFP0nDMb3YrfSBf4hJVGLh2YEIBfKaBW/9UEl6IQ==", + "license": "MIT" + }, + "node_modules/@types/qs": { + "version": "6.14.0", + "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.14.0.tgz", + "integrity": "sha512-eOunJqu0K1923aExK6y8p6fsihYEn/BYuQ4g0CxAAgFc4b/ZLN4CrsRZ55srTdqoiLzU2B2evC+apEIxprEzkQ==", + "license": "MIT" + }, + "node_modules/@types/range-parser": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", + "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==", + "license": "MIT" + }, + "node_modules/@types/react": { + "version": "19.2.14", + "resolved": "https://registry.npmjs.org/@types/react/-/react-19.2.14.tgz", + "integrity": "sha512-ilcTH/UniCkMdtexkoCN0bI7pMcJDvmQFPvuPvmEaYA/NSfFTAgdUSLAoVjaRJm7+6PvcM+q1zYOwS4wTYMF9w==", + "license": "MIT", + "dependencies": { + "csstype": "^3.2.2" + } + }, + "node_modules/@types/react-router": { + "version": "5.1.20", + "resolved": "https://registry.npmjs.org/@types/react-router/-/react-router-5.1.20.tgz", + "integrity": "sha512-jGjmu/ZqS7FjSH6owMcD5qpq19+1RS9DeVRqfl1FeBMxTDQAGwlMWOcs52NDoXaNKyG3d1cYQFMs9rCrb88o9Q==", + "license": "MIT", + "dependencies": { + "@types/history": "^4.7.11", + "@types/react": "*" + } + }, + "node_modules/@types/react-router-config": { + "version": "5.0.11", + "resolved": "https://registry.npmjs.org/@types/react-router-config/-/react-router-config-5.0.11.tgz", + "integrity": "sha512-WmSAg7WgqW7m4x8Mt4N6ZyKz0BubSj/2tVUMsAHp+Yd2AMwcSbeFq9WympT19p5heCFmF97R9eD5uUR/t4HEqw==", + "license": "MIT", + "dependencies": { + "@types/history": "^4.7.11", + "@types/react": "*", + "@types/react-router": "^5.1.0" + } + }, + "node_modules/@types/react-router-dom": { + "version": "5.3.3", + "resolved": "https://registry.npmjs.org/@types/react-router-dom/-/react-router-dom-5.3.3.tgz", + "integrity": "sha512-kpqnYK4wcdm5UaWI3fLcELopqLrHgLqNsdpHauzlQktfkHL3npOSwtj1Uz9oKBAzs7lFtVkV8j83voAz2D8fhw==", + "license": "MIT", + "dependencies": { + "@types/history": "^4.7.11", + "@types/react": "*", + "@types/react-router": "*" + } + }, + "node_modules/@types/retry": { + "version": "0.12.2", + "resolved": "https://registry.npmjs.org/@types/retry/-/retry-0.12.2.tgz", + "integrity": "sha512-XISRgDJ2Tc5q4TRqvgJtzsRkFYNJzZrhTdtMoGVBttwzzQJkPnS3WWTFc7kuDRoPtPakl+T+OfdEUjYJj7Jbow==", + "license": "MIT" + }, + "node_modules/@types/sax": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/@types/sax/-/sax-1.2.7.tgz", + "integrity": "sha512-rO73L89PJxeYM3s3pPPjiPgVVcymqU490g0YO5n5By0k2Erzj6tay/4lr1CHAAU4JyOWd1rpQ8bCf6cZfHU96A==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/send": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@types/send/-/send-1.2.0.tgz", + "integrity": "sha512-zBF6vZJn1IaMpg3xUF25VK3gd3l8zwE0ZLRX7dsQyQi+jp4E8mMDJNGDYnYse+bQhYwWERTxVwHpi3dMOq7RKQ==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/serve-index": { + "version": "1.9.4", + "resolved": "https://registry.npmjs.org/@types/serve-index/-/serve-index-1.9.4.tgz", + "integrity": "sha512-qLpGZ/c2fhSs5gnYsQxtDEq3Oy8SXPClIXkW5ghvAvsNuVSA8k+gCONcUCS/UjLEYvYps+e8uBtfgXgvhwfNug==", + "license": "MIT", + "dependencies": { + "@types/express": "*" + } + }, + "node_modules/@types/serve-static": { + "version": "1.15.9", + "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.9.tgz", + "integrity": "sha512-dOTIuqpWLyl3BBXU3maNQsS4A3zuuoYRNIvYSxxhebPfXg2mzWQEPne/nlJ37yOse6uGgR386uTpdsx4D0QZWA==", + "license": "MIT", + "dependencies": { + "@types/http-errors": "*", + "@types/node": "*", + "@types/send": "<1" + } + }, + "node_modules/@types/serve-static/node_modules/@types/send": { + "version": "0.17.5", + "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.5.tgz", + "integrity": "sha512-z6F2D3cOStZvuk2SaP6YrwkNO65iTZcwA2ZkSABegdkAh/lf+Aa/YQndZVfmEXT5vgAp6zv06VQ3ejSVjAny4w==", + "license": "MIT", + "dependencies": { + "@types/mime": "^1", + "@types/node": "*" + } + }, + "node_modules/@types/sockjs": { + "version": "0.3.36", + "resolved": "https://registry.npmjs.org/@types/sockjs/-/sockjs-0.3.36.tgz", + "integrity": "sha512-MK9V6NzAS1+Ud7JV9lJLFqW85VbC9dq3LmwZCuBe4wBDgKC0Kj/jd8Xl+nSviU+Qc3+m7umHHyHg//2KSa0a0Q==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/unist": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz", + "integrity": "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q==", + "license": "MIT" + }, + "node_modules/@types/ws": { + "version": "8.18.1", + "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz", + "integrity": "sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/yargs": { + "version": "17.0.33", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.33.tgz", + "integrity": "sha512-WpxBCKWPLr4xSsHgz511rFJAM+wS28w2zEO1QDNY5zM/S8ok70NNfztH0xwhqKyaK0OHCbN98LDAZuy1ctxDkA==", + "license": "MIT", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/@types/yargs-parser": { + "version": "21.0.3", + "resolved": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", + "integrity": "sha512-I4q9QU9MQv4oEOz4tAHJtNz1cwuLxn2F3xcc2iV5WdqLPpUnj30aUuxt1mAxYTG+oe8CZMV/+6rU4S4gRDzqtQ==", + "license": "MIT" + }, + "node_modules/@ungap/structured-clone": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.3.0.tgz", + "integrity": "sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g==", + "deprecated": "Potential CWE-502 - Update to 1.3.1 or higher", + "license": "ISC" + }, + "node_modules/@vercel/oidc": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@vercel/oidc/-/oidc-3.0.3.tgz", + "integrity": "sha512-yNEQvPcVrK9sIe637+I0jD6leluPxzwJKx/Haw6F4H77CdDsszUn5V3o96LPziXkSNE2B83+Z3mjqGKBK/R6Gg==", + "license": "Apache-2.0", + "engines": { + "node": ">= 20" + } + }, + "node_modules/@webassemblyjs/ast": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.14.1.tgz", + "integrity": "sha512-nuBEDgQfm1ccRp/8bCQrx1frohyufl4JlbMMZ4P1wpeOfDhF6FQkxZJ1b/e+PLwr6X1Nhw6OLme5usuBWYBvuQ==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/helper-numbers": "1.13.2", + "@webassemblyjs/helper-wasm-bytecode": "1.13.2" + } + }, + "node_modules/@webassemblyjs/floating-point-hex-parser": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.13.2.tgz", + "integrity": "sha512-6oXyTOzbKxGH4steLbLNOu71Oj+C8Lg34n6CqRvqfS2O71BxY6ByfMDRhBytzknj9yGUPVJ1qIKhRlAwO1AovA==", + "license": "MIT" + }, + "node_modules/@webassemblyjs/helper-api-error": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-api-error/-/helper-api-error-1.13.2.tgz", + "integrity": "sha512-U56GMYxy4ZQCbDZd6JuvvNV/WFildOjsaWD3Tzzvmw/mas3cXzRJPMjP83JqEsgSbyrmaGjBfDtV7KDXV9UzFQ==", + "license": "MIT" + }, + "node_modules/@webassemblyjs/helper-buffer": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.14.1.tgz", + "integrity": "sha512-jyH7wtcHiKssDtFPRB+iQdxlDf96m0E39yb0k5uJVhFGleZFoNw1c4aeIcVUPPbXUVJ94wwnMOAqUHyzoEPVMA==", + "license": "MIT" + }, + "node_modules/@webassemblyjs/helper-numbers": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-numbers/-/helper-numbers-1.13.2.tgz", + "integrity": "sha512-FE8aCmS5Q6eQYcV3gI35O4J789wlQA+7JrqTTpJqn5emA4U2hvwJmvFRC0HODS+3Ye6WioDklgd6scJ3+PLnEA==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/floating-point-hex-parser": "1.13.2", + "@webassemblyjs/helper-api-error": "1.13.2", + "@xtuc/long": "4.2.2" + } + }, + "node_modules/@webassemblyjs/helper-wasm-bytecode": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.13.2.tgz", + "integrity": "sha512-3QbLKy93F0EAIXLh0ogEVR6rOubA9AoZ+WRYhNbFyuB70j3dRdwH9g+qXhLAO0kiYGlg3TxDV+I4rQTr/YNXkA==", + "license": "MIT" + }, + "node_modules/@webassemblyjs/helper-wasm-section": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.14.1.tgz", + "integrity": "sha512-ds5mXEqTJ6oxRoqjhWDU83OgzAYjwsCV8Lo/N+oRsNDmx/ZDpqalmrtgOMkHwxsG0iI//3BwWAErYRHtgn0dZw==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/ast": "1.14.1", + "@webassemblyjs/helper-buffer": "1.14.1", + "@webassemblyjs/helper-wasm-bytecode": "1.13.2", + "@webassemblyjs/wasm-gen": "1.14.1" + } + }, + "node_modules/@webassemblyjs/ieee754": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/@webassemblyjs/ieee754/-/ieee754-1.13.2.tgz", + "integrity": "sha512-4LtOzh58S/5lX4ITKxnAK2USuNEvpdVV9AlgGQb8rJDHaLeHciwG4zlGr0j/SNWlr7x3vO1lDEsuePvtcDNCkw==", + "license": "MIT", + "dependencies": { + "@xtuc/ieee754": "^1.2.0" + } + }, + "node_modules/@webassemblyjs/leb128": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/@webassemblyjs/leb128/-/leb128-1.13.2.tgz", + "integrity": "sha512-Lde1oNoIdzVzdkNEAWZ1dZ5orIbff80YPdHx20mrHwHrVNNTjNr8E3xz9BdpcGqRQbAEa+fkrCb+fRFTl/6sQw==", + "license": "Apache-2.0", + "dependencies": { + "@xtuc/long": "4.2.2" + } + }, + "node_modules/@webassemblyjs/utf8": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/@webassemblyjs/utf8/-/utf8-1.13.2.tgz", + "integrity": "sha512-3NQWGjKTASY1xV5m7Hr0iPeXD9+RDobLll3T9d2AO+g3my8xy5peVyjSag4I50mR1bBSN/Ct12lo+R9tJk0NZQ==", + "license": "MIT" + }, + "node_modules/@webassemblyjs/wasm-edit": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.14.1.tgz", + "integrity": "sha512-RNJUIQH/J8iA/1NzlE4N7KtyZNHi3w7at7hDjvRNm5rcUXa00z1vRz3glZoULfJ5mpvYhLybmVcwcjGrC1pRrQ==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/ast": "1.14.1", + "@webassemblyjs/helper-buffer": "1.14.1", + "@webassemblyjs/helper-wasm-bytecode": "1.13.2", + "@webassemblyjs/helper-wasm-section": "1.14.1", + "@webassemblyjs/wasm-gen": "1.14.1", + "@webassemblyjs/wasm-opt": "1.14.1", + "@webassemblyjs/wasm-parser": "1.14.1", + "@webassemblyjs/wast-printer": "1.14.1" + } + }, + "node_modules/@webassemblyjs/wasm-gen": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.14.1.tgz", + "integrity": "sha512-AmomSIjP8ZbfGQhumkNvgC33AY7qtMCXnN6bL2u2Js4gVCg8fp735aEiMSBbDR7UQIj90n4wKAFUSEd0QN2Ukg==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/ast": "1.14.1", + "@webassemblyjs/helper-wasm-bytecode": "1.13.2", + "@webassemblyjs/ieee754": "1.13.2", + "@webassemblyjs/leb128": "1.13.2", + "@webassemblyjs/utf8": "1.13.2" + } + }, + "node_modules/@webassemblyjs/wasm-opt": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.14.1.tgz", + "integrity": "sha512-PTcKLUNvBqnY2U6E5bdOQcSM+oVP/PmrDY9NzowJjislEjwP/C4an2303MCVS2Mg9d3AJpIGdUFIQQWbPds0Sw==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/ast": "1.14.1", + "@webassemblyjs/helper-buffer": "1.14.1", + "@webassemblyjs/wasm-gen": "1.14.1", + "@webassemblyjs/wasm-parser": "1.14.1" + } + }, + "node_modules/@webassemblyjs/wasm-parser": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.14.1.tgz", + "integrity": "sha512-JLBl+KZ0R5qB7mCnud/yyX08jWFw5MsoalJ1pQ4EdFlgj9VdXKGuENGsiCIjegI1W7p91rUlcB/LB5yRJKNTcQ==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/ast": "1.14.1", + "@webassemblyjs/helper-api-error": "1.13.2", + "@webassemblyjs/helper-wasm-bytecode": "1.13.2", + "@webassemblyjs/ieee754": "1.13.2", + "@webassemblyjs/leb128": "1.13.2", + "@webassemblyjs/utf8": "1.13.2" + } + }, + "node_modules/@webassemblyjs/wast-printer": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.14.1.tgz", + "integrity": "sha512-kPSSXE6De1XOR820C90RIo2ogvZG+c3KiHzqUoO/F34Y2shGzesfqv7o57xrxovZJH/MetF5UjroJ/R/3isoiw==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/ast": "1.14.1", + "@xtuc/long": "4.2.2" + } + }, + "node_modules/@xtuc/ieee754": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@xtuc/ieee754/-/ieee754-1.2.0.tgz", + "integrity": "sha512-DX8nKgqcGwsc0eJSqYt5lwP4DH5FlHnmuWWBRy7X0NcaGR0ZtuyeESgMwTYVEtxmsNGY+qit4QYT/MIYTOTPeA==", + "license": "BSD-3-Clause" + }, + "node_modules/@xtuc/long": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@xtuc/long/-/long-4.2.2.tgz", + "integrity": "sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ==", + "license": "Apache-2.0" + }, + "node_modules/accepts": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", + "license": "MIT", + "dependencies": { + "mime-types": "~2.1.34", + "negotiator": "0.6.3" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/accepts/node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/accepts/node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/accepts/node_modules/negotiator": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/acorn": { + "version": "8.15.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz", + "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==", + "license": "MIT", + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/acorn-import-phases": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/acorn-import-phases/-/acorn-import-phases-1.0.4.tgz", + "integrity": "sha512-wKmbr/DDiIXzEOiWrTTUcDm24kQ2vGfZQvM2fwg2vXqR5uW6aapr7ObPtj1th32b9u90/Pf4AItvdTh42fBmVQ==", + "license": "MIT", + "engines": { + "node": ">=10.13.0" + }, + "peerDependencies": { + "acorn": "^8.14.0" + } + }, + "node_modules/acorn-jsx": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==", + "license": "MIT", + "peerDependencies": { + "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" + } + }, + "node_modules/acorn-walk": { + "version": "8.3.4", + "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.4.tgz", + "integrity": "sha512-ueEepnujpqee2o5aIYnvHU6C0A42MNdsIDeqy5BydrkuC5R1ZuUFnm27EeFJGoEHJQgn3uleRvmTXaJgfXbt4g==", + "license": "MIT", + "dependencies": { + "acorn": "^8.11.0" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/address": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/address/-/address-1.2.2.tgz", + "integrity": "sha512-4B/qKCfeE/ODUaAUpSwfzazo5x29WD4r3vXiWsB7I2mSDAihwEqKO+g8GELZUQSSAo5e1XTYh3ZVfLyxBc12nA==", + "license": "MIT", + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/aggregate-error": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", + "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", + "license": "MIT", + "dependencies": { + "clean-stack": "^2.0.0", + "indent-string": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/ai": { + "version": "5.0.76", + "resolved": "https://registry.npmjs.org/ai/-/ai-5.0.76.tgz", + "integrity": "sha512-ZCxi1vrpyCUnDbtYrO/W8GLvyacV9689f00yshTIQ3mFFphbD7eIv40a2AOZBv3GGRA7SSRYIDnr56wcS/gyQg==", + "license": "Apache-2.0", + "dependencies": { + "@ai-sdk/gateway": "2.0.0", + "@ai-sdk/provider": "2.0.0", + "@ai-sdk/provider-utils": "3.0.12", + "@opentelemetry/api": "1.9.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "zod": "^3.25.76 || ^4.1.8" + } + }, + "node_modules/ajv": { + "version": "8.17.1", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", + "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ajv-formats": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-2.1.1.tgz", + "integrity": "sha512-Wx0Kx52hxE7C18hkMEggYlEifqWZtYaRgouJor+WMdPnQyEK13vgEWyVNup7SoeeoLMsr4kf5h6dOW11I15MUA==", + "license": "MIT", + "dependencies": { + "ajv": "^8.0.0" + }, + "peerDependencies": { + "ajv": "^8.0.0" + }, + "peerDependenciesMeta": { + "ajv": { + "optional": true + } + } + }, + "node_modules/ajv-keywords": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz", + "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3" + }, + "peerDependencies": { + "ajv": "^8.8.2" + } + }, + "node_modules/algoliasearch": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/algoliasearch/-/algoliasearch-5.40.1.tgz", + "integrity": "sha512-iUNxcXUNg9085TJx0HJLjqtDE0r1RZ0GOGrt8KNQqQT5ugu8lZsHuMUYW/e0lHhq6xBvmktU9Bw4CXP9VQeKrg==", + "license": "MIT", + "dependencies": { + "@algolia/abtesting": "1.6.1", + "@algolia/client-abtesting": "5.40.1", + "@algolia/client-analytics": "5.40.1", + "@algolia/client-common": "5.40.1", + "@algolia/client-insights": "5.40.1", + "@algolia/client-personalization": "5.40.1", + "@algolia/client-query-suggestions": "5.40.1", + "@algolia/client-search": "5.40.1", + "@algolia/ingestion": "1.40.1", + "@algolia/monitoring": "1.40.1", + "@algolia/recommend": "5.40.1", + "@algolia/requester-browser-xhr": "5.40.1", + "@algolia/requester-fetch": "5.40.1", + "@algolia/requester-node-http": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/algoliasearch-helper": { + "version": "3.26.0", + "resolved": "https://registry.npmjs.org/algoliasearch-helper/-/algoliasearch-helper-3.26.0.tgz", + "integrity": "sha512-Rv2x3GXleQ3ygwhkhJubhhYGsICmShLAiqtUuJTUkr9uOCOXyF2E71LVT4XDnVffbknv8XgScP4U0Oxtgm+hIw==", + "license": "MIT", + "dependencies": { + "@algolia/events": "^4.0.1" + }, + "peerDependencies": { + "algoliasearch": ">= 3.1 < 6" + } + }, + "node_modules/algoliasearch/node_modules/@algolia/client-common": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.40.1.tgz", + "integrity": "sha512-gWfQuQUBtzUboJv/apVGZMoxSaB0M4Imwl1c9Ap+HpCW7V0KhjBddqF2QQt5tJZCOFsfNIgBbZDGsEPaeKUosw==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/algoliasearch/node_modules/@algolia/client-search": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/client-search/-/client-search-5.40.1.tgz", + "integrity": "sha512-Mw6pAUF121MfngQtcUb5quZVqMC68pSYYjCRZkSITC085S3zdk+h/g7i6FxnVdbSU6OztxikSDMh1r7Z+4iPlA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1", + "@algolia/requester-browser-xhr": "5.40.1", + "@algolia/requester-fetch": "5.40.1", + "@algolia/requester-node-http": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/algoliasearch/node_modules/@algolia/requester-browser-xhr": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.40.1.tgz", + "integrity": "sha512-PbidVsPurUSQIr6X9/7s34mgOMdJnn0i6p+N6Ab+lsNhY5eiu+S33kZEpZwkITYBCIbhzDLOvb7xZD3gDi+USA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/algoliasearch/node_modules/@algolia/requester-fetch": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.40.1.tgz", + "integrity": "sha512-ThZ5j6uOZCF11fMw9IBkhigjOYdXGXQpj6h4k+T9UkZrF2RlKcPynFzDeRgaLdpYk8Yn3/MnFbwUmib7yxj5Lw==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/algoliasearch/node_modules/@algolia/requester-node-http": { + "version": "5.40.1", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.40.1.tgz", + "integrity": "sha512-H1gYPojO6krWHnUXu/T44DrEun/Wl95PJzMXRcM/szstNQczSbwq6wIFJPI9nyE95tarZfUNU3rgorT+wZ6iCQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.40.1" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/ansi-align": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/ansi-align/-/ansi-align-3.0.1.tgz", + "integrity": "sha512-IOfwwBF5iczOjp/WeY4YxyjqAFMQoZufdQWDd19SEExbVLNXqvpzSJ/M7Za4/sCPmQ0+GRquoA7bGcINcxew6w==", + "license": "ISC", + "dependencies": { + "string-width": "^4.1.0" + } + }, + "node_modules/ansi-align/node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "license": "MIT" + }, + "node_modules/ansi-align/node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-escapes": { + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "integrity": "sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==", + "license": "MIT", + "dependencies": { + "type-fest": "^0.21.3" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ansi-escapes/node_modules/type-fest": { + "version": "0.21.3", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==", + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ansi-html-community": { + "version": "0.0.8", + "resolved": "https://registry.npmjs.org/ansi-html-community/-/ansi-html-community-0.0.8.tgz", + "integrity": "sha512-1APHAyr3+PCamwNw3bXCPp4HFLONZt/yIH0sZp0/469KWNTEy+qN5jQ3GVX6DMZ1UXAi34yVwtTeaG/HpBuuzw==", + "engines": [ + "node >= 0.8.0" + ], + "license": "Apache-2.0", + "bin": { + "ansi-html": "bin/ansi-html" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "license": "MIT", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/anymatch": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", + "license": "ISC", + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/arg": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", + "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==", + "license": "MIT" + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "license": "Python-2.0" + }, + "node_modules/array-flatten": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==", + "license": "MIT" + }, + "node_modules/array-union": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/astring": { + "version": "1.9.0", + "resolved": "https://registry.npmjs.org/astring/-/astring-1.9.0.tgz", + "integrity": "sha512-LElXdjswlqjWrPpJFg1Fx4wpkOCxj1TDHlSV4PlaRxHGWko024xICaa97ZkMfs6DRKlCguiAI+rbXv5GWwXIkg==", + "license": "MIT", + "bin": { + "astring": "bin/astring" + } + }, + "node_modules/autoprefixer": { + "version": "10.4.21", + "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.21.tgz", + "integrity": "sha512-O+A6LWV5LDHSJD3LjHYoNi4VLsj/Whi7k6zG12xTYaU4cQ8oxQGckXNX8cRHK5yOZ/ppVHe0ZBXGzSV9jXdVbQ==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/autoprefixer" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "browserslist": "^4.24.4", + "caniuse-lite": "^1.0.30001702", + "fraction.js": "^4.3.7", + "normalize-range": "^0.1.2", + "picocolors": "^1.1.1", + "postcss-value-parser": "^4.2.0" + }, + "bin": { + "autoprefixer": "bin/autoprefixer" + }, + "engines": { + "node": "^10 || ^12 || >=14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/babel-loader": { + "version": "9.2.1", + "resolved": "https://registry.npmjs.org/babel-loader/-/babel-loader-9.2.1.tgz", + "integrity": "sha512-fqe8naHt46e0yIdkjUZYqddSXfej3AHajX+CSO5X7oy0EmPc6o5Xh+RClNoHjnieWz9AW4kZxW9yyFMhVB1QLA==", + "license": "MIT", + "dependencies": { + "find-cache-dir": "^4.0.0", + "schema-utils": "^4.0.0" + }, + "engines": { + "node": ">= 14.15.0" + }, + "peerDependencies": { + "@babel/core": "^7.12.0", + "webpack": ">=5" + } + }, + "node_modules/babel-plugin-dynamic-import-node": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/babel-plugin-dynamic-import-node/-/babel-plugin-dynamic-import-node-2.3.3.tgz", + "integrity": "sha512-jZVI+s9Zg3IqA/kdi0i6UDCybUI3aSBLnglhYbSSjKlV7yF1F/5LWv8MakQmvYpnbJDS6fcBL2KzHSxNCMtWSQ==", + "license": "MIT", + "dependencies": { + "object.assign": "^4.1.0" + } + }, + "node_modules/babel-plugin-polyfill-corejs2": { + "version": "0.4.14", + "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.14.tgz", + "integrity": "sha512-Co2Y9wX854ts6U8gAAPXfn0GmAyctHuK8n0Yhfjd6t30g7yvKjspvvOo9yG+z52PZRgFErt7Ka2pYnXCjLKEpg==", + "license": "MIT", + "dependencies": { + "@babel/compat-data": "^7.27.7", + "@babel/helper-define-polyfill-provider": "^0.6.5", + "semver": "^6.3.1" + }, + "peerDependencies": { + "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" + } + }, + "node_modules/babel-plugin-polyfill-corejs2/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/babel-plugin-polyfill-corejs3": { + "version": "0.13.0", + "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.13.0.tgz", + "integrity": "sha512-U+GNwMdSFgzVmfhNm8GJUX88AadB3uo9KpJqS3FaqNIPKgySuvMb+bHPsOmmuWyIcuqZj/pzt1RUIUZns4y2+A==", + "license": "MIT", + "dependencies": { + "@babel/helper-define-polyfill-provider": "^0.6.5", + "core-js-compat": "^3.43.0" + }, + "peerDependencies": { + "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" + } + }, + "node_modules/babel-plugin-polyfill-regenerator": { + "version": "0.6.5", + "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.6.5.tgz", + "integrity": "sha512-ISqQ2frbiNU9vIJkzg7dlPpznPZ4jOiUQ1uSmB0fEHeowtN3COYRsXr/xexn64NpU13P06jc/L5TgiJXOgrbEg==", + "license": "MIT", + "dependencies": { + "@babel/helper-define-polyfill-provider": "^0.6.5" + }, + "peerDependencies": { + "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" + } + }, + "node_modules/bail": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/bail/-/bail-2.0.2.tgz", + "integrity": "sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "license": "MIT" + }, + "node_modules/baseline-browser-mapping": { + "version": "2.8.17", + "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.8.17.tgz", + "integrity": "sha512-j5zJcx6golJYTG6c05LUZ3Z8Gi+M62zRT/ycz4Xq4iCOdpcxwg7ngEYD4KA0eWZC7U17qh/Smq8bYbACJ0ipBA==", + "license": "Apache-2.0", + "bin": { + "baseline-browser-mapping": "dist/cli.js" + } + }, + "node_modules/batch": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/batch/-/batch-0.6.1.tgz", + "integrity": "sha512-x+VAiMRL6UPkx+kudNvxTl6hB2XNNCG2r+7wixVfIYwu/2HKRXimwQyaumLjMveWvT2Hkd/cAJw+QBMfJ/EKVw==", + "license": "MIT" + }, + "node_modules/big.js": { + "version": "5.2.2", + "resolved": "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz", + "integrity": "sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ==", + "license": "MIT", + "engines": { + "node": "*" + } + }, + "node_modules/binary-extensions": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/body-parser": { + "version": "1.20.3", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz", + "integrity": "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==", + "license": "MIT", + "dependencies": { + "bytes": "3.1.2", + "content-type": "~1.0.5", + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "1.2.0", + "http-errors": "2.0.0", + "iconv-lite": "0.4.24", + "on-finished": "2.4.1", + "qs": "6.13.0", + "raw-body": "2.5.2", + "type-is": "~1.6.18", + "unpipe": "1.0.0" + }, + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/body-parser/node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/body-parser/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/body-parser/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/bonjour-service": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/bonjour-service/-/bonjour-service-1.3.0.tgz", + "integrity": "sha512-3YuAUiSkWykd+2Azjgyxei8OWf8thdn8AITIog2M4UICzoqfjlqr64WIjEXZllf/W6vK1goqleSR6brGomxQqA==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3", + "multicast-dns": "^7.2.5" + } + }, + "node_modules/boolbase": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz", + "integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==", + "license": "ISC" + }, + "node_modules/boxen": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/boxen/-/boxen-6.2.1.tgz", + "integrity": "sha512-H4PEsJXfFI/Pt8sjDWbHlQPx4zL/bvSQjcilJmaulGt5mLDorHOHpmdXAJcBcmru7PhYSp/cDMWRko4ZUMFkSw==", + "license": "MIT", + "dependencies": { + "ansi-align": "^3.0.1", + "camelcase": "^6.2.0", + "chalk": "^4.1.2", + "cli-boxes": "^3.0.0", + "string-width": "^5.0.1", + "type-fest": "^2.5.0", + "widest-line": "^4.0.1", + "wrap-ansi": "^8.0.1" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/brace-expansion": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz", + "integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==", + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0" + } + }, + "node_modules/braces": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "license": "MIT", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/browserslist": { + "version": "4.26.3", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.26.3.tgz", + "integrity": "sha512-lAUU+02RFBuCKQPj/P6NgjlbCnLBMp4UtgTx7vNHd3XSIJF87s9a5rA3aH2yw3GS9DqZAUbOtZdCCiZeVRqt0w==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "baseline-browser-mapping": "^2.8.9", + "caniuse-lite": "^1.0.30001746", + "electron-to-chromium": "^1.5.227", + "node-releases": "^2.0.21", + "update-browserslist-db": "^1.1.3" + }, + "bin": { + "browserslist": "cli.js" + }, + "engines": { + "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" + } + }, + "node_modules/buffer-from": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==", + "license": "MIT" + }, + "node_modules/bundle-name": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz", + "integrity": "sha512-tjwM5exMg6BGRI+kNmTntNsvdZS1X8BFYS6tnJ2hdH0kVxM6/eVZ2xy+FqStSWvYmtfFMDLIxurorHwDKfDz5Q==", + "license": "MIT", + "dependencies": { + "run-applescript": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/bytes": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.0.0.tgz", + "integrity": "sha512-pMhOfFDPiv9t5jjIXkHosWmkSyQbvsgEVNkz0ERHbuLh2T/7j4Mqqpz523Fe8MVY89KC6Sh/QfS2sM+SjgFDcw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/cacheable-lookup": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", + "integrity": "sha512-+qJyx4xiKra8mZrcwhjMRMUhD5NR1R8esPkzIYxX96JiecFoxAXFuz/GpR3+ev4PE1WamHip78wV0vcmPQtp8w==", + "license": "MIT", + "engines": { + "node": ">=14.16" + } + }, + "node_modules/cacheable-request": { + "version": "13.0.12", + "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-13.0.12.tgz", + "integrity": "sha512-qqK/etGeI/9DV5yRkO50ApDTjip9UXPml1NHYJksUAw15yMLOf8VUO1/8bu4P8birOCqR+hYQ/nh1Lezc8sZrA==", + "license": "MIT", + "dependencies": { + "@types/http-cache-semantics": "^4.0.4", + "get-stream": "^9.0.1", + "http-cache-semantics": "^4.2.0", + "keyv": "^5.5.3", + "mimic-response": "^4.0.0", + "normalize-url": "^8.1.0", + "responselike": "^3.0.0" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/cacheable-request/node_modules/get-stream": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-9.0.1.tgz", + "integrity": "sha512-kVCxPF3vQM/N0B1PmoqVUqgHP+EeVjmZSQn+1oCRPxd2P21P2F19lIgbR3HBosbB1PUhOAoctJnfEn2GbN2eZA==", + "license": "MIT", + "dependencies": { + "@sec-ant/readable-stream": "^0.4.1", + "is-stream": "^4.0.1" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cacheable-request/node_modules/is-stream": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-4.0.1.tgz", + "integrity": "sha512-Dnz92NInDqYckGEUJv689RbRiTSEHCQ7wOVeALbkOz999YpqT46yMRIGtSNl2iCL1waAZSx40+h59NV/EwzV/A==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cacheable-request/node_modules/responselike": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", + "integrity": "sha512-40yHxbNcl2+rzXvZuVkrYohathsSJlMTXKryG5y8uciHv1+xDLHQpgjG64JUO9nrEq2jGLH6IZ8BcZyw3wrweg==", + "license": "MIT", + "dependencies": { + "lowercase-keys": "^3.0.0" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/call-bind": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.8.tgz", + "integrity": "sha512-oKlSFMcMwpUg2ednkhQ454wfWiU/ul3CkJe/PEHcTKuiX6RpbehUiFMXu13HalGZxfUwCQzZG747YXBn1im9ww==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.0", + "es-define-property": "^1.0.0", + "get-intrinsic": "^1.2.4", + "set-function-length": "^1.2.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/call-bind-apply-helpers": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/call-bound": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz", + "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "get-intrinsic": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/callsites": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/camel-case": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", + "integrity": "sha512-gxGWBrTT1JuMx6R+o5PTXMmUnhnVzLQ9SNutD4YqKtI6ap897t3tKECYla6gCWEkplXnlNybEkZg9GEGxKFCgw==", + "license": "MIT", + "dependencies": { + "pascal-case": "^3.1.2", + "tslib": "^2.0.3" + } + }, + "node_modules/camelcase": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/caniuse-api": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/caniuse-api/-/caniuse-api-3.0.0.tgz", + "integrity": "sha512-bsTwuIg/BZZK/vreVTYYbSWoe2F+71P7K5QGEX+pT250DZbfU1MQ5prOKpPR+LL6uWKK3KMwMCAS74QB3Um1uw==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.0.0", + "caniuse-lite": "^1.0.0", + "lodash.memoize": "^4.1.2", + "lodash.uniq": "^4.5.0" + } + }, + "node_modules/caniuse-lite": { + "version": "1.0.30001751", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001751.tgz", + "integrity": "sha512-A0QJhug0Ly64Ii3eIqHu5X51ebln3k4yTUkY1j8drqpWHVreg/VLijN48cZ1bYPiqOQuqpkIKnzr/Ul8V+p6Cw==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/caniuse-lite" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "CC-BY-4.0" + }, + "node_modules/ccount": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/ccount/-/ccount-2.0.1.tgz", + "integrity": "sha512-eyrF0jiFpY+3drT6383f1qhkbGsLSifNAjA61IUjZjmLCWjItY6LB9ft9YhoDgwfmclB2zhu51Lc7+95b8NRAg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/char-regex": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "integrity": "sha512-kWWXztvZ5SBQV+eRgKFeh8q5sLuZY2+8WUIzlxWVTg+oGwY14qylx1KbKzHd8P6ZYkAg0xyIDU9JMHhyJMZ1jw==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/character-entities": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/character-entities/-/character-entities-2.0.2.tgz", + "integrity": "sha512-shx7oQ0Awen/BRIdkjkvz54PnEEI/EjwXDSIZp86/KKdbafHh1Df/RYGBhn4hbe2+uKC9FnT5UCEdyPz3ai9hQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/character-entities-html4": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/character-entities-html4/-/character-entities-html4-2.1.0.tgz", + "integrity": "sha512-1v7fgQRj6hnSwFpq1Eu0ynr/CDEw0rXo2B61qXrLNdHZmPKgb7fqS1a2JwF0rISo9q77jDI8VMEHoApn8qDoZA==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/character-entities-legacy": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/character-entities-legacy/-/character-entities-legacy-3.0.0.tgz", + "integrity": "sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/character-reference-invalid": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/character-reference-invalid/-/character-reference-invalid-2.0.1.tgz", + "integrity": "sha512-iBZ4F4wRbyORVsu0jPV7gXkOsGYjGHPmAyv+HiHG8gi5PtC9KI2j1+v8/tlibRvjoWX027ypmG/n0HtO5t7unw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/cheerio": { + "version": "1.0.0-rc.12", + "resolved": "https://registry.npmjs.org/cheerio/-/cheerio-1.0.0-rc.12.tgz", + "integrity": "sha512-VqR8m68vM46BNnuZ5NtnGBKIE/DfN0cRIzg9n40EIq9NOv90ayxLBXA8fXC5gquFRGJSTRqBq25Jt2ECLR431Q==", + "license": "MIT", + "dependencies": { + "cheerio-select": "^2.1.0", + "dom-serializer": "^2.0.0", + "domhandler": "^5.0.3", + "domutils": "^3.0.1", + "htmlparser2": "^8.0.1", + "parse5": "^7.0.0", + "parse5-htmlparser2-tree-adapter": "^7.0.0" + }, + "engines": { + "node": ">= 6" + }, + "funding": { + "url": "https://github.com/cheeriojs/cheerio?sponsor=1" + } + }, + "node_modules/cheerio-select": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/cheerio-select/-/cheerio-select-2.1.0.tgz", + "integrity": "sha512-9v9kG0LvzrlcungtnJtpGNxY+fzECQKhK4EGJX2vByejiMX84MFNQw4UxPJl3bFbTMw+Dfs37XaIkCwTZfLh4g==", + "license": "BSD-2-Clause", + "dependencies": { + "boolbase": "^1.0.0", + "css-select": "^5.1.0", + "css-what": "^6.1.0", + "domelementtype": "^2.3.0", + "domhandler": "^5.0.3", + "domutils": "^3.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/chokidar": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", + "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", + "license": "MIT", + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "node_modules/chrome-trace-event": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/chrome-trace-event/-/chrome-trace-event-1.0.4.tgz", + "integrity": "sha512-rNjApaLzuwaOTjCiT8lSDdGN1APCiqkChLMJxJPWLunPAt5fy8xgU9/jNOchV84wfIxrA0lRQB7oCT8jrn/wrQ==", + "license": "MIT", + "engines": { + "node": ">=6.0" + } + }, + "node_modules/ci-info": { + "version": "3.9.0", + "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "integrity": "sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/sibiraj-s" + } + ], + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/clean-css": { + "version": "5.3.3", + "resolved": "https://registry.npmjs.org/clean-css/-/clean-css-5.3.3.tgz", + "integrity": "sha512-D5J+kHaVb/wKSFcyyV75uCn8fiY4sV38XJoe4CUyGQ+mOU/fMVYUdH1hJC+CJQ5uY3EnW27SbJYS4X8BiLrAFg==", + "license": "MIT", + "dependencies": { + "source-map": "~0.6.0" + }, + "engines": { + "node": ">= 10.0" + } + }, + "node_modules/clean-css/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/clean-stack": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", + "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/cli-boxes": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/cli-boxes/-/cli-boxes-3.0.0.tgz", + "integrity": "sha512-/lzGpEWL/8PfI0BmBOPRwp0c/wFNX1RdUML3jK/RcSBA9T8mZDdQpqYBKtCFTOfQbwPqWEOpjqW+Fnayc0969g==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cli-table3": { + "version": "0.6.5", + "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.5.tgz", + "integrity": "sha512-+W/5efTR7y5HRD7gACw9yQjqMVvEMLBHmboM/kPWam+H+Hmyrgjh6YncVKK122YZkXrLudzTuAukUw9FnMf7IQ==", + "license": "MIT", + "dependencies": { + "string-width": "^4.2.0" + }, + "engines": { + "node": "10.* || >= 12.*" + }, + "optionalDependencies": { + "@colors/colors": "1.5.0" + } + }, + "node_modules/cli-table3/node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "license": "MIT" + }, + "node_modules/cli-table3/node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/clone-deep": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/clone-deep/-/clone-deep-4.0.1.tgz", + "integrity": "sha512-neHB9xuzh/wk0dIHweyAXv2aPGZIVk3pLMe+/RNzINf17fe0OG96QroktYAUm7SM1PBnzTabaLboqqxDyMU+SQ==", + "license": "MIT", + "dependencies": { + "is-plain-object": "^2.0.4", + "kind-of": "^6.0.2", + "shallow-clone": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/clsx": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz", + "integrity": "sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/collapse-white-space": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/collapse-white-space/-/collapse-white-space-2.1.0.tgz", + "integrity": "sha512-loKTxY1zCOuG4j9f6EPnuyyYkf58RnhhWTvRoZEokgB+WbdXehfjFviyOVYkqzEWz1Q5kRiZdBYS5SwxbQYwzw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "license": "MIT", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "license": "MIT" + }, + "node_modules/colord": { + "version": "2.9.3", + "resolved": "https://registry.npmjs.org/colord/-/colord-2.9.3.tgz", + "integrity": "sha512-jeC1axXpnb0/2nn/Y1LPuLdgXBLH7aDcHu4KEKfqw3CUhX7ZpfBSlPKyqXE6btIgEzfWtrX3/tyBCaCvXvMkOw==", + "license": "MIT" + }, + "node_modules/colorette": { + "version": "2.0.20", + "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz", + "integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==", + "license": "MIT" + }, + "node_modules/combine-promises": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/combine-promises/-/combine-promises-1.2.0.tgz", + "integrity": "sha512-VcQB1ziGD0NXrhKxiwyNbCDmRzs/OShMs2GqW2DlU2A/Sd0nQxE1oWDAE5O0ygSx5mgQOn9eIFh7yKPgFRVkPQ==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/comma-separated-tokens": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/comma-separated-tokens/-/comma-separated-tokens-2.0.3.tgz", + "integrity": "sha512-Fu4hJdvzeylCfQPp9SGWidpzrMs7tTrlu6Vb8XGaRGck8QSNZJJp538Wrb60Lax4fPwR64ViY468OIUTbRlGZg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/commander": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz", + "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==", + "license": "MIT", + "engines": { + "node": ">= 6" + } + }, + "node_modules/common-path-prefix": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/common-path-prefix/-/common-path-prefix-3.0.0.tgz", + "integrity": "sha512-QE33hToZseCH3jS0qN96O/bSh3kaw/h+Tq7ngyY9eWDUnTlTNUyqfqvCXioLe5Na5jFsL78ra/wuBU4iuEgd4w==", + "license": "ISC" + }, + "node_modules/compressible": { + "version": "2.0.18", + "resolved": "https://registry.npmjs.org/compressible/-/compressible-2.0.18.tgz", + "integrity": "sha512-AF3r7P5dWxL8MxyITRMlORQNaOA2IkAFaTr4k7BUumjPtRpGDTZpl0Pb1XCO6JeDCBdp126Cgs9sMxqSjgYyRg==", + "license": "MIT", + "dependencies": { + "mime-db": ">= 1.43.0 < 2" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/compressible/node_modules/mime-db": { + "version": "1.54.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", + "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/compression": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/compression/-/compression-1.8.1.tgz", + "integrity": "sha512-9mAqGPHLakhCLeNyxPkK4xVo746zQ/czLH1Ky+vkitMnWfWZps8r0qXuwhwizagCRttsL4lfG4pIOvaWLpAP0w==", + "license": "MIT", + "dependencies": { + "bytes": "3.1.2", + "compressible": "~2.0.18", + "debug": "2.6.9", + "negotiator": "~0.6.4", + "on-headers": "~1.1.0", + "safe-buffer": "5.2.1", + "vary": "~1.1.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/compression/node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/compression/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/compression/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "license": "MIT" + }, + "node_modules/config-chain": { + "version": "1.1.13", + "resolved": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "integrity": "sha512-qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ==", + "license": "MIT", + "dependencies": { + "ini": "^1.3.4", + "proto-list": "~1.2.1" + } + }, + "node_modules/config-chain/node_modules/ini": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==", + "license": "ISC" + }, + "node_modules/configstore": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/configstore/-/configstore-6.0.0.tgz", + "integrity": "sha512-cD31W1v3GqUlQvbBCGcXmd2Nj9SvLDOP1oQ0YFuLETufzSPaKp11rYBsSOm7rCsW3OnIRAFM3OxRhceaXNYHkA==", + "license": "BSD-2-Clause", + "dependencies": { + "dot-prop": "^6.0.1", + "graceful-fs": "^4.2.6", + "unique-string": "^3.0.0", + "write-file-atomic": "^3.0.3", + "xdg-basedir": "^5.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/yeoman/configstore?sponsor=1" + } + }, + "node_modules/connect-history-api-fallback": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/connect-history-api-fallback/-/connect-history-api-fallback-2.0.0.tgz", + "integrity": "sha512-U73+6lQFmfiNPrYbXqr6kZ1i1wiRqXnp2nhMsINseWXO8lDau0LGEffJ8kQi4EjLZympVgRdvqjAgiZ1tgzDDA==", + "license": "MIT", + "engines": { + "node": ">=0.8" + } + }, + "node_modules/consola": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/consola/-/consola-3.4.2.tgz", + "integrity": "sha512-5IKcdX0nnYavi6G7TtOhwkYzyjfJlatbjMjuLSfE2kYT5pMDOilZ4OvMhi637CcDICTmz3wARPoyhqyX1Y+XvA==", + "license": "MIT", + "engines": { + "node": "^14.18.0 || >=16.10.0" + } + }, + "node_modules/content-disposition": { + "version": "0.5.2", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.2.tgz", + "integrity": "sha512-kRGRZw3bLlFISDBgwTSA1TMBFN6J6GWDeubmDE3AF+3+yXL8hTWv8r5rkLbqYXY4RjPk/EzHnClI3zQf1cFmHA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/content-type": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/convert-source-map": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", + "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==", + "license": "MIT" + }, + "node_modules/cookie": { + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz", + "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie-signature": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==", + "license": "MIT" + }, + "node_modules/copy-webpack-plugin": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/copy-webpack-plugin/-/copy-webpack-plugin-11.0.0.tgz", + "integrity": "sha512-fX2MWpamkW0hZxMEg0+mYnA40LTosOSa5TqZ9GYIBzyJa9C3QUaMPSE2xAi/buNr8u89SfD9wHSQVBzrRa/SOQ==", + "license": "MIT", + "dependencies": { + "fast-glob": "^3.2.11", + "glob-parent": "^6.0.1", + "globby": "^13.1.1", + "normalize-path": "^3.0.0", + "schema-utils": "^4.0.0", + "serialize-javascript": "^6.0.0" + }, + "engines": { + "node": ">= 14.15.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.1.0" + } + }, + "node_modules/copy-webpack-plugin/node_modules/glob-parent": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", + "license": "ISC", + "dependencies": { + "is-glob": "^4.0.3" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/copy-webpack-plugin/node_modules/globby": { + "version": "13.2.2", + "resolved": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz", + "integrity": "sha512-Y1zNGV+pzQdh7H39l9zgB4PJqjRNqydvdYCDG4HFXM4XuvSaQQlEc91IU1yALL8gUTDomgBAfz3XJdmUS+oo0w==", + "license": "MIT", + "dependencies": { + "dir-glob": "^3.0.1", + "fast-glob": "^3.3.0", + "ignore": "^5.2.4", + "merge2": "^1.4.1", + "slash": "^4.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/copy-webpack-plugin/node_modules/slash": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "integrity": "sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/core-js": { + "version": "3.46.0", + "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.46.0.tgz", + "integrity": "sha512-vDMm9B0xnqqZ8uSBpZ8sNtRtOdmfShrvT6h2TuQGLs0Is+cR0DYbj/KWP6ALVNbWPpqA/qPLoOuppJN07humpA==", + "hasInstallScript": true, + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/core-js" + } + }, + "node_modules/core-js-compat": { + "version": "3.46.0", + "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.46.0.tgz", + "integrity": "sha512-p9hObIIEENxSV8xIu+V68JjSeARg6UVMG5mR+JEUguG3sI6MsiS1njz2jHmyJDvA+8jX/sytkBHup6kxhM9law==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.26.3" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/core-js" + } + }, + "node_modules/core-js-pure": { + "version": "3.46.0", + "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.46.0.tgz", + "integrity": "sha512-NMCW30bHNofuhwLhYPt66OLOKTMbOhgTTatKVbaQC3KRHpTCiRIBYvtshr+NBYSnBxwAFhjW/RfJ0XbIjS16rw==", + "hasInstallScript": true, + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/core-js" + } + }, + "node_modules/core-util-is": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==", + "license": "MIT" + }, + "node_modules/cosmiconfig": { + "version": "8.3.6", + "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-8.3.6.tgz", + "integrity": "sha512-kcZ6+W5QzcJ3P1Mt+83OUv/oHFqZHIx8DuxG6eZ5RGMERoLqp4BuGjhHLYGK+Kf5XVkQvqBSmAy/nGWN3qDgEA==", + "license": "MIT", + "dependencies": { + "import-fresh": "^3.3.0", + "js-yaml": "^4.1.0", + "parse-json": "^5.2.0", + "path-type": "^4.0.0" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/d-fischer" + }, + "peerDependencies": { + "typescript": ">=4.9.5" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/cross-spawn": { + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", + "license": "MIT", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/crypto-random-string": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-4.0.0.tgz", + "integrity": "sha512-x8dy3RnvYdlUcPOjkEHqozhiwzKNSq7GcPuXFbnyMOCHxX8V3OgIg/pYuabl2sbUPfIJaeAQB7PMOK8DFIdoRA==", + "license": "MIT", + "dependencies": { + "type-fest": "^1.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/crypto-random-string/node_modules/type-fest": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-1.4.0.tgz", + "integrity": "sha512-yGSza74xk0UG8k+pLh5oeoYirvIiWo5t0/o3zHHAO2tRDiZcxWP7fywNlXhqb6/r6sWvwi+RsyQMWhVLe4BVuA==", + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/css-blank-pseudo": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/css-blank-pseudo/-/css-blank-pseudo-7.0.1.tgz", + "integrity": "sha512-jf+twWGDf6LDoXDUode+nc7ZlrqfaNphrBIBrcmeP3D8yw1uPaix1gCC8LUQUGQ6CycuK2opkbFFWFuq/a94ag==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/css-blank-pseudo/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/css-declaration-sorter": { + "version": "7.3.0", + "resolved": "https://registry.npmjs.org/css-declaration-sorter/-/css-declaration-sorter-7.3.0.tgz", + "integrity": "sha512-LQF6N/3vkAMYF4xoHLJfG718HRJh34Z8BnNhd6bosOMIVjMlhuZK5++oZa3uYAgrI5+7x2o27gUqTR2U/KjUOQ==", + "license": "ISC", + "engines": { + "node": "^14 || ^16 || >=18" + }, + "peerDependencies": { + "postcss": "^8.0.9" + } + }, + "node_modules/css-has-pseudo": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/css-has-pseudo/-/css-has-pseudo-7.0.3.tgz", + "integrity": "sha512-oG+vKuGyqe/xvEMoxAQrhi7uY16deJR3i7wwhBerVrGQKSqUC5GiOVxTpM9F9B9hw0J+eKeOWLH7E9gZ1Dr5rA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/selector-specificity": "^5.0.0", + "postcss-selector-parser": "^7.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/css-has-pseudo/node_modules/@csstools/selector-specificity": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-5.0.0.tgz", + "integrity": "sha512-PCqQV3c4CoVm3kdPhyeZ07VmBRdH2EpMFA/pd9OASpOEC3aXNGoqPDAZ80D0cLpMBxnmk0+yNhGsEx31hq7Gtw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss-selector-parser": "^7.0.0" + } + }, + "node_modules/css-has-pseudo/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/css-loader": { + "version": "6.11.0", + "resolved": "https://registry.npmjs.org/css-loader/-/css-loader-6.11.0.tgz", + "integrity": "sha512-CTJ+AEQJjq5NzLga5pE39qdiSV56F8ywCIsqNIRF0r7BDgWsN25aazToqAFg7ZrtA/U016xudB3ffgweORxX7g==", + "license": "MIT", + "dependencies": { + "icss-utils": "^5.1.0", + "postcss": "^8.4.33", + "postcss-modules-extract-imports": "^3.1.0", + "postcss-modules-local-by-default": "^4.0.5", + "postcss-modules-scope": "^3.2.0", + "postcss-modules-values": "^4.0.0", + "postcss-value-parser": "^4.2.0", + "semver": "^7.5.4" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "@rspack/core": "0.x || 1.x", + "webpack": "^5.0.0" + }, + "peerDependenciesMeta": { + "@rspack/core": { + "optional": true + }, + "webpack": { + "optional": true + } + } + }, + "node_modules/css-minimizer-webpack-plugin": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/css-minimizer-webpack-plugin/-/css-minimizer-webpack-plugin-5.0.1.tgz", + "integrity": "sha512-3caImjKFQkS+ws1TGcFn0V1HyDJFq1Euy589JlD6/3rV2kj+w7r5G9WDMgSHvpvXHNZ2calVypZWuEDQd9wfLg==", + "license": "MIT", + "dependencies": { + "@jridgewell/trace-mapping": "^0.3.18", + "cssnano": "^6.0.1", + "jest-worker": "^29.4.3", + "postcss": "^8.4.24", + "schema-utils": "^4.0.1", + "serialize-javascript": "^6.0.1" + }, + "engines": { + "node": ">= 14.15.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.0.0" + }, + "peerDependenciesMeta": { + "@parcel/css": { + "optional": true + }, + "@swc/css": { + "optional": true + }, + "clean-css": { + "optional": true + }, + "csso": { + "optional": true + }, + "esbuild": { + "optional": true + }, + "lightningcss": { + "optional": true + } + } + }, + "node_modules/css-prefers-color-scheme": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/css-prefers-color-scheme/-/css-prefers-color-scheme-10.0.0.tgz", + "integrity": "sha512-VCtXZAWivRglTZditUfB4StnsWr6YVZ2PRtuxQLKTNRdtAf8tpzaVPE9zXIF3VaSc7O70iK/j1+NXxyQCqdPjQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/css-select": { + "version": "5.2.2", + "resolved": "https://registry.npmjs.org/css-select/-/css-select-5.2.2.tgz", + "integrity": "sha512-TizTzUddG/xYLA3NXodFM0fSbNizXjOKhqiQQwvhlspadZokn1KDy0NZFS0wuEubIYAV5/c1/lAr0TaaFXEXzw==", + "license": "BSD-2-Clause", + "dependencies": { + "boolbase": "^1.0.0", + "css-what": "^6.1.0", + "domhandler": "^5.0.2", + "domutils": "^3.0.1", + "nth-check": "^2.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/css-tree": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-2.3.1.tgz", + "integrity": "sha512-6Fv1DV/TYw//QF5IzQdqsNDjx/wc8TrMBZsqjL9eW01tWb7R7k/mq+/VXfJCl7SoD5emsJop9cOByJZfs8hYIw==", + "license": "MIT", + "dependencies": { + "mdn-data": "2.0.30", + "source-map-js": "^1.0.1" + }, + "engines": { + "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0" + } + }, + "node_modules/css-what": { + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/css-what/-/css-what-6.2.2.tgz", + "integrity": "sha512-u/O3vwbptzhMs3L1fQE82ZSLHQQfto5gyZzwteVIEyeaY5Fc7R4dapF/BvRoSYFeqfBk4m0V1Vafq5Pjv25wvA==", + "license": "BSD-2-Clause", + "engines": { + "node": ">= 6" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/cssdb": { + "version": "8.4.2", + "resolved": "https://registry.npmjs.org/cssdb/-/cssdb-8.4.2.tgz", + "integrity": "sha512-PzjkRkRUS+IHDJohtxkIczlxPPZqRo0nXplsYXOMBRPjcVRjj1W4DfvRgshUYTVuUigU7ptVYkFJQ7abUB0nyg==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + } + ], + "license": "MIT-0" + }, + "node_modules/cssesc": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", + "integrity": "sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==", + "license": "MIT", + "bin": { + "cssesc": "bin/cssesc" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/cssnano": { + "version": "6.1.2", + "resolved": "https://registry.npmjs.org/cssnano/-/cssnano-6.1.2.tgz", + "integrity": "sha512-rYk5UeX7VAM/u0lNqewCdasdtPK81CgX8wJFLEIXHbV2oldWRgJAsZrdhRXkV1NJzA2g850KiFm9mMU2HxNxMA==", + "license": "MIT", + "dependencies": { + "cssnano-preset-default": "^6.1.2", + "lilconfig": "^3.1.1" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/cssnano" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/cssnano-preset-advanced": { + "version": "6.1.2", + "resolved": "https://registry.npmjs.org/cssnano-preset-advanced/-/cssnano-preset-advanced-6.1.2.tgz", + "integrity": "sha512-Nhao7eD8ph2DoHolEzQs5CfRpiEP0xa1HBdnFZ82kvqdmbwVBUr2r1QuQ4t1pi+D1ZpqpcO4T+wy/7RxzJ/WPQ==", + "license": "MIT", + "dependencies": { + "autoprefixer": "^10.4.19", + "browserslist": "^4.23.0", + "cssnano-preset-default": "^6.1.2", + "postcss-discard-unused": "^6.0.5", + "postcss-merge-idents": "^6.0.3", + "postcss-reduce-idents": "^6.0.3", + "postcss-zindex": "^6.0.2" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/cssnano-preset-default": { + "version": "6.1.2", + "resolved": "https://registry.npmjs.org/cssnano-preset-default/-/cssnano-preset-default-6.1.2.tgz", + "integrity": "sha512-1C0C+eNaeN8OcHQa193aRgYexyJtU8XwbdieEjClw+J9d94E41LwT6ivKH0WT+fYwYWB0Zp3I3IZ7tI/BbUbrg==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "css-declaration-sorter": "^7.2.0", + "cssnano-utils": "^4.0.2", + "postcss-calc": "^9.0.1", + "postcss-colormin": "^6.1.0", + "postcss-convert-values": "^6.1.0", + "postcss-discard-comments": "^6.0.2", + "postcss-discard-duplicates": "^6.0.3", + "postcss-discard-empty": "^6.0.3", + "postcss-discard-overridden": "^6.0.2", + "postcss-merge-longhand": "^6.0.5", + "postcss-merge-rules": "^6.1.1", + "postcss-minify-font-values": "^6.1.0", + "postcss-minify-gradients": "^6.0.3", + "postcss-minify-params": "^6.1.0", + "postcss-minify-selectors": "^6.0.4", + "postcss-normalize-charset": "^6.0.2", + "postcss-normalize-display-values": "^6.0.2", + "postcss-normalize-positions": "^6.0.2", + "postcss-normalize-repeat-style": "^6.0.2", + "postcss-normalize-string": "^6.0.2", + "postcss-normalize-timing-functions": "^6.0.2", + "postcss-normalize-unicode": "^6.1.0", + "postcss-normalize-url": "^6.0.2", + "postcss-normalize-whitespace": "^6.0.2", + "postcss-ordered-values": "^6.0.2", + "postcss-reduce-initial": "^6.1.0", + "postcss-reduce-transforms": "^6.0.2", + "postcss-svgo": "^6.0.3", + "postcss-unique-selectors": "^6.0.4" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/cssnano-utils": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/cssnano-utils/-/cssnano-utils-4.0.2.tgz", + "integrity": "sha512-ZR1jHg+wZ8o4c3zqf1SIUSTIvm/9mU343FMR6Obe/unskbvpGhZOo1J6d/r8D1pzkRQYuwbcH3hToOuoA2G7oQ==", + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/csso": { + "version": "5.0.5", + "resolved": "https://registry.npmjs.org/csso/-/csso-5.0.5.tgz", + "integrity": "sha512-0LrrStPOdJj+SPCCrGhzryycLjwcgUSHBtxNA8aIDxf0GLsRh1cKYhB00Gd1lDOS4yGH69+SNn13+TWbVHETFQ==", + "license": "MIT", + "dependencies": { + "css-tree": "~2.2.0" + }, + "engines": { + "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0", + "npm": ">=7.0.0" + } + }, + "node_modules/csso/node_modules/css-tree": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-2.2.1.tgz", + "integrity": "sha512-OA0mILzGc1kCOCSJerOeqDxDQ4HOh+G8NbOJFOTgOCzpw7fCBubk0fEyxp8AgOL/jvLgYA/uV0cMbe43ElF1JA==", + "license": "MIT", + "dependencies": { + "mdn-data": "2.0.28", + "source-map-js": "^1.0.1" + }, + "engines": { + "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0", + "npm": ">=7.0.0" + } + }, + "node_modules/csso/node_modules/mdn-data": { + "version": "2.0.28", + "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.28.tgz", + "integrity": "sha512-aylIc7Z9y4yzHYAJNuESG3hfhC+0Ibp/MAMiaOZgNv4pmEdFyfZhhhny4MNiAfWdBQ1RQ2mfDWmM1x8SvGyp8g==", + "license": "CC0-1.0" + }, + "node_modules/csstype": { + "version": "3.2.3", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz", + "integrity": "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==", + "license": "MIT" + }, + "node_modules/debounce": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/debounce/-/debounce-1.2.1.tgz", + "integrity": "sha512-XRRe6Glud4rd/ZGQfiV1ruXSfbvfJedlV9Y6zOlP+2K04vBYiJEte6stfFkCP03aMnY5tsipamumUjL14fofug==", + "license": "MIT" + }, + "node_modules/debug": { + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/decode-named-character-reference": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/decode-named-character-reference/-/decode-named-character-reference-1.2.0.tgz", + "integrity": "sha512-c6fcElNV6ShtZXmsgNgFFV5tVX2PaV4g+MOAkb8eXHvn6sryJBrZa9r0zV6+dtTyoCKxtDy5tyQ5ZwQuidtd+Q==", + "license": "MIT", + "dependencies": { + "character-entities": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/decompress-response": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-10.0.0.tgz", + "integrity": "sha512-oj7KWToJuuxlPr7VV0vabvxEIiqNMo+q0NueIiL3XhtwC6FVOX7Hr1c0C4eD0bmf7Zr+S/dSf2xvkH3Ad6sU3Q==", + "license": "MIT", + "dependencies": { + "mimic-response": "^4.0.0" + }, + "engines": { + "node": ">=20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/deep-extend": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", + "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==", + "license": "MIT", + "engines": { + "node": ">=4.0.0" + } + }, + "node_modules/deepmerge": { + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/default-browser": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz", + "integrity": "sha512-WY/3TUME0x3KPYdRRxEJJvXRHV4PyPoUsxtZa78lwItwRQRHhd2U9xOscaT/YTf8uCXIAjeJOFBVEh/7FtD8Xg==", + "license": "MIT", + "dependencies": { + "bundle-name": "^4.1.0", + "default-browser-id": "^5.0.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/default-browser-id": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz", + "integrity": "sha512-A6p/pu/6fyBcA1TRz/GqWYPViplrftcW2gZC9q79ngNCKAeR/X3gcEdXQHl4KNXV+3wgIJ1CPkJQ3IHM6lcsyA==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/defer-to-connect": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", + "integrity": "sha512-4tvttepXG1VaYGrRibk5EwJd1t4udunSOVMdLSAL6mId1ix438oPwPZMALY41FCijukO1L0twNcGsdzS7dHgDg==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/define-data-property": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==", + "license": "MIT", + "dependencies": { + "es-define-property": "^1.0.0", + "es-errors": "^1.3.0", + "gopd": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/define-lazy-prop": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz", + "integrity": "sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/define-properties": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.2.1.tgz", + "integrity": "sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==", + "license": "MIT", + "dependencies": { + "define-data-property": "^1.0.1", + "has-property-descriptors": "^1.0.0", + "object-keys": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/dequal": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz", + "integrity": "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/destroy": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==", + "license": "MIT", + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/detect-node": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/detect-node/-/detect-node-2.1.0.tgz", + "integrity": "sha512-T0NIuQpnTvFDATNuHN5roPwSBG83rFsuO+MXXH9/3N1eFbn4wcPjttvjMLEPWJ0RGUYgQE7cGgS3tNxbqCGM7g==", + "license": "MIT" + }, + "node_modules/detect-port": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/detect-port/-/detect-port-1.6.1.tgz", + "integrity": "sha512-CmnVc+Hek2egPx1PeTFVta2W78xy2K/9Rkf6cC4T59S50tVnzKj+tnx5mmx5lwvCkujZ4uRrpRSuV+IVs3f90Q==", + "license": "MIT", + "dependencies": { + "address": "^1.0.1", + "debug": "4" + }, + "bin": { + "detect": "bin/detect-port.js", + "detect-port": "bin/detect-port.js" + }, + "engines": { + "node": ">= 4.0.0" + } + }, + "node_modules/devlop": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/devlop/-/devlop-1.1.0.tgz", + "integrity": "sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA==", + "license": "MIT", + "dependencies": { + "dequal": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/dir-glob": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==", + "license": "MIT", + "dependencies": { + "path-type": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/dns-packet": { + "version": "5.6.1", + "resolved": "https://registry.npmjs.org/dns-packet/-/dns-packet-5.6.1.tgz", + "integrity": "sha512-l4gcSouhcgIKRvyy99RNVOgxXiicE+2jZoNmaNmZ6JXiGajBOJAesk1OBlJuM5k2c+eudGdLxDqXuPCKIj6kpw==", + "license": "MIT", + "dependencies": { + "@leichtgewicht/ip-codec": "^2.0.1" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/docusaurus-plugin-llms": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/docusaurus-plugin-llms/-/docusaurus-plugin-llms-0.4.0.tgz", + "integrity": "sha512-jYlj2HJ5+gu7oJZuJ83Hk8KlB65YlZZ/7UpHXiL7Qr+qpNBkVocmt2Molc6F3HNr5RqcfhWD/98CvgyNztg/ow==", + "license": "MIT", + "dependencies": { + "gray-matter": "^4.0.3", + "minimatch": "^9.0.3", + "yaml": "^2.8.1" + }, + "engines": { + "node": ">=18.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/rachfop" + }, + "peerDependencies": { + "@docusaurus/core": "^3.0.0" + } + }, + "node_modules/dom-converter": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/dom-converter/-/dom-converter-0.2.0.tgz", + "integrity": "sha512-gd3ypIPfOMr9h5jIKq8E3sHOTCjeirnl0WK5ZdS1AW0Odt0b1PaWaHdJ4Qk4klv+YB9aJBS7mESXjFoDQPu6DA==", + "license": "MIT", + "dependencies": { + "utila": "~0.4" + } + }, + "node_modules/dom-serializer": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", + "integrity": "sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==", + "license": "MIT", + "dependencies": { + "domelementtype": "^2.3.0", + "domhandler": "^5.0.2", + "entities": "^4.2.0" + }, + "funding": { + "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1" + } + }, + "node_modules/domelementtype": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fb55" + } + ], + "license": "BSD-2-Clause" + }, + "node_modules/domhandler": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", + "integrity": "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==", + "license": "BSD-2-Clause", + "dependencies": { + "domelementtype": "^2.3.0" + }, + "engines": { + "node": ">= 4" + }, + "funding": { + "url": "https://github.com/fb55/domhandler?sponsor=1" + } + }, + "node_modules/domutils": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz", + "integrity": "sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==", + "license": "BSD-2-Clause", + "dependencies": { + "dom-serializer": "^2.0.0", + "domelementtype": "^2.3.0", + "domhandler": "^5.0.3" + }, + "funding": { + "url": "https://github.com/fb55/domutils?sponsor=1" + } + }, + "node_modules/dot-case": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", + "integrity": "sha512-Kv5nKlh6yRrdrGvxeJ2e5y2eRUpkUosIW4A2AS38zwSz27zu7ufDwQPi5Jhs3XAlGNetl3bmnGhQsMtkKJnj3w==", + "license": "MIT", + "dependencies": { + "no-case": "^3.0.4", + "tslib": "^2.0.3" + } + }, + "node_modules/dot-prop": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/dot-prop/-/dot-prop-6.0.1.tgz", + "integrity": "sha512-tE7ztYzXHIeyvc7N+hR3oi7FIbf/NIjVP9hmAt3yMXzrQ072/fpjGLx2GxNxGxUl5V73MEqYzioOMoVhGMJ5cA==", + "license": "MIT", + "dependencies": { + "is-obj": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/dot-prop/node_modules/is-obj": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-2.0.0.tgz", + "integrity": "sha512-drqDG3cbczxxEJRoOXcOjtdp1J/lyp1mNn0xaznRs8+muBhgQcrnbspox5X5fOw0HnMnbfDzvnEMEtqDEJEo8w==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/dunder-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", + "gopd": "^1.2.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/duplexer": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz", + "integrity": "sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg==", + "license": "MIT" + }, + "node_modules/eastasianwidth": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==", + "license": "MIT" + }, + "node_modules/ee-first": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", + "license": "MIT" + }, + "node_modules/electron-to-chromium": { + "version": "1.5.237", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.237.tgz", + "integrity": "sha512-icUt1NvfhGLar5lSWH3tHNzablaA5js3HVHacQimfP8ViEBOQv+L7DKEuHdbTZ0SKCO1ogTJTIL1Gwk9S6Qvcg==", + "license": "ISC" + }, + "node_modules/emoji-regex": { + "version": "9.2.2", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==", + "license": "MIT" + }, + "node_modules/emojilib": { + "version": "2.4.0", + "resolved": "https://registry.npmjs.org/emojilib/-/emojilib-2.4.0.tgz", + "integrity": "sha512-5U0rVMU5Y2n2+ykNLQqMoqklN9ICBT/KsvC1Gz6vqHbz2AXXGkG+Pm5rMWk/8Vjrr/mY9985Hi8DYzn1F09Nyw==", + "license": "MIT" + }, + "node_modules/emojis-list": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/emojis-list/-/emojis-list-3.0.0.tgz", + "integrity": "sha512-/kyM18EfinwXZbno9FyUGeFh87KC8HRQBQGildHZbEuRyWFOmv1U10o9BBp8XVZDVNNuQKyIGIu5ZYAAXJ0V2Q==", + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/emoticon": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/emoticon/-/emoticon-4.1.0.tgz", + "integrity": "sha512-VWZfnxqwNcc51hIy/sbOdEem6D+cVtpPzEEtVAFdaas30+1dgkyaOQ4sQ6Bp0tOMqWO1v+HQfYaoodOkdhK6SQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/enhanced-resolve": { + "version": "5.18.3", + "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.18.3.tgz", + "integrity": "sha512-d4lC8xfavMeBjzGr2vECC3fsGXziXZQyJxD868h2M/mBI3PwAuODxAkLkq5HYuvrPYcUtiLzsTo8U3PgX3Ocww==", + "license": "MIT", + "dependencies": { + "graceful-fs": "^4.2.4", + "tapable": "^2.2.0" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/entities": { + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=0.12" + }, + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" + } + }, + "node_modules/error-ex": { + "version": "1.3.4", + "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.4.tgz", + "integrity": "sha512-sqQamAnR14VgCr1A618A3sGrygcpK+HEbenA/HiEAkkUwcZIIB/tgWqHFxWgOyDh4nB4JCRimh79dR5Ywc9MDQ==", + "license": "MIT", + "dependencies": { + "is-arrayish": "^0.2.1" + } + }, + "node_modules/es-define-property": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-module-lexer": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.7.0.tgz", + "integrity": "sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA==", + "license": "MIT" + }, + "node_modules/es-object-atoms": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz", + "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/esast-util-from-estree": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/esast-util-from-estree/-/esast-util-from-estree-2.0.0.tgz", + "integrity": "sha512-4CyanoAudUSBAn5K13H4JhsMH6L9ZP7XbLVe/dKybkxMO7eDyLsT8UHl9TRNrU2Gr9nz+FovfSIjuXWJ81uVwQ==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "devlop": "^1.0.0", + "estree-util-visit": "^2.0.0", + "unist-util-position-from-estree": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/esast-util-from-js": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/esast-util-from-js/-/esast-util-from-js-2.0.1.tgz", + "integrity": "sha512-8Ja+rNJ0Lt56Pcf3TAmpBZjmx8ZcK5Ts4cAzIOjsjevg9oSXJnl6SUQ2EevU8tv3h6ZLWmoKL5H4fgWvdvfETw==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "acorn": "^8.0.0", + "esast-util-from-estree": "^2.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/escalade": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz", + "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/escape-goat": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-goat/-/escape-goat-4.0.0.tgz", + "integrity": "sha512-2Sd4ShcWxbx6OY1IHyla/CVNwvg7XwZVoXZHcSu9w9SReNP1EzzD5T8NWKIR38fIqEns9kDWKUQTXXAmlDrdPg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", + "license": "MIT" + }, + "node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/eslint-scope": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==", + "license": "BSD-2-Clause", + "dependencies": { + "esrecurse": "^4.3.0", + "estraverse": "^4.1.1" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "license": "BSD-2-Clause", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/esrecurse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", + "license": "BSD-2-Clause", + "dependencies": { + "estraverse": "^5.2.0" + }, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/esrecurse/node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estraverse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estree-util-attach-comments": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/estree-util-attach-comments/-/estree-util-attach-comments-3.0.0.tgz", + "integrity": "sha512-cKUwm/HUcTDsYh/9FgnuFqpfquUbwIqwKM26BVCGDPVgvaCl/nDCCjUfiLlx6lsEZ3Z4RFxNbOQ60pkaEwFxGw==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/estree-util-build-jsx": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/estree-util-build-jsx/-/estree-util-build-jsx-3.0.1.tgz", + "integrity": "sha512-8U5eiL6BTrPxp/CHbs2yMgP8ftMhR5ww1eIKoWRMlqvltHF8fZn5LRDvTKuxD3DUn+shRbLGqXemcP51oFCsGQ==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "devlop": "^1.0.0", + "estree-util-is-identifier-name": "^3.0.0", + "estree-walker": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/estree-util-is-identifier-name": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/estree-util-is-identifier-name/-/estree-util-is-identifier-name-3.0.0.tgz", + "integrity": "sha512-hFtqIDZTIUZ9BXLb8y4pYGyk6+wekIivNVTcmvk8NoOh+VeRn5y6cEHzbURrWbfp1fIqdVipilzj+lfaadNZmg==", + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/estree-util-scope": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/estree-util-scope/-/estree-util-scope-1.0.0.tgz", + "integrity": "sha512-2CAASclonf+JFWBNJPndcOpA8EMJwa0Q8LUFJEKqXLW6+qBvbFZuF5gItbQOs/umBUkjviCSDCbBwU2cXbmrhQ==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "devlop": "^1.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/estree-util-to-js": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/estree-util-to-js/-/estree-util-to-js-2.0.0.tgz", + "integrity": "sha512-WDF+xj5rRWmD5tj6bIqRi6CkLIXbbNQUcxQHzGysQzvHmdYG2G7p/Tf0J0gpxGgkeMZNTIjT/AoSvC9Xehcgdg==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "astring": "^1.8.0", + "source-map": "^0.7.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/estree-util-value-to-estree": { + "version": "3.4.0", + "resolved": "https://registry.npmjs.org/estree-util-value-to-estree/-/estree-util-value-to-estree-3.4.0.tgz", + "integrity": "sha512-Zlp+gxis+gCfK12d3Srl2PdX2ybsEA8ZYy6vQGVQTNNYLEGRQQ56XB64bjemN8kxIKXP1nC9ip4Z+ILy9LGzvQ==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/remcohaszing" + } + }, + "node_modules/estree-util-visit": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/estree-util-visit/-/estree-util-visit-2.0.0.tgz", + "integrity": "sha512-m5KgiH85xAhhW8Wta0vShLcUvOsh3LLPI2YVwcbio1l7E09NTLL1EyMZFM1OyWowoH0skScNbhOPl4kcBgzTww==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "@types/unist": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/estree-walker": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz", + "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0" + } + }, + "node_modules/esutils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/eta": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/eta/-/eta-2.2.0.tgz", + "integrity": "sha512-UVQ72Rqjy/ZKQalzV5dCCJP80GrmPrMxh6NlNf+erV6ObL0ZFkhCstWRawS85z3smdr3d2wXPsZEY7rDPfGd2g==", + "license": "MIT", + "engines": { + "node": ">=6.0.0" + }, + "funding": { + "url": "https://github.com/eta-dev/eta?sponsor=1" + } + }, + "node_modules/etag": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/eval": { + "version": "0.1.8", + "resolved": "https://registry.npmjs.org/eval/-/eval-0.1.8.tgz", + "integrity": "sha512-EzV94NYKoO09GLXGjXj9JIlXijVck4ONSr5wiCWDvhsvj5jxSrzTmRU/9C1DyB6uToszLs8aifA6NQ7lEQdvFw==", + "dependencies": { + "@types/node": "*", + "require-like": ">= 0.1.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/eventemitter3": { + "version": "4.0.7", + "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz", + "integrity": "sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==", + "license": "MIT" + }, + "node_modules/events": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/events/-/events-3.3.0.tgz", + "integrity": "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==", + "license": "MIT", + "engines": { + "node": ">=0.8.x" + } + }, + "node_modules/eventsource-parser": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/eventsource-parser/-/eventsource-parser-3.0.6.tgz", + "integrity": "sha512-Vo1ab+QXPzZ4tCa8SwIHJFaSzy4R6SHf7BY79rFBDf0idraZWAkYrDjDj8uWaSm3S2TK+hJ7/t1CEmZ7jXw+pg==", + "license": "MIT", + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/execa": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "integrity": "sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==", + "license": "MIT", + "dependencies": { + "cross-spawn": "^7.0.3", + "get-stream": "^6.0.0", + "human-signals": "^2.1.0", + "is-stream": "^2.0.0", + "merge-stream": "^2.0.0", + "npm-run-path": "^4.0.1", + "onetime": "^5.1.2", + "signal-exit": "^3.0.3", + "strip-final-newline": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sindresorhus/execa?sponsor=1" + } + }, + "node_modules/express": { + "version": "4.21.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", + "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", + "license": "MIT", + "dependencies": { + "accepts": "~1.3.8", + "array-flatten": "1.1.1", + "body-parser": "1.20.3", + "content-disposition": "0.5.4", + "content-type": "~1.0.4", + "cookie": "0.7.1", + "cookie-signature": "1.0.6", + "debug": "2.6.9", + "depd": "2.0.0", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "finalhandler": "1.3.1", + "fresh": "0.5.2", + "http-errors": "2.0.0", + "merge-descriptors": "1.0.3", + "methods": "~1.1.2", + "on-finished": "2.4.1", + "parseurl": "~1.3.3", + "path-to-regexp": "0.1.12", + "proxy-addr": "~2.0.7", + "qs": "6.13.0", + "range-parser": "~1.2.1", + "safe-buffer": "5.2.1", + "send": "0.19.0", + "serve-static": "1.16.2", + "setprototypeof": "1.2.0", + "statuses": "2.0.1", + "type-is": "~1.6.18", + "utils-merge": "1.0.1", + "vary": "~1.1.2" + }, + "engines": { + "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/express/node_modules/content-disposition": { + "version": "0.5.4", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", + "license": "MIT", + "dependencies": { + "safe-buffer": "5.2.1" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/express/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/express/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/express/node_modules/path-to-regexp": { + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", + "license": "MIT" + }, + "node_modules/express/node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/extend": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz", + "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==", + "license": "MIT" + }, + "node_modules/extend-shallow": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==", + "license": "MIT", + "dependencies": { + "is-extendable": "^0.1.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", + "license": "MIT" + }, + "node_modules/fast-glob": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.3.tgz", + "integrity": "sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==", + "license": "MIT", + "dependencies": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.2", + "merge2": "^1.3.0", + "micromatch": "^4.0.8" + }, + "engines": { + "node": ">=8.6.0" + } + }, + "node_modules/fast-json-stable-stringify": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==", + "license": "MIT" + }, + "node_modules/fast-uri": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", + "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fastify" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/fastify" + } + ], + "license": "BSD-3-Clause" + }, + "node_modules/fastq": { + "version": "1.19.1", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.19.1.tgz", + "integrity": "sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ==", + "license": "ISC", + "dependencies": { + "reusify": "^1.0.4" + } + }, + "node_modules/fault": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/fault/-/fault-2.0.1.tgz", + "integrity": "sha512-WtySTkS4OKev5JtpHXnib4Gxiurzh5NCGvWrFaZ34m6JehfTUhKZvn9njTfw48t6JumVQOmrKqpmGcdwxnhqBQ==", + "license": "MIT", + "dependencies": { + "format": "^0.2.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/faye-websocket": { + "version": "0.11.4", + "resolved": "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.4.tgz", + "integrity": "sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g==", + "license": "Apache-2.0", + "dependencies": { + "websocket-driver": ">=0.5.1" + }, + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/feed": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/feed/-/feed-4.2.2.tgz", + "integrity": "sha512-u5/sxGfiMfZNtJ3OvQpXcvotFpYkL0n9u9mM2vkui2nGo8b4wvDkJ8gAkYqbA8QpGyFCv3RK0Z+Iv+9veCS9bQ==", + "license": "MIT", + "dependencies": { + "xml-js": "^1.6.11" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/figures": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", + "integrity": "sha512-yaduQFRKLXYOGgEn6AZau90j3ggSOyiqXU0F9JZfeXYhNa+Jk4X+s45A2zg5jns87GAFa34BBm2kXw4XpNcbdg==", + "license": "MIT", + "dependencies": { + "escape-string-regexp": "^1.0.5" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/figures/node_modules/escape-string-regexp": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==", + "license": "MIT", + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/file-loader": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/file-loader/-/file-loader-6.2.0.tgz", + "integrity": "sha512-qo3glqyTa61Ytg4u73GultjHGjdRyig3tG6lPtyX/jOEJvHif9uB0/OCI2Kif6ctF3caQTW2G5gym21oAsI4pw==", + "license": "MIT", + "dependencies": { + "loader-utils": "^2.0.0", + "schema-utils": "^3.0.0" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^4.0.0 || ^5.0.0" + } + }, + "node_modules/file-loader/node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/file-loader/node_modules/ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "license": "MIT", + "peerDependencies": { + "ajv": "^6.9.1" + } + }, + "node_modules/file-loader/node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "license": "MIT" + }, + "node_modules/file-loader/node_modules/schema-utils": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz", + "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.8", + "ajv": "^6.12.5", + "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "license": "MIT", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/finalhandler": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz", + "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==", + "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "on-finished": "2.4.1", + "parseurl": "~1.3.3", + "statuses": "2.0.1", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/finalhandler/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/finalhandler/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/find-cache-dir": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-4.0.0.tgz", + "integrity": "sha512-9ZonPT4ZAK4a+1pUPVPZJapbi7O5qbbJPdYw/NOQWZZbVLdDTYM3A4R9z/DpAM08IDaFGsvPgiGZ82WEwUDWjg==", + "license": "MIT", + "dependencies": { + "common-path-prefix": "^3.0.0", + "pkg-dir": "^7.0.0" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/find-up": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-6.3.0.tgz", + "integrity": "sha512-v2ZsoEuVHYy8ZIlYqwPe/39Cy+cFDzp4dXPaxNvkEuouymu+2Jbz0PxpKarJHYJTmv2HWT3O382qY8l4jMWthw==", + "license": "MIT", + "dependencies": { + "locate-path": "^7.1.0", + "path-exists": "^5.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/flat": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==", + "license": "BSD-3-Clause", + "bin": { + "flat": "cli.js" + } + }, + "node_modules/follow-redirects": { + "version": "1.15.11", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz", + "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], + "license": "MIT", + "engines": { + "node": ">=4.0" + }, + "peerDependenciesMeta": { + "debug": { + "optional": true + } + } + }, + "node_modules/form-data-encoder": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-4.1.0.tgz", + "integrity": "sha512-G6NsmEW15s0Uw9XnCg+33H3ViYRyiM0hMrMhhqQOR8NFc5GhYrI+6I3u7OTw7b91J2g8rtvMBZJDbcGb2YUniw==", + "license": "MIT", + "engines": { + "node": ">= 18" + } + }, + "node_modules/format": { + "version": "0.2.2", + "resolved": "https://registry.npmjs.org/format/-/format-0.2.2.tgz", + "integrity": "sha512-wzsgA6WOq+09wrU1tsJ09udeR/YZRaeArL9e1wPbFg3GG2yDnC2ldKpxs4xunpFF9DgqCqOIra3bc1HWrJ37Ww==", + "engines": { + "node": ">=0.4.x" + } + }, + "node_modules/forwarded": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fraction.js": { + "version": "4.3.7", + "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.7.tgz", + "integrity": "sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==", + "license": "MIT", + "engines": { + "node": "*" + }, + "funding": { + "type": "patreon", + "url": "https://github.com/sponsors/rawify" + } + }, + "node_modules/fresh": { + "version": "0.5.2", + "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fs-extra": { + "version": "11.3.2", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.2.tgz", + "integrity": "sha512-Xr9F6z6up6Ws+NjzMCZc6WXg2YFRlrLP9NQDO3VQrWrfiojdhS56TzueT88ze0uBdCTwEIhQ3ptnmKeWGFAe0A==", + "license": "MIT", + "dependencies": { + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + }, + "engines": { + "node": ">=14.14" + } + }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/gensync": { + "version": "1.0.0-beta.2", + "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/get-intrinsic": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.1.1", + "function-bind": "^1.1.2", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-symbols": "^1.1.0", + "hasown": "^2.0.2", + "math-intrinsics": "^1.1.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-own-enumerable-property-symbols": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/get-own-enumerable-property-symbols/-/get-own-enumerable-property-symbols-3.0.2.tgz", + "integrity": "sha512-I0UBV/XOz1XkIJHEUDMZAbzCThU/H8DxmSfmdGcKPnVhu2VfFqr34jr9777IyaTYvxjedWhqVIilEDsCdP5G6g==", + "license": "ISC" + }, + "node_modules/get-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", + "license": "MIT", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/get-stream": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/github-slugger": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/github-slugger/-/github-slugger-1.5.0.tgz", + "integrity": "sha512-wIh+gKBI9Nshz2o46B0B3f5k/W+WI9ZAv6y5Dn5WJ5SK1t0TnDimB4WE5rmTD05ZAIn8HALCZVmCsvj0w0v0lw==", + "license": "ISC" + }, + "node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "license": "ISC", + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/glob-to-regex.js": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/glob-to-regex.js/-/glob-to-regex.js-1.2.0.tgz", + "integrity": "sha512-QMwlOQKU/IzqMUOAZWubUOT8Qft+Y0KQWnX9nK3ch0CJg0tTp4TvGZsTfudYKv2NzoQSyPcnA6TYeIQ3jGichQ==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/glob-to-regexp": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz", + "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==", + "license": "BSD-2-Clause" + }, + "node_modules/global-dirs": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/global-dirs/-/global-dirs-3.0.1.tgz", + "integrity": "sha512-NBcGGFbBA9s1VzD41QXDG+3++t9Mn5t1FpLdhESY6oKY4gYTFpX4wO3sqGUa0Srjtbfj3szX0RnemmrVRUdULA==", + "license": "MIT", + "dependencies": { + "ini": "2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/globby": { + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "integrity": "sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==", + "license": "MIT", + "dependencies": { + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.2.9", + "ignore": "^5.2.0", + "merge2": "^1.4.1", + "slash": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/gopd": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/got": { + "version": "14.6.0", + "resolved": "https://registry.npmjs.org/got/-/got-14.6.0.tgz", + "integrity": "sha512-K30JHMsHcwhy+JYet3IxRFw+L9rb77y5LE3OkoAD4qzMR9/g30bWYBfkHYVJL2BBPgfU4lJsRwhy4HUkLPQc3g==", + "license": "MIT", + "dependencies": { + "@sindresorhus/is": "^7.0.1", + "@szmarczak/http-timer": "^5.0.1", + "cacheable-lookup": "^7.0.0", + "cacheable-request": "^13.0.12", + "decompress-response": "^10.0.0", + "form-data-encoder": "^4.0.2", + "http2-wrapper": "^2.2.1", + "keyv": "^5.5.3", + "lowercase-keys": "^3.0.0", + "p-cancelable": "^4.0.1", + "responselike": "^4.0.2", + "type-fest": "^4.26.1" + }, + "engines": { + "node": ">=20" + }, + "funding": { + "url": "https://github.com/sindresorhus/got?sponsor=1" + } + }, + "node_modules/got/node_modules/@sindresorhus/is": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-7.1.0.tgz", + "integrity": "sha512-7F/yz2IphV39hiS2zB4QYVkivrptHHh0K8qJJd9HhuWSdvf8AN7NpebW3CcDZDBQsUPMoDKWsY2WWgW7bqOcfA==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sindresorhus/is?sponsor=1" + } + }, + "node_modules/got/node_modules/type-fest": { + "version": "4.41.0", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.41.0.tgz", + "integrity": "sha512-TeTSQ6H5YHvpqVwBRcnLDCBnDOHWYu7IvGbHT6N8AOymcr9PJGjc1GTtiWZTYg0NCgYwvnYWEkVChQAr9bjfwA==", + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/graceful-fs": { + "version": "4.2.11", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", + "license": "ISC" + }, + "node_modules/gray-matter": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/gray-matter/-/gray-matter-4.0.3.tgz", + "integrity": "sha512-5v6yZd4JK3eMI3FqqCouswVqwugaA9r4dNZB1wwcmrD02QkV5H0y7XBQW8QwQqEaZY1pM9aqORSORhJRdNK44Q==", + "license": "MIT", + "dependencies": { + "js-yaml": "^3.13.1", + "kind-of": "^6.0.2", + "section-matter": "^1.0.0", + "strip-bom-string": "^1.0.0" + }, + "engines": { + "node": ">=6.0" + } + }, + "node_modules/gray-matter/node_modules/argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "license": "MIT", + "dependencies": { + "sprintf-js": "~1.0.2" + } + }, + "node_modules/gray-matter/node_modules/js-yaml": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "license": "MIT", + "dependencies": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/gzip-size": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/gzip-size/-/gzip-size-6.0.0.tgz", + "integrity": "sha512-ax7ZYomf6jqPTQ4+XCpUGyXKHk5WweS+e05MBO4/y3WJ5RkmPXNKvX+bx1behVILVwr6JSQvZAku021CHPXG3Q==", + "license": "MIT", + "dependencies": { + "duplexer": "^0.1.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/handle-thing": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/handle-thing/-/handle-thing-2.0.1.tgz", + "integrity": "sha512-9Qn4yBxelxoh2Ow62nP+Ka/kMnOXRi8BXnRaUwezLNhqelnN49xKz4F/dPP8OYLxLxq6JDtZb2i9XznUQbNPTg==", + "license": "MIT" + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/has-property-descriptors": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==", + "license": "MIT", + "dependencies": { + "es-define-property": "^1.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-symbols": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-yarn": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/has-yarn/-/has-yarn-3.0.0.tgz", + "integrity": "sha512-IrsVwUHhEULx3R8f/aA8AHuEzAorplsab/v8HBzEiIukwq5i/EC+xmOW+HfP1OaDP+2JkgT1yILHN2O3UFIbcA==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/hasown": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==", + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/hast-util-from-parse5": { + "version": "8.0.3", + "resolved": "https://registry.npmjs.org/hast-util-from-parse5/-/hast-util-from-parse5-8.0.3.tgz", + "integrity": "sha512-3kxEVkEKt0zvcZ3hCRYI8rqrgwtlIOFMWkbclACvjlDw8Li9S2hk/d51OI0nr/gIpdMHNepwgOKqZ/sy0Clpyg==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "@types/unist": "^3.0.0", + "devlop": "^1.0.0", + "hastscript": "^9.0.0", + "property-information": "^7.0.0", + "vfile": "^6.0.0", + "vfile-location": "^5.0.0", + "web-namespaces": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hast-util-parse-selector": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/hast-util-parse-selector/-/hast-util-parse-selector-4.0.0.tgz", + "integrity": "sha512-wkQCkSYoOGCRKERFWcxMVMOcYE2K1AaNLU8DXS9arxnLOUEWbOXKXiJUNzEpqZ3JOKpnha3jkFrumEjVliDe7A==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hast-util-raw": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/hast-util-raw/-/hast-util-raw-9.1.0.tgz", + "integrity": "sha512-Y8/SBAHkZGoNkpzqqfCldijcuUKh7/su31kEBp67cFY09Wy0mTRgtsLYsiIxMJxlu0f6AA5SUTbDR8K0rxnbUw==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "@types/unist": "^3.0.0", + "@ungap/structured-clone": "^1.0.0", + "hast-util-from-parse5": "^8.0.0", + "hast-util-to-parse5": "^8.0.0", + "html-void-elements": "^3.0.0", + "mdast-util-to-hast": "^13.0.0", + "parse5": "^7.0.0", + "unist-util-position": "^5.0.0", + "unist-util-visit": "^5.0.0", + "vfile": "^6.0.0", + "web-namespaces": "^2.0.0", + "zwitch": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hast-util-to-estree": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/hast-util-to-estree/-/hast-util-to-estree-3.1.3.tgz", + "integrity": "sha512-48+B/rJWAp0jamNbAAf9M7Uf//UVqAoMmgXhBdxTDJLGKY+LRnZ99qcG+Qjl5HfMpYNzS5v4EAwVEF34LeAj7w==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "@types/estree-jsx": "^1.0.0", + "@types/hast": "^3.0.0", + "comma-separated-tokens": "^2.0.0", + "devlop": "^1.0.0", + "estree-util-attach-comments": "^3.0.0", + "estree-util-is-identifier-name": "^3.0.0", + "hast-util-whitespace": "^3.0.0", + "mdast-util-mdx-expression": "^2.0.0", + "mdast-util-mdx-jsx": "^3.0.0", + "mdast-util-mdxjs-esm": "^2.0.0", + "property-information": "^7.0.0", + "space-separated-tokens": "^2.0.0", + "style-to-js": "^1.0.0", + "unist-util-position": "^5.0.0", + "zwitch": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hast-util-to-jsx-runtime": { + "version": "2.3.6", + "resolved": "https://registry.npmjs.org/hast-util-to-jsx-runtime/-/hast-util-to-jsx-runtime-2.3.6.tgz", + "integrity": "sha512-zl6s8LwNyo1P9uw+XJGvZtdFF1GdAkOg8ujOw+4Pyb76874fLps4ueHXDhXWdk6YHQ6OgUtinliG7RsYvCbbBg==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "@types/hast": "^3.0.0", + "@types/unist": "^3.0.0", + "comma-separated-tokens": "^2.0.0", + "devlop": "^1.0.0", + "estree-util-is-identifier-name": "^3.0.0", + "hast-util-whitespace": "^3.0.0", + "mdast-util-mdx-expression": "^2.0.0", + "mdast-util-mdx-jsx": "^3.0.0", + "mdast-util-mdxjs-esm": "^2.0.0", + "property-information": "^7.0.0", + "space-separated-tokens": "^2.0.0", + "style-to-js": "^1.0.0", + "unist-util-position": "^5.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hast-util-to-parse5": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/hast-util-to-parse5/-/hast-util-to-parse5-8.0.0.tgz", + "integrity": "sha512-3KKrV5ZVI8if87DVSi1vDeByYrkGzg4mEfeu4alwgmmIeARiBLKCZS2uw5Gb6nU9x9Yufyj3iudm6i7nl52PFw==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "comma-separated-tokens": "^2.0.0", + "devlop": "^1.0.0", + "property-information": "^6.0.0", + "space-separated-tokens": "^2.0.0", + "web-namespaces": "^2.0.0", + "zwitch": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hast-util-to-parse5/node_modules/property-information": { + "version": "6.5.0", + "resolved": "https://registry.npmjs.org/property-information/-/property-information-6.5.0.tgz", + "integrity": "sha512-PgTgs/BlvHxOu8QuEN7wi5A0OmXaBcHpmCSTehcs6Uuu9IkDIEo13Hy7n898RHfrQ49vKCoGeWZSaAK01nwVig==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/hast-util-whitespace": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/hast-util-whitespace/-/hast-util-whitespace-3.0.0.tgz", + "integrity": "sha512-88JUN06ipLwsnv+dVn+OIYOvAuvBMy/Qoi6O7mQHxdPXpjy+Cd6xRkWwux7DKO+4sYILtLBRIKgsdpS2gQc7qw==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hastscript": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/hastscript/-/hastscript-9.0.1.tgz", + "integrity": "sha512-g7df9rMFX/SPi34tyGCyUBREQoKkapwdY/T04Qn9TDWfHhAYt4/I0gMVirzK5wEzeUqIjEB+LXC/ypb7Aqno5w==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "comma-separated-tokens": "^2.0.0", + "hast-util-parse-selector": "^4.0.0", + "property-information": "^7.0.0", + "space-separated-tokens": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/he": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", + "license": "MIT", + "bin": { + "he": "bin/he" + } + }, + "node_modules/history": { + "version": "4.10.1", + "resolved": "https://registry.npmjs.org/history/-/history-4.10.1.tgz", + "integrity": "sha512-36nwAD620w12kuzPAsyINPWJqlNbij+hpK1k9XRloDtym8mxzGYl2c17LnV6IAGB2Dmg4tEa7G7DlawS0+qjew==", + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.1.2", + "loose-envify": "^1.2.0", + "resolve-pathname": "^3.0.0", + "tiny-invariant": "^1.0.2", + "tiny-warning": "^1.0.0", + "value-equal": "^1.0.1" + } + }, + "node_modules/hoist-non-react-statics": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/hoist-non-react-statics/-/hoist-non-react-statics-3.3.2.tgz", + "integrity": "sha512-/gGivxi8JPKWNm/W0jSmzcMPpfpPLc3dY/6GxhX2hQ9iGj3aDfklV4ET7NjKpSinLpJ5vafa9iiGIEZg10SfBw==", + "license": "BSD-3-Clause", + "dependencies": { + "react-is": "^16.7.0" + } + }, + "node_modules/hpack.js": { + "version": "2.1.6", + "resolved": "https://registry.npmjs.org/hpack.js/-/hpack.js-2.1.6.tgz", + "integrity": "sha512-zJxVehUdMGIKsRaNt7apO2Gqp0BdqW5yaiGHXXmbpvxgBYVZnAql+BJb4RO5ad2MgpbZKn5G6nMnegrH1FcNYQ==", + "license": "MIT", + "dependencies": { + "inherits": "^2.0.1", + "obuf": "^1.0.0", + "readable-stream": "^2.0.1", + "wbuf": "^1.1.0" + } + }, + "node_modules/hpack.js/node_modules/isarray": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", + "license": "MIT" + }, + "node_modules/hpack.js/node_modules/readable-stream": { + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", + "license": "MIT", + "dependencies": { + "core-util-is": "~1.0.0", + "inherits": "~2.0.3", + "isarray": "~1.0.0", + "process-nextick-args": "~2.0.0", + "safe-buffer": "~5.1.1", + "string_decoder": "~1.1.1", + "util-deprecate": "~1.0.1" + } + }, + "node_modules/hpack.js/node_modules/safe-buffer": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", + "license": "MIT" + }, + "node_modules/hpack.js/node_modules/string_decoder": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", + "license": "MIT", + "dependencies": { + "safe-buffer": "~5.1.0" + } + }, + "node_modules/html-escaper": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==", + "license": "MIT" + }, + "node_modules/html-minifier-terser": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/html-minifier-terser/-/html-minifier-terser-7.2.0.tgz", + "integrity": "sha512-tXgn3QfqPIpGl9o+K5tpcj3/MN4SfLtsx2GWwBC3SSd0tXQGyF3gsSqad8loJgKZGM3ZxbYDd5yhiBIdWpmvLA==", + "license": "MIT", + "dependencies": { + "camel-case": "^4.1.2", + "clean-css": "~5.3.2", + "commander": "^10.0.0", + "entities": "^4.4.0", + "param-case": "^3.0.4", + "relateurl": "^0.2.7", + "terser": "^5.15.1" + }, + "bin": { + "html-minifier-terser": "cli.js" + }, + "engines": { + "node": "^14.13.1 || >=16.0.0" + } + }, + "node_modules/html-minifier-terser/node_modules/commander": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", + "license": "MIT", + "engines": { + "node": ">=14" + } + }, + "node_modules/html-tags": { + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/html-tags/-/html-tags-3.3.1.tgz", + "integrity": "sha512-ztqyC3kLto0e9WbNp0aeP+M3kTt+nbaIveGmUxAtZa+8iFgKLUOD4YKM5j+f3QD89bra7UeumolZHKuOXnTmeQ==", + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/html-void-elements": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/html-void-elements/-/html-void-elements-3.0.0.tgz", + "integrity": "sha512-bEqo66MRXsUGxWHV5IP0PUiAWwoEjba4VCzg0LjFJBpchPaTfyfCKTG6bc5F8ucKec3q5y6qOdGyYTSBEvhCrg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/html-webpack-plugin": { + "version": "5.6.4", + "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.6.4.tgz", + "integrity": "sha512-V/PZeWsqhfpE27nKeX9EO2sbR+D17A+tLf6qU+ht66jdUsN0QLKJN27Z+1+gHrVMKgndBahes0PU6rRihDgHTw==", + "license": "MIT", + "dependencies": { + "@types/html-minifier-terser": "^6.0.0", + "html-minifier-terser": "^6.0.2", + "lodash": "^4.17.21", + "pretty-error": "^4.0.0", + "tapable": "^2.0.0" + }, + "engines": { + "node": ">=10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/html-webpack-plugin" + }, + "peerDependencies": { + "@rspack/core": "0.x || 1.x", + "webpack": "^5.20.0" + }, + "peerDependenciesMeta": { + "@rspack/core": { + "optional": true + }, + "webpack": { + "optional": true + } + } + }, + "node_modules/html-webpack-plugin/node_modules/commander": { + "version": "8.3.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz", + "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==", + "license": "MIT", + "engines": { + "node": ">= 12" + } + }, + "node_modules/html-webpack-plugin/node_modules/html-minifier-terser": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/html-minifier-terser/-/html-minifier-terser-6.1.0.tgz", + "integrity": "sha512-YXxSlJBZTP7RS3tWnQw74ooKa6L9b9i9QYXY21eUEvhZ3u9XLfv6OnFsQq6RxkhHygsaUMvYsZRV5rU/OVNZxw==", + "license": "MIT", + "dependencies": { + "camel-case": "^4.1.2", + "clean-css": "^5.2.2", + "commander": "^8.3.0", + "he": "^1.2.0", + "param-case": "^3.0.4", + "relateurl": "^0.2.7", + "terser": "^5.10.0" + }, + "bin": { + "html-minifier-terser": "cli.js" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/htmlparser2": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz", + "integrity": "sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==", + "funding": [ + "https://github.com/fb55/htmlparser2?sponsor=1", + { + "type": "github", + "url": "https://github.com/sponsors/fb55" + } + ], + "license": "MIT", + "dependencies": { + "domelementtype": "^2.3.0", + "domhandler": "^5.0.3", + "domutils": "^3.0.1", + "entities": "^4.4.0" + } + }, + "node_modules/http-cache-semantics": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.2.0.tgz", + "integrity": "sha512-dTxcvPXqPvXBQpq5dUr6mEMJX4oIEFv6bwom3FDwKRDsuIjjJGANqhBuoAn9c1RQJIdAKav33ED65E2ys+87QQ==", + "license": "BSD-2-Clause" + }, + "node_modules/http-deceiver": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/http-deceiver/-/http-deceiver-1.2.7.tgz", + "integrity": "sha512-LmpOGxTfbpgtGVxJrj5k7asXHCgNZp5nLfp+hWc8QQRqtb7fUy6kRY3BO1h9ddF6yIPYUARgxGOwB42DnxIaNw==", + "license": "MIT" + }, + "node_modules/http-errors": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", + "license": "MIT", + "dependencies": { + "depd": "2.0.0", + "inherits": "2.0.4", + "setprototypeof": "1.2.0", + "statuses": "2.0.1", + "toidentifier": "1.0.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/http-parser-js": { + "version": "0.5.10", + "resolved": "https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.10.tgz", + "integrity": "sha512-Pysuw9XpUq5dVc/2SMHpuTY01RFl8fttgcyunjL7eEMhGM3cI4eOmiCycJDVCo/7O7ClfQD3SaI6ftDzqOXYMA==", + "license": "MIT" + }, + "node_modules/http-proxy": { + "version": "1.18.1", + "resolved": "https://registry.npmjs.org/http-proxy/-/http-proxy-1.18.1.tgz", + "integrity": "sha512-7mz/721AbnJwIVbnaSv1Cz3Am0ZLT/UBwkC92VlxhXv/k/BBQfM2fXElQNC27BVGr0uwUpplYPQM9LnaBMR5NQ==", + "license": "MIT", + "dependencies": { + "eventemitter3": "^4.0.0", + "follow-redirects": "^1.0.0", + "requires-port": "^1.0.0" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/http-proxy-middleware": { + "version": "2.0.9", + "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.9.tgz", + "integrity": "sha512-c1IyJYLYppU574+YI7R4QyX2ystMtVXZwIdzazUIPIJsHuWNd+mho2j+bKoHftndicGj9yh+xjd+l0yj7VeT1Q==", + "license": "MIT", + "dependencies": { + "@types/http-proxy": "^1.17.8", + "http-proxy": "^1.18.1", + "is-glob": "^4.0.1", + "is-plain-obj": "^3.0.0", + "micromatch": "^4.0.2" + }, + "engines": { + "node": ">=12.0.0" + }, + "peerDependencies": { + "@types/express": "^4.17.13" + }, + "peerDependenciesMeta": { + "@types/express": { + "optional": true + } + } + }, + "node_modules/http-proxy-middleware/node_modules/is-plain-obj": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-3.0.0.tgz", + "integrity": "sha512-gwsOE28k+23GP1B6vFl1oVh/WOzmawBrKwo5Ev6wMKzPkaXaCDIQKzLnvsA42DRlbVTWorkgTKIviAKCWkfUwA==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/http2-wrapper": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", + "integrity": "sha512-V5nVw1PAOgfI3Lmeaj2Exmeg7fenjhRUgz1lPSezy1CuhPYbgQtbQj4jZfEAEMlaL+vupsvhjqCyjzob0yxsmQ==", + "license": "MIT", + "dependencies": { + "quick-lru": "^5.1.1", + "resolve-alpn": "^1.2.0" + }, + "engines": { + "node": ">=10.19.0" + } + }, + "node_modules/human-signals": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "integrity": "sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.17.0" + } + }, + "node_modules/hyperdyperid": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/hyperdyperid/-/hyperdyperid-1.2.0.tgz", + "integrity": "sha512-Y93lCzHYgGWdrJ66yIktxiaGULYc6oGiABxhcO5AufBeOyoIdZF7bIfLaOrbM0iGIOXQQgxxRrFEnb+Y6w1n4A==", + "license": "MIT", + "engines": { + "node": ">=10.18" + } + }, + "node_modules/iconv-lite": { + "version": "0.4.24", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "license": "MIT", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/icss-utils": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/icss-utils/-/icss-utils-5.1.0.tgz", + "integrity": "sha512-soFhflCVWLfRNOPU3iv5Z9VUdT44xFRbzjLsEzSr5AQmgqPMTHdU3PMT1Cf1ssx8fLNJDA1juftYl+PUcv3MqA==", + "license": "ISC", + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/ignore": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz", + "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==", + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/image-size": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/image-size/-/image-size-2.0.2.tgz", + "integrity": "sha512-IRqXKlaXwgSMAMtpNzZa1ZAe8m+Sa1770Dhk8VkSsP9LS+iHD62Zd8FQKs8fbPiagBE7BzoFX23cxFnwshpV6w==", + "license": "MIT", + "bin": { + "image-size": "bin/image-size.js" + }, + "engines": { + "node": ">=16.x" + } + }, + "node_modules/import-fresh": { + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.1.tgz", + "integrity": "sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ==", + "license": "MIT", + "dependencies": { + "parent-module": "^1.0.0", + "resolve-from": "^4.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/import-lazy": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/import-lazy/-/import-lazy-4.0.0.tgz", + "integrity": "sha512-rKtvo6a868b5Hu3heneU+L4yEQ4jYKLtjpnPeUdK7h0yzXGmyBTypknlkCvHFBqfX9YlorEiMM6Dnq/5atfHkw==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/imurmurhash": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==", + "license": "MIT", + "engines": { + "node": ">=0.8.19" + } + }, + "node_modules/indent-string": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/infima": { + "version": "0.2.0-alpha.45", + "resolved": "https://registry.npmjs.org/infima/-/infima-0.2.0-alpha.45.tgz", + "integrity": "sha512-uyH0zfr1erU1OohLk0fT4Rrb94AOhguWNOcD9uGrSpRvNB+6gZXUoJX5J0NtvzBO10YZ9PgvA4NFgt+fYg8ojw==", + "license": "MIT", + "engines": { + "node": ">=12" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/ini": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz", + "integrity": "sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA==", + "license": "ISC", + "engines": { + "node": ">=10" + } + }, + "node_modules/inline-style-parser": { + "version": "0.2.4", + "resolved": "https://registry.npmjs.org/inline-style-parser/-/inline-style-parser-0.2.4.tgz", + "integrity": "sha512-0aO8FkhNZlj/ZIbNi7Lxxr12obT7cL1moPfE4tg1LkX7LlLfC6DeX4l2ZEud1ukP9jNQyNnfzQVqwbwmAATY4Q==", + "license": "MIT" + }, + "node_modules/invariant": { + "version": "2.2.4", + "resolved": "https://registry.npmjs.org/invariant/-/invariant-2.2.4.tgz", + "integrity": "sha512-phJfQVBuaJM5raOpJjSfkiD6BpbCE4Ns//LaXl6wGYtUBY83nWS6Rf9tXm2e8VaK60JEjYldbPif/A2B1C2gNA==", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.0.0" + } + }, + "node_modules/ipaddr.js": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-2.2.0.tgz", + "integrity": "sha512-Ag3wB2o37wslZS19hZqorUnrnzSkpOVy+IiiDEiTqNubEYpYuHWIf6K4psgN2ZWKExS4xhVCrRVfb/wfW8fWJA==", + "license": "MIT", + "engines": { + "node": ">= 10" + } + }, + "node_modules/is-alphabetical": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-2.0.1.tgz", + "integrity": "sha512-FWyyY60MeTNyeSRpkM2Iry0G9hpr7/9kD40mD/cGQEuilcZYS4okz8SN2Q6rLCJ8gbCt6fN+rC+6tMGS99LaxQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/is-alphanumerical": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-alphanumerical/-/is-alphanumerical-2.0.1.tgz", + "integrity": "sha512-hmbYhX/9MUMF5uh7tOXyK/n0ZvWpad5caBA17GsC6vyuCqaWliRG5K1qS9inmUhEMaOBIW7/whAnSwveW/LtZw==", + "license": "MIT", + "dependencies": { + "is-alphabetical": "^2.0.0", + "is-decimal": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/is-arrayish": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "integrity": "sha512-zz06S8t0ozoDXMG+ube26zeCTNXcKIPJZJi8hBrF4idCLms4CG9QtK7qBl1boi5ODzFpjswb5JPmHCbMpjaYzg==", + "license": "MIT" + }, + "node_modules/is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "license": "MIT", + "dependencies": { + "binary-extensions": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-ci": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/is-ci/-/is-ci-3.0.1.tgz", + "integrity": "sha512-ZYvCgrefwqoQ6yTyYUbQu64HsITZ3NfKX1lzaEYdkTDcfKzzCI/wthRRYKkdjHKFVgNiXKAKm65Zo1pk2as/QQ==", + "license": "MIT", + "dependencies": { + "ci-info": "^3.2.0" + }, + "bin": { + "is-ci": "bin.js" + } + }, + "node_modules/is-core-module": { + "version": "2.16.1", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.1.tgz", + "integrity": "sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w==", + "license": "MIT", + "dependencies": { + "hasown": "^2.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-decimal": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-decimal/-/is-decimal-2.0.1.tgz", + "integrity": "sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/is-docker": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "integrity": "sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==", + "license": "MIT", + "bin": { + "is-docker": "cli.js" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-extendable": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "license": "MIT", + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-hexadecimal": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-hexadecimal/-/is-hexadecimal-2.0.1.tgz", + "integrity": "sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/is-inside-container": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz", + "integrity": "sha512-KIYLCCJghfHZxqjYBE7rEy0OBuTd5xCHS7tHVgvCLkx7StIoaxwNW3hCALgEUjFfeRk+MG/Qxmp/vtETEF3tRA==", + "license": "MIT", + "dependencies": { + "is-docker": "^3.0.0" + }, + "bin": { + "is-inside-container": "cli.js" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-inside-container/node_modules/is-docker": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz", + "integrity": "sha512-eljcgEDlEns/7AXFosB5K/2nCM4P7FQPkGc/DWLy5rmFEWvZayGrik1d9/QIY5nJ4f9YsVvBkA6kJpHn9rISdQ==", + "license": "MIT", + "bin": { + "is-docker": "cli.js" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-installed-globally": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/is-installed-globally/-/is-installed-globally-0.4.0.tgz", + "integrity": "sha512-iwGqO3J21aaSkC7jWnHP/difazwS7SFeIqxv6wEtLU8Y5KlzFTjyqcSIT0d8s4+dDhKytsk9PJZ2BkS5eZwQRQ==", + "license": "MIT", + "dependencies": { + "global-dirs": "^3.0.0", + "is-path-inside": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-network-error": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/is-network-error/-/is-network-error-1.3.0.tgz", + "integrity": "sha512-6oIwpsgRfnDiyEDLMay/GqCl3HoAtH5+RUKW29gYkL0QA+ipzpDLA16yQs7/RHCSu+BwgbJaOUqa4A99qNVQVw==", + "license": "MIT", + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-npm": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/is-npm/-/is-npm-6.1.0.tgz", + "integrity": "sha512-O2z4/kNgyjhQwVR1Wpkbfc19JIhggF97NZNCpWTnjH7kVcZMUrnut9XSN7txI7VdyIYk5ZatOq3zvSuWpU8hoA==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "license": "MIT", + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/is-obj": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-1.0.1.tgz", + "integrity": "sha512-l4RyHgRqGN4Y3+9JHVrNqO+tN0rV5My76uW5/nuO4K1b6vw5G8d/cmFjP9tRfEsdhZNt0IFdZuK/c2Vr4Nb+Qg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-path-inside": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/is-plain-obj": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", + "integrity": "sha512-+Pgi+vMuUNkJyExiMBt5IlFoMyKnr5zhJ4Uspz58WOhBF5QoIZkFyNHIbBAtHwzVAgk5RtndVNsDRN61/mmDqg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", + "license": "MIT", + "dependencies": { + "isobject": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-regexp": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/is-regexp/-/is-regexp-1.0.0.tgz", + "integrity": "sha512-7zjFAPO4/gwyQAAgRRmqeEeyIICSdmCqa3tsVHMdBzaXXRiqopZL4Cyghg/XulGWrtABTpbnYYzzIRffLkP4oA==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-typedarray": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz", + "integrity": "sha512-cyA56iCMHAh5CdzjJIa4aohJyeO1YbwLi3Jc35MmRU6poroFjIGZzUzupGiRPOjgHg9TLu43xbpwXk523fMxKA==", + "license": "MIT" + }, + "node_modules/is-wsl": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "integrity": "sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww==", + "license": "MIT", + "dependencies": { + "is-docker": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-yarn-global": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/is-yarn-global/-/is-yarn-global-0.4.1.tgz", + "integrity": "sha512-/kppl+R+LO5VmhYSEWARUFjodS25D68gvj8W7z0I7OWhUla5xWu8KL6CtB2V0R6yqhnRgbcaREMr4EEM6htLPQ==", + "license": "MIT", + "engines": { + "node": ">=12" + } + }, + "node_modules/isarray": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", + "integrity": "sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==", + "license": "MIT" + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", + "license": "ISC" + }, + "node_modules/isobject": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz", + "integrity": "sha512-WhB9zCku7EGTj/HQQRz5aUQEUeoQZH2bWcltRErOpymJ4boYE6wL9Tbr23krRPSZ+C5zqNSrSw+Cc7sZZ4b7vg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/jest-util": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", + "integrity": "sha512-z6EbKajIpqGKU56y5KBUgy1dt1ihhQJgWzUlZHArA/+X2ad7Cb5iF+AK1EWVL/Bo7Rz9uurpqw6SiBCefUbCGA==", + "license": "MIT", + "dependencies": { + "@jest/types": "^29.6.3", + "@types/node": "*", + "chalk": "^4.0.0", + "ci-info": "^3.2.0", + "graceful-fs": "^4.2.9", + "picomatch": "^2.2.3" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-worker": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", + "integrity": "sha512-eIz2msL/EzL9UFTFFx7jBTkeZfku0yUAyZZZmJ93H2TYEiroIx2PQjEXcwYtYl8zXCxb+PAmA2hLIt/6ZEkPHw==", + "license": "MIT", + "dependencies": { + "@types/node": "*", + "jest-util": "^29.7.0", + "merge-stream": "^2.0.0", + "supports-color": "^8.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-worker/node_modules/supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/jiti": { + "version": "1.21.7", + "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.21.7.tgz", + "integrity": "sha512-/imKNG4EbWNrVjoNC/1H5/9GFy+tqjGBHCaSsN+P2RnPqjsLmv6UD3Ej+Kj8nBWaRAwyk7kK5ZUc+OEatnTR3A==", + "license": "MIT", + "bin": { + "jiti": "bin/jiti.js" + } + }, + "node_modules/joi": { + "version": "17.13.3", + "resolved": "https://registry.npmjs.org/joi/-/joi-17.13.3.tgz", + "integrity": "sha512-otDA4ldcIx+ZXsKHWmp0YizCweVRZG96J10b0FevjfuncLO1oX59THoAmHkNubYJ+9gWsYsp5k8v4ib6oDv1fA==", + "license": "BSD-3-Clause", + "dependencies": { + "@hapi/hoek": "^9.3.0", + "@hapi/topo": "^5.1.0", + "@sideway/address": "^4.1.5", + "@sideway/formula": "^3.0.1", + "@sideway/pinpoint": "^2.0.0" + } + }, + "node_modules/js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "license": "MIT" + }, + "node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "license": "MIT", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/jsesc": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.1.0.tgz", + "integrity": "sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA==", + "license": "MIT", + "bin": { + "jsesc": "bin/jsesc" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/json-parse-even-better-errors": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==", + "license": "MIT" + }, + "node_modules/json-schema": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz", + "integrity": "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==", + "license": "(AFL-2.1 OR BSD-3-Clause)" + }, + "node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "license": "MIT" + }, + "node_modules/json5": { + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==", + "license": "MIT", + "bin": { + "json5": "lib/cli.js" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/jsonfile": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.2.0.tgz", + "integrity": "sha512-FGuPw30AdOIUTRMC2OMRtQV+jkVj2cfPqSeWXv1NEAJ1qZ5zb1X6z1mFhbfOB/iy3ssJCD+3KuZ8r8C3uVFlAg==", + "license": "MIT", + "dependencies": { + "universalify": "^2.0.0" + }, + "optionalDependencies": { + "graceful-fs": "^4.1.6" + } + }, + "node_modules/keyv": { + "version": "5.5.3", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.5.3.tgz", + "integrity": "sha512-h0Un1ieD+HUrzBH6dJXhod3ifSghk5Hw/2Y4/KHBziPlZecrFyE9YOTPU6eOs0V9pYl8gOs86fkr/KN8lUX39A==", + "license": "MIT", + "dependencies": { + "@keyv/serialize": "^1.1.1" + } + }, + "node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/kleur": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "integrity": "sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/latest-version": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/latest-version/-/latest-version-7.0.0.tgz", + "integrity": "sha512-KvNT4XqAMzdcL6ka6Tl3i2lYeFDgXNCuIX+xNx6ZMVR1dFq+idXd9FLKNMOIx0t9mJ9/HudyX4oZWXZQ0UJHeg==", + "license": "MIT", + "dependencies": { + "package-json": "^8.1.0" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/launch-editor": { + "version": "2.11.1", + "resolved": "https://registry.npmjs.org/launch-editor/-/launch-editor-2.11.1.tgz", + "integrity": "sha512-SEET7oNfgSaB6Ym0jufAdCeo3meJVeCaaDyzRygy0xsp2BFKCprcfHljTq4QkzTLUxEKkFK6OK4811YM2oSrRg==", + "license": "MIT", + "dependencies": { + "picocolors": "^1.1.1", + "shell-quote": "^1.8.3" + } + }, + "node_modules/leven": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "integrity": "sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/lilconfig": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.3.tgz", + "integrity": "sha512-/vlFKAoH5Cgt3Ie+JLhRbwOsCQePABiU3tJ1egGvyQ+33R/vcwM2Zl2QR/LzjsBeItPt3oSVXapn+m4nQDvpzw==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/antonk52" + } + }, + "node_modules/lines-and-columns": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==", + "license": "MIT" + }, + "node_modules/loader-runner": { + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.3.1.tgz", + "integrity": "sha512-IWqP2SCPhyVFTBtRcgMHdzlf9ul25NwaFx4wCEH/KjAXuuHY4yNjvPXsBokp8jCB936PyWRaPKUNh8NvylLp2Q==", + "license": "MIT", + "engines": { + "node": ">=6.11.5" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/loader-utils": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.4.tgz", + "integrity": "sha512-xXqpXoINfFhgua9xiqD8fPFHgkoq1mmmpE92WlDbm9rNRd/EbRb+Gqf908T2DMfuHjjJlksiK2RbHVOdD/MqSw==", + "license": "MIT", + "dependencies": { + "big.js": "^5.2.2", + "emojis-list": "^3.0.0", + "json5": "^2.1.2" + }, + "engines": { + "node": ">=8.9.0" + } + }, + "node_modules/locate-path": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-7.2.0.tgz", + "integrity": "sha512-gvVijfZvn7R+2qyPX8mAuKcFGDf6Nc61GdvGafQsHL0sBIxfKzA+usWn4GFC/bk+QdwPUD4kWFJLhElipq+0VA==", + "license": "MIT", + "dependencies": { + "p-locate": "^6.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "license": "MIT" + }, + "node_modules/lodash.debounce": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/lodash.debounce/-/lodash.debounce-4.0.8.tgz", + "integrity": "sha512-FT1yDzDYEoYWhnSGnpE/4Kj1fLZkDFyqRb7fNt6FdYOSxlUWAtp42Eh6Wb0rGIv/m9Bgo7x4GhQbm5Ys4SG5ow==", + "license": "MIT" + }, + "node_modules/lodash.memoize": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", + "integrity": "sha512-t7j+NzmgnQzTAYXcsHYLgimltOV1MXHtlOWf6GjL9Kj8GK5FInw5JotxvbOs+IvV1/Dzo04/fCGfLVs7aXb4Ag==", + "license": "MIT" + }, + "node_modules/lodash.uniq": { + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz", + "integrity": "sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ==", + "license": "MIT" + }, + "node_modules/longest-streak": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/longest-streak/-/longest-streak-3.1.0.tgz", + "integrity": "sha512-9Ri+o0JYgehTaVBBDoMqIl8GXtbWg711O3srftcHhZ0dqnETqLaoIK0x17fUw9rFSlK/0NlsKe0Ahhyl5pXE2g==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/loose-envify": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", + "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", + "license": "MIT", + "dependencies": { + "js-tokens": "^3.0.0 || ^4.0.0" + }, + "bin": { + "loose-envify": "cli.js" + } + }, + "node_modules/lower-case": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", + "integrity": "sha512-7fm3l3NAF9WfN6W3JOmf5drwpVqX78JtoGJ3A6W0a6ZnldM41w2fV5D490psKFTpMds8TJse/eHLFFsNHHjHgg==", + "license": "MIT", + "dependencies": { + "tslib": "^2.0.3" + } + }, + "node_modules/lowercase-keys": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", + "integrity": "sha512-ozCC6gdQ+glXOQsveKD0YsDy8DSQFjDTz4zyzEHNV5+JP5D62LmfDZ6o1cycFx9ouG940M5dE8C8CTewdj2YWQ==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lru-cache": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", + "license": "ISC", + "dependencies": { + "yallist": "^3.0.2" + } + }, + "node_modules/markdown-extensions": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/markdown-extensions/-/markdown-extensions-2.0.0.tgz", + "integrity": "sha512-o5vL7aDWatOTX8LzaS1WMoaoxIiLRQJuIKKe2wAw6IeULDHaqbiqiggmx+pKvZDb1Sj+pE46Sn1T7lCqfFtg1Q==", + "license": "MIT", + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/markdown-table": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/markdown-table/-/markdown-table-3.0.4.tgz", + "integrity": "sha512-wiYz4+JrLyb/DqW2hkFJxP7Vd7JuTDm77fvbM8VfEQdmSMqcImWeeRbHwZjBjIFki/VaMK2BhFi7oUUZeM5bqw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/marked": { + "version": "16.4.1", + "resolved": "https://registry.npmjs.org/marked/-/marked-16.4.1.tgz", + "integrity": "sha512-ntROs7RaN3EvWfy3EZi14H4YxmT6A5YvywfhO+0pm+cH/dnSQRmdAmoFIc3B9aiwTehyk7pESH4ofyBY+V5hZg==", + "license": "MIT", + "bin": { + "marked": "bin/marked.js" + }, + "engines": { + "node": ">= 20" + } + }, + "node_modules/math-intrinsics": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/mdast-util-directive": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mdast-util-directive/-/mdast-util-directive-3.1.0.tgz", + "integrity": "sha512-I3fNFt+DHmpWCYAT7quoM6lHf9wuqtI+oCOfvILnoicNIqjh5E3dEJWiXuYME2gNe8vl1iMQwyUHa7bgFmak6Q==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "@types/unist": "^3.0.0", + "ccount": "^2.0.0", + "devlop": "^1.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0", + "parse-entities": "^4.0.0", + "stringify-entities": "^4.0.0", + "unist-util-visit-parents": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-find-and-replace": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/mdast-util-find-and-replace/-/mdast-util-find-and-replace-3.0.2.tgz", + "integrity": "sha512-Tmd1Vg/m3Xz43afeNxDIhWRtFZgM2VLyaf4vSTYwudTyeuTneoL3qtWMA5jeLyz/O1vDJmmV4QuScFCA2tBPwg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "escape-string-regexp": "^5.0.0", + "unist-util-is": "^6.0.0", + "unist-util-visit-parents": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-find-and-replace/node_modules/escape-string-regexp": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-5.0.0.tgz", + "integrity": "sha512-/veY75JbMK4j1yjvuUxuVsiS/hr/4iHs9FTT6cgTexxdE0Ly/glccBAkloH/DofkjRbZU3bnoj38mOmhkZ0lHw==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mdast-util-from-markdown": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/mdast-util-from-markdown/-/mdast-util-from-markdown-2.0.2.tgz", + "integrity": "sha512-uZhTV/8NBuw0WHkPTrCqDOl0zVe1BIng5ZtHoDk49ME1qqcjYmmLmOf0gELgcRMxN4w2iuIeVso5/6QymSrgmA==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "@types/unist": "^3.0.0", + "decode-named-character-reference": "^1.0.0", + "devlop": "^1.0.0", + "mdast-util-to-string": "^4.0.0", + "micromark": "^4.0.0", + "micromark-util-decode-numeric-character-reference": "^2.0.0", + "micromark-util-decode-string": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0", + "unist-util-stringify-position": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-from-markdown/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/mdast-util-frontmatter": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/mdast-util-frontmatter/-/mdast-util-frontmatter-2.0.1.tgz", + "integrity": "sha512-LRqI9+wdgC25P0URIJY9vwocIzCcksduHQ9OF2joxQoyTNVduwLAFUzjoopuRJbJAReaKrNQKAZKL3uCMugWJA==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "escape-string-regexp": "^5.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0", + "micromark-extension-frontmatter": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-frontmatter/node_modules/escape-string-regexp": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-5.0.0.tgz", + "integrity": "sha512-/veY75JbMK4j1yjvuUxuVsiS/hr/4iHs9FTT6cgTexxdE0Ly/glccBAkloH/DofkjRbZU3bnoj38mOmhkZ0lHw==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mdast-util-gfm": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm/-/mdast-util-gfm-3.1.0.tgz", + "integrity": "sha512-0ulfdQOM3ysHhCJ1p06l0b0VKlhU0wuQs3thxZQagjcjPrlFRqY215uZGHHJan9GEAXd9MbfPjFJz+qMkVR6zQ==", + "license": "MIT", + "dependencies": { + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-gfm-autolink-literal": "^2.0.0", + "mdast-util-gfm-footnote": "^2.0.0", + "mdast-util-gfm-strikethrough": "^2.0.0", + "mdast-util-gfm-table": "^2.0.0", + "mdast-util-gfm-task-list-item": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-autolink-literal": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-autolink-literal/-/mdast-util-gfm-autolink-literal-2.0.1.tgz", + "integrity": "sha512-5HVP2MKaP6L+G6YaxPNjuL0BPrq9orG3TsrZ9YXbA3vDw/ACI4MEsnoDpn6ZNm7GnZgtAcONJyPhOP8tNJQavQ==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "ccount": "^2.0.0", + "devlop": "^1.0.0", + "mdast-util-find-and-replace": "^3.0.0", + "micromark-util-character": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-autolink-literal/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/mdast-util-gfm-autolink-literal/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/mdast-util-gfm-footnote": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-footnote/-/mdast-util-gfm-footnote-2.1.0.tgz", + "integrity": "sha512-sqpDWlsHn7Ac9GNZQMeUzPQSMzR6Wv0WKRNvQRg0KqHh02fpTz69Qc1QSseNX29bhz1ROIyNyxExfawVKTm1GQ==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "devlop": "^1.1.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-strikethrough": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-strikethrough/-/mdast-util-gfm-strikethrough-2.0.0.tgz", + "integrity": "sha512-mKKb915TF+OC5ptj5bJ7WFRPdYtuHv0yTRxK2tJvi+BDqbkiG7h7u/9SI89nRAYcmap2xHQL9D+QG/6wSrTtXg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-table": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-table/-/mdast-util-gfm-table-2.0.0.tgz", + "integrity": "sha512-78UEvebzz/rJIxLvE7ZtDd/vIQ0RHv+3Mh5DR96p7cS7HsBhYIICDBCu8csTNWNO6tBWfqXPWekRuj2FNOGOZg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "markdown-table": "^3.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-task-list-item": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-task-list-item/-/mdast-util-gfm-task-list-item-2.0.0.tgz", + "integrity": "sha512-IrtvNvjxC1o06taBAVJznEnkiHxLFTzgonUdy8hzFVeDun0uTjxxrRGVaNFqkU1wJR3RBPEfsxmU6jDWPofrTQ==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-mdx": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-mdx/-/mdast-util-mdx-3.0.0.tgz", + "integrity": "sha512-JfbYLAW7XnYTTbUsmpu0kdBUVe+yKVJZBItEjwyYJiDJuZ9w4eeaqks4HQO+R7objWgS2ymV60GYpI14Ug554w==", + "license": "MIT", + "dependencies": { + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-mdx-expression": "^2.0.0", + "mdast-util-mdx-jsx": "^3.0.0", + "mdast-util-mdxjs-esm": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-mdx-expression": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/mdast-util-mdx-expression/-/mdast-util-mdx-expression-2.0.1.tgz", + "integrity": "sha512-J6f+9hUp+ldTZqKRSg7Vw5V6MqjATc+3E4gf3CFNcuZNWD8XdyI6zQ8GqH7f8169MM6P7hMBRDVGnn7oHB9kXQ==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-mdx-jsx": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/mdast-util-mdx-jsx/-/mdast-util-mdx-jsx-3.2.0.tgz", + "integrity": "sha512-lj/z8v0r6ZtsN/cGNNtemmmfoLAFZnjMbNyLzBafjzikOM+glrjNHPlf6lQDOTccj9n5b0PPihEBbhneMyGs1Q==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "@types/unist": "^3.0.0", + "ccount": "^2.0.0", + "devlop": "^1.1.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0", + "parse-entities": "^4.0.0", + "stringify-entities": "^4.0.0", + "unist-util-stringify-position": "^4.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-mdxjs-esm": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/mdast-util-mdxjs-esm/-/mdast-util-mdxjs-esm-2.0.1.tgz", + "integrity": "sha512-EcmOpxsZ96CvlP03NghtH1EsLtr0n9Tm4lPUJUBccV9RwUOneqSycg19n5HGzCf+10LozMRSObtVr3ee1WoHtg==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-phrasing": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/mdast-util-phrasing/-/mdast-util-phrasing-4.1.0.tgz", + "integrity": "sha512-TqICwyvJJpBwvGAMZjj4J2n0X8QWp21b9l0o7eXyVJ25YNWYbJDVIyD1bZXE6WtV6RmKJVYmQAKWa0zWOABz2w==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "unist-util-is": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-to-hast": { + "version": "13.2.0", + "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-13.2.0.tgz", + "integrity": "sha512-QGYKEuUsYT9ykKBCMOEDLsU5JRObWQusAolFMeko/tYPufNkRffBAQjIE+99jbA87xv6FgmjLtwjh9wBWajwAA==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "@ungap/structured-clone": "^1.0.0", + "devlop": "^1.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "trim-lines": "^3.0.0", + "unist-util-position": "^5.0.0", + "unist-util-visit": "^5.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-to-markdown": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/mdast-util-to-markdown/-/mdast-util-to-markdown-2.1.2.tgz", + "integrity": "sha512-xj68wMTvGXVOKonmog6LwyJKrYXZPvlwabaryTjLh9LuvovB/KAH+kvi8Gjj+7rJjsFi23nkUxRQv1KqSroMqA==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "@types/unist": "^3.0.0", + "longest-streak": "^3.0.0", + "mdast-util-phrasing": "^4.0.0", + "mdast-util-to-string": "^4.0.0", + "micromark-util-classify-character": "^2.0.0", + "micromark-util-decode-string": "^2.0.0", + "unist-util-visit": "^5.0.0", + "zwitch": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-to-string": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-to-string/-/mdast-util-to-string-4.0.0.tgz", + "integrity": "sha512-0H44vDimn51F0YwvxSJSm0eCDOJTRlmN0R1yBh4HLj9wiV1Dn0QoXGbvFAWj2hSItVTlCmBF1hqKlIyUBVFLPg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdn-data": { + "version": "2.0.30", + "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.30.tgz", + "integrity": "sha512-GaqWWShW4kv/G9IEucWScBx9G1/vsFZZJUO+tD26M8J8z3Kw5RDQjaoZe03YAClgeS/SWPOcb4nkFBTEi5DUEA==", + "license": "CC0-1.0" + }, + "node_modules/media-typer": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/memfs": { + "version": "4.49.0", + "resolved": "https://registry.npmjs.org/memfs/-/memfs-4.49.0.tgz", + "integrity": "sha512-L9uC9vGuc4xFybbdOpRLoOAOq1YEBBsocCs5NVW32DfU+CZWWIn3OVF+lB8Gp4ttBVSMazwrTrjv8ussX/e3VQ==", + "license": "Apache-2.0", + "dependencies": { + "@jsonjoy.com/json-pack": "^1.11.0", + "@jsonjoy.com/util": "^1.9.0", + "glob-to-regex.js": "^1.0.1", + "thingies": "^2.5.0", + "tree-dump": "^1.0.3", + "tslib": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + } + }, + "node_modules/merge-descriptors": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz", + "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/merge-stream": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", + "license": "MIT" + }, + "node_modules/merge2": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", + "license": "MIT", + "engines": { + "node": ">= 8" + } + }, + "node_modules/methods": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/micromark": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/micromark/-/micromark-4.0.2.tgz", + "integrity": "sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "@types/debug": "^4.0.0", + "debug": "^4.0.0", + "decode-named-character-reference": "^1.0.0", + "devlop": "^1.0.0", + "micromark-core-commonmark": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-combine-extensions": "^2.0.0", + "micromark-util-decode-numeric-character-reference": "^2.0.0", + "micromark-util-encode": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-resolve-all": "^2.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "micromark-util-subtokenize": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-core-commonmark": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/micromark-core-commonmark/-/micromark-core-commonmark-2.0.3.tgz", + "integrity": "sha512-RDBrHEMSxVFLg6xvnXmb1Ayr2WzLAWjeSATAoxwKYJV94TeNavgoIdA0a9ytzDSVzBy2YKFK+emCPOEibLeCrg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "decode-named-character-reference": "^1.0.0", + "devlop": "^1.0.0", + "micromark-factory-destination": "^2.0.0", + "micromark-factory-label": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-factory-title": "^2.0.0", + "micromark-factory-whitespace": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-classify-character": "^2.0.0", + "micromark-util-html-tag-name": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-resolve-all": "^2.0.0", + "micromark-util-subtokenize": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-core-commonmark/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-core-commonmark/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-core-commonmark/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-directive": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/micromark-extension-directive/-/micromark-extension-directive-3.0.2.tgz", + "integrity": "sha512-wjcXHgk+PPdmvR58Le9d7zQYWy+vKEU9Se44p2CrCDPiLr2FMyiT4Fyb5UFKFC66wGB3kPlgD7q3TnoqPS7SZA==", + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-factory-whitespace": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0", + "parse-entities": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-directive/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-directive/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-directive/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-frontmatter": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-frontmatter/-/micromark-extension-frontmatter-2.0.0.tgz", + "integrity": "sha512-C4AkuM3dA58cgZha7zVnuVxBhDsbttIMiytjgsM2XbHAB2faRVaHRle40558FBN+DJcrLNCoqG5mlrpdU4cRtg==", + "license": "MIT", + "dependencies": { + "fault": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-frontmatter/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-frontmatter/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-gfm": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm/-/micromark-extension-gfm-3.0.0.tgz", + "integrity": "sha512-vsKArQsicm7t0z2GugkCKtZehqUm31oeGBV/KVSorWSy8ZlNAv7ytjFhvaryUiCUJYqs+NoE6AFhpQvBTM6Q4w==", + "license": "MIT", + "dependencies": { + "micromark-extension-gfm-autolink-literal": "^2.0.0", + "micromark-extension-gfm-footnote": "^2.0.0", + "micromark-extension-gfm-strikethrough": "^2.0.0", + "micromark-extension-gfm-table": "^2.0.0", + "micromark-extension-gfm-tagfilter": "^2.0.0", + "micromark-extension-gfm-task-list-item": "^2.0.0", + "micromark-util-combine-extensions": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-autolink-literal": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-autolink-literal/-/micromark-extension-gfm-autolink-literal-2.1.0.tgz", + "integrity": "sha512-oOg7knzhicgQ3t4QCjCWgTmfNhvQbDDnJeVu9v81r7NltNCVmhPy1fJRX27pISafdjL+SVc4d3l48Gb6pbRypw==", + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-autolink-literal/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm-autolink-literal/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-gfm-footnote": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-footnote/-/micromark-extension-gfm-footnote-2.1.0.tgz", + "integrity": "sha512-/yPhxI1ntnDNsiHtzLKYnE3vf9JZ6cAisqVDauhp4CEHxlb4uoOTxOCJ+9s51bIB8U1N1FJ1RXOKTIlD5B/gqw==", + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-core-commonmark": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-footnote/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm-footnote/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm-footnote/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-gfm-strikethrough": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-strikethrough/-/micromark-extension-gfm-strikethrough-2.1.0.tgz", + "integrity": "sha512-ADVjpOOkjz1hhkZLlBiYA9cR2Anf8F4HqZUO6e5eDcPQd0Txw5fxLzzxnEkSkfnD0wziSGiv7sYhk/ktvbf1uw==", + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-classify-character": "^2.0.0", + "micromark-util-resolve-all": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-strikethrough/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-gfm-table": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-table/-/micromark-extension-gfm-table-2.1.1.tgz", + "integrity": "sha512-t2OU/dXXioARrC6yWfJ4hqB7rct14e8f7m0cbI5hUmDyyIlwv5vEtooptH8INkbLzOatzKuVbQmAYcbWoyz6Dg==", + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-table/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm-table/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm-table/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-gfm-tagfilter": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-tagfilter/-/micromark-extension-gfm-tagfilter-2.0.0.tgz", + "integrity": "sha512-xHlTOmuCSotIA8TW1mDIM6X2O1SiX5P9IuDtqGonFhEK0qgRI4yeC6vMxEV2dgyr2TiD+2PQ10o+cOhdVAcwfg==", + "license": "MIT", + "dependencies": { + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-task-list-item": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-task-list-item/-/micromark-extension-gfm-task-list-item-2.1.0.tgz", + "integrity": "sha512-qIBZhqxqI6fjLDYFTBIa4eivDMnP+OZqsNwmQ3xNLE4Cxwc+zfQEfbs6tzAo2Hjq+bh6q5F+Z8/cksrLFYWQQw==", + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-task-list-item/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm-task-list-item/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm-task-list-item/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-mdx-expression": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/micromark-extension-mdx-expression/-/micromark-extension-mdx-expression-3.0.1.tgz", + "integrity": "sha512-dD/ADLJ1AeMvSAKBwO22zG22N4ybhe7kFIZ3LsDI0GlsNr2A3KYxb0LdC1u5rj4Nw+CHKY0RVdnHX8vj8ejm4Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "devlop": "^1.0.0", + "micromark-factory-mdx-expression": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-events-to-acorn": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-mdx-expression/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-mdx-expression/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-mdx-expression/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-mdx-jsx": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/micromark-extension-mdx-jsx/-/micromark-extension-mdx-jsx-3.0.2.tgz", + "integrity": "sha512-e5+q1DjMh62LZAJOnDraSSbDMvGJ8x3cbjygy2qFEi7HCeUT4BDKCvMozPozcD6WmOt6sVvYDNBKhFSz3kjOVQ==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "devlop": "^1.0.0", + "estree-util-is-identifier-name": "^3.0.0", + "micromark-factory-mdx-expression": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-events-to-acorn": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-mdx-jsx/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-mdx-jsx/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-mdx-jsx/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-mdx-md": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-mdx-md/-/micromark-extension-mdx-md-2.0.0.tgz", + "integrity": "sha512-EpAiszsB3blw4Rpba7xTOUptcFeBFi+6PY8VnJ2hhimH+vCQDirWgsMpz7w1XcZE7LVrSAUGb9VJpG9ghlYvYQ==", + "license": "MIT", + "dependencies": { + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-mdxjs": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-mdxjs/-/micromark-extension-mdxjs-3.0.0.tgz", + "integrity": "sha512-A873fJfhnJ2siZyUrJ31l34Uqwy4xIFmvPY1oj+Ean5PHcPBYzEsvqvWGaWcfEIr11O5Dlw3p2y0tZWpKHDejQ==", + "license": "MIT", + "dependencies": { + "acorn": "^8.0.0", + "acorn-jsx": "^5.0.0", + "micromark-extension-mdx-expression": "^3.0.0", + "micromark-extension-mdx-jsx": "^3.0.0", + "micromark-extension-mdx-md": "^2.0.0", + "micromark-extension-mdxjs-esm": "^3.0.0", + "micromark-util-combine-extensions": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-mdxjs-esm": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-mdxjs-esm/-/micromark-extension-mdxjs-esm-3.0.0.tgz", + "integrity": "sha512-DJFl4ZqkErRpq/dAPyeWp15tGrcrrJho1hKK5uBS70BCtfrIFg81sqcTVu3Ta+KD1Tk5vAtBNElWxtAa+m8K9A==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "devlop": "^1.0.0", + "micromark-core-commonmark": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-events-to-acorn": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0", + "unist-util-position-from-estree": "^2.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-mdxjs-esm/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-mdxjs-esm/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-factory-destination": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-destination/-/micromark-factory-destination-2.0.1.tgz", + "integrity": "sha512-Xe6rDdJlkmbFRExpTOmRj9N3MaWmbAgdpSrBQvCFqhezUn4AHqJHbaEnfbVYYiexVSs//tqOdY/DxhjdCiJnIA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-destination/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-destination/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-factory-label": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-label/-/micromark-factory-label-2.0.1.tgz", + "integrity": "sha512-VFMekyQExqIW7xIChcXn4ok29YE3rnuyveW3wZQWWqF4Nv9Wk5rgJ99KzPvHjkmPXF93FXIbBp6YdW3t71/7Vg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-label/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-label/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-factory-mdx-expression": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/micromark-factory-mdx-expression/-/micromark-factory-mdx-expression-2.0.3.tgz", + "integrity": "sha512-kQnEtA3vzucU2BkrIa8/VaSAsP+EJ3CKOvhMuJgOEGg9KDC6OAY6nSnNDVRiVNRqj7Y4SlSzcStaH/5jge8JdQ==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "devlop": "^1.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-events-to-acorn": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0", + "unist-util-position-from-estree": "^2.0.0", + "vfile-message": "^4.0.0" + } + }, + "node_modules/micromark-factory-mdx-expression/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-mdx-expression/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-mdx-expression/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-factory-space": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-1.1.0.tgz", + "integrity": "sha512-cRzEj7c0OL4Mw2v6nwzttyOZe8XY/Z8G0rzmWQZTBi/jjwyw/U4uqKtUORXQrR5bAZZnbTI/feRV/R7hc4jQYQ==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^1.0.0", + "micromark-util-types": "^1.0.0" + } + }, + "node_modules/micromark-factory-space/node_modules/micromark-util-types": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-1.1.0.tgz", + "integrity": "sha512-ukRBgie8TIAcacscVHSiddHjO4k/q3pnedmzMQ4iwDcK0FtFCohKOlFbaOL/mPgfnPsL3C1ZyxJa4sbWrBl3jg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-factory-title": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-title/-/micromark-factory-title-2.0.1.tgz", + "integrity": "sha512-5bZ+3CjhAd9eChYTHsjy6TGxpOFSKgKKJPJxr293jTbfry2KDoWkhBb6TcPVB4NmzaPhMs1Frm9AZH7OD4Cjzw==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-title/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-title/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-title/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-factory-whitespace": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-whitespace/-/micromark-factory-whitespace-2.0.1.tgz", + "integrity": "sha512-Ob0nuZ3PKt/n0hORHyvoD9uZhr+Za8sFoP+OnMcnWK5lngSzALgQYKMr9RJVOWLqQYuyn6ulqGWSXdwf6F80lQ==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-whitespace/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-whitespace/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-whitespace/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-character": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-1.2.0.tgz", + "integrity": "sha512-lXraTwcX3yH/vMDaFWCQJP1uIszLVebzUa3ZHdrgxr7KEU/9mL4mVgCpGbyhvNLNlauROiNUq7WN5u7ndbY6xg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^1.0.0", + "micromark-util-types": "^1.0.0" + } + }, + "node_modules/micromark-util-character/node_modules/micromark-util-types": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-1.1.0.tgz", + "integrity": "sha512-ukRBgie8TIAcacscVHSiddHjO4k/q3pnedmzMQ4iwDcK0FtFCohKOlFbaOL/mPgfnPsL3C1ZyxJa4sbWrBl3jg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-chunked": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-chunked/-/micromark-util-chunked-2.0.1.tgz", + "integrity": "sha512-QUNFEOPELfmvv+4xiNg2sRYeS/P84pTW0TCgP5zc9FpXetHY0ab7SxKyAQCNCc1eK0459uoLI1y5oO5Vc1dbhA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-chunked/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-classify-character": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-classify-character/-/micromark-util-classify-character-2.0.1.tgz", + "integrity": "sha512-K0kHzM6afW/MbeWYWLjoHQv1sgg2Q9EccHEDzSkxiP/EaagNzCm7T/WMKZ3rjMbvIpvBiZgwR3dKMygtA4mG1Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-classify-character/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-classify-character/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-combine-extensions": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-combine-extensions/-/micromark-util-combine-extensions-2.0.1.tgz", + "integrity": "sha512-OnAnH8Ujmy59JcyZw8JSbK9cGpdVY44NKgSM7E9Eh7DiLS2E9RNQf0dONaGDzEG9yjEl5hcqeIsj4hfRkLH/Bg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-chunked": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-decode-numeric-character-reference": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/micromark-util-decode-numeric-character-reference/-/micromark-util-decode-numeric-character-reference-2.0.2.tgz", + "integrity": "sha512-ccUbYk6CwVdkmCQMyr64dXz42EfHGkPQlBj5p7YVGzq8I7CtjXZJrubAYezf7Rp+bjPseiROqe7G6foFd+lEuw==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-decode-numeric-character-reference/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-decode-string": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-decode-string/-/micromark-util-decode-string-2.0.1.tgz", + "integrity": "sha512-nDV/77Fj6eH1ynwscYTOsbK7rR//Uj0bZXBwJZRfaLEJ1iGBR6kIfNmlNqaqJf649EP0F3NWNdeJi03elllNUQ==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "decode-named-character-reference": "^1.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-decode-numeric-character-reference": "^2.0.0", + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-decode-string/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-decode-string/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-encode": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-encode/-/micromark-util-encode-2.0.1.tgz", + "integrity": "sha512-c3cVx2y4KqUnwopcO9b/SCdo2O67LwJJ/UyqGfbigahfegL9myoEFoDYZgkT7f36T0bLrM9hZTAaAyH+PCAXjw==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-events-to-acorn": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/micromark-util-events-to-acorn/-/micromark-util-events-to-acorn-2.0.3.tgz", + "integrity": "sha512-jmsiEIiZ1n7X1Rr5k8wVExBQCg5jy4UXVADItHmNk1zkwEVhBuIUKRu3fqv+hs4nxLISi2DQGlqIOGiFxgbfHg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "@types/unist": "^3.0.0", + "devlop": "^1.0.0", + "estree-util-visit": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0", + "vfile-message": "^4.0.0" + } + }, + "node_modules/micromark-util-events-to-acorn/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-html-tag-name": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-html-tag-name/-/micromark-util-html-tag-name-2.0.1.tgz", + "integrity": "sha512-2cNEiYDhCWKI+Gs9T0Tiysk136SnR13hhO8yW6BGNyhOC4qYFnwF1nKfD3HFAIXA5c45RrIG1ub11GiXeYd1xA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-normalize-identifier": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-normalize-identifier/-/micromark-util-normalize-identifier-2.0.1.tgz", + "integrity": "sha512-sxPqmo70LyARJs0w2UclACPUUEqltCkJ6PhKdMIDuJ3gSf/Q+/GIe3WKl0Ijb/GyH9lOpUkRAO2wp0GVkLvS9Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-normalize-identifier/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-resolve-all": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-resolve-all/-/micromark-util-resolve-all-2.0.1.tgz", + "integrity": "sha512-VdQyxFWFT2/FGJgwQnJYbe1jjQoNTS4RjglmSjTUlpUMa95Htx9NHeYW4rGDJzbjvCsl9eLjMQwGeElsqmzcHg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-sanitize-uri": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-sanitize-uri/-/micromark-util-sanitize-uri-2.0.1.tgz", + "integrity": "sha512-9N9IomZ/YuGGZZmQec1MbgxtlgougxTodVwDzzEouPKo3qFWvymFHWcnDi2vzV1ff6kas9ucW+o3yzJK9YB1AQ==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-encode": "^2.0.0", + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-sanitize-uri/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-sanitize-uri/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-subtokenize": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-util-subtokenize/-/micromark-util-subtokenize-2.1.0.tgz", + "integrity": "sha512-XQLu552iSctvnEcgXw6+Sx75GflAPNED1qx7eBJ+wydBb2KCbRZe+NwvIEEMM83uml1+2WSXpBAcp9IUCgCYWA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-subtokenize/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-symbol": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-1.1.0.tgz", + "integrity": "sha512-uEjpEYY6KMs1g7QfJ2eX1SQEV+ZT4rUD3UcF6l57acZvLNK7PBZL+ty82Z1qhK1/yXIY4bdx04FKMgR0g4IAag==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-types": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-2.0.2.tgz", + "integrity": "sha512-Yw0ECSpJoViF1qTU4DC6NwtC4aWGt1EkzaQB8KPPyCRR8z9TWeV0HbEFGTO+ZY1wB22zmxnJqhPyTpOVCpeHTA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromatch": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", + "license": "MIT", + "dependencies": { + "braces": "^3.0.3", + "picomatch": "^2.3.1" + }, + "engines": { + "node": ">=8.6" + } + }, + "node_modules/mime": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", + "license": "MIT", + "bin": { + "mime": "cli.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/mime-db": { + "version": "1.33.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.33.0.tgz", + "integrity": "sha512-BHJ/EKruNIqJf/QahvxwQZXKygOQ256myeN/Ew+THcAa5q+PjyTTMMeNQC4DZw5AwfvelsUrA6B67NKMqXDbzQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.18", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz", + "integrity": "sha512-lc/aahn+t4/SWV/qcmumYjymLsWfN3ELhpmVuUFjgsORruuZPVSwAQryq+HHGvO/SI2KVX26bx+En+zhM8g8hQ==", + "license": "MIT", + "dependencies": { + "mime-db": "~1.33.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mimic-fn": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/mimic-response": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", + "integrity": "sha512-e5ISH9xMYU0DzrT+jl8q2ze9D6eWBto+I8CNpe+VI+K2J/F/k3PdkdTdz4wvGVH4NTpo+NRYTVIuMQEMMcsLqg==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mini-css-extract-plugin": { + "version": "2.9.4", + "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.9.4.tgz", + "integrity": "sha512-ZWYT7ln73Hptxqxk2DxPU9MmapXRhxkJD6tkSR04dnQxm8BGu2hzgKLugK5yySD97u/8yy7Ma7E76k9ZdvtjkQ==", + "license": "MIT", + "dependencies": { + "schema-utils": "^4.0.0", + "tapable": "^2.2.1" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.0.0" + } + }, + "node_modules/minimalistic-assert": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz", + "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==", + "license": "ISC" + }, + "node_modules/minimatch": { + "version": "9.0.9", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz", + "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==", + "license": "ISC", + "dependencies": { + "brace-expansion": "^2.0.2" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/minimist": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/mrmime": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/mrmime/-/mrmime-2.0.1.tgz", + "integrity": "sha512-Y3wQdFg2Va6etvQ5I82yUhGdsKrcYox6p7FfL1LbK2J4V01F9TGlepTIhnK24t7koZibmg82KGglhA1XK5IsLQ==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "license": "MIT" + }, + "node_modules/multicast-dns": { + "version": "7.2.5", + "resolved": "https://registry.npmjs.org/multicast-dns/-/multicast-dns-7.2.5.tgz", + "integrity": "sha512-2eznPJP8z2BFLX50tf0LuODrpINqP1RVIm/CObbTcBRITQgmC/TjcREF1NeTBzIcR5XO/ukWo+YHOjBbFwIupg==", + "license": "MIT", + "dependencies": { + "dns-packet": "^5.2.2", + "thunky": "^1.0.2" + }, + "bin": { + "multicast-dns": "cli.js" + } + }, + "node_modules/nanoid": { + "version": "3.3.11", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz", + "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/negotiator": { + "version": "0.6.4", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.4.tgz", + "integrity": "sha512-myRT3DiWPHqho5PrJaIRyaMv2kgYf0mUVgBNOYMuCH5Ki1yEiQaf/ZJuQ62nvpc44wL5WDbTX7yGJi1Neevw8w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/neo-async": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz", + "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==", + "license": "MIT" + }, + "node_modules/no-case": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", + "integrity": "sha512-fgAN3jGAh+RoxUGZHTSOLJIqUc2wmoBwGR4tbpNAKmmovFoWq0OdRkb0VkldReO2a2iBT/OEulG9XSUc10r3zg==", + "license": "MIT", + "dependencies": { + "lower-case": "^2.0.2", + "tslib": "^2.0.3" + } + }, + "node_modules/node-emoji": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/node-emoji/-/node-emoji-2.2.0.tgz", + "integrity": "sha512-Z3lTE9pLaJF47NyMhd4ww1yFTAP8YhYI8SleJiHzM46Fgpm5cnNzSl9XfzFNqbaz+VlJrIj3fXQ4DeN1Rjm6cw==", + "license": "MIT", + "dependencies": { + "@sindresorhus/is": "^4.6.0", + "char-regex": "^1.0.2", + "emojilib": "^2.4.0", + "skin-tone": "^2.0.0" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/node-forge": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz", + "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==", + "license": "(BSD-3-Clause OR GPL-2.0)", + "engines": { + "node": ">= 6.13.0" + } + }, + "node_modules/node-releases": { + "version": "2.0.25", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.25.tgz", + "integrity": "sha512-4auku8B/vw5psvTiiN9j1dAOsXvMoGqJuKJcR+dTdqiXEK20mMTk1UEo3HS16LeGQsVG6+qKTPM9u/qQ2LqATA==", + "license": "MIT" + }, + "node_modules/normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/normalize-range": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/normalize-range/-/normalize-range-0.1.2.tgz", + "integrity": "sha512-bdok/XvKII3nUpklnV6P2hxtMNrCboOjAcyBuQnWEhO665FwrSNRxU+AqpsyvO6LgGYPspN+lu5CLtw4jPRKNA==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/normalize-url": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.1.0.tgz", + "integrity": "sha512-X06Mfd/5aKsRHc0O0J5CUedwnPmnDtLF2+nq+KN9KSDlJHkPuh0JUviWjEWMe0SW/9TDdSLVPuk7L5gGTIA1/w==", + "license": "MIT", + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/npm-run-path": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "integrity": "sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==", + "license": "MIT", + "dependencies": { + "path-key": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/nprogress": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/nprogress/-/nprogress-0.2.0.tgz", + "integrity": "sha512-I19aIingLgR1fmhftnbWWO3dXc0hSxqHQHQb3H8m+K3TnEn/iSeTZZOyvKXWqQESMwuUVnatlCnZdLBZZt2VSA==", + "license": "MIT" + }, + "node_modules/nth-check": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-2.1.1.tgz", + "integrity": "sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==", + "license": "BSD-2-Clause", + "dependencies": { + "boolbase": "^1.0.0" + }, + "funding": { + "url": "https://github.com/fb55/nth-check?sponsor=1" + } + }, + "node_modules/null-loader": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/null-loader/-/null-loader-4.0.1.tgz", + "integrity": "sha512-pxqVbi4U6N26lq+LmgIbB5XATP0VdZKOG25DhHi8btMmJJefGArFyDg1yc4U3hWCJbMqSrw0qyrz1UQX+qYXqg==", + "license": "MIT", + "dependencies": { + "loader-utils": "^2.0.0", + "schema-utils": "^3.0.0" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^4.0.0 || ^5.0.0" + } + }, + "node_modules/null-loader/node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/null-loader/node_modules/ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "license": "MIT", + "peerDependencies": { + "ajv": "^6.9.1" + } + }, + "node_modules/null-loader/node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "license": "MIT" + }, + "node_modules/null-loader/node_modules/schema-utils": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz", + "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.8", + "ajv": "^6.12.5", + "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/object-inspect": { + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", + "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/object-keys": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz", + "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/object.assign": { + "version": "4.1.7", + "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.7.tgz", + "integrity": "sha512-nK28WOo+QIjBkDduTINE4JkF/UJJKyf2EJxvJKfblDpyg0Q+pkOHNTL0Qwy6NP6FhE/EnzV73BxxqcJaXY9anw==", + "license": "MIT", + "dependencies": { + "call-bind": "^1.0.8", + "call-bound": "^1.0.3", + "define-properties": "^1.2.1", + "es-object-atoms": "^1.0.0", + "has-symbols": "^1.1.0", + "object-keys": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/obuf": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/obuf/-/obuf-1.1.2.tgz", + "integrity": "sha512-PX1wu0AmAdPqOL1mWhqmlOd8kOIZQwGZw6rh7uby9fTc5lhaOWFLX3I6R1hrF9k3zUY40e6igsLGkDXK92LJNg==", + "license": "MIT" + }, + "node_modules/on-finished": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", + "license": "MIT", + "dependencies": { + "ee-first": "1.1.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/on-headers": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz", + "integrity": "sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/onetime": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==", + "license": "MIT", + "dependencies": { + "mimic-fn": "^2.1.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/open": { + "version": "8.4.2", + "resolved": "https://registry.npmjs.org/open/-/open-8.4.2.tgz", + "integrity": "sha512-7x81NCL719oNbsq/3mh+hVrAWmFuEYUqrq/Iw3kUzH8ReypT9QQ0BLoJS7/G9k6N81XjW4qHWtjWwe/9eLy1EQ==", + "license": "MIT", + "dependencies": { + "define-lazy-prop": "^2.0.0", + "is-docker": "^2.1.1", + "is-wsl": "^2.2.0" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/opener": { + "version": "1.5.2", + "resolved": "https://registry.npmjs.org/opener/-/opener-1.5.2.tgz", + "integrity": "sha512-ur5UIdyw5Y7yEj9wLzhqXiy6GZ3Mwx0yGI+5sMn2r0N0v3cKJvUmFH5yPP+WXh9e0xfyzyJX95D8l088DNFj7A==", + "license": "(WTFPL OR MIT)", + "bin": { + "opener": "bin/opener-bin.js" + } + }, + "node_modules/p-cancelable": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-4.0.1.tgz", + "integrity": "sha512-wBowNApzd45EIKdO1LaU+LrMBwAcjfPaYtVzV3lmfM3gf8Z4CHZsiIqlM8TZZ8okYvh5A1cP6gTfCRQtwUpaUg==", + "license": "MIT", + "engines": { + "node": ">=14.16" + } + }, + "node_modules/p-finally": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz", + "integrity": "sha512-LICb2p9CB7FS+0eR1oqWnHhp0FljGLZCWBE9aix0Uye9W8LTQPwMTYVGWQWIw9RdQiDg4+epXQODwIYJtSJaow==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/p-limit": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-4.0.0.tgz", + "integrity": "sha512-5b0R4txpzjPWVw/cXXUResoD4hb6U/x9BH08L7nw+GN1sezDzPdxeRvpc9c433fZhBan/wusjbCsqwqm4EIBIQ==", + "license": "MIT", + "dependencies": { + "yocto-queue": "^1.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-locate": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-6.0.0.tgz", + "integrity": "sha512-wPrq66Llhl7/4AGC6I+cqxT07LhXvWL08LNXz1fENOw0Ap4sRZZ/gZpTTJ5jpurzzzfS2W/Ge9BY3LgLjCShcw==", + "license": "MIT", + "dependencies": { + "p-limit": "^4.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-map": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/p-map/-/p-map-4.0.0.tgz", + "integrity": "sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ==", + "license": "MIT", + "dependencies": { + "aggregate-error": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-queue": { + "version": "6.6.2", + "resolved": "https://registry.npmjs.org/p-queue/-/p-queue-6.6.2.tgz", + "integrity": "sha512-RwFpb72c/BhQLEXIZ5K2e+AhgNVmIejGlTgiB9MzZ0e93GRvqZ7uSi0dvRF7/XIXDeNkra2fNHBxTyPDGySpjQ==", + "license": "MIT", + "dependencies": { + "eventemitter3": "^4.0.4", + "p-timeout": "^3.2.0" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-retry": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/p-retry/-/p-retry-6.2.1.tgz", + "integrity": "sha512-hEt02O4hUct5wtwg4H4KcWgDdm+l1bOaEy/hWzd8xtXB9BqxTWBBhb+2ImAtH4Cv4rPjV76xN3Zumqk3k3AhhQ==", + "license": "MIT", + "dependencies": { + "@types/retry": "0.12.2", + "is-network-error": "^1.0.0", + "retry": "^0.13.1" + }, + "engines": { + "node": ">=16.17" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-timeout": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-3.2.0.tgz", + "integrity": "sha512-rhIwUycgwwKcP9yTOOFK/AKsAopjjCakVqLHePO3CC6Mir1Z99xT+R63jZxAT5lFZLa2inS5h+ZS2GvR99/FBg==", + "license": "MIT", + "dependencies": { + "p-finally": "^1.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/package-json": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/package-json/-/package-json-8.1.1.tgz", + "integrity": "sha512-cbH9IAIJHNj9uXi196JVsRlt7cHKak6u/e6AkL/bkRelZ7rlL3X1YKxsZwa36xipOEKAsdtmaG6aAJoM1fx2zA==", + "license": "MIT", + "dependencies": { + "got": "^12.1.0", + "registry-auth-token": "^5.0.1", + "registry-url": "^6.0.0", + "semver": "^7.3.7" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/param-case": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", + "integrity": "sha512-RXlj7zCYokReqWpOPH9oYivUzLYZ5vAPIfEmCTNViosC78F8F0H9y7T7gG2M39ymgutxF5gcFEsyZQSph9Bp3A==", + "license": "MIT", + "dependencies": { + "dot-case": "^3.0.4", + "tslib": "^2.0.3" + } + }, + "node_modules/parent-module": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==", + "license": "MIT", + "dependencies": { + "callsites": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/parse-entities": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/parse-entities/-/parse-entities-4.0.2.tgz", + "integrity": "sha512-GG2AQYWoLgL877gQIKeRPGO1xF9+eG1ujIb5soS5gPvLQ1y2o8FL90w2QWNdf9I361Mpp7726c+lj3U0qK1uGw==", + "license": "MIT", + "dependencies": { + "@types/unist": "^2.0.0", + "character-entities-legacy": "^3.0.0", + "character-reference-invalid": "^2.0.0", + "decode-named-character-reference": "^1.0.0", + "is-alphanumerical": "^2.0.0", + "is-decimal": "^2.0.0", + "is-hexadecimal": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/parse-entities/node_modules/@types/unist": { + "version": "2.0.11", + "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.11.tgz", + "integrity": "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==", + "license": "MIT" + }, + "node_modules/parse-json": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==", + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.0.0", + "error-ex": "^1.3.1", + "json-parse-even-better-errors": "^2.3.0", + "lines-and-columns": "^1.1.6" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/parse-numeric-range": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/parse-numeric-range/-/parse-numeric-range-1.3.0.tgz", + "integrity": "sha512-twN+njEipszzlMJd4ONUYgSfZPDxgHhT9Ahed5uTigpQn90FggW4SA/AIPq/6a149fTbE9qBEcSwE3FAEp6wQQ==", + "license": "ISC" + }, + "node_modules/parse5": { + "version": "7.3.0", + "resolved": "https://registry.npmjs.org/parse5/-/parse5-7.3.0.tgz", + "integrity": "sha512-IInvU7fabl34qmi9gY8XOVxhYyMyuH2xUNpb2q8/Y+7552KlejkRvqvD19nMoUW/uQGGbqNpA6Tufu5FL5BZgw==", + "license": "MIT", + "dependencies": { + "entities": "^6.0.0" + }, + "funding": { + "url": "https://github.com/inikulin/parse5?sponsor=1" + } + }, + "node_modules/parse5-htmlparser2-tree-adapter": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-7.1.0.tgz", + "integrity": "sha512-ruw5xyKs6lrpo9x9rCZqZZnIUntICjQAd0Wsmp396Ul9lN/h+ifgVV1x1gZHi8euej6wTfpqX8j+BFQxF0NS/g==", + "license": "MIT", + "dependencies": { + "domhandler": "^5.0.3", + "parse5": "^7.0.0" + }, + "funding": { + "url": "https://github.com/inikulin/parse5?sponsor=1" + } + }, + "node_modules/parse5/node_modules/entities": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/entities/-/entities-6.0.1.tgz", + "integrity": "sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=0.12" + }, + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" + } + }, + "node_modules/parseurl": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/pascal-case": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", + "integrity": "sha512-uWlGT3YSnK9x3BQJaOdcZwrnV6hPpd8jFH1/ucpiLRPh/2zCVJKS19E4GvYHvaCcACn3foXZ0cLB9Wrx1KGe5g==", + "license": "MIT", + "dependencies": { + "no-case": "^3.0.4", + "tslib": "^2.0.3" + } + }, + "node_modules/path-exists": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-5.0.0.tgz", + "integrity": "sha512-RjhtfwJOxzcFmNOi6ltcbcu4Iu+FL3zEj83dk4kAS+fVpTxXLO1b38RvJgT/0QwvV/L3aY9TAnyv0EOqW4GoMQ==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + } + }, + "node_modules/path-is-inside": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/path-is-inside/-/path-is-inside-1.0.2.tgz", + "integrity": "sha512-DUWJr3+ULp4zXmol/SZkFf3JGsS9/SIv+Y3Rt93/UjPpDpklB5f1er4O3POIbUuUJ3FXgqte2Q7SrU6zAqwk8w==", + "license": "(WTFPL OR MIT)" + }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-parse": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", + "license": "MIT" + }, + "node_modules/path-to-regexp": { + "version": "1.9.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.9.0.tgz", + "integrity": "sha512-xIp7/apCFJuUHdDLWe8O1HIkb0kQrOMb/0u6FXQjemHn/ii5LrIzU6bdECnsiTF/GjZkMEKg1xdiZwNqDYlZ6g==", + "license": "MIT", + "dependencies": { + "isarray": "0.0.1" + } + }, + "node_modules/path-type": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/picocolors": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", + "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", + "license": "ISC" + }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "license": "MIT", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/pkg-dir": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-7.0.0.tgz", + "integrity": "sha512-Ie9z/WINcxxLp27BKOCHGde4ITq9UklYKDzVo1nhk5sqGEXU3FpkwP5GM2voTGJkGd9B3Otl+Q4uwSOeSUtOBA==", + "license": "MIT", + "dependencies": { + "find-up": "^6.3.0" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/postcss": { + "version": "8.5.6", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz", + "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "nanoid": "^3.3.11", + "picocolors": "^1.1.1", + "source-map-js": "^1.2.1" + }, + "engines": { + "node": "^10 || ^12 || >=14" + } + }, + "node_modules/postcss-attribute-case-insensitive": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/postcss-attribute-case-insensitive/-/postcss-attribute-case-insensitive-7.0.1.tgz", + "integrity": "sha512-Uai+SupNSqzlschRyNx3kbCTWgY/2hcwtHEI/ej2LJWc9JJ77qKgGptd8DHwY1mXtZ7Aoh4z4yxfwMBue9eNgw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-attribute-case-insensitive/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-calc": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/postcss-calc/-/postcss-calc-9.0.1.tgz", + "integrity": "sha512-TipgjGyzP5QzEhsOZUaIkeO5mKeMFpebWzRogWG/ysonUlnHcq5aJe0jOjpfzUU8PeSaBQnrE8ehR0QA5vs8PQ==", + "license": "MIT", + "dependencies": { + "postcss-selector-parser": "^6.0.11", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.2.2" + } + }, + "node_modules/postcss-clamp": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/postcss-clamp/-/postcss-clamp-4.1.0.tgz", + "integrity": "sha512-ry4b1Llo/9zz+PKC+030KUnPITTJAHeOwjfAyyB60eT0AorGLdzp52s31OsPRHRf8NchkgFoG2y6fCfn1IV1Ow==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=7.6.0" + }, + "peerDependencies": { + "postcss": "^8.4.6" + } + }, + "node_modules/postcss-color-functional-notation": { + "version": "7.0.12", + "resolved": "https://registry.npmjs.org/postcss-color-functional-notation/-/postcss-color-functional-notation-7.0.12.tgz", + "integrity": "sha512-TLCW9fN5kvO/u38/uesdpbx3e8AkTYhMvDZYa9JpmImWuTE99bDQ7GU7hdOADIZsiI9/zuxfAJxny/khknp1Zw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.1.0", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-color-hex-alpha": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/postcss-color-hex-alpha/-/postcss-color-hex-alpha-10.0.0.tgz", + "integrity": "sha512-1kervM2cnlgPs2a8Vt/Qbe5cQ++N7rkYo/2rz2BkqJZIHQwaVuJgQH38REHrAi4uM0b1fqxMkWYmese94iMp3w==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-color-rebeccapurple": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/postcss-color-rebeccapurple/-/postcss-color-rebeccapurple-10.0.0.tgz", + "integrity": "sha512-JFta737jSP+hdAIEhk1Vs0q0YF5P8fFcj+09pweS8ktuGuZ8pPlykHsk6mPxZ8awDl4TrcxUqJo9l1IhVr/OjQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-colormin": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/postcss-colormin/-/postcss-colormin-6.1.0.tgz", + "integrity": "sha512-x9yX7DOxeMAR+BgGVnNSAxmAj98NX/YxEMNFP+SDCEeNLb2r3i6Hh1ksMsnW8Ub5SLCpbescQqn9YEbE9554Sw==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "caniuse-api": "^3.0.0", + "colord": "^2.9.3", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-convert-values": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/postcss-convert-values/-/postcss-convert-values-6.1.0.tgz", + "integrity": "sha512-zx8IwP/ts9WvUM6NkVSkiU902QZL1bwPhaVaLynPtCsOTqp+ZKbNi+s6XJg3rfqpKGA/oc7Oxk5t8pOQJcwl/w==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-custom-media": { + "version": "11.0.6", + "resolved": "https://registry.npmjs.org/postcss-custom-media/-/postcss-custom-media-11.0.6.tgz", + "integrity": "sha512-C4lD4b7mUIw+RZhtY7qUbf4eADmb7Ey8BFA2px9jUbwg7pjTZDl4KY4bvlUV+/vXQvzQRfiGEVJyAbtOsCMInw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "@csstools/cascade-layer-name-parser": "^2.0.5", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/media-query-list-parser": "^4.0.3" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-custom-properties": { + "version": "14.0.6", + "resolved": "https://registry.npmjs.org/postcss-custom-properties/-/postcss-custom-properties-14.0.6.tgz", + "integrity": "sha512-fTYSp3xuk4BUeVhxCSJdIPhDLpJfNakZKoiTDx7yRGCdlZrSJR7mWKVOBS4sBF+5poPQFMj2YdXx1VHItBGihQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "@csstools/cascade-layer-name-parser": "^2.0.5", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-custom-selectors": { + "version": "8.0.5", + "resolved": "https://registry.npmjs.org/postcss-custom-selectors/-/postcss-custom-selectors-8.0.5.tgz", + "integrity": "sha512-9PGmckHQswiB2usSO6XMSswO2yFWVoCAuih1yl9FVcwkscLjRKjwsjM3t+NIWpSU2Jx3eOiK2+t4vVTQaoCHHg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "@csstools/cascade-layer-name-parser": "^2.0.5", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-custom-selectors/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-dir-pseudo-class": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/postcss-dir-pseudo-class/-/postcss-dir-pseudo-class-9.0.1.tgz", + "integrity": "sha512-tRBEK0MHYvcMUrAuYMEOa0zg9APqirBcgzi6P21OhxtJyJADo/SWBwY1CAwEohQ/6HDaa9jCjLRG7K3PVQYHEA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-dir-pseudo-class/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-discard-comments": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-discard-comments/-/postcss-discard-comments-6.0.2.tgz", + "integrity": "sha512-65w/uIqhSBBfQmYnG92FO1mWZjJ4GL5b8atm5Yw2UgrwD7HiNiSSNwJor1eCFGzUgYnN/iIknhNRVqjrrpuglw==", + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-discard-duplicates": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/postcss-discard-duplicates/-/postcss-discard-duplicates-6.0.3.tgz", + "integrity": "sha512-+JA0DCvc5XvFAxwx6f/e68gQu/7Z9ud584VLmcgto28eB8FqSFZwtrLwB5Kcp70eIoWP/HXqz4wpo8rD8gpsTw==", + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-discard-empty": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/postcss-discard-empty/-/postcss-discard-empty-6.0.3.tgz", + "integrity": "sha512-znyno9cHKQsK6PtxL5D19Fj9uwSzC2mB74cpT66fhgOadEUPyXFkbgwm5tvc3bt3NAy8ltE5MrghxovZRVnOjQ==", + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-discard-overridden": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-discard-overridden/-/postcss-discard-overridden-6.0.2.tgz", + "integrity": "sha512-j87xzI4LUggC5zND7KdjsI25APtyMuynXZSujByMaav2roV6OZX+8AaCUcZSWqckZpjAjRyFDdpqybgjFO0HJQ==", + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-discard-unused": { + "version": "6.0.5", + "resolved": "https://registry.npmjs.org/postcss-discard-unused/-/postcss-discard-unused-6.0.5.tgz", + "integrity": "sha512-wHalBlRHkaNnNwfC8z+ppX57VhvS+HWgjW508esjdaEYr3Mx7Gnn2xA4R/CKf5+Z9S5qsqC+Uzh4ueENWwCVUA==", + "license": "MIT", + "dependencies": { + "postcss-selector-parser": "^6.0.16" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-double-position-gradients": { + "version": "6.0.4", + "resolved": "https://registry.npmjs.org/postcss-double-position-gradients/-/postcss-double-position-gradients-6.0.4.tgz", + "integrity": "sha512-m6IKmxo7FxSP5nF2l63QbCC3r+bWpFUWmZXZf096WxG0m7Vl1Q1+ruFOhpdDRmKrRS+S3Jtk+TVk/7z0+BVK6g==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-focus-visible": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/postcss-focus-visible/-/postcss-focus-visible-10.0.1.tgz", + "integrity": "sha512-U58wyjS/I1GZgjRok33aE8juW9qQgQUNwTSdxQGuShHzwuYdcklnvK/+qOWX1Q9kr7ysbraQ6ht6r+udansalA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-focus-visible/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-focus-within": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/postcss-focus-within/-/postcss-focus-within-9.0.1.tgz", + "integrity": "sha512-fzNUyS1yOYa7mOjpci/bR+u+ESvdar6hk8XNK/TRR0fiGTp2QT5N+ducP0n3rfH/m9I7H/EQU6lsa2BrgxkEjw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-focus-within/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-font-variant": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/postcss-font-variant/-/postcss-font-variant-5.0.0.tgz", + "integrity": "sha512-1fmkBaCALD72CK2a9i468mA/+tr9/1cBxRRMXOUaZqO43oWPR5imcyPjXwuv7PXbCid4ndlP5zWhidQVVa3hmA==", + "license": "MIT", + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/postcss-gap-properties": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/postcss-gap-properties/-/postcss-gap-properties-6.0.0.tgz", + "integrity": "sha512-Om0WPjEwiM9Ru+VhfEDPZJAKWUd0mV1HmNXqp2C29z80aQ2uP9UVhLc7e3aYMIor/S5cVhoPgYQ7RtfeZpYTRw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-image-set-function": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-image-set-function/-/postcss-image-set-function-7.0.0.tgz", + "integrity": "sha512-QL7W7QNlZuzOwBTeXEmbVckNt1FSmhQtbMRvGGqqU4Nf4xk6KUEQhAoWuMzwbSv5jxiRiSZ5Tv7eiDB9U87znA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-lab-function": { + "version": "7.0.12", + "resolved": "https://registry.npmjs.org/postcss-lab-function/-/postcss-lab-function-7.0.12.tgz", + "integrity": "sha512-tUcyRk1ZTPec3OuKFsqtRzW2Go5lehW29XA21lZ65XmzQkz43VY2tyWEC202F7W3mILOjw0voOiuxRGTsN+J9w==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.1.0", + "@csstools/css-parser-algorithms": "^3.0.5", + "@csstools/css-tokenizer": "^3.0.4", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-loader": { + "version": "7.3.4", + "resolved": "https://registry.npmjs.org/postcss-loader/-/postcss-loader-7.3.4.tgz", + "integrity": "sha512-iW5WTTBSC5BfsBJ9daFMPVrLT36MrNiC6fqOZTTaHjBNX6Pfd5p+hSBqe/fEeNd7pc13QiAyGt7VdGMw4eRC4A==", + "license": "MIT", + "dependencies": { + "cosmiconfig": "^8.3.5", + "jiti": "^1.20.0", + "semver": "^7.5.4" + }, + "engines": { + "node": ">= 14.15.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "postcss": "^7.0.0 || ^8.0.1", + "webpack": "^5.0.0" + } + }, + "node_modules/postcss-logical": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/postcss-logical/-/postcss-logical-8.1.0.tgz", + "integrity": "sha512-pL1hXFQ2fEXNKiNiAgtfA005T9FBxky5zkX6s4GZM2D8RkVgRqz3f4g1JUoq925zXv495qk8UNldDwh8uGEDoA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-merge-idents": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/postcss-merge-idents/-/postcss-merge-idents-6.0.3.tgz", + "integrity": "sha512-1oIoAsODUs6IHQZkLQGO15uGEbK3EAl5wi9SS8hs45VgsxQfMnxvt+L+zIr7ifZFIH14cfAeVe2uCTa+SPRa3g==", + "license": "MIT", + "dependencies": { + "cssnano-utils": "^4.0.2", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-merge-longhand": { + "version": "6.0.5", + "resolved": "https://registry.npmjs.org/postcss-merge-longhand/-/postcss-merge-longhand-6.0.5.tgz", + "integrity": "sha512-5LOiordeTfi64QhICp07nzzuTDjNSO8g5Ksdibt44d+uvIIAE1oZdRn8y/W5ZtYgRH/lnLDlvi9F8btZcVzu3w==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0", + "stylehacks": "^6.1.1" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-merge-rules": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/postcss-merge-rules/-/postcss-merge-rules-6.1.1.tgz", + "integrity": "sha512-KOdWF0gju31AQPZiD+2Ar9Qjowz1LTChSjFFbS+e2sFgc4uHOp3ZvVX4sNeTlk0w2O31ecFGgrFzhO0RSWbWwQ==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "caniuse-api": "^3.0.0", + "cssnano-utils": "^4.0.2", + "postcss-selector-parser": "^6.0.16" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-minify-font-values": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/postcss-minify-font-values/-/postcss-minify-font-values-6.1.0.tgz", + "integrity": "sha512-gklfI/n+9rTh8nYaSJXlCo3nOKqMNkxuGpTn/Qm0gstL3ywTr9/WRKznE+oy6fvfolH6dF+QM4nCo8yPLdvGJg==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-minify-gradients": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/postcss-minify-gradients/-/postcss-minify-gradients-6.0.3.tgz", + "integrity": "sha512-4KXAHrYlzF0Rr7uc4VrfwDJ2ajrtNEpNEuLxFgwkhFZ56/7gaE4Nr49nLsQDZyUe+ds+kEhf+YAUolJiYXF8+Q==", + "license": "MIT", + "dependencies": { + "colord": "^2.9.3", + "cssnano-utils": "^4.0.2", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-minify-params": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/postcss-minify-params/-/postcss-minify-params-6.1.0.tgz", + "integrity": "sha512-bmSKnDtyyE8ujHQK0RQJDIKhQ20Jq1LYiez54WiaOoBtcSuflfK3Nm596LvbtlFcpipMjgClQGyGr7GAs+H1uA==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "cssnano-utils": "^4.0.2", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-minify-selectors": { + "version": "6.0.4", + "resolved": "https://registry.npmjs.org/postcss-minify-selectors/-/postcss-minify-selectors-6.0.4.tgz", + "integrity": "sha512-L8dZSwNLgK7pjTto9PzWRoMbnLq5vsZSTu8+j1P/2GB8qdtGQfn+K1uSvFgYvgh83cbyxT5m43ZZhUMTJDSClQ==", + "license": "MIT", + "dependencies": { + "postcss-selector-parser": "^6.0.16" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-modules-extract-imports": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/postcss-modules-extract-imports/-/postcss-modules-extract-imports-3.1.0.tgz", + "integrity": "sha512-k3kNe0aNFQDAZGbin48pL2VNidTF0w4/eASDsxlyspobzU3wZQLOGj7L9gfRe0Jo9/4uud09DsjFNH7winGv8Q==", + "license": "ISC", + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/postcss-modules-local-by-default": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/postcss-modules-local-by-default/-/postcss-modules-local-by-default-4.2.0.tgz", + "integrity": "sha512-5kcJm/zk+GJDSfw+V/42fJ5fhjL5YbFDl8nVdXkJPLLW+Vf9mTD5Xe0wqIaDnLuL2U6cDNpTr+UQ+v2HWIBhzw==", + "license": "MIT", + "dependencies": { + "icss-utils": "^5.0.0", + "postcss-selector-parser": "^7.0.0", + "postcss-value-parser": "^4.1.0" + }, + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/postcss-modules-local-by-default/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-modules-scope": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/postcss-modules-scope/-/postcss-modules-scope-3.2.1.tgz", + "integrity": "sha512-m9jZstCVaqGjTAuny8MdgE88scJnCiQSlSrOWcTQgM2t32UBe+MUmFSO5t7VMSfAf/FJKImAxBav8ooCHJXCJA==", + "license": "ISC", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/postcss-modules-scope/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-modules-values": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/postcss-modules-values/-/postcss-modules-values-4.0.0.tgz", + "integrity": "sha512-RDxHkAiEGI78gS2ofyvCsu7iycRv7oqw5xMWn9iMoR0N/7mf9D50ecQqUo5BZ9Zh2vH4bCUR/ktCqbB9m8vJjQ==", + "license": "ISC", + "dependencies": { + "icss-utils": "^5.0.0" + }, + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/postcss-nesting": { + "version": "13.0.2", + "resolved": "https://registry.npmjs.org/postcss-nesting/-/postcss-nesting-13.0.2.tgz", + "integrity": "sha512-1YCI290TX+VP0U/K/aFxzHzQWHWURL+CtHMSbex1lCdpXD1SoR2sYuxDu5aNI9lPoXpKTCggFZiDJbwylU0LEQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/selector-resolve-nested": "^3.1.0", + "@csstools/selector-specificity": "^5.0.0", + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-nesting/node_modules/@csstools/selector-resolve-nested": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@csstools/selector-resolve-nested/-/selector-resolve-nested-3.1.0.tgz", + "integrity": "sha512-mf1LEW0tJLKfWyvn5KdDrhpxHyuxpbNwTIwOYLIvsTffeyOf85j5oIzfG0yosxDgx/sswlqBnESYUcQH0vgZ0g==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss-selector-parser": "^7.0.0" + } + }, + "node_modules/postcss-nesting/node_modules/@csstools/selector-specificity": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-5.0.0.tgz", + "integrity": "sha512-PCqQV3c4CoVm3kdPhyeZ07VmBRdH2EpMFA/pd9OASpOEC3aXNGoqPDAZ80D0cLpMBxnmk0+yNhGsEx31hq7Gtw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss-selector-parser": "^7.0.0" + } + }, + "node_modules/postcss-nesting/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-normalize-charset": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-charset/-/postcss-normalize-charset-6.0.2.tgz", + "integrity": "sha512-a8N9czmdnrjPHa3DeFlwqst5eaL5W8jYu3EBbTTkI5FHkfMhFZh1EGbku6jhHhIzTA6tquI2P42NtZ59M/H/kQ==", + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-display-values": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-display-values/-/postcss-normalize-display-values-6.0.2.tgz", + "integrity": "sha512-8H04Mxsb82ON/aAkPeq8kcBbAtI5Q2a64X/mnRRfPXBq7XeogoQvReqxEfc0B4WPq1KimjezNC8flUtC3Qz6jg==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-positions": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-positions/-/postcss-normalize-positions-6.0.2.tgz", + "integrity": "sha512-/JFzI441OAB9O7VnLA+RtSNZvQ0NCFZDOtp6QPFo1iIyawyXg0YI3CYM9HBy1WvwCRHnPep/BvI1+dGPKoXx/Q==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-repeat-style": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-repeat-style/-/postcss-normalize-repeat-style-6.0.2.tgz", + "integrity": "sha512-YdCgsfHkJ2jEXwR4RR3Tm/iOxSfdRt7jplS6XRh9Js9PyCR/aka/FCb6TuHT2U8gQubbm/mPmF6L7FY9d79VwQ==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-string": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-string/-/postcss-normalize-string-6.0.2.tgz", + "integrity": "sha512-vQZIivlxlfqqMp4L9PZsFE4YUkWniziKjQWUtsxUiVsSSPelQydwS8Wwcuw0+83ZjPWNTl02oxlIvXsmmG+CiQ==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-timing-functions": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-timing-functions/-/postcss-normalize-timing-functions-6.0.2.tgz", + "integrity": "sha512-a+YrtMox4TBtId/AEwbA03VcJgtyW4dGBizPl7e88cTFULYsprgHWTbfyjSLyHeBcK/Q9JhXkt2ZXiwaVHoMzA==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-unicode": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/postcss-normalize-unicode/-/postcss-normalize-unicode-6.1.0.tgz", + "integrity": "sha512-QVC5TQHsVj33otj8/JD869Ndr5Xcc/+fwRh4HAsFsAeygQQXm+0PySrKbr/8tkDKzW+EVT3QkqZMfFrGiossDg==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-url": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-url/-/postcss-normalize-url-6.0.2.tgz", + "integrity": "sha512-kVNcWhCeKAzZ8B4pv/DnrU1wNh458zBNp8dh4y5hhxih5RZQ12QWMuQrDgPRw3LRl8mN9vOVfHl7uhvHYMoXsQ==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-whitespace": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-whitespace/-/postcss-normalize-whitespace-6.0.2.tgz", + "integrity": "sha512-sXZ2Nj1icbJOKmdjXVT9pnyHQKiSAyuNQHSgRCUgThn2388Y9cGVDR+E9J9iAYbSbLHI+UUwLVl1Wzco/zgv0Q==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-opacity-percentage": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/postcss-opacity-percentage/-/postcss-opacity-percentage-3.0.0.tgz", + "integrity": "sha512-K6HGVzyxUxd/VgZdX04DCtdwWJ4NGLG212US4/LA1TLAbHgmAsTWVR86o+gGIbFtnTkfOpb9sCRBx8K7HO66qQ==", + "funding": [ + { + "type": "kofi", + "url": "https://ko-fi.com/mrcgrtz" + }, + { + "type": "liberapay", + "url": "https://liberapay.com/mrcgrtz" + } + ], + "license": "MIT", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-ordered-values": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-ordered-values/-/postcss-ordered-values-6.0.2.tgz", + "integrity": "sha512-VRZSOB+JU32RsEAQrO94QPkClGPKJEL/Z9PCBImXMhIeK5KAYo6slP/hBYlLgrCjFxyqvn5VC81tycFEDBLG1Q==", + "license": "MIT", + "dependencies": { + "cssnano-utils": "^4.0.2", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-overflow-shorthand": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/postcss-overflow-shorthand/-/postcss-overflow-shorthand-6.0.0.tgz", + "integrity": "sha512-BdDl/AbVkDjoTofzDQnwDdm/Ym6oS9KgmO7Gr+LHYjNWJ6ExORe4+3pcLQsLA9gIROMkiGVjjwZNoL/mpXHd5Q==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-page-break": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/postcss-page-break/-/postcss-page-break-3.0.4.tgz", + "integrity": "sha512-1JGu8oCjVXLa9q9rFTo4MbeeA5FMe00/9C7lN4va606Rdb+HkxXtXsmEDrIraQ11fGz/WvKWa8gMuCKkrXpTsQ==", + "license": "MIT", + "peerDependencies": { + "postcss": "^8" + } + }, + "node_modules/postcss-place": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/postcss-place/-/postcss-place-10.0.0.tgz", + "integrity": "sha512-5EBrMzat2pPAxQNWYavwAfoKfYcTADJ8AXGVPcUZ2UkNloUTWzJQExgrzrDkh3EKzmAx1evfTAzF9I8NGcc+qw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-preset-env": { + "version": "10.4.0", + "resolved": "https://registry.npmjs.org/postcss-preset-env/-/postcss-preset-env-10.4.0.tgz", + "integrity": "sha512-2kqpOthQ6JhxqQq1FSAAZGe9COQv75Aw8WbsOvQVNJ2nSevc9Yx/IKZGuZ7XJ+iOTtVon7LfO7ELRzg8AZ+sdw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/postcss-alpha-function": "^1.0.1", + "@csstools/postcss-cascade-layers": "^5.0.2", + "@csstools/postcss-color-function": "^4.0.12", + "@csstools/postcss-color-function-display-p3-linear": "^1.0.1", + "@csstools/postcss-color-mix-function": "^3.0.12", + "@csstools/postcss-color-mix-variadic-function-arguments": "^1.0.2", + "@csstools/postcss-content-alt-text": "^2.0.8", + "@csstools/postcss-contrast-color-function": "^2.0.12", + "@csstools/postcss-exponential-functions": "^2.0.9", + "@csstools/postcss-font-format-keywords": "^4.0.0", + "@csstools/postcss-gamut-mapping": "^2.0.11", + "@csstools/postcss-gradients-interpolation-method": "^5.0.12", + "@csstools/postcss-hwb-function": "^4.0.12", + "@csstools/postcss-ic-unit": "^4.0.4", + "@csstools/postcss-initial": "^2.0.1", + "@csstools/postcss-is-pseudo-class": "^5.0.3", + "@csstools/postcss-light-dark-function": "^2.0.11", + "@csstools/postcss-logical-float-and-clear": "^3.0.0", + "@csstools/postcss-logical-overflow": "^2.0.0", + "@csstools/postcss-logical-overscroll-behavior": "^2.0.0", + "@csstools/postcss-logical-resize": "^3.0.0", + "@csstools/postcss-logical-viewport-units": "^3.0.4", + "@csstools/postcss-media-minmax": "^2.0.9", + "@csstools/postcss-media-queries-aspect-ratio-number-values": "^3.0.5", + "@csstools/postcss-nested-calc": "^4.0.0", + "@csstools/postcss-normalize-display-values": "^4.0.0", + "@csstools/postcss-oklab-function": "^4.0.12", + "@csstools/postcss-progressive-custom-properties": "^4.2.1", + "@csstools/postcss-random-function": "^2.0.1", + "@csstools/postcss-relative-color-syntax": "^3.0.12", + "@csstools/postcss-scope-pseudo-class": "^4.0.1", + "@csstools/postcss-sign-functions": "^1.1.4", + "@csstools/postcss-stepped-value-functions": "^4.0.9", + "@csstools/postcss-text-decoration-shorthand": "^4.0.3", + "@csstools/postcss-trigonometric-functions": "^4.0.9", + "@csstools/postcss-unset-value": "^4.0.0", + "autoprefixer": "^10.4.21", + "browserslist": "^4.26.0", + "css-blank-pseudo": "^7.0.1", + "css-has-pseudo": "^7.0.3", + "css-prefers-color-scheme": "^10.0.0", + "cssdb": "^8.4.2", + "postcss-attribute-case-insensitive": "^7.0.1", + "postcss-clamp": "^4.1.0", + "postcss-color-functional-notation": "^7.0.12", + "postcss-color-hex-alpha": "^10.0.0", + "postcss-color-rebeccapurple": "^10.0.0", + "postcss-custom-media": "^11.0.6", + "postcss-custom-properties": "^14.0.6", + "postcss-custom-selectors": "^8.0.5", + "postcss-dir-pseudo-class": "^9.0.1", + "postcss-double-position-gradients": "^6.0.4", + "postcss-focus-visible": "^10.0.1", + "postcss-focus-within": "^9.0.1", + "postcss-font-variant": "^5.0.0", + "postcss-gap-properties": "^6.0.0", + "postcss-image-set-function": "^7.0.0", + "postcss-lab-function": "^7.0.12", + "postcss-logical": "^8.1.0", + "postcss-nesting": "^13.0.2", + "postcss-opacity-percentage": "^3.0.0", + "postcss-overflow-shorthand": "^6.0.0", + "postcss-page-break": "^3.0.4", + "postcss-place": "^10.0.0", + "postcss-pseudo-class-any-link": "^10.0.1", + "postcss-replace-overflow-wrap": "^4.0.0", + "postcss-selector-not": "^8.0.1" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-pseudo-class-any-link": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/postcss-pseudo-class-any-link/-/postcss-pseudo-class-any-link-10.0.1.tgz", + "integrity": "sha512-3el9rXlBOqTFaMFkWDOkHUTQekFIYnaQY55Rsp8As8QQkpiSgIYEcF/6Ond93oHiDsGb4kad8zjt+NPlOC1H0Q==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-pseudo-class-any-link/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-reduce-idents": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/postcss-reduce-idents/-/postcss-reduce-idents-6.0.3.tgz", + "integrity": "sha512-G3yCqZDpsNPoQgbDUy3T0E6hqOQ5xigUtBQyrmq3tn2GxlyiL0yyl7H+T8ulQR6kOcHJ9t7/9H4/R2tv8tJbMA==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-reduce-initial": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/postcss-reduce-initial/-/postcss-reduce-initial-6.1.0.tgz", + "integrity": "sha512-RarLgBK/CrL1qZags04oKbVbrrVK2wcxhvta3GCxrZO4zveibqbRPmm2VI8sSgCXwoUHEliRSbOfpR0b/VIoiw==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "caniuse-api": "^3.0.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-reduce-transforms": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-reduce-transforms/-/postcss-reduce-transforms-6.0.2.tgz", + "integrity": "sha512-sB+Ya++3Xj1WaT9+5LOOdirAxP7dJZms3GRcYheSPi1PiTMigsxHAdkrbItHxwYHr4kt1zL7mmcHstgMYT+aiA==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-replace-overflow-wrap": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/postcss-replace-overflow-wrap/-/postcss-replace-overflow-wrap-4.0.0.tgz", + "integrity": "sha512-KmF7SBPphT4gPPcKZc7aDkweHiKEEO8cla/GjcBK+ckKxiZslIu3C4GCRW3DNfL0o7yW7kMQu9xlZ1kXRXLXtw==", + "license": "MIT", + "peerDependencies": { + "postcss": "^8.0.3" + } + }, + "node_modules/postcss-selector-not": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/postcss-selector-not/-/postcss-selector-not-8.0.1.tgz", + "integrity": "sha512-kmVy/5PYVb2UOhy0+LqUYAhKj7DUGDpSWa5LZqlkWJaaAV+dxxsOG3+St0yNLu6vsKD7Dmqx+nWQt0iil89+WA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-selector-not/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-selector-parser": { + "version": "6.1.2", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz", + "integrity": "sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-sort-media-queries": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/postcss-sort-media-queries/-/postcss-sort-media-queries-5.2.0.tgz", + "integrity": "sha512-AZ5fDMLD8SldlAYlvi8NIqo0+Z8xnXU2ia0jxmuhxAU+Lqt9K+AlmLNJ/zWEnE9x+Zx3qL3+1K20ATgNOr3fAA==", + "license": "MIT", + "dependencies": { + "sort-css-media-queries": "2.2.0" + }, + "engines": { + "node": ">=14.0.0" + }, + "peerDependencies": { + "postcss": "^8.4.23" + } + }, + "node_modules/postcss-svgo": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/postcss-svgo/-/postcss-svgo-6.0.3.tgz", + "integrity": "sha512-dlrahRmxP22bX6iKEjOM+c8/1p+81asjKT+V5lrgOH944ryx/OHpclnIbGsKVd3uWOXFLYJwCVf0eEkJGvO96g==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0", + "svgo": "^3.2.0" + }, + "engines": { + "node": "^14 || ^16 || >= 18" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-unique-selectors": { + "version": "6.0.4", + "resolved": "https://registry.npmjs.org/postcss-unique-selectors/-/postcss-unique-selectors-6.0.4.tgz", + "integrity": "sha512-K38OCaIrO8+PzpArzkLKB42dSARtC2tmG6PvD4b1o1Q2E9Os8jzfWFfSy/rixsHwohtsDdFtAWGjFVFUdwYaMg==", + "license": "MIT", + "dependencies": { + "postcss-selector-parser": "^6.0.16" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-value-parser": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==", + "license": "MIT" + }, + "node_modules/postcss-zindex": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-zindex/-/postcss-zindex-6.0.2.tgz", + "integrity": "sha512-5BxW9l1evPB/4ZIc+2GobEBoKC+h8gPGCMi+jxsYvd2x0mjq7wazk6DrP71pStqxE9Foxh5TVnonbWpFZzXaYg==", + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/prettier": { + "version": "3.8.1", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz", + "integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==", + "dev": true, + "license": "MIT", + "bin": { + "prettier": "bin/prettier.cjs" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/prettier/prettier?sponsor=1" + } + }, + "node_modules/pretty-error": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/pretty-error/-/pretty-error-4.0.0.tgz", + "integrity": "sha512-AoJ5YMAcXKYxKhuJGdcvse+Voc6v1RgnsR3nWcYU7q4t6z0Q6T86sv5Zq8VIRbOWWFpvdGE83LtdSMNd+6Y0xw==", + "license": "MIT", + "dependencies": { + "lodash": "^4.17.20", + "renderkid": "^3.0.0" + } + }, + "node_modules/pretty-time": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/pretty-time/-/pretty-time-1.1.0.tgz", + "integrity": "sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/prism-react-renderer": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/prism-react-renderer/-/prism-react-renderer-2.4.1.tgz", + "integrity": "sha512-ey8Ls/+Di31eqzUxC46h8MksNuGx/n0AAC8uKpwFau4RPDYLuE3EXTp8N8G2vX2N7UC/+IXeNUnlWBGGcAG+Ig==", + "license": "MIT", + "dependencies": { + "@types/prismjs": "^1.26.0", + "clsx": "^2.0.0" + }, + "peerDependencies": { + "react": ">=16.0.0" + } + }, + "node_modules/prismjs": { + "version": "1.30.0", + "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.30.0.tgz", + "integrity": "sha512-DEvV2ZF2r2/63V+tK8hQvrR2ZGn10srHbXviTlcv7Kpzw8jWiNTqbVgjO3IY8RxrrOUF8VPMQQFysYYYv0YZxw==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/process-nextick-args": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", + "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==", + "license": "MIT" + }, + "node_modules/prompts": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "integrity": "sha512-NxNv/kLguCA7p3jE8oL2aEBsrJWgAakBpgmgK6lpPWV+WuOmY6r2/zbAVnP+T8bQlA0nzHXSJSJW0Hq7ylaD2Q==", + "license": "MIT", + "dependencies": { + "kleur": "^3.0.3", + "sisteransi": "^1.0.5" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/prop-types": { + "version": "15.8.1", + "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz", + "integrity": "sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.4.0", + "object-assign": "^4.1.1", + "react-is": "^16.13.1" + } + }, + "node_modules/property-information": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/property-information/-/property-information-7.1.0.tgz", + "integrity": "sha512-TwEZ+X+yCJmYfL7TPUOcvBZ4QfoT5YenQiJuX//0th53DE6w0xxLEtfK3iyryQFddXuvkIk51EEgrJQ0WJkOmQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/proto-list": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "integrity": "sha512-vtK/94akxsTMhe0/cbfpR+syPuszcuwhqVjJq26CuNDgFGj682oRBXOP5MJpv2r7JtE8MsiepGIqvvOTBwn2vA==", + "license": "ISC" + }, + "node_modules/proxy-addr": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", + "license": "MIT", + "dependencies": { + "forwarded": "0.2.0", + "ipaddr.js": "1.9.1" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/proxy-addr/node_modules/ipaddr.js": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/punycode": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/pupa": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/pupa/-/pupa-3.3.0.tgz", + "integrity": "sha512-LjgDO2zPtoXP2wJpDjZrGdojii1uqO0cnwKoIoUzkfS98HDmbeiGmYiXo3lXeFlq2xvne1QFQhwYXSUCLKtEuA==", + "license": "MIT", + "dependencies": { + "escape-goat": "^4.0.0" + }, + "engines": { + "node": ">=12.20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/qs": { + "version": "6.13.0", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz", + "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==", + "license": "BSD-3-Clause", + "dependencies": { + "side-channel": "^1.0.6" + }, + "engines": { + "node": ">=0.6" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/queue-microtask": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/quick-lru": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/randombytes": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", + "license": "MIT", + "dependencies": { + "safe-buffer": "^5.1.0" + } + }, + "node_modules/range-parser": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz", + "integrity": "sha512-kA5WQoNVo4t9lNx2kQNFCxKeBl5IbbSNBl1M/tLkw9WCn+hxNBAW5Qh8gdhs63CJnhjJ2zQWFoqPJP2sK1AV5A==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/raw-body": { + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==", + "license": "MIT", + "dependencies": { + "bytes": "3.1.2", + "http-errors": "2.0.0", + "iconv-lite": "0.4.24", + "unpipe": "1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/raw-body/node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/rc": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz", + "integrity": "sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw==", + "license": "(BSD-2-Clause OR MIT OR Apache-2.0)", + "dependencies": { + "deep-extend": "^0.6.0", + "ini": "~1.3.0", + "minimist": "^1.2.0", + "strip-json-comments": "~2.0.1" + }, + "bin": { + "rc": "cli.js" + } + }, + "node_modules/rc/node_modules/ini": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==", + "license": "ISC" + }, + "node_modules/rc/node_modules/strip-json-comments": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz", + "integrity": "sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/react": { + "version": "19.2.0", + "resolved": "https://registry.npmjs.org/react/-/react-19.2.0.tgz", + "integrity": "sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/react-dom": { + "version": "19.2.0", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.0.tgz", + "integrity": "sha512-UlbRu4cAiGaIewkPyiRGJk0imDN2T3JjieT6spoL2UeSf5od4n5LB/mQ4ejmxhCFT1tYe8IvaFulzynWovsEFQ==", + "license": "MIT", + "dependencies": { + "scheduler": "^0.27.0" + }, + "peerDependencies": { + "react": "^19.2.0" + } + }, + "node_modules/react-fast-compare": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/react-fast-compare/-/react-fast-compare-3.2.2.tgz", + "integrity": "sha512-nsO+KSNgo1SbJqJEYRE9ERzo7YtYbou/OqjSQKxV7jcKox7+usiUVZOAC+XnDOABXggQTno0Y1CpVnuWEc1boQ==", + "license": "MIT" + }, + "node_modules/react-helmet-async": { + "name": "@slorber/react-helmet-async", + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/@slorber/react-helmet-async/-/react-helmet-async-1.3.0.tgz", + "integrity": "sha512-e9/OK8VhwUSc67diWI8Rb3I0YgI9/SBQtnhe9aEuK6MhZm7ntZZimXgwXnd8W96YTmSOb9M4d8LwhRZyhWr/1A==", + "license": "Apache-2.0", + "dependencies": { + "@babel/runtime": "^7.12.5", + "invariant": "^2.2.4", + "prop-types": "^15.7.2", + "react-fast-compare": "^3.2.0", + "shallowequal": "^1.1.0" + }, + "peerDependencies": { + "react": "^16.6.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", + "react-dom": "^16.6.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" + } + }, + "node_modules/react-is": { + "version": "16.13.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", + "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==", + "license": "MIT" + }, + "node_modules/react-json-view-lite": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/react-json-view-lite/-/react-json-view-lite-2.5.0.tgz", + "integrity": "sha512-tk7o7QG9oYyELWHL8xiMQ8x4WzjCzbWNyig3uexmkLb54r8jO0yH3WCWx8UZS0c49eSA4QUmG5caiRJ8fAn58g==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "react": "^18.0.0 || ^19.0.0" + } + }, + "node_modules/react-loadable": { + "name": "@docusaurus/react-loadable", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/@docusaurus/react-loadable/-/react-loadable-6.0.0.tgz", + "integrity": "sha512-YMMxTUQV/QFSnbgrP3tjDzLHRg7vsbMn8e9HAa8o/1iXoiomo48b7sk/kkmWEuWNDPJVlKSJRB6Y2fHqdJk+SQ==", + "license": "MIT", + "dependencies": { + "@types/react": "*" + }, + "peerDependencies": { + "react": "*" + } + }, + "node_modules/react-loadable-ssr-addon-v5-slorber": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/react-loadable-ssr-addon-v5-slorber/-/react-loadable-ssr-addon-v5-slorber-1.0.1.tgz", + "integrity": "sha512-lq3Lyw1lGku8zUEJPDxsNm1AfYHBrO9Y1+olAYwpUJ2IGFBskM0DMKok97A6LWUpHm+o7IvQBOWu9MLenp9Z+A==", + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.10.3" + }, + "engines": { + "node": ">=10.13.0" + }, + "peerDependencies": { + "react-loadable": "*", + "webpack": ">=4.41.1 || 5.x" + } + }, + "node_modules/react-router": { + "version": "5.3.4", + "resolved": "https://registry.npmjs.org/react-router/-/react-router-5.3.4.tgz", + "integrity": "sha512-Ys9K+ppnJah3QuaRiLxk+jDWOR1MekYQrlytiXxC1RyfbdsZkS5pvKAzCCr031xHixZwpnsYNT5xysdFHQaYsA==", + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.12.13", + "history": "^4.9.0", + "hoist-non-react-statics": "^3.1.0", + "loose-envify": "^1.3.1", + "path-to-regexp": "^1.7.0", + "prop-types": "^15.6.2", + "react-is": "^16.6.0", + "tiny-invariant": "^1.0.2", + "tiny-warning": "^1.0.0" + }, + "peerDependencies": { + "react": ">=15" + } + }, + "node_modules/react-router-config": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/react-router-config/-/react-router-config-5.1.1.tgz", + "integrity": "sha512-DuanZjaD8mQp1ppHjgnnUnyOlqYXZVjnov/JzFhjLEwd3Z4dYjMSnqrEzzGThH47vpCOqPPwJM2FtthLeJ8Pbg==", + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.1.2" + }, + "peerDependencies": { + "react": ">=15", + "react-router": ">=5" + } + }, + "node_modules/react-router-dom": { + "version": "5.3.4", + "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-5.3.4.tgz", + "integrity": "sha512-m4EqFMHv/Ih4kpcBCONHbkT68KoAeHN4p3lAGoNryfHi0dMy0kCzEZakiKRsvg5wHZ/JLrLW8o8KomWiz/qbYQ==", + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.12.13", + "history": "^4.9.0", + "loose-envify": "^1.3.1", + "prop-types": "^15.6.2", + "react-router": "5.3.4", + "tiny-invariant": "^1.0.2", + "tiny-warning": "^1.0.0" + }, + "peerDependencies": { + "react": ">=15" + } + }, + "node_modules/readable-stream": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", + "license": "MIT", + "dependencies": { + "inherits": "^2.0.3", + "string_decoder": "^1.1.1", + "util-deprecate": "^1.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "license": "MIT", + "dependencies": { + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" + } + }, + "node_modules/recma-build-jsx": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/recma-build-jsx/-/recma-build-jsx-1.0.0.tgz", + "integrity": "sha512-8GtdyqaBcDfva+GUKDr3nev3VpKAhup1+RvkMvUxURHpW7QyIvk9F5wz7Vzo06CEMSilw6uArgRqhpiUcWp8ew==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "estree-util-build-jsx": "^3.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/recma-jsx": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/recma-jsx/-/recma-jsx-1.0.1.tgz", + "integrity": "sha512-huSIy7VU2Z5OLv6oFLosQGGDqPqdO1iq6bWNAdhzMxSJP7RAso4fCZ1cKu8j9YHCZf3TPrq4dw3okhrylgcd7w==", + "license": "MIT", + "dependencies": { + "acorn-jsx": "^5.0.0", + "estree-util-to-js": "^2.0.0", + "recma-parse": "^1.0.0", + "recma-stringify": "^1.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + }, + "peerDependencies": { + "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" + } + }, + "node_modules/recma-parse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/recma-parse/-/recma-parse-1.0.0.tgz", + "integrity": "sha512-OYLsIGBB5Y5wjnSnQW6t3Xg7q3fQ7FWbw/vcXtORTnyaSFscOtABg+7Pnz6YZ6c27fG1/aN8CjfwoUEUIdwqWQ==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "esast-util-from-js": "^2.0.0", + "unified": "^11.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/recma-stringify": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/recma-stringify/-/recma-stringify-1.0.0.tgz", + "integrity": "sha512-cjwII1MdIIVloKvC9ErQ+OgAtwHBmcZ0Bg4ciz78FtbT8In39aAYbaA7zvxQ61xVMSPE8WxhLwLbhif4Js2C+g==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "estree-util-to-js": "^2.0.0", + "unified": "^11.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/regenerate": { + "version": "1.4.2", + "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.4.2.tgz", + "integrity": "sha512-zrceR/XhGYU/d/opr2EKO7aRHUeiBI8qjtfHqADTwZd6Szfy16la6kqD0MIUs5z5hx6AaKa+PixpPrR289+I0A==", + "license": "MIT" + }, + "node_modules/regenerate-unicode-properties": { + "version": "10.2.2", + "resolved": "https://registry.npmjs.org/regenerate-unicode-properties/-/regenerate-unicode-properties-10.2.2.tgz", + "integrity": "sha512-m03P+zhBeQd1RGnYxrGyDAPpWX/epKirLrp8e3qevZdVkKtnCrjjWczIbYc8+xd6vcTStVlqfycTx1KR4LOr0g==", + "license": "MIT", + "dependencies": { + "regenerate": "^1.4.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/regexpu-core": { + "version": "6.4.0", + "resolved": "https://registry.npmjs.org/regexpu-core/-/regexpu-core-6.4.0.tgz", + "integrity": "sha512-0ghuzq67LI9bLXpOX/ISfve/Mq33a4aFRzoQYhnnok1JOFpmE/A2TBGkNVenOGEeSBCjIiWcc6MVOG5HEQv0sA==", + "license": "MIT", + "dependencies": { + "regenerate": "^1.4.2", + "regenerate-unicode-properties": "^10.2.2", + "regjsgen": "^0.8.0", + "regjsparser": "^0.13.0", + "unicode-match-property-ecmascript": "^2.0.0", + "unicode-match-property-value-ecmascript": "^2.2.1" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/registry-auth-token": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/registry-auth-token/-/registry-auth-token-5.1.0.tgz", + "integrity": "sha512-GdekYuwLXLxMuFTwAPg5UKGLW/UXzQrZvH/Zj791BQif5T05T0RsaLfHc9q3ZOKi7n+BoprPD9mJ0O0k4xzUlw==", + "license": "MIT", + "dependencies": { + "@pnpm/npm-conf": "^2.1.0" + }, + "engines": { + "node": ">=14" + } + }, + "node_modules/registry-url": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/registry-url/-/registry-url-6.0.1.tgz", + "integrity": "sha512-+crtS5QjFRqFCoQmvGduwYWEBng99ZvmFvF+cUJkGYF1L1BfU8C6Zp9T7f5vPAwyLkUExpvK+ANVZmGU49qi4Q==", + "license": "MIT", + "dependencies": { + "rc": "1.2.8" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/regjsgen": { + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/regjsgen/-/regjsgen-0.8.0.tgz", + "integrity": "sha512-RvwtGe3d7LvWiDQXeQw8p5asZUmfU1G/l6WbUXeHta7Y2PEIvBTwH6E2EfmYUK8pxcxEdEmaomqyp0vZZ7C+3Q==", + "license": "MIT" + }, + "node_modules/regjsparser": { + "version": "0.13.0", + "resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.13.0.tgz", + "integrity": "sha512-NZQZdC5wOE/H3UT28fVGL+ikOZcEzfMGk/c3iN9UGxzWHMa1op7274oyiUVrAG4B2EuFhus8SvkaYnhvW92p9Q==", + "license": "BSD-2-Clause", + "dependencies": { + "jsesc": "~3.1.0" + }, + "bin": { + "regjsparser": "bin/parser" + } + }, + "node_modules/rehype-raw": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/rehype-raw/-/rehype-raw-7.0.0.tgz", + "integrity": "sha512-/aE8hCfKlQeA8LmyeyQvQF3eBiLRGNlfBJEvWH7ivp9sBqs7TNqBL5X3v157rM4IFETqDnIOO+z5M/biZbo9Ww==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "hast-util-raw": "^9.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/rehype-recma": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/rehype-recma/-/rehype-recma-1.0.0.tgz", + "integrity": "sha512-lqA4rGUf1JmacCNWWZx0Wv1dHqMwxzsDWYMTowuplHF3xH0N/MmrZ/G3BDZnzAkRmxDadujCjaKM2hqYdCBOGw==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "@types/hast": "^3.0.0", + "hast-util-to-estree": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/relateurl": { + "version": "0.2.7", + "resolved": "https://registry.npmjs.org/relateurl/-/relateurl-0.2.7.tgz", + "integrity": "sha512-G08Dxvm4iDN3MLM0EsP62EDV9IuhXPR6blNz6Utcp7zyV3tr4HVNINt6MpaRWbxoOHT3Q7YN2P+jaHX8vUbgog==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/remark-directive": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/remark-directive/-/remark-directive-3.0.1.tgz", + "integrity": "sha512-gwglrEQEZcZYgVyG1tQuA+h58EZfq5CSULw7J90AFuCTyib1thgHPoqQ+h9iFvU6R+vnZ5oNFQR5QKgGpk741A==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-directive": "^3.0.0", + "micromark-extension-directive": "^3.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-emoji": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/remark-emoji/-/remark-emoji-4.0.1.tgz", + "integrity": "sha512-fHdvsTR1dHkWKev9eNyhTo4EFwbUvJ8ka9SgeWkMPYFX4WoI7ViVBms3PjlQYgw5TLvNQso3GUB/b/8t3yo+dg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.2", + "emoticon": "^4.0.1", + "mdast-util-find-and-replace": "^3.0.1", + "node-emoji": "^2.1.0", + "unified": "^11.0.4" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + } + }, + "node_modules/remark-frontmatter": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/remark-frontmatter/-/remark-frontmatter-5.0.0.tgz", + "integrity": "sha512-XTFYvNASMe5iPN0719nPrdItC9aU0ssC4v14mH1BCi1u0n1gAocqcujWUrByftZTbLhRtiKRyjYTSIOcr69UVQ==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-frontmatter": "^2.0.0", + "micromark-extension-frontmatter": "^2.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-gfm": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/remark-gfm/-/remark-gfm-4.0.1.tgz", + "integrity": "sha512-1quofZ2RQ9EWdeN34S79+KExV1764+wCUGop5CPL1WGdD0ocPpu91lzPGbwWMECpEpd42kJGQwzRfyov9j4yNg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-gfm": "^3.0.0", + "micromark-extension-gfm": "^3.0.0", + "remark-parse": "^11.0.0", + "remark-stringify": "^11.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-mdx": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/remark-mdx/-/remark-mdx-3.1.1.tgz", + "integrity": "sha512-Pjj2IYlUY3+D8x00UJsIOg5BEvfMyeI+2uLPn9VO9Wg4MEtN/VTIq2NEJQfde9PnX15KgtHyl9S0BcTnWrIuWg==", + "license": "MIT", + "dependencies": { + "mdast-util-mdx": "^3.0.0", + "micromark-extension-mdxjs": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-parse": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-11.0.0.tgz", + "integrity": "sha512-FCxlKLNGknS5ba/1lmpYijMUzX2esxW5xQqjWxw2eHFfS2MSdaHVINFmhjo+qN1WhZhNimq0dZATN9pH0IDrpA==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-from-markdown": "^2.0.0", + "micromark-util-types": "^2.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-rehype": { + "version": "11.1.2", + "resolved": "https://registry.npmjs.org/remark-rehype/-/remark-rehype-11.1.2.tgz", + "integrity": "sha512-Dh7l57ianaEoIpzbp0PC9UKAdCSVklD8E5Rpw7ETfbTl3FqcOOgq5q2LVDhgGCkaBv7p24JXikPdvhhmHvKMsw==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "mdast-util-to-hast": "^13.0.0", + "unified": "^11.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-stringify": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/remark-stringify/-/remark-stringify-11.0.0.tgz", + "integrity": "sha512-1OSmLd3awB/t8qdoEOMazZkNsfVTeY4fTsgzcQFdXNq8ToTN4ZGwrMnlda4K6smTFKD+GRV6O48i6Z4iKgPPpw==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-to-markdown": "^2.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/renderkid": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/renderkid/-/renderkid-3.0.0.tgz", + "integrity": "sha512-q/7VIQA8lmM1hF+jn+sFSPWGlMkSAeNYcPLmDQx2zzuiDfaLrOmumR8iaUKlenFgh0XRPIUeSPlH3A+AW3Z5pg==", + "license": "MIT", + "dependencies": { + "css-select": "^4.1.3", + "dom-converter": "^0.2.0", + "htmlparser2": "^6.1.0", + "lodash": "^4.17.21", + "strip-ansi": "^6.0.1" + } + }, + "node_modules/renderkid/node_modules/css-select": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/css-select/-/css-select-4.3.0.tgz", + "integrity": "sha512-wPpOYtnsVontu2mODhA19JrqWxNsfdatRKd64kmpRbQgh1KtItko5sTnEpPdpSaJszTOhEMlF/RPz28qj4HqhQ==", + "license": "BSD-2-Clause", + "dependencies": { + "boolbase": "^1.0.0", + "css-what": "^6.0.1", + "domhandler": "^4.3.1", + "domutils": "^2.8.0", + "nth-check": "^2.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/renderkid/node_modules/dom-serializer": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", + "integrity": "sha512-VHwB3KfrcOOkelEG2ZOfxqLZdfkil8PtJi4P8N2MMXucZq2yLp75ClViUlOVwyoHEDjYU433Aq+5zWP61+RGag==", + "license": "MIT", + "dependencies": { + "domelementtype": "^2.0.1", + "domhandler": "^4.2.0", + "entities": "^2.0.0" + }, + "funding": { + "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1" + } + }, + "node_modules/renderkid/node_modules/domhandler": { + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", + "integrity": "sha512-GrwoxYN+uWlzO8uhUXRl0P+kHE4GtVPfYzVLcUxPL7KNdHKj66vvlhiweIHqYYXWlw+T8iLMp42Lm67ghw4WMQ==", + "license": "BSD-2-Clause", + "dependencies": { + "domelementtype": "^2.2.0" + }, + "engines": { + "node": ">= 4" + }, + "funding": { + "url": "https://github.com/fb55/domhandler?sponsor=1" + } + }, + "node_modules/renderkid/node_modules/domutils": { + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", + "integrity": "sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==", + "license": "BSD-2-Clause", + "dependencies": { + "dom-serializer": "^1.0.1", + "domelementtype": "^2.2.0", + "domhandler": "^4.2.0" + }, + "funding": { + "url": "https://github.com/fb55/domutils?sponsor=1" + } + }, + "node_modules/renderkid/node_modules/entities": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==", + "license": "BSD-2-Clause", + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" + } + }, + "node_modules/renderkid/node_modules/htmlparser2": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-6.1.0.tgz", + "integrity": "sha512-gyyPk6rgonLFEDGoeRgQNaEUvdJ4ktTmmUh/h2t7s+M8oPpIPxgNACWa+6ESR57kXstwqPiCut0V8NRpcwgU7A==", + "funding": [ + "https://github.com/fb55/htmlparser2?sponsor=1", + { + "type": "github", + "url": "https://github.com/sponsors/fb55" + } + ], + "license": "MIT", + "dependencies": { + "domelementtype": "^2.0.1", + "domhandler": "^4.0.0", + "domutils": "^2.5.2", + "entities": "^2.0.0" + } + }, + "node_modules/repeat-string": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", + "integrity": "sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w==", + "license": "MIT", + "engines": { + "node": ">=0.10" + } + }, + "node_modules/require-from-string": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/require-like": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/require-like/-/require-like-0.1.2.tgz", + "integrity": "sha512-oyrU88skkMtDdauHDuKVrgR+zuItqr6/c//FXzvmxRGMexSDc6hNvJInGW3LL46n+8b50RykrvwSUIIQH2LQ5A==", + "engines": { + "node": "*" + } + }, + "node_modules/requires-port": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz", + "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==", + "license": "MIT" + }, + "node_modules/resolve": { + "version": "1.22.10", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.10.tgz", + "integrity": "sha512-NPRy+/ncIMeDlTAsuqwKIiferiawhefFJtkNSW0qZJEqMEb+qBt/77B/jGeeek+F0uOeN05CDa6HXbbIgtVX4w==", + "license": "MIT", + "dependencies": { + "is-core-module": "^2.16.0", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + }, + "bin": { + "resolve": "bin/resolve" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/resolve-alpn": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", + "integrity": "sha512-0a1F4l73/ZFZOakJnQ3FvkJ2+gSTQWz/r2KE5OdDY0TxPm5h4GkqkWWfM47T7HsbnOtcJVEF4epCVy6u7Q3K+g==", + "license": "MIT" + }, + "node_modules/resolve-from": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/resolve-pathname": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/resolve-pathname/-/resolve-pathname-3.0.0.tgz", + "integrity": "sha512-C7rARubxI8bXFNB/hqcp/4iUeIXJhJZvFPFPiSPRnhU5UPxzMFIl+2E6yY6c4k9giDJAhtV+enfA+G89N6Csng==", + "license": "MIT" + }, + "node_modules/responselike": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/responselike/-/responselike-4.0.2.tgz", + "integrity": "sha512-cGk8IbWEAnaCpdAt1BHzJ3Ahz5ewDJa0KseTsE3qIRMJ3C698W8psM7byCeWVpd/Ha7FUYzuRVzXoKoM6nRUbA==", + "license": "MIT", + "dependencies": { + "lowercase-keys": "^3.0.0" + }, + "engines": { + "node": ">=20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/retry": { + "version": "0.13.1", + "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", + "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==", + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/reusify": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz", + "integrity": "sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==", + "license": "MIT", + "engines": { + "iojs": ">=1.0.0", + "node": ">=0.10.0" + } + }, + "node_modules/rtlcss": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/rtlcss/-/rtlcss-4.3.0.tgz", + "integrity": "sha512-FI+pHEn7Wc4NqKXMXFM+VAYKEj/mRIcW4h24YVwVtyjI+EqGrLc2Hx/Ny0lrZ21cBWU2goLy36eqMcNj3AQJig==", + "license": "MIT", + "dependencies": { + "escalade": "^3.1.1", + "picocolors": "^1.0.0", + "postcss": "^8.4.21", + "strip-json-comments": "^3.1.1" + }, + "bin": { + "rtlcss": "bin/rtlcss.js" + }, + "engines": { + "node": ">=12.0.0" + } + }, + "node_modules/run-applescript": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/run-applescript/-/run-applescript-7.1.0.tgz", + "integrity": "sha512-DPe5pVFaAsinSaV6QjQ6gdiedWDcRCbUuiQfQa2wmWV7+xC9bGulGI8+TdRmoFkAPaBXk8CrAbnlY2ISniJ47Q==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/run-parallel": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT", + "dependencies": { + "queue-microtask": "^1.2.2" + } + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", + "license": "MIT" + }, + "node_modules/sax": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/sax/-/sax-1.4.1.tgz", + "integrity": "sha512-+aWOz7yVScEGoKNd4PA10LZ8sk0A/z5+nXQG5giUO5rprX9jgYsTdov9qCchZiPIZezbZH+jRut8nPodFAX4Jg==", + "license": "ISC" + }, + "node_modules/scheduler": { + "version": "0.27.0", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.27.0.tgz", + "integrity": "sha512-eNv+WrVbKu1f3vbYJT/xtiF5syA5HPIMtf9IgY/nKg0sWqzAUEvqY/xm7OcZc/qafLx/iO9FgOmeSAp4v5ti/Q==", + "license": "MIT" + }, + "node_modules/schema-dts": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/schema-dts/-/schema-dts-1.1.5.tgz", + "integrity": "sha512-RJr9EaCmsLzBX2NDiO5Z3ux2BVosNZN5jo0gWgsyKvxKIUL5R3swNvoorulAeL9kLB0iTSX7V6aokhla2m7xbg==", + "license": "Apache-2.0" + }, + "node_modules/schema-utils": { + "version": "4.3.3", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.3.3.tgz", + "integrity": "sha512-eflK8wEtyOE6+hsaRVPxvUKYCpRgzLqDTb8krvAsRIwOGlHoSgYLgBXoubGgLd2fT41/OUYdb48v4k4WWHQurA==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.9", + "ajv": "^8.9.0", + "ajv-formats": "^2.1.1", + "ajv-keywords": "^5.1.0" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/search-insights": { + "version": "2.17.3", + "resolved": "https://registry.npmjs.org/search-insights/-/search-insights-2.17.3.tgz", + "integrity": "sha512-RQPdCYTa8A68uM2jwxoY842xDhvx3E5LFL1LxvxCNMev4o5mLuokczhzjAgGwUZBAmOKZknArSxLKmXtIi2AxQ==", + "license": "MIT", + "peer": true + }, + "node_modules/section-matter": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/section-matter/-/section-matter-1.0.0.tgz", + "integrity": "sha512-vfD3pmTzGpufjScBh50YHKzEu2lxBWhVEHsNGoEXmCmn2hKGfeNLYMzCJpe8cD7gqX7TJluOVpBkAequ6dgMmA==", + "license": "MIT", + "dependencies": { + "extend-shallow": "^2.0.1", + "kind-of": "^6.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/select-hose": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/select-hose/-/select-hose-2.0.0.tgz", + "integrity": "sha512-mEugaLK+YfkijB4fx0e6kImuJdCIt2LxCRcbEYPqRGCs4F2ogyfZU5IAZRdjCP8JPq2AtdNoC/Dux63d9Kiryg==", + "license": "MIT" + }, + "node_modules/selfsigned": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/selfsigned/-/selfsigned-2.4.1.tgz", + "integrity": "sha512-th5B4L2U+eGLq1TVh7zNRGBapioSORUeymIydxgFpwww9d2qyKvtuPU2jJuHvYAwwqi2Y596QBL3eEqcPEYL8Q==", + "license": "MIT", + "dependencies": { + "@types/node-forge": "^1.3.0", + "node-forge": "^1" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/semver": { + "version": "7.7.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz", + "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/semver-diff": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/semver-diff/-/semver-diff-4.0.0.tgz", + "integrity": "sha512-0Ju4+6A8iOnpL/Thra7dZsSlOHYAHIeMxfhWQRI1/VLcT3WDBZKKtQt/QkBOsiIN9ZpuvHE6cGZ0x4glCMmfiA==", + "license": "MIT", + "dependencies": { + "semver": "^7.3.5" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/send": { + "version": "0.19.0", + "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz", + "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==", + "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "1.2.0", + "encodeurl": "~1.0.2", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "fresh": "0.5.2", + "http-errors": "2.0.0", + "mime": "1.6.0", + "ms": "2.1.3", + "on-finished": "2.4.1", + "range-parser": "~1.2.1", + "statuses": "2.0.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/send/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/send/node_modules/debug/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/send/node_modules/encodeurl": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/send/node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/serialize-javascript": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz", + "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==", + "license": "BSD-3-Clause", + "dependencies": { + "randombytes": "^2.1.0" + } + }, + "node_modules/serve-handler": { + "version": "6.1.6", + "resolved": "https://registry.npmjs.org/serve-handler/-/serve-handler-6.1.6.tgz", + "integrity": "sha512-x5RL9Y2p5+Sh3D38Fh9i/iQ5ZK+e4xuXRd/pGbM4D13tgo/MGwbttUk8emytcr1YYzBYs+apnUngBDFYfpjPuQ==", + "license": "MIT", + "dependencies": { + "bytes": "3.0.0", + "content-disposition": "0.5.2", + "mime-types": "2.1.18", + "minimatch": "3.1.2", + "path-is-inside": "1.0.2", + "path-to-regexp": "3.3.0", + "range-parser": "1.2.0" + } + }, + "node_modules/serve-handler/node_modules/brace-expansion": { + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", + "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/serve-handler/node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/serve-handler/node_modules/path-to-regexp": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-3.3.0.tgz", + "integrity": "sha512-qyCH421YQPS2WFDxDjftfc1ZR5WKQzVzqsp4n9M2kQhVOo/ByahFoUNJfl58kOcEGfQ//7weFTDhm+ss8Ecxgw==", + "license": "MIT" + }, + "node_modules/serve-index": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/serve-index/-/serve-index-1.9.1.tgz", + "integrity": "sha512-pXHfKNP4qujrtteMrSBb0rc8HJ9Ms/GrXwcUtUtD5s4ewDJI8bT3Cz2zTVRMKtri49pLx2e0Ya8ziP5Ya2pZZw==", + "license": "MIT", + "dependencies": { + "accepts": "~1.3.4", + "batch": "0.6.1", + "debug": "2.6.9", + "escape-html": "~1.0.3", + "http-errors": "~1.6.2", + "mime-types": "~2.1.17", + "parseurl": "~1.3.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/serve-index/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/serve-index/node_modules/depd": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", + "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/serve-index/node_modules/http-errors": { + "version": "1.6.3", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz", + "integrity": "sha512-lks+lVC8dgGyh97jxvxeYTWQFvh4uw4yC12gVl63Cg30sjPX4wuGcdkICVXDAESr6OJGjqGA8Iz5mkeN6zlD7A==", + "license": "MIT", + "dependencies": { + "depd": "~1.1.2", + "inherits": "2.0.3", + "setprototypeof": "1.1.0", + "statuses": ">= 1.4.0 < 2" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/serve-index/node_modules/inherits": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", + "integrity": "sha512-x00IRNXNy63jwGkJmzPigoySHbaqpNuzKbBOmzK+g2OdZpQ9w+sxCN+VSB3ja7IAge2OP2qpfxTjeNcyjmW1uw==", + "license": "ISC" + }, + "node_modules/serve-index/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/serve-index/node_modules/setprototypeof": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz", + "integrity": "sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ==", + "license": "ISC" + }, + "node_modules/serve-index/node_modules/statuses": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", + "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/serve-static": { + "version": "1.16.2", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz", + "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==", + "license": "MIT", + "dependencies": { + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "parseurl": "~1.3.3", + "send": "0.19.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/set-function-length": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==", + "license": "MIT", + "dependencies": { + "define-data-property": "^1.1.4", + "es-errors": "^1.3.0", + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.4", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/setprototypeof": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", + "license": "ISC" + }, + "node_modules/shallow-clone": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/shallow-clone/-/shallow-clone-3.0.1.tgz", + "integrity": "sha512-/6KqX+GVUdqPuPPd2LxDDxzX6CAbjJehAAOKlNpqqUpAqPM6HeL8f+o3a+JsyGjn2lv0WY8UsTgUJjU9Ok55NA==", + "license": "MIT", + "dependencies": { + "kind-of": "^6.0.2" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shallowequal": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/shallowequal/-/shallowequal-1.1.0.tgz", + "integrity": "sha512-y0m1JoUZSlPAjXVtPPW70aZWfIL/dSP7AFkRnniLCrK/8MDKog3TySTBmckD+RObVxH0v4Tox67+F14PdED2oQ==", + "license": "MIT" + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "license": "MIT", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/shell-quote": { + "version": "1.8.3", + "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.3.tgz", + "integrity": "sha512-ObmnIF4hXNg1BqhnHmgbDETF8dLPCggZWBjkQfhZpbszZnYur5DUljTcCHii5LC3J5E0yeO/1LIMyH+UvHQgyw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz", + "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3", + "side-channel-list": "^1.0.0", + "side-channel-map": "^1.0.1", + "side-channel-weakmap": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-list": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz", + "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-map": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz", + "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-weakmap": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", + "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3", + "side-channel-map": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/signal-exit": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", + "license": "ISC" + }, + "node_modules/sirv": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/sirv/-/sirv-2.0.4.tgz", + "integrity": "sha512-94Bdh3cC2PKrbgSOUqTiGPWVZeSiXfKOVZNJniWoqrWrRkB1CJzBU3NEbiTsPcYy1lDsANA/THzS+9WBiy5nfQ==", + "license": "MIT", + "dependencies": { + "@polka/url": "^1.0.0-next.24", + "mrmime": "^2.0.0", + "totalist": "^3.0.0" + }, + "engines": { + "node": ">= 10" + } + }, + "node_modules/sisteransi": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==", + "license": "MIT" + }, + "node_modules/sitemap": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/sitemap/-/sitemap-7.1.2.tgz", + "integrity": "sha512-ARCqzHJ0p4gWt+j7NlU5eDlIO9+Rkr/JhPFZKKQ1l5GCus7rJH4UdrlVAh0xC/gDS/Qir2UMxqYNHtsKr2rpCw==", + "license": "MIT", + "dependencies": { + "@types/node": "^17.0.5", + "@types/sax": "^1.2.1", + "arg": "^5.0.0", + "sax": "^1.2.4" + }, + "bin": { + "sitemap": "dist/cli.js" + }, + "engines": { + "node": ">=12.0.0", + "npm": ">=5.6.0" + } + }, + "node_modules/sitemap/node_modules/@types/node": { + "version": "17.0.45", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.45.tgz", + "integrity": "sha512-w+tIMs3rq2afQdsPJlODhoUEKzFP1ayaoyl1CcnwtIlsVe7K7bA1NGm4s3PraqTLlXnbIN84zuBlxBWo1u9BLw==", + "license": "MIT" + }, + "node_modules/skin-tone": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/skin-tone/-/skin-tone-2.0.0.tgz", + "integrity": "sha512-kUMbT1oBJCpgrnKoSr0o6wPtvRWT9W9UKvGLwfJYO2WuahZRHOpEyL1ckyMGgMWh0UdpmaoFqKKD29WTomNEGA==", + "license": "MIT", + "dependencies": { + "unicode-emoji-modifier-base": "^1.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/slash": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/snake-case": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", + "integrity": "sha512-LAOh4z89bGQvl9pFfNF8V146i7o7/CqFPbqzYgP+yYzDIDeS9HaNFtXABamRW+AQzEVODcvE79ljJ+8a9YSdMg==", + "license": "MIT", + "dependencies": { + "dot-case": "^3.0.4", + "tslib": "^2.0.3" + } + }, + "node_modules/sockjs": { + "version": "0.3.24", + "resolved": "https://registry.npmjs.org/sockjs/-/sockjs-0.3.24.tgz", + "integrity": "sha512-GJgLTZ7vYb/JtPSSZ10hsOYIvEYsjbNU+zPdIHcUaWVNUEPivzxku31865sSSud0Da0W4lEeOPlmw93zLQchuQ==", + "license": "MIT", + "dependencies": { + "faye-websocket": "^0.11.3", + "uuid": "^8.3.2", + "websocket-driver": "^0.7.4" + } + }, + "node_modules/sort-css-media-queries": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/sort-css-media-queries/-/sort-css-media-queries-2.2.0.tgz", + "integrity": "sha512-0xtkGhWCC9MGt/EzgnvbbbKhqWjl1+/rncmhTh5qCpbYguXh6S/qwePfv/JQ8jePXXmqingylxoC49pCkSPIbA==", + "license": "MIT", + "engines": { + "node": ">= 6.3.0" + } + }, + "node_modules/source-map": { + "version": "0.7.6", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.6.tgz", + "integrity": "sha512-i5uvt8C3ikiWeNZSVZNWcfZPItFQOsYTUAOkcUPGd8DqDy1uOUikjt5dG+uRlwyvR108Fb9DOd4GvXfT0N2/uQ==", + "license": "BSD-3-Clause", + "engines": { + "node": ">= 12" + } + }, + "node_modules/source-map-js": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", + "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==", + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/source-map-support": { + "version": "0.5.21", + "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz", + "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==", + "license": "MIT", + "dependencies": { + "buffer-from": "^1.0.0", + "source-map": "^0.6.0" + } + }, + "node_modules/source-map-support/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/space-separated-tokens": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/space-separated-tokens/-/space-separated-tokens-2.0.2.tgz", + "integrity": "sha512-PEGlAwrG8yXGXRjW32fGbg66JAlOAwbObuqVoJpv/mRgoWDQfgH1wDPvtzWyUSNAXBGSk8h755YDbbcEy3SH2Q==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/spdy": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/spdy/-/spdy-4.0.2.tgz", + "integrity": "sha512-r46gZQZQV+Kl9oItvl1JZZqJKGr+oEkB08A6BzkiR7593/7IbtuncXHd2YoYeTsG4157ZssMu9KYvUHLcjcDoA==", + "license": "MIT", + "dependencies": { + "debug": "^4.1.0", + "handle-thing": "^2.0.0", + "http-deceiver": "^1.2.7", + "select-hose": "^2.0.0", + "spdy-transport": "^3.0.0" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/spdy-transport": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/spdy-transport/-/spdy-transport-3.0.0.tgz", + "integrity": "sha512-hsLVFE5SjA6TCisWeJXFKniGGOpBgMLmerfO2aCyCU5s7nJ/rpAepqmFifv/GCbSbueEeAJJnmSQ2rKC/g8Fcw==", + "license": "MIT", + "dependencies": { + "debug": "^4.1.0", + "detect-node": "^2.0.4", + "hpack.js": "^2.1.6", + "obuf": "^1.1.2", + "readable-stream": "^3.0.6", + "wbuf": "^1.7.3" + } + }, + "node_modules/sprintf-js": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==", + "license": "BSD-3-Clause" + }, + "node_modules/srcset": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/srcset/-/srcset-4.0.0.tgz", + "integrity": "sha512-wvLeHgcVHKO8Sc/H/5lkGreJQVeYMm9rlmt8PuR1xE31rIuXhuzznUUqAt8MqLhB3MqJdFzlNAfpcWnxiFUcPw==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/statuses": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/std-env": { + "version": "3.10.0", + "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.10.0.tgz", + "integrity": "sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==", + "license": "MIT" + }, + "node_modules/string_decoder": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==", + "license": "MIT", + "dependencies": { + "safe-buffer": "~5.2.0" + } + }, + "node_modules/string-width": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", + "license": "MIT", + "dependencies": { + "eastasianwidth": "^0.2.0", + "emoji-regex": "^9.2.2", + "strip-ansi": "^7.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/string-width/node_modules/ansi-regex": { + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz", + "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-regex?sponsor=1" + } + }, + "node_modules/string-width/node_modules/strip-ansi": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz", + "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^6.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/strip-ansi?sponsor=1" + } + }, + "node_modules/stringify-entities": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/stringify-entities/-/stringify-entities-4.0.4.tgz", + "integrity": "sha512-IwfBptatlO+QCJUo19AqvrPNqlVMpW9YEL2LIVY+Rpv2qsjCGxaDLNRgeGsQWJhfItebuJhsGSLjaBbNSQ+ieg==", + "license": "MIT", + "dependencies": { + "character-entities-html4": "^2.0.0", + "character-entities-legacy": "^3.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/stringify-object": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/stringify-object/-/stringify-object-3.3.0.tgz", + "integrity": "sha512-rHqiFh1elqCQ9WPLIC8I0Q/g/wj5J1eMkyoiD6eoQApWHP0FtlK7rqnhmabL5VUY9JQCcqwwvlOaSuutekgyrw==", + "license": "BSD-2-Clause", + "dependencies": { + "get-own-enumerable-property-symbols": "^3.0.0", + "is-obj": "^1.0.1", + "is-regexp": "^1.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-bom-string": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/strip-bom-string/-/strip-bom-string-1.0.0.tgz", + "integrity": "sha512-uCC2VHvQRYu+lMh4My/sFNmF2klFymLX1wHJeXnbEJERpV/ZsVuonzerjfrGpIGF7LBVa1O7i9kjiWvJiFck8g==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/strip-final-newline": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/style-to-js": { + "version": "1.1.18", + "resolved": "https://registry.npmjs.org/style-to-js/-/style-to-js-1.1.18.tgz", + "integrity": "sha512-JFPn62D4kJaPTnhFUI244MThx+FEGbi+9dw1b9yBBQ+1CZpV7QAT8kUtJ7b7EUNdHajjF/0x8fT+16oLJoojLg==", + "license": "MIT", + "dependencies": { + "style-to-object": "1.0.11" + } + }, + "node_modules/style-to-object": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/style-to-object/-/style-to-object-1.0.11.tgz", + "integrity": "sha512-5A560JmXr7wDyGLK12Nq/EYS38VkGlglVzkis1JEdbGWSnbQIEhZzTJhzURXN5/8WwwFCs/f/VVcmkTppbXLow==", + "license": "MIT", + "dependencies": { + "inline-style-parser": "0.2.4" + } + }, + "node_modules/stylehacks": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/stylehacks/-/stylehacks-6.1.1.tgz", + "integrity": "sha512-gSTTEQ670cJNoaeIp9KX6lZmm8LJ3jPB5yJmX8Zq/wQxOsAFXV3qjWzHas3YYk1qesuVIyYWWUpZ0vSE/dTSGg==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "postcss-selector-parser": "^6.0.16" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/supports-preserve-symlinks-flag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/svg-parser": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/svg-parser/-/svg-parser-2.0.4.tgz", + "integrity": "sha512-e4hG1hRwoOdRb37cIMSgzNsxyzKfayW6VOflrwvR+/bzrkyxY/31WkbgnQpgtrNp1SdpJvpUAGTa/ZoiPNDuRQ==", + "license": "MIT" + }, + "node_modules/svgo": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/svgo/-/svgo-3.3.2.tgz", + "integrity": "sha512-OoohrmuUlBs8B8o6MB2Aevn+pRIH9zDALSR+6hhqVfa6fRwG/Qw9VUMSMW9VNg2CFc/MTIfabtdOVl9ODIJjpw==", + "license": "MIT", + "dependencies": { + "@trysound/sax": "0.2.0", + "commander": "^7.2.0", + "css-select": "^5.1.0", + "css-tree": "^2.3.1", + "css-what": "^6.1.0", + "csso": "^5.0.5", + "picocolors": "^1.0.0" + }, + "bin": { + "svgo": "bin/svgo" + }, + "engines": { + "node": ">=14.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/svgo" + } + }, + "node_modules/svgo/node_modules/commander": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", + "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==", + "license": "MIT", + "engines": { + "node": ">= 10" + } + }, + "node_modules/swr": { + "version": "2.3.6", + "resolved": "https://registry.npmjs.org/swr/-/swr-2.3.6.tgz", + "integrity": "sha512-wfHRmHWk/isGNMwlLGlZX5Gzz/uTgo0o2IRuTMcf4CPuPFJZlq0rDaKUx+ozB5nBOReNV1kiOyzMfj+MBMikLw==", + "license": "MIT", + "dependencies": { + "dequal": "^2.0.3", + "use-sync-external-store": "^1.4.0" + }, + "peerDependencies": { + "react": "^16.11.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" + } + }, + "node_modules/tapable": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.3.0.tgz", + "integrity": "sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg==", + "license": "MIT", + "engines": { + "node": ">=6" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/terser": { + "version": "5.44.0", + "resolved": "https://registry.npmjs.org/terser/-/terser-5.44.0.tgz", + "integrity": "sha512-nIVck8DK+GM/0Frwd+nIhZ84pR/BX7rmXMfYwyg+Sri5oGVE99/E3KvXqpC2xHFxyqXyGHTKBSioxxplrO4I4w==", + "license": "BSD-2-Clause", + "dependencies": { + "@jridgewell/source-map": "^0.3.3", + "acorn": "^8.15.0", + "commander": "^2.20.0", + "source-map-support": "~0.5.20" + }, + "bin": { + "terser": "bin/terser" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/terser-webpack-plugin": { + "version": "5.3.14", + "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.14.tgz", + "integrity": "sha512-vkZjpUjb6OMS7dhV+tILUW6BhpDR7P2L/aQSAv+Uwk+m8KATX9EccViHTJR2qDtACKPIYndLGCyl3FMo+r2LMw==", + "license": "MIT", + "dependencies": { + "@jridgewell/trace-mapping": "^0.3.25", + "jest-worker": "^27.4.5", + "schema-utils": "^4.3.0", + "serialize-javascript": "^6.0.2", + "terser": "^5.31.1" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.1.0" + }, + "peerDependenciesMeta": { + "@swc/core": { + "optional": true + }, + "esbuild": { + "optional": true + }, + "uglify-js": { + "optional": true + } + } + }, + "node_modules/terser-webpack-plugin/node_modules/jest-worker": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-27.5.1.tgz", + "integrity": "sha512-7vuh85V5cdDofPyxn58nrPjBktZo0u9x1g8WtjQol+jZDaE+fhN+cIvTj11GndBnMnyfrUOG1sZQxCdjKh+DKg==", + "license": "MIT", + "dependencies": { + "@types/node": "*", + "merge-stream": "^2.0.0", + "supports-color": "^8.0.0" + }, + "engines": { + "node": ">= 10.13.0" + } + }, + "node_modules/terser-webpack-plugin/node_modules/supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/terser/node_modules/commander": { + "version": "2.20.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", + "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", + "license": "MIT" + }, + "node_modules/thingies": { + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/thingies/-/thingies-2.5.0.tgz", + "integrity": "sha512-s+2Bwztg6PhWUD7XMfeYm5qliDdSiZm7M7n8KjTkIsm3l/2lgVRc2/Gx/v+ZX8lT4FMA+i8aQvhcWylldc+ZNw==", + "license": "MIT", + "engines": { + "node": ">=10.18" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "^2" + } + }, + "node_modules/throttleit": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/throttleit/-/throttleit-2.1.0.tgz", + "integrity": "sha512-nt6AMGKW1p/70DF/hGBdJB57B8Tspmbp5gfJ8ilhLnt7kkr2ye7hzD6NVG8GGErk2HWF34igrL2CXmNIkzKqKw==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/thunky": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/thunky/-/thunky-1.1.0.tgz", + "integrity": "sha512-eHY7nBftgThBqOyHGVN+l8gF0BucP09fMo0oO/Lb0w1OF80dJv+lDVpXG60WMQvkcxAkNybKsrEIE3ZtKGmPrA==", + "license": "MIT" + }, + "node_modules/tiny-invariant": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.3.3.tgz", + "integrity": "sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg==", + "license": "MIT" + }, + "node_modules/tiny-warning": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/tiny-warning/-/tiny-warning-1.0.3.tgz", + "integrity": "sha512-lBN9zLN/oAf68o3zNXYrdCt1kP8WsiGW8Oo2ka41b2IM5JL/S1CTyX1rW0mb/zSuJun0ZUrDxx4sqvYS2FWzPA==", + "license": "MIT" + }, + "node_modules/tinypool": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-1.1.1.tgz", + "integrity": "sha512-Zba82s87IFq9A9XmjiX5uZA/ARWDrB03OHlq+Vw1fSdt0I+4/Kutwy8BP4Y/y/aORMo61FQ0vIb5j44vSo5Pkg==", + "license": "MIT", + "engines": { + "node": "^18.0.0 || >=20.0.0" + } + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "license": "MIT", + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, + "node_modules/toidentifier": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", + "license": "MIT", + "engines": { + "node": ">=0.6" + } + }, + "node_modules/totalist": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/totalist/-/totalist-3.0.1.tgz", + "integrity": "sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/tree-dump": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/tree-dump/-/tree-dump-1.1.0.tgz", + "integrity": "sha512-rMuvhU4MCDbcbnleZTFezWsaZXRFemSqAM+7jPnzUl1fo9w3YEKOxAeui0fz3OI4EU4hf23iyA7uQRVko+UaBA==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/streamich" + }, + "peerDependencies": { + "tslib": "2" + } + }, + "node_modules/trim-lines": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/trim-lines/-/trim-lines-3.0.1.tgz", + "integrity": "sha512-kRj8B+YHZCc9kQYdWfJB2/oUl9rA99qbowYYBtr4ui4mZyAQ2JpvVBd/6U2YloATfqBhBTSMhTpgBHtU0Mf3Rg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/trough": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/trough/-/trough-2.2.0.tgz", + "integrity": "sha512-tmMpK00BjZiUyVyvrBK7knerNgmgvcV/KLVyuma/SC+TQN167GrMRciANTz09+k3zW8L8t60jWO1GpfkZdjTaw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/tslib": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", + "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==", + "license": "0BSD" + }, + "node_modules/type-fest": { + "version": "2.19.0", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-2.19.0.tgz", + "integrity": "sha512-RAH822pAdBgcNMAfWnCBU3CFZcfZ/i1eZjwFU/dsLKumyuuP3niueg2UAukXYF0E2AAoc82ZSSf9J0WQBinzHA==", + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=12.20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/type-is": { + "version": "1.6.18", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", + "license": "MIT", + "dependencies": { + "media-typer": "0.3.0", + "mime-types": "~2.1.24" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/type-is/node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/type-is/node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/typedarray-to-buffer": { + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz", + "integrity": "sha512-zdu8XMNEDepKKR+XYOXAVPtWui0ly0NtohUscw+UmaHiAWT8hrV1rr//H6V+0DvJ3OQ19S979M0laLfX8rm82Q==", + "license": "MIT", + "dependencies": { + "is-typedarray": "^1.0.0" + } + }, + "node_modules/undici-types": { + "version": "7.14.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.14.0.tgz", + "integrity": "sha512-QQiYxHuyZ9gQUIrmPo3IA+hUl4KYk8uSA7cHrcKd/l3p1OTpZcM0Tbp9x7FAtXdAYhlasd60ncPpgu6ihG6TOA==", + "license": "MIT" + }, + "node_modules/unicode-canonical-property-names-ecmascript": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-2.0.1.tgz", + "integrity": "sha512-dA8WbNeb2a6oQzAQ55YlT5vQAWGV9WXOsi3SskE3bcCdM0P4SDd+24zS/OCacdRq5BkdsRj9q3Pg6YyQoxIGqg==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/unicode-emoji-modifier-base": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unicode-emoji-modifier-base/-/unicode-emoji-modifier-base-1.0.0.tgz", + "integrity": "sha512-yLSH4py7oFH3oG/9K+XWrz1pSi3dfUrWEnInbxMfArOfc1+33BlGPQtLsOYwvdMy11AwUBetYuaRxSPqgkq+8g==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/unicode-match-property-ecmascript": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/unicode-match-property-ecmascript/-/unicode-match-property-ecmascript-2.0.0.tgz", + "integrity": "sha512-5kaZCrbp5mmbz5ulBkDkbY0SsPOjKqVS35VpL9ulMPfSl0J0Xsm+9Evphv9CoIZFwre7aJoa94AY6seMKGVN5Q==", + "license": "MIT", + "dependencies": { + "unicode-canonical-property-names-ecmascript": "^2.0.0", + "unicode-property-aliases-ecmascript": "^2.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/unicode-match-property-value-ecmascript": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/unicode-match-property-value-ecmascript/-/unicode-match-property-value-ecmascript-2.2.1.tgz", + "integrity": "sha512-JQ84qTuMg4nVkx8ga4A16a1epI9H6uTXAknqxkGF/aFfRLw1xC/Bp24HNLaZhHSkWd3+84t8iXnp1J0kYcZHhg==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/unicode-property-aliases-ecmascript": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-2.2.0.tgz", + "integrity": "sha512-hpbDzxUY9BFwX+UeBnxv3Sh1q7HFxj48DTmXchNgRa46lO8uj3/1iEn3MiNUYTg1g9ctIqXCCERn8gYZhHC5lQ==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/unified": { + "version": "11.0.5", + "resolved": "https://registry.npmjs.org/unified/-/unified-11.0.5.tgz", + "integrity": "sha512-xKvGhPWw3k84Qjh8bI3ZeJjqnyadK+GEFtazSfZv/rKeTkTjOJho6mFqh2SM96iIcZokxiOpg78GazTSg8+KHA==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "bail": "^2.0.0", + "devlop": "^1.0.0", + "extend": "^3.0.0", + "is-plain-obj": "^4.0.0", + "trough": "^2.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unique-string": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/unique-string/-/unique-string-3.0.0.tgz", + "integrity": "sha512-VGXBUVwxKMBUznyffQweQABPRRW1vHZAbadFZud4pLFAqRGvv/96vafgjWFqzourzr8YonlQiPgH0YCJfawoGQ==", + "license": "MIT", + "dependencies": { + "crypto-random-string": "^4.0.0" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/unist-util-is": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/unist-util-is/-/unist-util-is-6.0.1.tgz", + "integrity": "sha512-LsiILbtBETkDz8I9p1dQ0uyRUWuaQzd/cuEeS1hoRSyW5E5XGmTzlwY1OrNzzakGowI9Dr/I8HVaw4hTtnxy8g==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-position": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/unist-util-position/-/unist-util-position-5.0.0.tgz", + "integrity": "sha512-fucsC7HjXvkB5R3kTCO7kUjRdrS0BJt3M/FPxmHMBOm8JQi2BsHAHFsy27E0EolP8rp0NzXsJ+jNPyDWvOJZPA==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-position-from-estree": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/unist-util-position-from-estree/-/unist-util-position-from-estree-2.0.0.tgz", + "integrity": "sha512-KaFVRjoqLyF6YXCbVLNad/eS4+OfPQQn2yOd7zF/h5T/CSL2v8NpN6a5TPvtbXthAGw5nG+PuTtq+DdIZr+cRQ==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-stringify-position": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/unist-util-stringify-position/-/unist-util-stringify-position-4.0.0.tgz", + "integrity": "sha512-0ASV06AAoKCDkS2+xw5RXJywruurpbC4JZSm7nr7MOt1ojAzvyyaO+UxZf18j8FCF6kmzCZKcAgN/yu2gm2XgQ==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-visit": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-5.0.0.tgz", + "integrity": "sha512-MR04uvD+07cwl/yhVuVWAtw+3GOR/knlL55Nd/wAdblk27GCVt3lqpTivy/tkJcZoNPzTwS1Y+KMojlLDhoTzg==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "unist-util-is": "^6.0.0", + "unist-util-visit-parents": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-visit-parents": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/unist-util-visit-parents/-/unist-util-visit-parents-6.0.2.tgz", + "integrity": "sha512-goh1s1TBrqSqukSc8wrjwWhL0hiJxgA8m4kFxGlQ+8FYQ3C/m11FcTs4YYem7V664AhHVvgoQLk890Ssdsr2IQ==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "unist-util-is": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/universalify": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==", + "license": "MIT", + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/unpipe": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/update-browserslist-db": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.3.tgz", + "integrity": "sha512-UxhIZQ+QInVdunkDAaiazvvT/+fXL5Osr0JZlJulepYu6Jd7qJtDZjlur0emRlT71EN3ScPoE7gvsuIKKNavKw==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "escalade": "^3.2.0", + "picocolors": "^1.1.1" + }, + "bin": { + "update-browserslist-db": "cli.js" + }, + "peerDependencies": { + "browserslist": ">= 4.21.0" + } + }, + "node_modules/update-notifier": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/update-notifier/-/update-notifier-6.0.2.tgz", + "integrity": "sha512-EDxhTEVPZZRLWYcJ4ZXjGFN0oP7qYvbXWzEgRm/Yql4dHX5wDbvh89YHP6PK1lzZJYrMtXUuZZz8XGK+U6U1og==", + "license": "BSD-2-Clause", + "dependencies": { + "boxen": "^7.0.0", + "chalk": "^5.0.1", + "configstore": "^6.0.0", + "has-yarn": "^3.0.0", + "import-lazy": "^4.0.0", + "is-ci": "^3.0.1", + "is-installed-globally": "^0.4.0", + "is-npm": "^6.0.0", + "is-yarn-global": "^0.4.0", + "latest-version": "^7.0.0", + "pupa": "^3.1.0", + "semver": "^7.3.7", + "semver-diff": "^4.0.0", + "xdg-basedir": "^5.1.0" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/yeoman/update-notifier?sponsor=1" + } + }, + "node_modules/update-notifier/node_modules/boxen": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/boxen/-/boxen-7.1.1.tgz", + "integrity": "sha512-2hCgjEmP8YLWQ130n2FerGv7rYpfBmnmp9Uy2Le1vge6X3gZIfSmEzP5QTDElFxcvVcXlEn8Aq6MU/PZygIOog==", + "license": "MIT", + "dependencies": { + "ansi-align": "^3.0.1", + "camelcase": "^7.0.1", + "chalk": "^5.2.0", + "cli-boxes": "^3.0.0", + "string-width": "^5.1.2", + "type-fest": "^2.13.0", + "widest-line": "^4.0.1", + "wrap-ansi": "^8.1.0" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/update-notifier/node_modules/camelcase": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-7.0.1.tgz", + "integrity": "sha512-xlx1yCK2Oc1APsPXDL2LdlNP6+uu8OCDdhOBSVT279M/S+y75O30C2VuD8T2ogdePBBl7PfPF4504tnLgX3zfw==", + "license": "MIT", + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/update-notifier/node_modules/chalk": { + "version": "5.6.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.6.2.tgz", + "integrity": "sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA==", + "license": "MIT", + "engines": { + "node": "^12.17.0 || ^14.13 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/uri-js": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", + "license": "BSD-2-Clause", + "dependencies": { + "punycode": "^2.1.0" + } + }, + "node_modules/url-loader": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/url-loader/-/url-loader-4.1.1.tgz", + "integrity": "sha512-3BTV812+AVHHOJQO8O5MkWgZ5aosP7GnROJwvzLS9hWDj00lZ6Z0wNak423Lp9PBZN05N+Jk/N5Si8jRAlGyWA==", + "license": "MIT", + "dependencies": { + "loader-utils": "^2.0.0", + "mime-types": "^2.1.27", + "schema-utils": "^3.0.0" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "file-loader": "*", + "webpack": "^4.0.0 || ^5.0.0" + }, + "peerDependenciesMeta": { + "file-loader": { + "optional": true + } + } + }, + "node_modules/url-loader/node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/url-loader/node_modules/ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "license": "MIT", + "peerDependencies": { + "ajv": "^6.9.1" + } + }, + "node_modules/url-loader/node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "license": "MIT" + }, + "node_modules/url-loader/node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/url-loader/node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/url-loader/node_modules/schema-utils": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz", + "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.8", + "ajv": "^6.12.5", + "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/use-sync-external-store": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/use-sync-external-store/-/use-sync-external-store-1.6.0.tgz", + "integrity": "sha512-Pp6GSwGP/NrPIrxVFAIkOQeyw8lFenOHijQWkUTrDvrF4ALqylP2C/KCkeS9dpUM3KvYRQhna5vt7IL95+ZQ9w==", + "license": "MIT", + "peerDependencies": { + "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0" + } + }, + "node_modules/util-deprecate": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==", + "license": "MIT" + }, + "node_modules/utila": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/utila/-/utila-0.4.0.tgz", + "integrity": "sha512-Z0DbgELS9/L/75wZbro8xAnT50pBVFQZ+hUEueGDU5FN51YSCYM+jdxsfCiHjwNP/4LCDD0i/graKpeBnOXKRA==", + "license": "MIT" + }, + "node_modules/utility-types": { + "version": "3.11.0", + "resolved": "https://registry.npmjs.org/utility-types/-/utility-types-3.11.0.tgz", + "integrity": "sha512-6Z7Ma2aVEWisaL6TvBCy7P8rm2LQoPv6dJ7ecIaIixHcwfbJ0x7mWdbcwlIM5IGQxPZSFYeqRCqlOOeKoJYMkw==", + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/utils-merge": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==", + "license": "MIT", + "engines": { + "node": ">= 0.4.0" + } + }, + "node_modules/uuid": { + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", + "deprecated": "uuid@10 and below is no longer supported. For ESM codebases, update to uuid@latest. For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028).", + "license": "MIT", + "bin": { + "uuid": "dist/bin/uuid" + } + }, + "node_modules/value-equal": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/value-equal/-/value-equal-1.0.1.tgz", + "integrity": "sha512-NOJ6JZCAWr0zlxZt+xqCHNTEKOsrks2HQd4MqhP1qy4z1SkbEP467eNx6TgDKXMvUOb+OENfJCZwM+16n7fRfw==", + "license": "MIT" + }, + "node_modules/vary": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/vfile": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/vfile/-/vfile-6.0.3.tgz", + "integrity": "sha512-KzIbH/9tXat2u30jf+smMwFCsno4wHVdNmzFyL+T/L3UGqqk6JKfVqOFOZEpZSHADH1k40ab6NUIXZq422ov3Q==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/vfile-location": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/vfile-location/-/vfile-location-5.0.3.tgz", + "integrity": "sha512-5yXvWDEgqeiYiBe1lbxYF7UMAIm/IcopxMHrMQDq3nvKcjPKIhZklUKL+AE7J7uApI4kwe2snsK+eI6UTj9EHg==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/vfile-message": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/vfile-message/-/vfile-message-4.0.3.tgz", + "integrity": "sha512-QTHzsGd1EhbZs4AsQ20JX1rC3cOlt/IWJruk893DfLRr57lcnOeMaWG4K0JrRta4mIJZKth2Au3mM3u03/JWKw==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "unist-util-stringify-position": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/watchpack": { + "version": "2.4.4", + "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.4.4.tgz", + "integrity": "sha512-c5EGNOiyxxV5qmTtAB7rbiXxi1ooX1pQKMLX/MIabJjRA0SJBQOjKF+KSVfHkr9U1cADPon0mRiVe/riyaiDUA==", + "license": "MIT", + "dependencies": { + "glob-to-regexp": "^0.4.1", + "graceful-fs": "^4.1.2" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/wbuf": { + "version": "1.7.3", + "resolved": "https://registry.npmjs.org/wbuf/-/wbuf-1.7.3.tgz", + "integrity": "sha512-O84QOnr0icsbFGLS0O3bI5FswxzRr8/gHwWkDlQFskhSPryQXvrTMxjxGP4+iWYoauLoBvfDpkrOauZ+0iZpDA==", + "license": "MIT", + "dependencies": { + "minimalistic-assert": "^1.0.0" + } + }, + "node_modules/web-namespaces": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/web-namespaces/-/web-namespaces-2.0.1.tgz", + "integrity": "sha512-bKr1DkiNa2krS7qxNtdrtHAmzuYGFQLiQ13TsorsdT6ULTkPLKuu5+GsFpDlg6JFjUTwX2DyhMPG2be8uPrqsQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/webpack": { + "version": "5.102.1", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.102.1.tgz", + "integrity": "sha512-7h/weGm9d/ywQ6qzJ+Xy+r9n/3qgp/thalBbpOi5i223dPXKi04IBtqPN9nTd+jBc7QKfvDbaBnFipYp4sJAUQ==", + "license": "MIT", + "dependencies": { + "@types/eslint-scope": "^3.7.7", + "@types/estree": "^1.0.8", + "@types/json-schema": "^7.0.15", + "@webassemblyjs/ast": "^1.14.1", + "@webassemblyjs/wasm-edit": "^1.14.1", + "@webassemblyjs/wasm-parser": "^1.14.1", + "acorn": "^8.15.0", + "acorn-import-phases": "^1.0.3", + "browserslist": "^4.26.3", + "chrome-trace-event": "^1.0.2", + "enhanced-resolve": "^5.17.3", + "es-module-lexer": "^1.2.1", + "eslint-scope": "5.1.1", + "events": "^3.2.0", + "glob-to-regexp": "^0.4.1", + "graceful-fs": "^4.2.11", + "json-parse-even-better-errors": "^2.3.1", + "loader-runner": "^4.2.0", + "mime-types": "^2.1.27", + "neo-async": "^2.6.2", + "schema-utils": "^4.3.3", + "tapable": "^2.3.0", + "terser-webpack-plugin": "^5.3.11", + "watchpack": "^2.4.4", + "webpack-sources": "^3.3.3" + }, + "bin": { + "webpack": "bin/webpack.js" + }, + "engines": { + "node": ">=10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependenciesMeta": { + "webpack-cli": { + "optional": true + } + } + }, + "node_modules/webpack-bundle-analyzer": { + "version": "4.10.2", + "resolved": "https://registry.npmjs.org/webpack-bundle-analyzer/-/webpack-bundle-analyzer-4.10.2.tgz", + "integrity": "sha512-vJptkMm9pk5si4Bv922ZbKLV8UTT4zib4FPgXMhgzUny0bfDDkLXAVQs3ly3fS4/TN9ROFtb0NFrm04UXFE/Vw==", + "license": "MIT", + "dependencies": { + "@discoveryjs/json-ext": "0.5.7", + "acorn": "^8.0.4", + "acorn-walk": "^8.0.0", + "commander": "^7.2.0", + "debounce": "^1.2.1", + "escape-string-regexp": "^4.0.0", + "gzip-size": "^6.0.0", + "html-escaper": "^2.0.2", + "opener": "^1.5.2", + "picocolors": "^1.0.0", + "sirv": "^2.0.3", + "ws": "^7.3.1" + }, + "bin": { + "webpack-bundle-analyzer": "lib/bin/analyzer.js" + }, + "engines": { + "node": ">= 10.13.0" + } + }, + "node_modules/webpack-bundle-analyzer/node_modules/commander": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", + "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==", + "license": "MIT", + "engines": { + "node": ">= 10" + } + }, + "node_modules/webpack-dev-middleware": { + "version": "7.4.5", + "resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-7.4.5.tgz", + "integrity": "sha512-uxQ6YqGdE4hgDKNf7hUiPXOdtkXvBJXrfEGYSx7P7LC8hnUYGK70X6xQXUvXeNyBDDcsiQXpG2m3G9vxowaEuA==", + "license": "MIT", + "dependencies": { + "colorette": "^2.0.10", + "memfs": "^4.43.1", + "mime-types": "^3.0.1", + "on-finished": "^2.4.1", + "range-parser": "^1.2.1", + "schema-utils": "^4.0.0" + }, + "engines": { + "node": ">= 18.12.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.0.0" + }, + "peerDependenciesMeta": { + "webpack": { + "optional": true + } + } + }, + "node_modules/webpack-dev-middleware/node_modules/mime-db": { + "version": "1.54.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", + "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/webpack-dev-middleware/node_modules/mime-types": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.1.tgz", + "integrity": "sha512-xRc4oEhT6eaBpU1XF7AjpOFD+xQmXNB5OVKwp4tqCuBpHLS/ZbBDrc07mYTDqVMg6PfxUjjNp85O6Cd2Z/5HWA==", + "license": "MIT", + "dependencies": { + "mime-db": "^1.54.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/webpack-dev-middleware/node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/webpack-dev-server": { + "version": "5.2.2", + "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-5.2.2.tgz", + "integrity": "sha512-QcQ72gh8a+7JO63TAx/6XZf/CWhgMzu5m0QirvPfGvptOusAxG12w2+aua1Jkjr7hzaWDnJ2n6JFeexMHI+Zjg==", + "license": "MIT", + "dependencies": { + "@types/bonjour": "^3.5.13", + "@types/connect-history-api-fallback": "^1.5.4", + "@types/express": "^4.17.21", + "@types/express-serve-static-core": "^4.17.21", + "@types/serve-index": "^1.9.4", + "@types/serve-static": "^1.15.5", + "@types/sockjs": "^0.3.36", + "@types/ws": "^8.5.10", + "ansi-html-community": "^0.0.8", + "bonjour-service": "^1.2.1", + "chokidar": "^3.6.0", + "colorette": "^2.0.10", + "compression": "^1.7.4", + "connect-history-api-fallback": "^2.0.0", + "express": "^4.21.2", + "graceful-fs": "^4.2.6", + "http-proxy-middleware": "^2.0.9", + "ipaddr.js": "^2.1.0", + "launch-editor": "^2.6.1", + "open": "^10.0.3", + "p-retry": "^6.2.0", + "schema-utils": "^4.2.0", + "selfsigned": "^2.4.1", + "serve-index": "^1.9.1", + "sockjs": "^0.3.24", + "spdy": "^4.0.2", + "webpack-dev-middleware": "^7.4.2", + "ws": "^8.18.0" + }, + "bin": { + "webpack-dev-server": "bin/webpack-dev-server.js" + }, + "engines": { + "node": ">= 18.12.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.0.0" + }, + "peerDependenciesMeta": { + "webpack": { + "optional": true + }, + "webpack-cli": { + "optional": true + } + } + }, + "node_modules/webpack-dev-server/node_modules/define-lazy-prop": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz", + "integrity": "sha512-N+MeXYoqr3pOgn8xfyRPREN7gHakLYjhsHhWGT3fWAiL4IkAt0iDw14QiiEm2bE30c5XX5q0FtAA3CK5f9/BUg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/webpack-dev-server/node_modules/open": { + "version": "10.2.0", + "resolved": "https://registry.npmjs.org/open/-/open-10.2.0.tgz", + "integrity": "sha512-YgBpdJHPyQ2UE5x+hlSXcnejzAvD0b22U2OuAP+8OnlJT+PjWPxtgmGqKKc+RgTM63U9gN0YzrYc71R2WT/hTA==", + "license": "MIT", + "dependencies": { + "default-browser": "^5.2.1", + "define-lazy-prop": "^3.0.0", + "is-inside-container": "^1.0.0", + "wsl-utils": "^0.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/webpack-dev-server/node_modules/ws": { + "version": "8.18.3", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.18.3.tgz", + "integrity": "sha512-PEIGCY5tSlUt50cqyMXfCzX+oOPqN0vuGqWzbcJ2xvnkzkq46oOpz7dQaTDBdfICb4N14+GARUDw2XV2N4tvzg==", + "license": "MIT", + "engines": { + "node": ">=10.0.0" + }, + "peerDependencies": { + "bufferutil": "^4.0.1", + "utf-8-validate": ">=5.0.2" + }, + "peerDependenciesMeta": { + "bufferutil": { + "optional": true + }, + "utf-8-validate": { + "optional": true + } + } + }, + "node_modules/webpack-merge": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/webpack-merge/-/webpack-merge-6.0.1.tgz", + "integrity": "sha512-hXXvrjtx2PLYx4qruKl+kyRSLc52V+cCvMxRjmKwoA+CBbbF5GfIBtR6kCvl0fYGqTUPKB+1ktVmTHqMOzgCBg==", + "license": "MIT", + "dependencies": { + "clone-deep": "^4.0.1", + "flat": "^5.0.2", + "wildcard": "^2.0.1" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/webpack-sources": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.3.3.tgz", + "integrity": "sha512-yd1RBzSGanHkitROoPFd6qsrxt+oFhg/129YzheDGqeustzX0vTZJZsSsQjVQC4yzBQ56K55XU8gaNCtIzOnTg==", + "license": "MIT", + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/webpack/node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/webpack/node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/webpackbar": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/webpackbar/-/webpackbar-6.0.1.tgz", + "integrity": "sha512-TnErZpmuKdwWBdMoexjio3KKX6ZtoKHRVvLIU0A47R0VVBDtx3ZyOJDktgYixhoJokZTYTt1Z37OkO9pnGJa9Q==", + "license": "MIT", + "dependencies": { + "ansi-escapes": "^4.3.2", + "chalk": "^4.1.2", + "consola": "^3.2.3", + "figures": "^3.2.0", + "markdown-table": "^2.0.0", + "pretty-time": "^1.1.0", + "std-env": "^3.7.0", + "wrap-ansi": "^7.0.0" + }, + "engines": { + "node": ">=14.21.3" + }, + "peerDependencies": { + "webpack": "3 || 4 || 5" + } + }, + "node_modules/webpackbar/node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "license": "MIT" + }, + "node_modules/webpackbar/node_modules/markdown-table": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/markdown-table/-/markdown-table-2.0.0.tgz", + "integrity": "sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==", + "license": "MIT", + "dependencies": { + "repeat-string": "^1.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/webpackbar/node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/webpackbar/node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/websocket-driver": { + "version": "0.7.4", + "resolved": "https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz", + "integrity": "sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg==", + "license": "Apache-2.0", + "dependencies": { + "http-parser-js": ">=0.5.1", + "safe-buffer": ">=5.1.0", + "websocket-extensions": ">=0.1.1" + }, + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/websocket-extensions": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.4.tgz", + "integrity": "sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg==", + "license": "Apache-2.0", + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "license": "ISC", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/widest-line": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/widest-line/-/widest-line-4.0.1.tgz", + "integrity": "sha512-o0cyEG0e8GPzT4iGHphIOh0cJOV8fivsXxddQasHPHfoZf1ZexrfeA21w2NaEN1RHE+fXlfISmOE8R9N3u3Qig==", + "license": "MIT", + "dependencies": { + "string-width": "^5.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/wildcard": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/wildcard/-/wildcard-2.0.1.tgz", + "integrity": "sha512-CC1bOL87PIWSBhDcTrdeLo6eGT7mCFtrg0uIJtqJUFyK+eJnzl8A1niH56uu7KMa5XFrtiV+AQuHO3n7DsHnLQ==", + "license": "MIT" + }, + "node_modules/wrap-ansi": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^6.1.0", + "string-width": "^5.0.1", + "strip-ansi": "^7.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrap-ansi/node_modules/ansi-regex": { + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz", + "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-regex?sponsor=1" + } + }, + "node_modules/wrap-ansi/node_modules/ansi-styles": { + "version": "6.2.3", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz", + "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/wrap-ansi/node_modules/strip-ansi": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz", + "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^6.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/strip-ansi?sponsor=1" + } + }, + "node_modules/write-file-atomic": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-3.0.3.tgz", + "integrity": "sha512-AvHcyZ5JnSfq3ioSyjrBkH9yW4m7Ayk8/9My/DD9onKeu/94fwrMocemO2QAJFAlnnDN+ZDS+ZjAR5ua1/PV/Q==", + "license": "ISC", + "dependencies": { + "imurmurhash": "^0.1.4", + "is-typedarray": "^1.0.0", + "signal-exit": "^3.0.2", + "typedarray-to-buffer": "^3.1.5" + } + }, + "node_modules/ws": { + "version": "7.5.10", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz", + "integrity": "sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==", + "license": "MIT", + "engines": { + "node": ">=8.3.0" + }, + "peerDependencies": { + "bufferutil": "^4.0.1", + "utf-8-validate": "^5.0.2" + }, + "peerDependenciesMeta": { + "bufferutil": { + "optional": true + }, + "utf-8-validate": { + "optional": true + } + } + }, + "node_modules/wsl-utils": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/wsl-utils/-/wsl-utils-0.1.0.tgz", + "integrity": "sha512-h3Fbisa2nKGPxCpm89Hk33lBLsnaGBvctQopaBSOW/uIs6FTe1ATyAnKFJrzVs9vpGdsTe73WF3V4lIsk4Gacw==", + "license": "MIT", + "dependencies": { + "is-wsl": "^3.1.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/wsl-utils/node_modules/is-wsl": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz", + "integrity": "sha512-UcVfVfaK4Sc4m7X3dUSoHoozQGBEFeDC+zVo06t98xe8CzHSZZBekNXH+tu0NalHolcJ/QAGqS46Hef7QXBIMw==", + "license": "MIT", + "dependencies": { + "is-inside-container": "^1.0.0" + }, + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/xdg-basedir": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/xdg-basedir/-/xdg-basedir-5.1.0.tgz", + "integrity": "sha512-GCPAHLvrIH13+c0SuacwvRYj2SxJXQ4kaVTT5xgL3kPrz56XxkF21IGhjSE1+W0aw7gpBWRGXLCPnPby6lSpmQ==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/xml-js": { + "version": "1.6.11", + "resolved": "https://registry.npmjs.org/xml-js/-/xml-js-1.6.11.tgz", + "integrity": "sha512-7rVi2KMfwfWFl+GpPg6m80IVMWXLRjO+PxTq7V2CDhoGak0wzYzFgUY2m4XJ47OGdXd8eLE8EmwfAmdjw7lC1g==", + "license": "MIT", + "dependencies": { + "sax": "^1.2.4" + }, + "bin": { + "xml-js": "bin/cli.js" + } + }, + "node_modules/yallist": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==", + "license": "ISC" + }, + "node_modules/yaml": { + "version": "2.8.4", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.4.tgz", + "integrity": "sha512-ml/JPOj9fOQK8RNnWojA67GbZ0ApXAUlN2UQclwv2eVgTgn7O9gg9o7paZWKMp4g0H3nTLtS9LVzhkpOFIKzog==", + "license": "ISC", + "bin": { + "yaml": "bin.mjs" + }, + "engines": { + "node": ">= 14.6" + }, + "funding": { + "url": "https://github.com/sponsors/eemeli" + } + }, + "node_modules/yarn": { + "version": "1.22.22", + "resolved": "https://registry.npmjs.org/yarn/-/yarn-1.22.22.tgz", + "integrity": "sha512-prL3kGtyG7o9Z9Sv8IPfBNrWTDmXB4Qbes8A9rEzt6wkJV8mUvoirjU0Mp3GGAU06Y0XQyA3/2/RQFVuK7MTfg==", + "hasInstallScript": true, + "license": "BSD-2-Clause", + "bin": { + "yarn": "bin/yarn.js", + "yarnpkg": "bin/yarn.js" + }, + "engines": { + "node": ">=4.0.0" + } + }, + "node_modules/yocto-queue": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-1.2.1.tgz", + "integrity": "sha512-AyeEbWOu/TAXdxlV9wmGcR0+yh2j3vYPGOECcIj2S7MkrLyC7ne+oye2BKTItt0ii2PHk4cDy+95+LshzbXnGg==", + "license": "MIT", + "engines": { + "node": ">=12.20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/zod": { + "version": "4.1.12", + "resolved": "https://registry.npmjs.org/zod/-/zod-4.1.12.tgz", + "integrity": "sha512-JInaHOamG8pt5+Ey8kGmdcAcg3OL9reK8ltczgHTAwNhMys/6ThXHityHxVV2p3fkw/c+MAvBHFVYHFZDmjMCQ==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/colinhacks" + } + }, + "node_modules/zwitch": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/zwitch/-/zwitch-2.0.4.tgz", + "integrity": "sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + } + } +} diff --git a/yarn.lock b/yarn.lock index 8fab3579..281b5254 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4,7 +4,7 @@ "@ai-sdk/gateway@2.0.0": version "2.0.0" - resolved "https://registry.yarnpkg.com/@ai-sdk/gateway/-/gateway-2.0.0.tgz#d291c40fa869174af5b7230bd838d1028488a6fd" + resolved "https://registry.npmjs.org/@ai-sdk/gateway/-/gateway-2.0.0.tgz" integrity sha512-Gj0PuawK7NkZuyYgO/h5kDK/l6hFOjhLdTq3/Lli1FTl47iGmwhH1IZQpAL3Z09BeFYWakcwUmn02ovIm2wy9g== dependencies: "@ai-sdk/provider" "2.0.0" @@ -13,7 +13,7 @@ "@ai-sdk/provider-utils@3.0.12": version "3.0.12" - resolved "https://registry.yarnpkg.com/@ai-sdk/provider-utils/-/provider-utils-3.0.12.tgz#9812a0b7ce36f2cae81dff3afe70f0c4bde76213" + resolved "https://registry.npmjs.org/@ai-sdk/provider-utils/-/provider-utils-3.0.12.tgz" integrity sha512-ZtbdvYxdMoria+2SlNarEk6Hlgyf+zzcznlD55EAl+7VZvJaSg2sqPvwArY7L6TfDEDJsnCq0fdhBSkYo0Xqdg== dependencies: "@ai-sdk/provider" "2.0.0" @@ -22,14 +22,14 @@ "@ai-sdk/provider@2.0.0": version "2.0.0" - resolved "https://registry.yarnpkg.com/@ai-sdk/provider/-/provider-2.0.0.tgz#b853c739d523b33675bc74b6c506b2c690bc602b" + resolved "https://registry.npmjs.org/@ai-sdk/provider/-/provider-2.0.0.tgz" integrity sha512-6o7Y2SeO9vFKB8lArHXehNuusnpddKPk7xqL7T2/b+OvXMRIXUO1rR4wcv1hAFUAT9avGZshty3Wlua/XA7TvA== dependencies: json-schema "^0.4.0" "@ai-sdk/react@^2.0.30": version "2.0.76" - resolved "https://registry.yarnpkg.com/@ai-sdk/react/-/react-2.0.76.tgz#eba2457f208d1762f16f807e1c4324cdf63bd969" + resolved "https://registry.npmjs.org/@ai-sdk/react/-/react-2.0.76.tgz" integrity sha512-ggAPzyaKJTqUWigpxMzI5DuC0Y3iEpDUPCgz6/6CpnKZY/iok+x5xiZhDemeaP0ILw5IQekV0kdgBR8JPgI8zQ== dependencies: "@ai-sdk/provider-utils" "3.0.12" @@ -39,7 +39,7 @@ "@algolia/abtesting@1.6.1": version "1.6.1" - resolved "https://registry.yarnpkg.com/@algolia/abtesting/-/abtesting-1.6.1.tgz#1074f6df6a59b371f56fdb5ddc2caec1853bcc58" + resolved "https://registry.npmjs.org/@algolia/abtesting/-/abtesting-1.6.1.tgz" integrity sha512-wV/gNRkzb7sI9vs1OneG129hwe3Q5zPj7zigz3Ps7M5Lpo2hSorrOnXNodHEOV+yXE/ks4Pd+G3CDFIjFTWhMQ== dependencies: "@algolia/client-common" "5.40.1" @@ -49,7 +49,7 @@ "@algolia/autocomplete-core@1.19.2": version "1.19.2" - resolved "https://registry.yarnpkg.com/@algolia/autocomplete-core/-/autocomplete-core-1.19.2.tgz#702df67a08cb3cfe8c33ee1111ef136ec1a9e232" + resolved "https://registry.npmjs.org/@algolia/autocomplete-core/-/autocomplete-core-1.19.2.tgz" integrity sha512-mKv7RyuAzXvwmq+0XRK8HqZXt9iZ5Kkm2huLjgn5JoCPtDy+oh9yxUMfDDaVCw0oyzZ1isdJBc7l9nuCyyR7Nw== dependencies: "@algolia/autocomplete-plugin-algolia-insights" "1.19.2" @@ -57,19 +57,19 @@ "@algolia/autocomplete-plugin-algolia-insights@1.19.2": version "1.19.2" - resolved "https://registry.yarnpkg.com/@algolia/autocomplete-plugin-algolia-insights/-/autocomplete-plugin-algolia-insights-1.19.2.tgz#3584b625b9317e333d1ae43664d02358e175c52d" + resolved "https://registry.npmjs.org/@algolia/autocomplete-plugin-algolia-insights/-/autocomplete-plugin-algolia-insights-1.19.2.tgz" integrity sha512-TjxbcC/r4vwmnZaPwrHtkXNeqvlpdyR+oR9Wi2XyfORkiGkLTVhX2j+O9SaCCINbKoDfc+c2PB8NjfOnz7+oKg== dependencies: "@algolia/autocomplete-shared" "1.19.2" "@algolia/autocomplete-shared@1.19.2": version "1.19.2" - resolved "https://registry.yarnpkg.com/@algolia/autocomplete-shared/-/autocomplete-shared-1.19.2.tgz#c0b7b8dc30a5c65b70501640e62b009535e4578f" + resolved "https://registry.npmjs.org/@algolia/autocomplete-shared/-/autocomplete-shared-1.19.2.tgz" integrity sha512-jEazxZTVD2nLrC+wYlVHQgpBoBB5KPStrJxLzsIFl6Kqd1AlG9sIAGl39V5tECLpIQzB3Qa2T6ZPJ1ChkwMK/w== "@algolia/client-abtesting@5.40.1": version "5.40.1" - resolved "https://registry.yarnpkg.com/@algolia/client-abtesting/-/client-abtesting-5.40.1.tgz#6674c20731e887a081edf7ea009fe00ce20537d4" + resolved "https://registry.npmjs.org/@algolia/client-abtesting/-/client-abtesting-5.40.1.tgz" integrity sha512-cxKNATPY5t+Mv8XAVTI57altkaPH+DZi4uMrnexPxPHODMljhGYY+GDZyHwv9a+8CbZHcY372OkxXrDMZA4Lnw== dependencies: "@algolia/client-common" "5.40.1" @@ -79,7 +79,7 @@ "@algolia/client-analytics@5.40.1": version "5.40.1" - resolved "https://registry.yarnpkg.com/@algolia/client-analytics/-/client-analytics-5.40.1.tgz#6550da491a59e9bc5112d9aeb1964e04b34543c5" + resolved "https://registry.npmjs.org/@algolia/client-analytics/-/client-analytics-5.40.1.tgz" integrity sha512-XP008aMffJCRGAY8/70t+hyEyvqqV7YKm502VPu0+Ji30oefrTn2al7LXkITz7CK6I4eYXWRhN6NaIUi65F1OA== dependencies: "@algolia/client-common" "5.40.1" @@ -89,12 +89,17 @@ "@algolia/client-common@5.40.1": version "5.40.1" - resolved "https://registry.yarnpkg.com/@algolia/client-common/-/client-common-5.40.1.tgz#df272c1eb491e7e4b15eaa44e4ad781630b4a438" + resolved "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.40.1.tgz" integrity sha512-gWfQuQUBtzUboJv/apVGZMoxSaB0M4Imwl1c9Ap+HpCW7V0KhjBddqF2QQt5tJZCOFsfNIgBbZDGsEPaeKUosw== +"@algolia/client-common@5.52.1": + version "5.52.1" + resolved "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.52.1.tgz" + integrity sha512-qCDoZfx5MpX7XQzvQ3bC4tSEMkQWQMaF/ABtLuoze03Y/flR563CCSws02qIJ23oX7lxl92LsilZjINVyTdtLw== + "@algolia/client-insights@5.40.1": version "5.40.1" - resolved "https://registry.yarnpkg.com/@algolia/client-insights/-/client-insights-5.40.1.tgz#db53a74d78b004b176213dfe84cb250323e64906" + resolved "https://registry.npmjs.org/@algolia/client-insights/-/client-insights-5.40.1.tgz" integrity sha512-RTLjST/t+lsLMouQ4zeLJq2Ss+UNkLGyNVu+yWHanx6kQ3LT5jv8UvPwyht9s7R6jCPnlSI77WnL80J32ZuyJg== dependencies: "@algolia/client-common" "5.40.1" @@ -104,7 +109,7 @@ "@algolia/client-personalization@5.40.1": version "5.40.1" - resolved "https://registry.yarnpkg.com/@algolia/client-personalization/-/client-personalization-5.40.1.tgz#9e9885a1855b893ddb3cefa484d5d08158b622f5" + resolved "https://registry.npmjs.org/@algolia/client-personalization/-/client-personalization-5.40.1.tgz" integrity sha512-2FEK6bUomBzEYkTKzD0iRs7Ljtjb45rKK/VSkyHqeJnG+77qx557IeSO0qVFE3SfzapNcoytTofnZum0BQ6r3Q== dependencies: "@algolia/client-common" "5.40.1" @@ -114,7 +119,7 @@ "@algolia/client-query-suggestions@5.40.1": version "5.40.1" - resolved "https://registry.yarnpkg.com/@algolia/client-query-suggestions/-/client-query-suggestions-5.40.1.tgz#45dd6d7ad53f87043d44ffe983ab2d2385c8270a" + resolved "https://registry.npmjs.org/@algolia/client-query-suggestions/-/client-query-suggestions-5.40.1.tgz" integrity sha512-Nju4NtxAvXjrV2hHZNLKVJLXjOlW6jAXHef/CwNzk1b2qIrCWDO589ELi5ZHH1uiWYoYyBXDQTtHmhaOVVoyXg== dependencies: "@algolia/client-common" "5.40.1" @@ -122,9 +127,19 @@ "@algolia/requester-fetch" "5.40.1" "@algolia/requester-node-http" "5.40.1" +"@algolia/client-search@>= 4.9.1 < 6": + version "5.52.1" + resolved "https://registry.npmjs.org/@algolia/client-search/-/client-search-5.52.1.tgz" + integrity sha512-gA8oJOV1LnQQkDf91iebNnFInHuW0gRPEgLSOQ7EfipCEjYTHm5swm1DlH9H5RaRw4RrHuzHBegnlzc0MAstcg== + dependencies: + "@algolia/client-common" "5.52.1" + "@algolia/requester-browser-xhr" "5.52.1" + "@algolia/requester-fetch" "5.52.1" + "@algolia/requester-node-http" "5.52.1" + "@algolia/client-search@5.40.1": version "5.40.1" - resolved "https://registry.yarnpkg.com/@algolia/client-search/-/client-search-5.40.1.tgz#9e179ac583dd9ddf638139e24971bb9229897931" + resolved "https://registry.npmjs.org/@algolia/client-search/-/client-search-5.40.1.tgz" integrity sha512-Mw6pAUF121MfngQtcUb5quZVqMC68pSYYjCRZkSITC085S3zdk+h/g7i6FxnVdbSU6OztxikSDMh1r7Z+4iPlA== dependencies: "@algolia/client-common" "5.40.1" @@ -134,12 +149,12 @@ "@algolia/events@^4.0.1": version "4.0.1" - resolved "https://registry.yarnpkg.com/@algolia/events/-/events-4.0.1.tgz#fd39e7477e7bc703d7f893b556f676c032af3950" + resolved "https://registry.npmjs.org/@algolia/events/-/events-4.0.1.tgz" integrity sha512-FQzvOCgoFXAbf5Y6mYozw2aj5KCJoA3m4heImceldzPSMbdyS4atVjJzXKMsfX3wnZTFYwkkt8/z8UesLHlSBQ== "@algolia/ingestion@1.40.1": version "1.40.1" - resolved "https://registry.yarnpkg.com/@algolia/ingestion/-/ingestion-1.40.1.tgz#eea0793d6e89b424d742d726de7419f5bcaefa16" + resolved "https://registry.npmjs.org/@algolia/ingestion/-/ingestion-1.40.1.tgz" integrity sha512-z+BPlhs45VURKJIxsR99NNBWpUEEqIgwt10v/fATlNxc4UlXvALdOsWzaFfe89/lbP5Bu4+mbO59nqBC87ZM/g== dependencies: "@algolia/client-common" "5.40.1" @@ -149,7 +164,7 @@ "@algolia/monitoring@1.40.1": version "1.40.1" - resolved "https://registry.yarnpkg.com/@algolia/monitoring/-/monitoring-1.40.1.tgz#50bf7286f3ba0fae220d7f5e0bf73c1b671f8958" + resolved "https://registry.npmjs.org/@algolia/monitoring/-/monitoring-1.40.1.tgz" integrity sha512-VJMUMbO0wD8Rd2VVV/nlFtLJsOAQvjnVNGkMkspFiFhpBA7s/xJOb+fJvvqwKFUjbKTUA7DjiSi1ljSMYBasXg== dependencies: "@algolia/client-common" "5.40.1" @@ -159,7 +174,7 @@ "@algolia/recommend@5.40.1": version "5.40.1" - resolved "https://registry.yarnpkg.com/@algolia/recommend/-/recommend-5.40.1.tgz#db8395ce0d17ccba03a877b42dce1f205bbdf5b9" + resolved "https://registry.npmjs.org/@algolia/recommend/-/recommend-5.40.1.tgz" integrity sha512-ehvJLadKVwTp9Scg9NfzVSlBKH34KoWOQNTaN8i1Ac64AnO6iH2apJVSP6GOxssaghZ/s8mFQsDH3QIZoluFHA== dependencies: "@algolia/client-common" "5.40.1" @@ -169,28 +184,49 @@ "@algolia/requester-browser-xhr@5.40.1": version "5.40.1" - resolved "https://registry.yarnpkg.com/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.40.1.tgz#cddc52f7dc8e4b4a1051f90e55336d9573df62af" + resolved "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.40.1.tgz" integrity sha512-PbidVsPurUSQIr6X9/7s34mgOMdJnn0i6p+N6Ab+lsNhY5eiu+S33kZEpZwkITYBCIbhzDLOvb7xZD3gDi+USA== dependencies: "@algolia/client-common" "5.40.1" +"@algolia/requester-browser-xhr@5.52.1": + version "5.52.1" + resolved "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.52.1.tgz" + integrity sha512-CI7+/0I11QeZM59Uc8whd2or0kqzFVjpaPn9Qpwll/krHcBAxk24WkAQ6WX+IwDVMfpont4YGbKwAmCre3vE8Q== + dependencies: + "@algolia/client-common" "5.52.1" + "@algolia/requester-fetch@5.40.1": version "5.40.1" - resolved "https://registry.yarnpkg.com/@algolia/requester-fetch/-/requester-fetch-5.40.1.tgz#3ec36412f7d10f4270a59e456d8e71a2eda58ea8" + resolved "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.40.1.tgz" integrity sha512-ThZ5j6uOZCF11fMw9IBkhigjOYdXGXQpj6h4k+T9UkZrF2RlKcPynFzDeRgaLdpYk8Yn3/MnFbwUmib7yxj5Lw== dependencies: "@algolia/client-common" "5.40.1" +"@algolia/requester-fetch@5.52.1": + version "5.52.1" + resolved "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.52.1.tgz" + integrity sha512-S6bDuw9byfOvm3T71cgdoZgrgnZq6hpdMLkx52Louh57nUAmvGQESz2aojOynQHjbTiV55smvAFbgn0qT4tJrg== + dependencies: + "@algolia/client-common" "5.52.1" + "@algolia/requester-node-http@5.40.1": version "5.40.1" - resolved "https://registry.yarnpkg.com/@algolia/requester-node-http/-/requester-node-http-5.40.1.tgz#ed3a9b1846f7d6be88839522ca0d337159d5ff66" + resolved "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.40.1.tgz" integrity sha512-H1gYPojO6krWHnUXu/T44DrEun/Wl95PJzMXRcM/szstNQczSbwq6wIFJPI9nyE95tarZfUNU3rgorT+wZ6iCQ== dependencies: "@algolia/client-common" "5.40.1" +"@algolia/requester-node-http@5.52.1": + version "5.52.1" + resolved "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.52.1.tgz" + integrity sha512-tqZXM+54rWo4mk5jL5Z/flE11nPmNEdXwFBM5py9DkOmbjeCNemfVd45FyM97XdzfZ0dl9uOJC6PYn1FpkeyQg== + dependencies: + "@algolia/client-common" "5.52.1" + "@babel/code-frame@^7.0.0", "@babel/code-frame@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.27.1.tgz#200f715e66d52a23b221a9435534a91cc13ad5be" + resolved "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz" integrity sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg== dependencies: "@babel/helper-validator-identifier" "^7.27.1" @@ -199,12 +235,12 @@ "@babel/compat-data@^7.27.2", "@babel/compat-data@^7.27.7", "@babel/compat-data@^7.28.0": version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/compat-data/-/compat-data-7.28.4.tgz#96fdf1af1b8859c8474ab39c295312bfb7c24b04" + resolved "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.28.4.tgz" integrity sha512-YsmSKC29MJwf0gF8Rjjrg5LQCmyh+j/nD8/eP7f+BeoQTKYqs9RoWbjGOdy0+1Ekr68RJZMUOPVQaQisnIo4Rw== -"@babel/core@^7.21.3", "@babel/core@^7.25.9": +"@babel/core@^7.0.0", "@babel/core@^7.0.0-0", "@babel/core@^7.0.0-0 || ^8.0.0-0 <8.0.0", "@babel/core@^7.12.0", "@babel/core@^7.13.0", "@babel/core@^7.21.3", "@babel/core@^7.25.9", "@babel/core@^7.4.0 || ^8.0.0-0 <8.0.0": version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.28.4.tgz#12a550b8794452df4c8b084f95003bce1742d496" + resolved "https://registry.npmjs.org/@babel/core/-/core-7.28.4.tgz" integrity sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA== dependencies: "@babel/code-frame" "^7.27.1" @@ -225,7 +261,7 @@ "@babel/generator@^7.25.9", "@babel/generator@^7.28.3": version "7.28.3" - resolved "https://registry.yarnpkg.com/@babel/generator/-/generator-7.28.3.tgz#9626c1741c650cbac39121694a0f2d7451b8ef3e" + resolved "https://registry.npmjs.org/@babel/generator/-/generator-7.28.3.tgz" integrity sha512-3lSpxGgvnmZznmBkCRnVREPUFJv2wrv9iAoFDvADJc0ypmdOxdUtcLeBgBJ6zE0PMeTKnxeQzyk0xTBq4Ep7zw== dependencies: "@babel/parser" "^7.28.3" @@ -236,14 +272,14 @@ "@babel/helper-annotate-as-pure@^7.27.1", "@babel/helper-annotate-as-pure@^7.27.3": version "7.27.3" - resolved "https://registry.yarnpkg.com/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.27.3.tgz#f31fd86b915fc4daf1f3ac6976c59be7084ed9c5" + resolved "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.27.3.tgz" integrity sha512-fXSwMQqitTGeHLBC08Eq5yXz2m37E4pJX1qAU1+2cNedz/ifv/bVXft90VeSav5nFO61EcNgwr0aJxbyPaWBPg== dependencies: "@babel/types" "^7.27.3" "@babel/helper-compilation-targets@^7.27.1", "@babel/helper-compilation-targets@^7.27.2": version "7.27.2" - resolved "https://registry.yarnpkg.com/@babel/helper-compilation-targets/-/helper-compilation-targets-7.27.2.tgz#46a0f6efab808d51d29ce96858dd10ce8732733d" + resolved "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.27.2.tgz" integrity sha512-2+1thGUUWWjLTYTHZWK1n8Yga0ijBz1XAhUXcKy81rd5g6yh7hGqMp45v7cadSbEHc9G3OTv45SyneRN3ps4DQ== dependencies: "@babel/compat-data" "^7.27.2" @@ -254,7 +290,7 @@ "@babel/helper-create-class-features-plugin@^7.27.1", "@babel/helper-create-class-features-plugin@^7.28.3": version "7.28.3" - resolved "https://registry.yarnpkg.com/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.28.3.tgz#3e747434ea007910c320c4d39a6b46f20f371d46" + resolved "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.28.3.tgz" integrity sha512-V9f6ZFIYSLNEbuGA/92uOvYsGCJNsuA8ESZ4ldc09bWk/j8H8TKiPw8Mk1eG6olpnO0ALHJmYfZvF4MEE4gajg== dependencies: "@babel/helper-annotate-as-pure" "^7.27.3" @@ -267,7 +303,7 @@ "@babel/helper-create-regexp-features-plugin@^7.18.6", "@babel/helper-create-regexp-features-plugin@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.27.1.tgz#05b0882d97ba1d4d03519e4bce615d70afa18c53" + resolved "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.27.1.tgz" integrity sha512-uVDC72XVf8UbrH5qQTc18Agb8emwjTiZrQE11Nv3CuBEZmVvTwwE9CBUEvHku06gQCAyYf8Nv6ja1IN+6LMbxQ== dependencies: "@babel/helper-annotate-as-pure" "^7.27.1" @@ -276,7 +312,7 @@ "@babel/helper-define-polyfill-provider@^0.6.5": version "0.6.5" - resolved "https://registry.yarnpkg.com/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.6.5.tgz#742ccf1cb003c07b48859fc9fa2c1bbe40e5f753" + resolved "https://registry.npmjs.org/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.6.5.tgz" integrity sha512-uJnGFcPsWQK8fvjgGP5LZUZZsYGIoPeRjSF5PGwrelYgq7Q15/Ft9NGFp1zglwgIv//W0uG4BevRuSJRyylZPg== dependencies: "@babel/helper-compilation-targets" "^7.27.2" @@ -287,12 +323,12 @@ "@babel/helper-globals@^7.28.0": version "7.28.0" - resolved "https://registry.yarnpkg.com/@babel/helper-globals/-/helper-globals-7.28.0.tgz#b9430df2aa4e17bc28665eadeae8aa1d985e6674" + resolved "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz" integrity sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw== "@babel/helper-member-expression-to-functions@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.27.1.tgz#ea1211276be93e798ce19037da6f06fbb994fa44" + resolved "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.27.1.tgz" integrity sha512-E5chM8eWjTp/aNoVpcbfM7mLxu9XGLWYise2eBKGQomAk/Mb4XoxyqXTZbuTohbsl8EKqdlMhnDI2CCLfcs9wA== dependencies: "@babel/traverse" "^7.27.1" @@ -300,7 +336,7 @@ "@babel/helper-module-imports@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/helper-module-imports/-/helper-module-imports-7.27.1.tgz#7ef769a323e2655e126673bb6d2d6913bbead204" + resolved "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.27.1.tgz" integrity sha512-0gSFWUPNXNopqtIPQvlD5WgXYI5GY2kP2cCvoT8kczjbfcfuIljTbcWrulD1CIPIX2gt1wghbDy08yE1p+/r3w== dependencies: "@babel/traverse" "^7.27.1" @@ -308,7 +344,7 @@ "@babel/helper-module-transforms@^7.27.1", "@babel/helper-module-transforms@^7.28.3": version "7.28.3" - resolved "https://registry.yarnpkg.com/@babel/helper-module-transforms/-/helper-module-transforms-7.28.3.tgz#a2b37d3da3b2344fe085dab234426f2b9a2fa5f6" + resolved "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.28.3.tgz" integrity sha512-gytXUbs8k2sXS9PnQptz5o0QnpLL51SwASIORY6XaBKF88nsOT0Zw9szLqlSGQDP/4TljBAD5y98p2U1fqkdsw== dependencies: "@babel/helper-module-imports" "^7.27.1" @@ -317,19 +353,19 @@ "@babel/helper-optimise-call-expression@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.27.1.tgz#c65221b61a643f3e62705e5dd2b5f115e35f9200" + resolved "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.27.1.tgz" integrity sha512-URMGH08NzYFhubNSGJrpUEphGKQwMQYBySzat5cAByY1/YgIRkULnIy3tAMeszlL/so2HbeilYloUmSpd7GdVw== dependencies: "@babel/types" "^7.27.1" "@babel/helper-plugin-utils@^7.0.0", "@babel/helper-plugin-utils@^7.18.6", "@babel/helper-plugin-utils@^7.27.1", "@babel/helper-plugin-utils@^7.8.0": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/helper-plugin-utils/-/helper-plugin-utils-7.27.1.tgz#ddb2f876534ff8013e6c2b299bf4d39b3c51d44c" + resolved "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.27.1.tgz" integrity sha512-1gn1Up5YXka3YYAHGKpbideQ5Yjf1tDa9qYcgysz+cNCXukyLl6DjPXhD3VRwSb8c0J9tA4b2+rHEZtc6R0tlw== "@babel/helper-remap-async-to-generator@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.27.1.tgz#4601d5c7ce2eb2aea58328d43725523fcd362ce6" + resolved "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.27.1.tgz" integrity sha512-7fiA521aVw8lSPeI4ZOD3vRFkoqkJcS+z4hFo82bFSH/2tNd6eJ5qCVMS5OzDmZh/kaHQeBaeyxK6wljcPtveA== dependencies: "@babel/helper-annotate-as-pure" "^7.27.1" @@ -338,7 +374,7 @@ "@babel/helper-replace-supers@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/helper-replace-supers/-/helper-replace-supers-7.27.1.tgz#b1ed2d634ce3bdb730e4b52de30f8cccfd692bc0" + resolved "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.27.1.tgz" integrity sha512-7EHz6qDZc8RYS5ElPoShMheWvEgERonFCs7IAonWLLUTXW59DP14bCZt89/GKyreYn8g3S83m21FelHKbeDCKA== dependencies: "@babel/helper-member-expression-to-functions" "^7.27.1" @@ -347,7 +383,7 @@ "@babel/helper-skip-transparent-expression-wrappers@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.27.1.tgz#62bb91b3abba8c7f1fec0252d9dbea11b3ee7a56" + resolved "https://registry.npmjs.org/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.27.1.tgz" integrity sha512-Tub4ZKEXqbPjXgWLl2+3JpQAYBJ8+ikpQ2Ocj/q/r0LwE3UhENh7EUabyHjz2kCEsrRY83ew2DQdHluuiDQFzg== dependencies: "@babel/traverse" "^7.27.1" @@ -355,22 +391,22 @@ "@babel/helper-string-parser@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz#54da796097ab19ce67ed9f88b47bb2ec49367687" + resolved "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz" integrity sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA== "@babel/helper-validator-identifier@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/helper-validator-identifier/-/helper-validator-identifier-7.27.1.tgz#a7054dcc145a967dd4dc8fee845a57c1316c9df8" + resolved "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.27.1.tgz" integrity sha512-D2hP9eA+Sqx1kBZgzxZh0y1trbuU+JoDkiEwqhQ36nodYqJwyEIhPSdMNd7lOm/4io72luTPWH20Yda0xOuUow== "@babel/helper-validator-option@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz#fa52f5b1e7db1ab049445b421c4471303897702f" + resolved "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.27.1.tgz" integrity sha512-YvjJow9FxbhFFKDSuFnVCe2WxXk1zWc22fFePVNEaWJEu8IrZVlda6N0uHwzZrUM1il7NC9Mlp4MaJYbYd9JSg== "@babel/helper-wrap-function@^7.27.1": version "7.28.3" - resolved "https://registry.yarnpkg.com/@babel/helper-wrap-function/-/helper-wrap-function-7.28.3.tgz#fe4872092bc1438ffd0ce579e6f699609f9d0a7a" + resolved "https://registry.npmjs.org/@babel/helper-wrap-function/-/helper-wrap-function-7.28.3.tgz" integrity sha512-zdf983tNfLZFletc0RRXYrHrucBEg95NIFMkn6K9dbeMYnsgHaSBGcQqdsCSStG2PYwRre0Qc2NNSCXbG+xc6g== dependencies: "@babel/template" "^7.27.2" @@ -379,7 +415,7 @@ "@babel/helpers@^7.28.4": version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/helpers/-/helpers-7.28.4.tgz#fe07274742e95bdf7cf1443593eeb8926ab63827" + resolved "https://registry.npmjs.org/@babel/helpers/-/helpers-7.28.4.tgz" integrity sha512-HFN59MmQXGHVyYadKLVumYsA9dBFun/ldYxipEjzA4196jpLZd8UjEEBLkbEkvfYreDqJhZxYAWFPtrfhNpj4w== dependencies: "@babel/template" "^7.27.2" @@ -387,14 +423,14 @@ "@babel/parser@^7.27.2", "@babel/parser@^7.28.3", "@babel/parser@^7.28.4": version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/parser/-/parser-7.28.4.tgz#da25d4643532890932cc03f7705fe19637e03fa8" + resolved "https://registry.npmjs.org/@babel/parser/-/parser-7.28.4.tgz" integrity sha512-yZbBqeM6TkpP9du/I2pUZnJsRMGGvOuIrhjzC1AwHwW+6he4mni6Bp/m8ijn0iOuZuPI2BfkCoSRunpyjnrQKg== dependencies: "@babel/types" "^7.28.4" "@babel/plugin-bugfix-firefox-class-in-computed-class-key@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.27.1.tgz#61dd8a8e61f7eb568268d1b5f129da3eee364bf9" + resolved "https://registry.npmjs.org/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.27.1.tgz" integrity sha512-QPG3C9cCVRQLxAVwmefEmwdTanECuUBMQZ/ym5kiw3XKCGA7qkuQLcjWWHcrD/GKbn/WmJwaezfuuAOcyKlRPA== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -402,21 +438,21 @@ "@babel/plugin-bugfix-safari-class-field-initializer-scope@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-safari-class-field-initializer-scope/-/plugin-bugfix-safari-class-field-initializer-scope-7.27.1.tgz#43f70a6d7efd52370eefbdf55ae03d91b293856d" + resolved "https://registry.npmjs.org/@babel/plugin-bugfix-safari-class-field-initializer-scope/-/plugin-bugfix-safari-class-field-initializer-scope-7.27.1.tgz" integrity sha512-qNeq3bCKnGgLkEXUuFry6dPlGfCdQNZbn7yUAPCInwAJHMU7THJfrBSozkcWq5sNM6RcF3S8XyQL2A52KNR9IA== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.27.1.tgz#beb623bd573b8b6f3047bd04c32506adc3e58a72" + resolved "https://registry.npmjs.org/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.27.1.tgz" integrity sha512-g4L7OYun04N1WyqMNjldFwlfPCLVkgB54A/YCXICZYBsvJJE3kByKv9c9+R/nAfmIfjl2rKYLNyMHboYbZaWaA== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.27.1.tgz#e134a5479eb2ba9c02714e8c1ebf1ec9076124fd" + resolved "https://registry.npmjs.org/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.27.1.tgz" integrity sha512-oO02gcONcD5O1iTLi/6frMJBIwWEHceWGSGqrpCmEL8nogiS6J9PBlE48CaK20/Jx1LuRml9aDftLgdjXT8+Cw== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -425,7 +461,7 @@ "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@^7.28.3": version "7.28.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.28.3.tgz#373f6e2de0016f73caf8f27004f61d167743742a" + resolved "https://registry.npmjs.org/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.28.3.tgz" integrity sha512-b6YTX108evsvE4YgWyQ921ZAFFQm3Bn+CA3+ZXlNVnPhx+UfsVURoPjfGAPCjBgrqo30yX/C2nZGX96DxvR9Iw== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -433,47 +469,47 @@ "@babel/plugin-proposal-private-property-in-object@7.21.0-placeholder-for-preset-env.2": version "7.21.0-placeholder-for-preset-env.2" - resolved "https://registry.yarnpkg.com/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0-placeholder-for-preset-env.2.tgz#7844f9289546efa9febac2de4cfe358a050bd703" + resolved "https://registry.npmjs.org/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0-placeholder-for-preset-env.2.tgz" integrity sha512-SOSkfJDddaM7mak6cPEpswyTRnuRltl429hMraQEglW+OkovnCzsiszTmsrlY//qLFjCpQDFRvjdm2wA5pPm9w== "@babel/plugin-syntax-dynamic-import@^7.8.3": version "7.8.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-dynamic-import/-/plugin-syntax-dynamic-import-7.8.3.tgz#62bf98b2da3cd21d626154fc96ee5b3cb68eacb3" + resolved "https://registry.npmjs.org/@babel/plugin-syntax-dynamic-import/-/plugin-syntax-dynamic-import-7.8.3.tgz" integrity sha512-5gdGbFon+PszYzqs83S3E5mpi7/y/8M9eC90MRTZfduQOYW76ig6SOSPNe41IG5LoP3FGBn2N0RjVDSQiS94kQ== dependencies: "@babel/helper-plugin-utils" "^7.8.0" "@babel/plugin-syntax-import-assertions@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.27.1.tgz#88894aefd2b03b5ee6ad1562a7c8e1587496aecd" + resolved "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.27.1.tgz" integrity sha512-UT/Jrhw57xg4ILHLFnzFpPDlMbcdEicaAtjPQpbj9wa8T4r5KVWCimHcL/460g8Ht0DMxDyjsLgiWSkVjnwPFg== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-syntax-import-attributes@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.27.1.tgz#34c017d54496f9b11b61474e7ea3dfd5563ffe07" + resolved "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.27.1.tgz" integrity sha512-oFT0FrKHgF53f4vOsZGi2Hh3I35PfSmVs4IBFLFj4dnafP+hIWDLg3VyKmUHfLoLHlyxY4C7DGtmHuJgn+IGww== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-syntax-jsx@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.27.1.tgz#2f9beb5eff30fa507c5532d107daac7b888fa34c" + resolved "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.27.1.tgz" integrity sha512-y8YTNIeKoyhGd9O0Jiyzyyqk8gdjnumGTQPsz0xOZOQ2RmkVJeZ1vmmfIvFEKqucBG6axJGBZDE/7iI5suUI/w== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-syntax-typescript@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.27.1.tgz#5147d29066a793450f220c63fa3a9431b7e6dd18" + resolved "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.27.1.tgz" integrity sha512-xfYCBMxveHrRMnAWl1ZlPXOZjzkN82THFvLhQhFXFt81Z5HnN+EtUkZhv/zcKpmT3fzmWZB0ywiBrbC3vogbwQ== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-syntax-unicode-sets-regex@^7.18.6": version "7.18.6" - resolved "https://registry.yarnpkg.com/@babel/plugin-syntax-unicode-sets-regex/-/plugin-syntax-unicode-sets-regex-7.18.6.tgz#d49a3b3e6b52e5be6740022317580234a6a47357" + resolved "https://registry.npmjs.org/@babel/plugin-syntax-unicode-sets-regex/-/plugin-syntax-unicode-sets-regex-7.18.6.tgz" integrity sha512-727YkEAPwSIQTv5im8QHz3upqp92JTWhidIC81Tdx4VJYIte/VndKf1qKrfnnhPLiPghStWfvC/iFaMCQu7Nqg== dependencies: "@babel/helper-create-regexp-features-plugin" "^7.18.6" @@ -481,14 +517,14 @@ "@babel/plugin-transform-arrow-functions@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.27.1.tgz#6e2061067ba3ab0266d834a9f94811196f2aba9a" + resolved "https://registry.npmjs.org/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.27.1.tgz" integrity sha512-8Z4TGic6xW70FKThA5HYEKKyBpOOsucTOD1DjU3fZxDg+K3zBJcXMFnt/4yQiZnf5+MiOMSXQ9PaEK/Ilh1DeA== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-async-generator-functions@^7.28.0": version "7.28.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.28.0.tgz#1276e6c7285ab2cd1eccb0bc7356b7a69ff842c2" + resolved "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.28.0.tgz" integrity sha512-BEOdvX4+M765icNPZeidyADIvQ1m1gmunXufXxvRESy/jNNyfovIqUyE7MVgGBjWktCoJlzvFA1To2O4ymIO3Q== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -497,7 +533,7 @@ "@babel/plugin-transform-async-to-generator@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.27.1.tgz#9a93893b9379b39466c74474f55af03de78c66e7" + resolved "https://registry.npmjs.org/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.27.1.tgz" integrity sha512-NREkZsZVJS4xmTr8qzE5y8AfIPqsdQfRuUiLRTEzb7Qii8iFWCyDKaUV2c0rCuh4ljDZ98ALHP/PetiBV2nddA== dependencies: "@babel/helper-module-imports" "^7.27.1" @@ -506,21 +542,21 @@ "@babel/plugin-transform-block-scoped-functions@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.27.1.tgz#558a9d6e24cf72802dd3b62a4b51e0d62c0f57f9" + resolved "https://registry.npmjs.org/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.27.1.tgz" integrity sha512-cnqkuOtZLapWYZUYM5rVIdv1nXYuFVIltZ6ZJ7nIj585QsjKM5dhL2Fu/lICXZ1OyIAFc7Qy+bvDAtTXqGrlhg== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-block-scoping@^7.28.0": version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.28.4.tgz#e19ac4ddb8b7858bac1fd5c1be98a994d9726410" + resolved "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.28.4.tgz" integrity sha512-1yxmvN0MJHOhPVmAsmoW5liWwoILobu/d/ShymZmj867bAdxGbehIrew1DuLpw2Ukv+qDSSPQdYW1dLNE7t11A== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-class-properties@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.27.1.tgz#dd40a6a370dfd49d32362ae206ddaf2bb082a925" + resolved "https://registry.npmjs.org/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.27.1.tgz" integrity sha512-D0VcalChDMtuRvJIu3U/fwWjf8ZMykz5iZsg77Nuj821vCKI3zCyRLwRdWbsuJ/uRwZhZ002QtCqIkwC/ZkvbA== dependencies: "@babel/helper-create-class-features-plugin" "^7.27.1" @@ -528,7 +564,7 @@ "@babel/plugin-transform-class-static-block@^7.28.3": version "7.28.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.28.3.tgz#d1b8e69b54c9993bc558203e1f49bfc979bfd852" + resolved "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.28.3.tgz" integrity sha512-LtPXlBbRoc4Njl/oh1CeD/3jC+atytbnf/UqLoqTDcEYGUPj022+rvfkbDYieUrSj3CaV4yHDByPE+T2HwfsJg== dependencies: "@babel/helper-create-class-features-plugin" "^7.28.3" @@ -536,7 +572,7 @@ "@babel/plugin-transform-classes@^7.28.3": version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-classes/-/plugin-transform-classes-7.28.4.tgz#75d66175486788c56728a73424d67cbc7473495c" + resolved "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.28.4.tgz" integrity sha512-cFOlhIYPBv/iBoc+KS3M6et2XPtbT2HiCRfBXWtfpc9OAyostldxIf9YAYB6ypURBBbx+Qv6nyrLzASfJe+hBA== dependencies: "@babel/helper-annotate-as-pure" "^7.27.3" @@ -548,7 +584,7 @@ "@babel/plugin-transform-computed-properties@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.27.1.tgz#81662e78bf5e734a97982c2b7f0a793288ef3caa" + resolved "https://registry.npmjs.org/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.27.1.tgz" integrity sha512-lj9PGWvMTVksbWiDT2tW68zGS/cyo4AkZ/QTp0sQT0mjPopCmrSkzxeXkznjqBxzDI6TclZhOJbBmbBLjuOZUw== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -556,7 +592,7 @@ "@babel/plugin-transform-destructuring@^7.28.0": version "7.28.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.28.0.tgz#0f156588f69c596089b7d5b06f5af83d9aa7f97a" + resolved "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.28.0.tgz" integrity sha512-v1nrSMBiKcodhsyJ4Gf+Z0U/yawmJDBOTpEB3mcQY52r9RIyPneGyAS/yM6seP/8I+mWI3elOMtT5dB8GJVs+A== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -564,7 +600,7 @@ "@babel/plugin-transform-dotall-regex@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.27.1.tgz#aa6821de864c528b1fecf286f0a174e38e826f4d" + resolved "https://registry.npmjs.org/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.27.1.tgz" integrity sha512-gEbkDVGRvjj7+T1ivxrfgygpT7GUd4vmODtYpbs0gZATdkX8/iSnOtZSxiZnsgm1YjTgjI6VKBGSJJevkrclzw== dependencies: "@babel/helper-create-regexp-features-plugin" "^7.27.1" @@ -572,14 +608,14 @@ "@babel/plugin-transform-duplicate-keys@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.27.1.tgz#f1fbf628ece18e12e7b32b175940e68358f546d1" + resolved "https://registry.npmjs.org/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.27.1.tgz" integrity sha512-MTyJk98sHvSs+cvZ4nOauwTTG1JeonDjSGvGGUNHreGQns+Mpt6WX/dVzWBHgg+dYZhkC4X+zTDfkTU+Vy9y7Q== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-duplicate-named-capturing-groups-regex@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-duplicate-named-capturing-groups-regex/-/plugin-transform-duplicate-named-capturing-groups-regex-7.27.1.tgz#5043854ca620a94149372e69030ff8cb6a9eb0ec" + resolved "https://registry.npmjs.org/@babel/plugin-transform-duplicate-named-capturing-groups-regex/-/plugin-transform-duplicate-named-capturing-groups-regex-7.27.1.tgz" integrity sha512-hkGcueTEzuhB30B3eJCbCYeCaaEQOmQR0AdvzpD4LoN0GXMWzzGSuRrxR2xTnCrvNbVwK9N6/jQ92GSLfiZWoQ== dependencies: "@babel/helper-create-regexp-features-plugin" "^7.27.1" @@ -587,14 +623,14 @@ "@babel/plugin-transform-dynamic-import@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.27.1.tgz#4c78f35552ac0e06aa1f6e3c573d67695e8af5a4" + resolved "https://registry.npmjs.org/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.27.1.tgz" integrity sha512-MHzkWQcEmjzzVW9j2q8LGjwGWpG2mjwaaB0BNQwst3FIjqsg8Ct/mIZlvSPJvfi9y2AC8mi/ktxbFVL9pZ1I4A== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-explicit-resource-management@^7.28.0": version "7.28.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-explicit-resource-management/-/plugin-transform-explicit-resource-management-7.28.0.tgz#45be6211b778dbf4b9d54c4e8a2b42fa72e09a1a" + resolved "https://registry.npmjs.org/@babel/plugin-transform-explicit-resource-management/-/plugin-transform-explicit-resource-management-7.28.0.tgz" integrity sha512-K8nhUcn3f6iB+P3gwCv/no7OdzOZQcKchW6N389V6PD8NUWKZHzndOd9sPDVbMoBsbmjMqlB4L9fm+fEFNVlwQ== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -602,21 +638,21 @@ "@babel/plugin-transform-exponentiation-operator@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.27.1.tgz#fc497b12d8277e559747f5a3ed868dd8064f83e1" + resolved "https://registry.npmjs.org/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.27.1.tgz" integrity sha512-uspvXnhHvGKf2r4VVtBpeFnuDWsJLQ6MF6lGJLC89jBR1uoVeqM416AZtTuhTezOfgHicpJQmoD5YUakO/YmXQ== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-export-namespace-from@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.27.1.tgz#71ca69d3471edd6daa711cf4dfc3400415df9c23" + resolved "https://registry.npmjs.org/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.27.1.tgz" integrity sha512-tQvHWSZ3/jH2xuq/vZDy0jNn+ZdXJeM8gHvX4lnJmsc3+50yPlWdZXIc5ay+umX+2/tJIqHqiEqcJvxlmIvRvQ== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-for-of@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.27.1.tgz#bc24f7080e9ff721b63a70ac7b2564ca15b6c40a" + resolved "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.27.1.tgz" integrity sha512-BfbWFFEJFQzLCQ5N8VocnCtA8J1CLkNTe2Ms2wocj75dd6VpiqS5Z5quTYcUoo4Yq+DN0rtikODccuv7RU81sw== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -624,7 +660,7 @@ "@babel/plugin-transform-function-name@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.27.1.tgz#4d0bf307720e4dce6d7c30fcb1fd6ca77bdeb3a7" + resolved "https://registry.npmjs.org/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.27.1.tgz" integrity sha512-1bQeydJF9Nr1eBCMMbC+hdwmRlsv5XYOMu03YSWFwNs0HsAmtSxxF1fyuYPqemVldVyFmlCU7w8UE14LupUSZQ== dependencies: "@babel/helper-compilation-targets" "^7.27.1" @@ -633,35 +669,35 @@ "@babel/plugin-transform-json-strings@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.27.1.tgz#a2e0ce6ef256376bd527f290da023983527a4f4c" + resolved "https://registry.npmjs.org/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.27.1.tgz" integrity sha512-6WVLVJiTjqcQauBhn1LkICsR2H+zm62I3h9faTDKt1qP4jn2o72tSvqMwtGFKGTpojce0gJs+76eZ2uCHRZh0Q== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-literals@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-literals/-/plugin-transform-literals-7.27.1.tgz#baaefa4d10a1d4206f9dcdda50d7d5827bb70b24" + resolved "https://registry.npmjs.org/@babel/plugin-transform-literals/-/plugin-transform-literals-7.27.1.tgz" integrity sha512-0HCFSepIpLTkLcsi86GG3mTUzxV5jpmbv97hTETW3yzrAij8aqlD36toB1D0daVFJM8NK6GvKO0gslVQmm+zZA== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-logical-assignment-operators@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.27.1.tgz#890cb20e0270e0e5bebe3f025b434841c32d5baa" + resolved "https://registry.npmjs.org/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.27.1.tgz" integrity sha512-SJvDs5dXxiae4FbSL1aBJlG4wvl594N6YEVVn9e3JGulwioy6z3oPjx/sQBO3Y4NwUu5HNix6KJ3wBZoewcdbw== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-member-expression-literals@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.27.1.tgz#37b88ba594d852418e99536f5612f795f23aeaf9" + resolved "https://registry.npmjs.org/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.27.1.tgz" integrity sha512-hqoBX4dcZ1I33jCSWcXrP+1Ku7kdqXf1oeah7ooKOIiAdKQ+uqftgCFNOSzA5AMS2XIHEYeGFg4cKRCdpxzVOQ== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-modules-amd@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.27.1.tgz#a4145f9d87c2291fe2d05f994b65dba4e3e7196f" + resolved "https://registry.npmjs.org/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.27.1.tgz" integrity sha512-iCsytMg/N9/oFq6n+gFTvUYDZQOMK5kEdeYxmxt91fcJGycfxVP9CnrxoliM0oumFERba2i8ZtwRUCMhvP1LnA== dependencies: "@babel/helper-module-transforms" "^7.27.1" @@ -669,7 +705,7 @@ "@babel/plugin-transform-modules-commonjs@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.27.1.tgz#8e44ed37c2787ecc23bdc367f49977476614e832" + resolved "https://registry.npmjs.org/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.27.1.tgz" integrity sha512-OJguuwlTYlN0gBZFRPqwOGNWssZjfIUdS7HMYtN8c1KmwpwHFBwTeFZrg9XZa+DFTitWOW5iTAG7tyCUPsCCyw== dependencies: "@babel/helper-module-transforms" "^7.27.1" @@ -677,7 +713,7 @@ "@babel/plugin-transform-modules-systemjs@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.27.1.tgz#00e05b61863070d0f3292a00126c16c0e024c4ed" + resolved "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.27.1.tgz" integrity sha512-w5N1XzsRbc0PQStASMksmUeqECuzKuTJer7kFagK8AXgpCMkeDMO5S+aaFb7A51ZYDF7XI34qsTX+fkHiIm5yA== dependencies: "@babel/helper-module-transforms" "^7.27.1" @@ -687,7 +723,7 @@ "@babel/plugin-transform-modules-umd@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.27.1.tgz#63f2cf4f6dc15debc12f694e44714863d34cd334" + resolved "https://registry.npmjs.org/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.27.1.tgz" integrity sha512-iQBE/xC5BV1OxJbp6WG7jq9IWiD+xxlZhLrdwpPkTX3ydmXdvoCpyfJN7acaIBZaOqTfr76pgzqBJflNbeRK+w== dependencies: "@babel/helper-module-transforms" "^7.27.1" @@ -695,7 +731,7 @@ "@babel/plugin-transform-named-capturing-groups-regex@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.27.1.tgz#f32b8f7818d8fc0cc46ee20a8ef75f071af976e1" + resolved "https://registry.npmjs.org/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.27.1.tgz" integrity sha512-SstR5JYy8ddZvD6MhV0tM/j16Qds4mIpJTOd1Yu9J9pJjH93bxHECF7pgtc28XvkzTD6Pxcm/0Z73Hvk7kb3Ng== dependencies: "@babel/helper-create-regexp-features-plugin" "^7.27.1" @@ -703,28 +739,28 @@ "@babel/plugin-transform-new-target@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.27.1.tgz#259c43939728cad1706ac17351b7e6a7bea1abeb" + resolved "https://registry.npmjs.org/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.27.1.tgz" integrity sha512-f6PiYeqXQ05lYq3TIfIDu/MtliKUbNwkGApPUvyo6+tc7uaR4cPjPe7DFPr15Uyycg2lZU6btZ575CuQoYh7MQ== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-nullish-coalescing-operator@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.27.1.tgz#4f9d3153bf6782d73dd42785a9d22d03197bc91d" + resolved "https://registry.npmjs.org/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.27.1.tgz" integrity sha512-aGZh6xMo6q9vq1JGcw58lZ1Z0+i0xB2x0XaauNIUXd6O1xXc3RwoWEBlsTQrY4KQ9Jf0s5rgD6SiNkaUdJegTA== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-numeric-separator@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.27.1.tgz#614e0b15cc800e5997dadd9bd6ea524ed6c819c6" + resolved "https://registry.npmjs.org/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.27.1.tgz" integrity sha512-fdPKAcujuvEChxDBJ5c+0BTaS6revLV7CJL08e4m3de8qJfNIuCc2nc7XJYOjBoTMJeqSmwXJ0ypE14RCjLwaw== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-object-rest-spread@^7.28.0": version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.28.4.tgz#9ee1ceca80b3e6c4bac9247b2149e36958f7f98d" + resolved "https://registry.npmjs.org/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.28.4.tgz" integrity sha512-373KA2HQzKhQCYiRVIRr+3MjpCObqzDlyrM6u4I201wL8Mp2wHf7uB8GhDwis03k2ti8Zr65Zyyqs1xOxUF/Ew== dependencies: "@babel/helper-compilation-targets" "^7.27.2" @@ -735,7 +771,7 @@ "@babel/plugin-transform-object-super@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.27.1.tgz#1c932cd27bf3874c43a5cac4f43ebf970c9871b5" + resolved "https://registry.npmjs.org/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.27.1.tgz" integrity sha512-SFy8S9plRPbIcxlJ8A6mT/CxFdJx/c04JEctz4jf8YZaVS2px34j7NXRrlGlHkN/M2gnpL37ZpGRGVFLd3l8Ng== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -743,14 +779,14 @@ "@babel/plugin-transform-optional-catch-binding@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.27.1.tgz#84c7341ebde35ccd36b137e9e45866825072a30c" + resolved "https://registry.npmjs.org/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.27.1.tgz" integrity sha512-txEAEKzYrHEX4xSZN4kJ+OfKXFVSWKB2ZxM9dpcE3wT7smwkNmXo5ORRlVzMVdJbD+Q8ILTgSD7959uj+3Dm3Q== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-optional-chaining@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.27.1.tgz#874ce3c4f06b7780592e946026eb76a32830454f" + resolved "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.27.1.tgz" integrity sha512-BQmKPPIuc8EkZgNKsv0X4bPmOoayeu4F1YCwx2/CfmDSXDbp7GnzlUH+/ul5VGfRg1AoFPsrIThlEBj2xb4CAg== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -758,14 +794,14 @@ "@babel/plugin-transform-parameters@^7.27.7": version "7.27.7" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.27.7.tgz#1fd2febb7c74e7d21cf3b05f7aebc907940af53a" + resolved "https://registry.npmjs.org/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.27.7.tgz" integrity sha512-qBkYTYCb76RRxUM6CcZA5KRu8K4SM8ajzVeUgVdMVO9NN9uI/GaVmBg/WKJJGnNokV9SY8FxNOVWGXzqzUidBg== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-private-methods@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.27.1.tgz#fdacbab1c5ed81ec70dfdbb8b213d65da148b6af" + resolved "https://registry.npmjs.org/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.27.1.tgz" integrity sha512-10FVt+X55AjRAYI9BrdISN9/AQWHqldOeZDUoLyif1Kn05a56xVBXb8ZouL8pZ9jem8QpXaOt8TS7RHUIS+GPA== dependencies: "@babel/helper-create-class-features-plugin" "^7.27.1" @@ -773,7 +809,7 @@ "@babel/plugin-transform-private-property-in-object@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.27.1.tgz#4dbbef283b5b2f01a21e81e299f76e35f900fb11" + resolved "https://registry.npmjs.org/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.27.1.tgz" integrity sha512-5J+IhqTi1XPa0DXF83jYOaARrX+41gOewWbkPyjMNRDqgOCqdffGh8L3f/Ek5utaEBZExjSAzcyjmV9SSAWObQ== dependencies: "@babel/helper-annotate-as-pure" "^7.27.1" @@ -782,35 +818,35 @@ "@babel/plugin-transform-property-literals@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.27.1.tgz#07eafd618800591e88073a0af1b940d9a42c6424" + resolved "https://registry.npmjs.org/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.27.1.tgz" integrity sha512-oThy3BCuCha8kDZ8ZkgOg2exvPYUlprMukKQXI1r1pJ47NCvxfkEy8vK+r/hT9nF0Aa4H1WUPZZjHTFtAhGfmQ== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-react-constant-elements@^7.21.3": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-constant-elements/-/plugin-transform-react-constant-elements-7.27.1.tgz#6c6b50424e749a6e48afd14cf7b92f98cb9383f9" + resolved "https://registry.npmjs.org/@babel/plugin-transform-react-constant-elements/-/plugin-transform-react-constant-elements-7.27.1.tgz" integrity sha512-edoidOjl/ZxvYo4lSBOQGDSyToYVkTAwyVoa2tkuYTSmjrB1+uAedoL5iROVLXkxH+vRgA7uP4tMg2pUJpZ3Ug== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-react-display-name@^7.27.1": version "7.28.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.28.0.tgz#6f20a7295fea7df42eb42fed8f896813f5b934de" + resolved "https://registry.npmjs.org/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.28.0.tgz" integrity sha512-D6Eujc2zMxKjfa4Zxl4GHMsmhKKZ9VpcqIchJLvwTxad9zWIYulwYItBovpDOoNLISpcZSXoDJ5gaGbQUDqViA== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-react-jsx-development@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.27.1.tgz#47ff95940e20a3a70e68ad3d4fcb657b647f6c98" + resolved "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.27.1.tgz" integrity sha512-ykDdF5yI4f1WrAolLqeF3hmYU12j9ntLQl/AOG1HAS21jxyg1Q0/J/tpREuYLfatGdGmXp/3yS0ZA76kOlVq9Q== dependencies: "@babel/plugin-transform-react-jsx" "^7.27.1" "@babel/plugin-transform-react-jsx@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.27.1.tgz#1023bc94b78b0a2d68c82b5e96aed573bcfb9db0" + resolved "https://registry.npmjs.org/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.27.1.tgz" integrity sha512-2KH4LWGSrJIkVf5tSiBFYuXDAoWRq2MMwgivCf+93dd0GQi8RXLjKA/0EvRnVV5G0hrHczsquXuD01L8s6dmBw== dependencies: "@babel/helper-annotate-as-pure" "^7.27.1" @@ -821,7 +857,7 @@ "@babel/plugin-transform-react-pure-annotations@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.27.1.tgz#339f1ce355eae242e0649f232b1c68907c02e879" + resolved "https://registry.npmjs.org/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.27.1.tgz" integrity sha512-JfuinvDOsD9FVMTHpzA/pBLisxpv1aSf+OIV8lgH3MuWrks19R27e6a6DipIg4aX1Zm9Wpb04p8wljfKrVSnPA== dependencies: "@babel/helper-annotate-as-pure" "^7.27.1" @@ -829,14 +865,14 @@ "@babel/plugin-transform-regenerator@^7.28.3": version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.28.4.tgz#9d3fa3bebb48ddd0091ce5729139cd99c67cea51" + resolved "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.28.4.tgz" integrity sha512-+ZEdQlBoRg9m2NnzvEeLgtvBMO4tkFBw5SQIUgLICgTrumLoU7lr+Oghi6km2PFj+dbUt2u1oby2w3BDO9YQnA== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-regexp-modifiers@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-regexp-modifiers/-/plugin-transform-regexp-modifiers-7.27.1.tgz#df9ba5577c974e3f1449888b70b76169998a6d09" + resolved "https://registry.npmjs.org/@babel/plugin-transform-regexp-modifiers/-/plugin-transform-regexp-modifiers-7.27.1.tgz" integrity sha512-TtEciroaiODtXvLZv4rmfMhkCv8jx3wgKpL68PuiPh2M4fvz5jhsA7697N1gMvkvr/JTF13DrFYyEbY9U7cVPA== dependencies: "@babel/helper-create-regexp-features-plugin" "^7.27.1" @@ -844,14 +880,14 @@ "@babel/plugin-transform-reserved-words@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.27.1.tgz#40fba4878ccbd1c56605a4479a3a891ac0274bb4" + resolved "https://registry.npmjs.org/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.27.1.tgz" integrity sha512-V2ABPHIJX4kC7HegLkYoDpfg9PVmuWy/i6vUM5eGK22bx4YVFD3M5F0QQnWQoDs6AGsUWTVOopBiMFQgHaSkVw== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-runtime@^7.25.9": version "7.28.3" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.28.3.tgz#f5990a1b2d2bde950ed493915e0719841c8d0eaa" + resolved "https://registry.npmjs.org/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.28.3.tgz" integrity sha512-Y6ab1kGqZ0u42Zv/4a7l0l72n9DKP/MKoKWaUSBylrhNZO2prYuqFOLbn5aW5SIFXwSH93yfjbgllL8lxuGKLg== dependencies: "@babel/helper-module-imports" "^7.27.1" @@ -863,14 +899,14 @@ "@babel/plugin-transform-shorthand-properties@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.27.1.tgz#532abdacdec87bfee1e0ef8e2fcdee543fe32b90" + resolved "https://registry.npmjs.org/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.27.1.tgz" integrity sha512-N/wH1vcn4oYawbJ13Y/FxcQrWk63jhfNa7jef0ih7PHSIHX2LB7GWE1rkPrOnka9kwMxb6hMl19p7lidA+EHmQ== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-spread@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-spread/-/plugin-transform-spread-7.27.1.tgz#1a264d5fc12750918f50e3fe3e24e437178abb08" + resolved "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.27.1.tgz" integrity sha512-kpb3HUqaILBJcRFVhFUs6Trdd4mkrzcGXss+6/mxUd273PfbWqSDHRzMT2234gIg2QYfAjvXLSquP1xECSg09Q== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -878,28 +914,28 @@ "@babel/plugin-transform-sticky-regex@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.27.1.tgz#18984935d9d2296843a491d78a014939f7dcd280" + resolved "https://registry.npmjs.org/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.27.1.tgz" integrity sha512-lhInBO5bi/Kowe2/aLdBAawijx+q1pQzicSgnkB6dUPc1+RC8QmJHKf2OjvU+NZWitguJHEaEmbV6VWEouT58g== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-template-literals@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.27.1.tgz#1a0eb35d8bb3e6efc06c9fd40eb0bcef548328b8" + resolved "https://registry.npmjs.org/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.27.1.tgz" integrity sha512-fBJKiV7F2DxZUkg5EtHKXQdbsbURW3DZKQUWphDum0uRP6eHGGa/He9mc0mypL680pb+e/lDIthRohlv8NCHkg== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-typeof-symbol@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.27.1.tgz#70e966bb492e03509cf37eafa6dcc3051f844369" + resolved "https://registry.npmjs.org/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.27.1.tgz" integrity sha512-RiSILC+nRJM7FY5srIyc4/fGIwUhyDuuBSdWn4y6yT6gm652DpCHZjIipgn6B7MQ1ITOUnAKWixEUjQRIBIcLw== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-typescript@^7.27.1": version "7.28.0" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.28.0.tgz#796cbd249ab56c18168b49e3e1d341b72af04a6b" + resolved "https://registry.npmjs.org/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.28.0.tgz" integrity sha512-4AEiDEBPIZvLQaWlc9liCavE0xRM0dNca41WtBeM3jgFptfUOSG9z0uteLhq6+3rq+WB6jIvUwKDTpXEHPJ2Vg== dependencies: "@babel/helper-annotate-as-pure" "^7.27.3" @@ -910,14 +946,14 @@ "@babel/plugin-transform-unicode-escapes@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.27.1.tgz#3e3143f8438aef842de28816ece58780190cf806" + resolved "https://registry.npmjs.org/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.27.1.tgz" integrity sha512-Ysg4v6AmF26k9vpfFuTZg8HRfVWzsh1kVfowA23y9j/Gu6dOuahdUVhkLqpObp3JIv27MLSii6noRnuKN8H0Mg== dependencies: "@babel/helper-plugin-utils" "^7.27.1" "@babel/plugin-transform-unicode-property-regex@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.27.1.tgz#bdfe2d3170c78c5691a3c3be934c8c0087525956" + resolved "https://registry.npmjs.org/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.27.1.tgz" integrity sha512-uW20S39PnaTImxp39O5qFlHLS9LJEmANjMG7SxIhap8rCHqu0Ik+tLEPX5DKmHn6CsWQ7j3lix2tFOa5YtL12Q== dependencies: "@babel/helper-create-regexp-features-plugin" "^7.27.1" @@ -925,7 +961,7 @@ "@babel/plugin-transform-unicode-regex@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.27.1.tgz#25948f5c395db15f609028e370667ed8bae9af97" + resolved "https://registry.npmjs.org/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.27.1.tgz" integrity sha512-xvINq24TRojDuyt6JGtHmkVkrfVV3FPT16uytxImLeBZqW3/H52yN+kM1MGuyPkIQxrzKwPHs5U/MP3qKyzkGw== dependencies: "@babel/helper-create-regexp-features-plugin" "^7.27.1" @@ -933,7 +969,7 @@ "@babel/plugin-transform-unicode-sets-regex@^7.27.1": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.27.1.tgz#6ab706d10f801b5c72da8bb2548561fa04193cd1" + resolved "https://registry.npmjs.org/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.27.1.tgz" integrity sha512-EtkOujbc4cgvb0mlpQefi4NTPBzhSIevblFevACNLUspmrALgmEBdL/XfnyyITfd8fKBZrZys92zOWcik7j9Tw== dependencies: "@babel/helper-create-regexp-features-plugin" "^7.27.1" @@ -941,7 +977,7 @@ "@babel/preset-env@^7.20.2", "@babel/preset-env@^7.25.9": version "7.28.3" - resolved "https://registry.yarnpkg.com/@babel/preset-env/-/preset-env-7.28.3.tgz#2b18d9aff9e69643789057ae4b942b1654f88187" + resolved "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.28.3.tgz" integrity sha512-ROiDcM+GbYVPYBOeCR6uBXKkQpBExLl8k9HO1ygXEyds39j+vCCsjmj7S8GOniZQlEs81QlkdJZe76IpLSiqpg== dependencies: "@babel/compat-data" "^7.28.0" @@ -1017,7 +1053,7 @@ "@babel/preset-modules@0.1.6-no-external-plugins": version "0.1.6-no-external-plugins" - resolved "https://registry.yarnpkg.com/@babel/preset-modules/-/preset-modules-0.1.6-no-external-plugins.tgz#ccb88a2c49c817236861fee7826080573b8a923a" + resolved "https://registry.npmjs.org/@babel/preset-modules/-/preset-modules-0.1.6-no-external-plugins.tgz" integrity sha512-HrcgcIESLm9aIR842yhJ5RWan/gebQUJ6E/E5+rf0y9o6oj7w0Br+sWuL6kEQ/o/AdfvR1Je9jG18/gnpwjEyA== dependencies: "@babel/helper-plugin-utils" "^7.0.0" @@ -1026,7 +1062,7 @@ "@babel/preset-react@^7.18.6", "@babel/preset-react@^7.25.9": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/preset-react/-/preset-react-7.27.1.tgz#86ea0a5ca3984663f744be2fd26cb6747c3fd0ec" + resolved "https://registry.npmjs.org/@babel/preset-react/-/preset-react-7.27.1.tgz" integrity sha512-oJHWh2gLhU9dW9HHr42q0cI0/iHHXTLGe39qvpAZZzagHy0MzYLCnCVV0symeRvzmjHyVU7mw2K06E6u/JwbhA== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -1038,7 +1074,7 @@ "@babel/preset-typescript@^7.21.0", "@babel/preset-typescript@^7.25.9": version "7.27.1" - resolved "https://registry.yarnpkg.com/@babel/preset-typescript/-/preset-typescript-7.27.1.tgz#190742a6428d282306648a55b0529b561484f912" + resolved "https://registry.npmjs.org/@babel/preset-typescript/-/preset-typescript-7.27.1.tgz" integrity sha512-l7WfQfX0WK4M0v2RudjuQK4u99BS6yLHYEmdtVPP7lKV013zr9DygFuWNlnbvQ9LR+LS0Egz/XAvGx5U9MX0fQ== dependencies: "@babel/helper-plugin-utils" "^7.27.1" @@ -1049,19 +1085,19 @@ "@babel/runtime-corejs3@^7.25.9": version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/runtime-corejs3/-/runtime-corejs3-7.28.4.tgz#c25be39c7997ce2f130d70b9baecb8ed94df93fa" + resolved "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.28.4.tgz" integrity sha512-h7iEYiW4HebClDEhtvFObtPmIvrd1SSfpI9EhOeKk4CtIK/ngBWFpuhCzhdmRKtg71ylcue+9I6dv54XYO1epQ== dependencies: core-js-pure "^3.43.0" "@babel/runtime@^7.1.2", "@babel/runtime@^7.10.3", "@babel/runtime@^7.12.13", "@babel/runtime@^7.12.5", "@babel/runtime@^7.25.9": version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.28.4.tgz#a70226016fabe25c5783b2f22d3e1c9bc5ca3326" + resolved "https://registry.npmjs.org/@babel/runtime/-/runtime-7.28.4.tgz" integrity sha512-Q/N6JNWvIvPnLDvjlE1OUBLPQHH6l3CltCEsHIujp45zQUSSh8K+gHnaEX45yAT1nyngnINhvWtzN+Nb9D8RAQ== "@babel/template@^7.27.1", "@babel/template@^7.27.2": version "7.27.2" - resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.27.2.tgz#fa78ceed3c4e7b63ebf6cb39e5852fca45f6809d" + resolved "https://registry.npmjs.org/@babel/template/-/template-7.27.2.tgz" integrity sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw== dependencies: "@babel/code-frame" "^7.27.1" @@ -1070,7 +1106,7 @@ "@babel/traverse@^7.25.9", "@babel/traverse@^7.27.1", "@babel/traverse@^7.28.0", "@babel/traverse@^7.28.3", "@babel/traverse@^7.28.4": version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/traverse/-/traverse-7.28.4.tgz#8d456101b96ab175d487249f60680221692b958b" + resolved "https://registry.npmjs.org/@babel/traverse/-/traverse-7.28.4.tgz" integrity sha512-YEzuboP2qvQavAcjgQNVgsvHIDv6ZpwXvcvjmyySP2DIMuByS/6ioU5G9pYrWHM6T2YDfc7xga9iNzYOs12CFQ== dependencies: "@babel/code-frame" "^7.27.1" @@ -1083,7 +1119,7 @@ "@babel/types@^7.21.3", "@babel/types@^7.27.1", "@babel/types@^7.27.3", "@babel/types@^7.28.2", "@babel/types@^7.28.4", "@babel/types@^7.4.4": version "7.28.4" - resolved "https://registry.yarnpkg.com/@babel/types/-/types-7.28.4.tgz#0a4e618f4c60a7cd6c11cb2d48060e4dbe38ac3a" + resolved "https://registry.npmjs.org/@babel/types/-/types-7.28.4.tgz" integrity sha512-bkFqkLhh3pMBUQQkpVgWDWq/lqzc2678eUyDlTBhRqhCHFguYYGM0Efga7tYk4TogG/3x0EEl66/OQ+WGbWB/Q== dependencies: "@babel/helper-string-parser" "^7.27.1" @@ -1091,27 +1127,27 @@ "@colors/colors@1.5.0": version "1.5.0" - resolved "https://registry.yarnpkg.com/@colors/colors/-/colors-1.5.0.tgz#bb504579c1cae923e6576a4f5da43d25f97bdbd9" + resolved "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz" integrity sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ== "@csstools/cascade-layer-name-parser@^2.0.5": version "2.0.5" - resolved "https://registry.yarnpkg.com/@csstools/cascade-layer-name-parser/-/cascade-layer-name-parser-2.0.5.tgz#43f962bebead0052a9fed1a2deeb11f85efcbc72" + resolved "https://registry.npmjs.org/@csstools/cascade-layer-name-parser/-/cascade-layer-name-parser-2.0.5.tgz" integrity sha512-p1ko5eHgV+MgXFVa4STPKpvPxr6ReS8oS2jzTukjR74i5zJNyWO1ZM1m8YKBXnzDKWfBN1ztLYlHxbVemDD88A== "@csstools/color-helpers@^5.1.0": version "5.1.0" - resolved "https://registry.yarnpkg.com/@csstools/color-helpers/-/color-helpers-5.1.0.tgz#106c54c808cabfd1ab4c602d8505ee584c2996ef" + resolved "https://registry.npmjs.org/@csstools/color-helpers/-/color-helpers-5.1.0.tgz" integrity sha512-S11EXWJyy0Mz5SYvRmY8nJYTFFd1LCNV+7cXyAgQtOOuzb4EsgfqDufL+9esx72/eLhsRdGZwaldu/h+E4t4BA== "@csstools/css-calc@^2.1.4": version "2.1.4" - resolved "https://registry.yarnpkg.com/@csstools/css-calc/-/css-calc-2.1.4.tgz#8473f63e2fcd6e459838dd412401d5948f224c65" + resolved "https://registry.npmjs.org/@csstools/css-calc/-/css-calc-2.1.4.tgz" integrity sha512-3N8oaj+0juUw/1H3YwmDDJXCgTB1gKU6Hc/bB502u9zR0q2vd786XJH9QfrKIEgFlZmhZiq6epXl4rHqhzsIgQ== "@csstools/css-color-parser@^3.1.0": version "3.1.0" - resolved "https://registry.yarnpkg.com/@csstools/css-color-parser/-/css-color-parser-3.1.0.tgz#4e386af3a99dd36c46fef013cfe4c1c341eed6f0" + resolved "https://registry.npmjs.org/@csstools/css-color-parser/-/css-color-parser-3.1.0.tgz" integrity sha512-nbtKwh3a6xNVIp/VRuXV64yTKnb1IjTAEEh3irzS+HkKjAOYLTGNb9pmVNntZ8iVBHcWDA2Dof0QtPgFI1BaTA== dependencies: "@csstools/color-helpers" "^5.1.0" @@ -1119,22 +1155,22 @@ "@csstools/css-parser-algorithms@^3.0.5": version "3.0.5" - resolved "https://registry.yarnpkg.com/@csstools/css-parser-algorithms/-/css-parser-algorithms-3.0.5.tgz#5755370a9a29abaec5515b43c8b3f2cf9c2e3076" + resolved "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-3.0.5.tgz" integrity sha512-DaDeUkXZKjdGhgYaHNJTV9pV7Y9B3b644jCLs9Upc3VeNGg6LWARAT6O+Q+/COo+2gg/bM5rhpMAtf70WqfBdQ== "@csstools/css-tokenizer@^3.0.4": version "3.0.4" - resolved "https://registry.yarnpkg.com/@csstools/css-tokenizer/-/css-tokenizer-3.0.4.tgz#333fedabc3fd1a8e5d0100013731cf19e6a8c5d3" + resolved "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-3.0.4.tgz" integrity sha512-Vd/9EVDiu6PPJt9yAh6roZP6El1xHrdvIVGjyBsHR0RYwNHgL7FJPyIIW4fANJNG6FtyZfvlRPpFI4ZM/lubvw== "@csstools/media-query-list-parser@^4.0.3": version "4.0.3" - resolved "https://registry.yarnpkg.com/@csstools/media-query-list-parser/-/media-query-list-parser-4.0.3.tgz#7aec77bcb89c2da80ef207e73f474ef9e1b3cdf1" + resolved "https://registry.npmjs.org/@csstools/media-query-list-parser/-/media-query-list-parser-4.0.3.tgz" integrity sha512-HAYH7d3TLRHDOUQK4mZKf9k9Ph/m8Akstg66ywKR4SFAigjs3yBiUeZtFxywiTm5moZMAp/5W/ZuFnNXXYLuuQ== "@csstools/postcss-alpha-function@^1.0.1": version "1.0.1" - resolved "https://registry.yarnpkg.com/@csstools/postcss-alpha-function/-/postcss-alpha-function-1.0.1.tgz#7989605711de7831bc7cd75b94c9b5bac9c3728e" + resolved "https://registry.npmjs.org/@csstools/postcss-alpha-function/-/postcss-alpha-function-1.0.1.tgz" integrity sha512-isfLLwksH3yHkFXfCI2Gcaqg7wGGHZZwunoJzEZk0yKYIokgre6hYVFibKL3SYAoR1kBXova8LB+JoO5vZzi9w== dependencies: "@csstools/css-color-parser" "^3.1.0" @@ -1145,7 +1181,7 @@ "@csstools/postcss-cascade-layers@^5.0.2": version "5.0.2" - resolved "https://registry.yarnpkg.com/@csstools/postcss-cascade-layers/-/postcss-cascade-layers-5.0.2.tgz#dd2c70db3867b88975f2922da3bfbae7d7a2cae7" + resolved "https://registry.npmjs.org/@csstools/postcss-cascade-layers/-/postcss-cascade-layers-5.0.2.tgz" integrity sha512-nWBE08nhO8uWl6kSAeCx4im7QfVko3zLrtgWZY4/bP87zrSPpSyN/3W3TDqz1jJuH+kbKOHXg5rJnK+ZVYcFFg== dependencies: "@csstools/selector-specificity" "^5.0.0" @@ -1153,7 +1189,7 @@ "@csstools/postcss-color-function-display-p3-linear@^1.0.1": version "1.0.1" - resolved "https://registry.yarnpkg.com/@csstools/postcss-color-function-display-p3-linear/-/postcss-color-function-display-p3-linear-1.0.1.tgz#3017ff5e1f65307d6083e58e93d76724fb1ebf9f" + resolved "https://registry.npmjs.org/@csstools/postcss-color-function-display-p3-linear/-/postcss-color-function-display-p3-linear-1.0.1.tgz" integrity sha512-E5qusdzhlmO1TztYzDIi8XPdPoYOjoTY6HBYBCYSj+Gn4gQRBlvjgPQXzfzuPQqt8EhkC/SzPKObg4Mbn8/xMg== dependencies: "@csstools/css-color-parser" "^3.1.0" @@ -1164,7 +1200,7 @@ "@csstools/postcss-color-function@^4.0.12": version "4.0.12" - resolved "https://registry.yarnpkg.com/@csstools/postcss-color-function/-/postcss-color-function-4.0.12.tgz#a7c85a98c77b522a194a1bbb00dd207f40c7a771" + resolved "https://registry.npmjs.org/@csstools/postcss-color-function/-/postcss-color-function-4.0.12.tgz" integrity sha512-yx3cljQKRaSBc2hfh8rMZFZzChaFgwmO2JfFgFr1vMcF3C/uyy5I4RFIBOIWGq1D+XbKCG789CGkG6zzkLpagA== dependencies: "@csstools/css-color-parser" "^3.1.0" @@ -1175,7 +1211,7 @@ "@csstools/postcss-color-mix-function@^3.0.12": version "3.0.12" - resolved "https://registry.yarnpkg.com/@csstools/postcss-color-mix-function/-/postcss-color-mix-function-3.0.12.tgz#2f1ee9f8208077af069545c9bd79bb9733382c2a" + resolved "https://registry.npmjs.org/@csstools/postcss-color-mix-function/-/postcss-color-mix-function-3.0.12.tgz" integrity sha512-4STERZfCP5Jcs13P1U5pTvI9SkgLgfMUMhdXW8IlJWkzOOOqhZIjcNhWtNJZes2nkBDsIKJ0CJtFtuaZ00moag== dependencies: "@csstools/css-color-parser" "^3.1.0" @@ -1186,7 +1222,7 @@ "@csstools/postcss-color-mix-variadic-function-arguments@^1.0.2": version "1.0.2" - resolved "https://registry.yarnpkg.com/@csstools/postcss-color-mix-variadic-function-arguments/-/postcss-color-mix-variadic-function-arguments-1.0.2.tgz#b4012b62a4eaa24d694172bb7137f9d2319cb8f2" + resolved "https://registry.npmjs.org/@csstools/postcss-color-mix-variadic-function-arguments/-/postcss-color-mix-variadic-function-arguments-1.0.2.tgz" integrity sha512-rM67Gp9lRAkTo+X31DUqMEq+iK+EFqsidfecmhrteErxJZb6tUoJBVQca1Vn1GpDql1s1rD1pKcuYzMsg7Z1KQ== dependencies: "@csstools/css-color-parser" "^3.1.0" @@ -1197,7 +1233,7 @@ "@csstools/postcss-content-alt-text@^2.0.8": version "2.0.8" - resolved "https://registry.yarnpkg.com/@csstools/postcss-content-alt-text/-/postcss-content-alt-text-2.0.8.tgz#1d52da1762893c32999ff76839e48d6ec7c7a4cb" + resolved "https://registry.npmjs.org/@csstools/postcss-content-alt-text/-/postcss-content-alt-text-2.0.8.tgz" integrity sha512-9SfEW9QCxEpTlNMnpSqFaHyzsiRpZ5J5+KqCu1u5/eEJAWsMhzT40qf0FIbeeglEvrGRMdDzAxMIz3wqoGSb+Q== dependencies: "@csstools/css-parser-algorithms" "^3.0.5" @@ -1207,7 +1243,7 @@ "@csstools/postcss-contrast-color-function@^2.0.12": version "2.0.12" - resolved "https://registry.yarnpkg.com/@csstools/postcss-contrast-color-function/-/postcss-contrast-color-function-2.0.12.tgz#ca46986d095c60f208d9e3f24704d199c9172637" + resolved "https://registry.npmjs.org/@csstools/postcss-contrast-color-function/-/postcss-contrast-color-function-2.0.12.tgz" integrity sha512-YbwWckjK3qwKjeYz/CijgcS7WDUCtKTd8ShLztm3/i5dhh4NaqzsbYnhm4bjrpFpnLZ31jVcbK8YL77z3GBPzA== dependencies: "@csstools/css-color-parser" "^3.1.0" @@ -1218,7 +1254,7 @@ "@csstools/postcss-exponential-functions@^2.0.9": version "2.0.9" - resolved "https://registry.yarnpkg.com/@csstools/postcss-exponential-functions/-/postcss-exponential-functions-2.0.9.tgz#fc03d1272888cb77e64cc1a7d8a33016e4f05c69" + resolved "https://registry.npmjs.org/@csstools/postcss-exponential-functions/-/postcss-exponential-functions-2.0.9.tgz" integrity sha512-abg2W/PI3HXwS/CZshSa79kNWNZHdJPMBXeZNyPQFbbj8sKO3jXxOt/wF7juJVjyDTc6JrvaUZYFcSBZBhaxjw== dependencies: "@csstools/css-calc" "^2.1.4" @@ -1227,7 +1263,7 @@ "@csstools/postcss-font-format-keywords@^4.0.0": version "4.0.0" - resolved "https://registry.yarnpkg.com/@csstools/postcss-font-format-keywords/-/postcss-font-format-keywords-4.0.0.tgz#6730836eb0153ff4f3840416cc2322f129c086e6" + resolved "https://registry.npmjs.org/@csstools/postcss-font-format-keywords/-/postcss-font-format-keywords-4.0.0.tgz" integrity sha512-usBzw9aCRDvchpok6C+4TXC57btc4bJtmKQWOHQxOVKen1ZfVqBUuCZ/wuqdX5GHsD0NRSr9XTP+5ID1ZZQBXw== dependencies: "@csstools/utilities" "^2.0.0" @@ -1235,7 +1271,7 @@ "@csstools/postcss-gamut-mapping@^2.0.11": version "2.0.11" - resolved "https://registry.yarnpkg.com/@csstools/postcss-gamut-mapping/-/postcss-gamut-mapping-2.0.11.tgz#be0e34c9f0142852cccfc02b917511f0d677db8b" + resolved "https://registry.npmjs.org/@csstools/postcss-gamut-mapping/-/postcss-gamut-mapping-2.0.11.tgz" integrity sha512-fCpCUgZNE2piVJKC76zFsgVW1apF6dpYsqGyH8SIeCcM4pTEsRTWTLCaJIMKFEundsCKwY1rwfhtrio04RJ4Dw== dependencies: "@csstools/css-color-parser" "^3.1.0" @@ -1244,7 +1280,7 @@ "@csstools/postcss-gradients-interpolation-method@^5.0.12": version "5.0.12" - resolved "https://registry.yarnpkg.com/@csstools/postcss-gradients-interpolation-method/-/postcss-gradients-interpolation-method-5.0.12.tgz#0955cce4d97203b861bf66742bbec611b2f3661c" + resolved "https://registry.npmjs.org/@csstools/postcss-gradients-interpolation-method/-/postcss-gradients-interpolation-method-5.0.12.tgz" integrity sha512-jugzjwkUY0wtNrZlFeyXzimUL3hN4xMvoPnIXxoZqxDvjZRiSh+itgHcVUWzJ2VwD/VAMEgCLvtaJHX+4Vj3Ow== dependencies: "@csstools/css-color-parser" "^3.1.0" @@ -1255,7 +1291,7 @@ "@csstools/postcss-hwb-function@^4.0.12": version "4.0.12" - resolved "https://registry.yarnpkg.com/@csstools/postcss-hwb-function/-/postcss-hwb-function-4.0.12.tgz#07f7ecb08c50e094673bd20eaf7757db0162beee" + resolved "https://registry.npmjs.org/@csstools/postcss-hwb-function/-/postcss-hwb-function-4.0.12.tgz" integrity sha512-mL/+88Z53KrE4JdePYFJAQWFrcADEqsLprExCM04GDNgHIztwFzj0Mbhd/yxMBngq0NIlz58VVxjt5abNs1VhA== dependencies: "@csstools/css-color-parser" "^3.1.0" @@ -1266,7 +1302,7 @@ "@csstools/postcss-ic-unit@^4.0.4": version "4.0.4" - resolved "https://registry.yarnpkg.com/@csstools/postcss-ic-unit/-/postcss-ic-unit-4.0.4.tgz#2ee2da0690db7edfbc469279711b9e69495659d2" + resolved "https://registry.npmjs.org/@csstools/postcss-ic-unit/-/postcss-ic-unit-4.0.4.tgz" integrity sha512-yQ4VmossuOAql65sCPppVO1yfb7hDscf4GseF0VCA/DTDaBc0Wtf8MTqVPfjGYlT5+2buokG0Gp7y0atYZpwjg== dependencies: "@csstools/postcss-progressive-custom-properties" "^4.2.1" @@ -1275,12 +1311,12 @@ "@csstools/postcss-initial@^2.0.1": version "2.0.1" - resolved "https://registry.yarnpkg.com/@csstools/postcss-initial/-/postcss-initial-2.0.1.tgz#c385bd9d8ad31ad159edd7992069e97ceea4d09a" + resolved "https://registry.npmjs.org/@csstools/postcss-initial/-/postcss-initial-2.0.1.tgz" integrity sha512-L1wLVMSAZ4wovznquK0xmC7QSctzO4D0Is590bxpGqhqjboLXYA16dWZpfwImkdOgACdQ9PqXsuRroW6qPlEsg== "@csstools/postcss-is-pseudo-class@^5.0.3": version "5.0.3" - resolved "https://registry.yarnpkg.com/@csstools/postcss-is-pseudo-class/-/postcss-is-pseudo-class-5.0.3.tgz#d34e850bcad4013c2ed7abe948bfa0448aa8eb74" + resolved "https://registry.npmjs.org/@csstools/postcss-is-pseudo-class/-/postcss-is-pseudo-class-5.0.3.tgz" integrity sha512-jS/TY4SpG4gszAtIg7Qnf3AS2pjcUM5SzxpApOrlndMeGhIbaTzWBzzP/IApXoNWEW7OhcjkRT48jnAUIFXhAQ== dependencies: "@csstools/selector-specificity" "^5.0.0" @@ -1288,7 +1324,7 @@ "@csstools/postcss-light-dark-function@^2.0.11": version "2.0.11" - resolved "https://registry.yarnpkg.com/@csstools/postcss-light-dark-function/-/postcss-light-dark-function-2.0.11.tgz#0df448aab9a33cb9a085264ff1f396fb80c4437d" + resolved "https://registry.npmjs.org/@csstools/postcss-light-dark-function/-/postcss-light-dark-function-2.0.11.tgz" integrity sha512-fNJcKXJdPM3Lyrbmgw2OBbaioU7yuKZtiXClf4sGdQttitijYlZMD5K7HrC/eF83VRWRrYq6OZ0Lx92leV2LFA== dependencies: "@csstools/css-parser-algorithms" "^3.0.5" @@ -1298,29 +1334,29 @@ "@csstools/postcss-logical-float-and-clear@^3.0.0": version "3.0.0" - resolved "https://registry.yarnpkg.com/@csstools/postcss-logical-float-and-clear/-/postcss-logical-float-and-clear-3.0.0.tgz#62617564182cf86ab5d4e7485433ad91e4c58571" + resolved "https://registry.npmjs.org/@csstools/postcss-logical-float-and-clear/-/postcss-logical-float-and-clear-3.0.0.tgz" integrity sha512-SEmaHMszwakI2rqKRJgE+8rpotFfne1ZS6bZqBoQIicFyV+xT1UF42eORPxJkVJVrH9C0ctUgwMSn3BLOIZldQ== "@csstools/postcss-logical-overflow@^2.0.0": version "2.0.0" - resolved "https://registry.yarnpkg.com/@csstools/postcss-logical-overflow/-/postcss-logical-overflow-2.0.0.tgz#c6de7c5f04e3d4233731a847f6c62819bcbcfa1d" + resolved "https://registry.npmjs.org/@csstools/postcss-logical-overflow/-/postcss-logical-overflow-2.0.0.tgz" integrity sha512-spzR1MInxPuXKEX2csMamshR4LRaSZ3UXVaRGjeQxl70ySxOhMpP2252RAFsg8QyyBXBzuVOOdx1+bVO5bPIzA== "@csstools/postcss-logical-overscroll-behavior@^2.0.0": version "2.0.0" - resolved "https://registry.yarnpkg.com/@csstools/postcss-logical-overscroll-behavior/-/postcss-logical-overscroll-behavior-2.0.0.tgz#43c03eaecdf34055ef53bfab691db6dc97a53d37" + resolved "https://registry.npmjs.org/@csstools/postcss-logical-overscroll-behavior/-/postcss-logical-overscroll-behavior-2.0.0.tgz" integrity sha512-e/webMjoGOSYfqLunyzByZj5KKe5oyVg/YSbie99VEaSDE2kimFm0q1f6t/6Jo+VVCQ/jbe2Xy+uX+C4xzWs4w== "@csstools/postcss-logical-resize@^3.0.0": version "3.0.0" - resolved "https://registry.yarnpkg.com/@csstools/postcss-logical-resize/-/postcss-logical-resize-3.0.0.tgz#4df0eeb1a61d7bd85395e56a5cce350b5dbfdca6" + resolved "https://registry.npmjs.org/@csstools/postcss-logical-resize/-/postcss-logical-resize-3.0.0.tgz" integrity sha512-DFbHQOFW/+I+MY4Ycd/QN6Dg4Hcbb50elIJCfnwkRTCX05G11SwViI5BbBlg9iHRl4ytB7pmY5ieAFk3ws7yyg== dependencies: postcss-value-parser "^4.2.0" "@csstools/postcss-logical-viewport-units@^3.0.4": version "3.0.4" - resolved "https://registry.yarnpkg.com/@csstools/postcss-logical-viewport-units/-/postcss-logical-viewport-units-3.0.4.tgz#016d98a8b7b5f969e58eb8413447eb801add16fc" + resolved "https://registry.npmjs.org/@csstools/postcss-logical-viewport-units/-/postcss-logical-viewport-units-3.0.4.tgz" integrity sha512-q+eHV1haXA4w9xBwZLKjVKAWn3W2CMqmpNpZUk5kRprvSiBEGMgrNH3/sJZ8UA3JgyHaOt3jwT9uFa4wLX4EqQ== dependencies: "@csstools/css-tokenizer" "^3.0.4" @@ -1328,7 +1364,7 @@ "@csstools/postcss-media-minmax@^2.0.9": version "2.0.9" - resolved "https://registry.yarnpkg.com/@csstools/postcss-media-minmax/-/postcss-media-minmax-2.0.9.tgz#184252d5b93155ae526689328af6bdf3fc113987" + resolved "https://registry.npmjs.org/@csstools/postcss-media-minmax/-/postcss-media-minmax-2.0.9.tgz" integrity sha512-af9Qw3uS3JhYLnCbqtZ9crTvvkR+0Se+bBqSr7ykAnl9yKhk6895z9rf+2F4dClIDJWxgn0iZZ1PSdkhrbs2ig== dependencies: "@csstools/css-calc" "^2.1.4" @@ -1338,7 +1374,7 @@ "@csstools/postcss-media-queries-aspect-ratio-number-values@^3.0.5": version "3.0.5" - resolved "https://registry.yarnpkg.com/@csstools/postcss-media-queries-aspect-ratio-number-values/-/postcss-media-queries-aspect-ratio-number-values-3.0.5.tgz#f485c31ec13d6b0fb5c528a3474334a40eff5f11" + resolved "https://registry.npmjs.org/@csstools/postcss-media-queries-aspect-ratio-number-values/-/postcss-media-queries-aspect-ratio-number-values-3.0.5.tgz" integrity sha512-zhAe31xaaXOY2Px8IYfoVTB3wglbJUVigGphFLj6exb7cjZRH9A6adyE22XfFK3P2PzwRk0VDeTJmaxpluyrDg== dependencies: "@csstools/css-parser-algorithms" "^3.0.5" @@ -1347,7 +1383,7 @@ "@csstools/postcss-nested-calc@^4.0.0": version "4.0.0" - resolved "https://registry.yarnpkg.com/@csstools/postcss-nested-calc/-/postcss-nested-calc-4.0.0.tgz#754e10edc6958d664c11cde917f44ba144141c62" + resolved "https://registry.npmjs.org/@csstools/postcss-nested-calc/-/postcss-nested-calc-4.0.0.tgz" integrity sha512-jMYDdqrQQxE7k9+KjstC3NbsmC063n1FTPLCgCRS2/qHUbHM0mNy9pIn4QIiQGs9I/Bg98vMqw7mJXBxa0N88A== dependencies: "@csstools/utilities" "^2.0.0" @@ -1355,14 +1391,14 @@ "@csstools/postcss-normalize-display-values@^4.0.0": version "4.0.0" - resolved "https://registry.yarnpkg.com/@csstools/postcss-normalize-display-values/-/postcss-normalize-display-values-4.0.0.tgz#ecdde2daf4e192e5da0c6fd933b6d8aff32f2a36" + resolved "https://registry.npmjs.org/@csstools/postcss-normalize-display-values/-/postcss-normalize-display-values-4.0.0.tgz" integrity sha512-HlEoG0IDRoHXzXnkV4in47dzsxdsjdz6+j7MLjaACABX2NfvjFS6XVAnpaDyGesz9gK2SC7MbNwdCHusObKJ9Q== dependencies: postcss-value-parser "^4.2.0" "@csstools/postcss-oklab-function@^4.0.12": version "4.0.12" - resolved "https://registry.yarnpkg.com/@csstools/postcss-oklab-function/-/postcss-oklab-function-4.0.12.tgz#416640ef10227eea1375b47b72d141495950971d" + resolved "https://registry.npmjs.org/@csstools/postcss-oklab-function/-/postcss-oklab-function-4.0.12.tgz" integrity sha512-HhlSmnE1NKBhXsTnNGjxvhryKtO7tJd1w42DKOGFD6jSHtYOrsJTQDKPMwvOfrzUAk8t7GcpIfRyM7ssqHpFjg== dependencies: "@csstools/css-color-parser" "^3.1.0" @@ -1373,14 +1409,14 @@ "@csstools/postcss-progressive-custom-properties@^4.2.1": version "4.2.1" - resolved "https://registry.yarnpkg.com/@csstools/postcss-progressive-custom-properties/-/postcss-progressive-custom-properties-4.2.1.tgz#c39780b9ff0d554efb842b6bd75276aa6f1705db" + resolved "https://registry.npmjs.org/@csstools/postcss-progressive-custom-properties/-/postcss-progressive-custom-properties-4.2.1.tgz" integrity sha512-uPiiXf7IEKtUQXsxu6uWtOlRMXd2QWWy5fhxHDnPdXKCQckPP3E34ZgDoZ62r2iT+UOgWsSbM4NvHE5m3mAEdw== dependencies: postcss-value-parser "^4.2.0" "@csstools/postcss-random-function@^2.0.1": version "2.0.1" - resolved "https://registry.yarnpkg.com/@csstools/postcss-random-function/-/postcss-random-function-2.0.1.tgz#3191f32fe72936e361dadf7dbfb55a0209e2691e" + resolved "https://registry.npmjs.org/@csstools/postcss-random-function/-/postcss-random-function-2.0.1.tgz" integrity sha512-q+FQaNiRBhnoSNo+GzqGOIBKoHQ43lYz0ICrV+UudfWnEF6ksS6DsBIJSISKQT2Bvu3g4k6r7t0zYrk5pDlo8w== dependencies: "@csstools/css-calc" "^2.1.4" @@ -1389,7 +1425,7 @@ "@csstools/postcss-relative-color-syntax@^3.0.12": version "3.0.12" - resolved "https://registry.yarnpkg.com/@csstools/postcss-relative-color-syntax/-/postcss-relative-color-syntax-3.0.12.tgz#ced792450102441f7c160e1d106f33e4b44181f8" + resolved "https://registry.npmjs.org/@csstools/postcss-relative-color-syntax/-/postcss-relative-color-syntax-3.0.12.tgz" integrity sha512-0RLIeONxu/mtxRtf3o41Lq2ghLimw0w9ByLWnnEVuy89exmEEq8bynveBxNW3nyHqLAFEeNtVEmC1QK9MZ8Huw== dependencies: "@csstools/css-color-parser" "^3.1.0" @@ -1400,14 +1436,14 @@ "@csstools/postcss-scope-pseudo-class@^4.0.1": version "4.0.1" - resolved "https://registry.yarnpkg.com/@csstools/postcss-scope-pseudo-class/-/postcss-scope-pseudo-class-4.0.1.tgz#9fe60e9d6d91d58fb5fc6c768a40f6e47e89a235" + resolved "https://registry.npmjs.org/@csstools/postcss-scope-pseudo-class/-/postcss-scope-pseudo-class-4.0.1.tgz" integrity sha512-IMi9FwtH6LMNuLea1bjVMQAsUhFxJnyLSgOp/cpv5hrzWmrUYU5fm0EguNDIIOHUqzXode8F/1qkC/tEo/qN8Q== dependencies: postcss-selector-parser "^7.0.0" "@csstools/postcss-sign-functions@^1.1.4": version "1.1.4" - resolved "https://registry.yarnpkg.com/@csstools/postcss-sign-functions/-/postcss-sign-functions-1.1.4.tgz#a9ac56954014ae4c513475b3f1b3e3424a1e0c12" + resolved "https://registry.npmjs.org/@csstools/postcss-sign-functions/-/postcss-sign-functions-1.1.4.tgz" integrity sha512-P97h1XqRPcfcJndFdG95Gv/6ZzxUBBISem0IDqPZ7WMvc/wlO+yU0c5D/OCpZ5TJoTt63Ok3knGk64N+o6L2Pg== dependencies: "@csstools/css-calc" "^2.1.4" @@ -1416,7 +1452,7 @@ "@csstools/postcss-stepped-value-functions@^4.0.9": version "4.0.9" - resolved "https://registry.yarnpkg.com/@csstools/postcss-stepped-value-functions/-/postcss-stepped-value-functions-4.0.9.tgz#36036f1a0e5e5ee2308e72f3c9cb433567c387b9" + resolved "https://registry.npmjs.org/@csstools/postcss-stepped-value-functions/-/postcss-stepped-value-functions-4.0.9.tgz" integrity sha512-h9btycWrsex4dNLeQfyU3y3w40LMQooJWFMm/SK9lrKguHDcFl4VMkncKKoXi2z5rM9YGWbUQABI8BT2UydIcA== dependencies: "@csstools/css-calc" "^2.1.4" @@ -1425,7 +1461,7 @@ "@csstools/postcss-text-decoration-shorthand@^4.0.3": version "4.0.3" - resolved "https://registry.yarnpkg.com/@csstools/postcss-text-decoration-shorthand/-/postcss-text-decoration-shorthand-4.0.3.tgz#fae1b70f07d1b7beb4c841c86d69e41ecc6f743c" + resolved "https://registry.npmjs.org/@csstools/postcss-text-decoration-shorthand/-/postcss-text-decoration-shorthand-4.0.3.tgz" integrity sha512-KSkGgZfx0kQjRIYnpsD7X2Om9BUXX/Kii77VBifQW9Ih929hK0KNjVngHDH0bFB9GmfWcR9vJYJJRvw/NQjkrA== dependencies: "@csstools/color-helpers" "^5.1.0" @@ -1433,7 +1469,7 @@ "@csstools/postcss-trigonometric-functions@^4.0.9": version "4.0.9" - resolved "https://registry.yarnpkg.com/@csstools/postcss-trigonometric-functions/-/postcss-trigonometric-functions-4.0.9.tgz#3f94ed2e319b57f2c59720b64e4d0a8a6fb8c3b2" + resolved "https://registry.npmjs.org/@csstools/postcss-trigonometric-functions/-/postcss-trigonometric-functions-4.0.9.tgz" integrity sha512-Hnh5zJUdpNrJqK9v1/E3BbrQhaDTj5YiX7P61TOvUhoDHnUmsNNxcDAgkQ32RrcWx9GVUvfUNPcUkn8R3vIX6A== dependencies: "@csstools/css-calc" "^2.1.4" @@ -1442,37 +1478,37 @@ "@csstools/postcss-unset-value@^4.0.0": version "4.0.0" - resolved "https://registry.yarnpkg.com/@csstools/postcss-unset-value/-/postcss-unset-value-4.0.0.tgz#7caa981a34196d06a737754864baf77d64de4bba" + resolved "https://registry.npmjs.org/@csstools/postcss-unset-value/-/postcss-unset-value-4.0.0.tgz" integrity sha512-cBz3tOCI5Fw6NIFEwU3RiwK6mn3nKegjpJuzCndoGq3BZPkUjnsq7uQmIeMNeMbMk7YD2MfKcgCpZwX5jyXqCA== "@csstools/selector-resolve-nested@^3.1.0": version "3.1.0" - resolved "https://registry.yarnpkg.com/@csstools/selector-resolve-nested/-/selector-resolve-nested-3.1.0.tgz#848c6f44cb65e3733e478319b9342b7aa436fac7" + resolved "https://registry.npmjs.org/@csstools/selector-resolve-nested/-/selector-resolve-nested-3.1.0.tgz" integrity sha512-mf1LEW0tJLKfWyvn5KdDrhpxHyuxpbNwTIwOYLIvsTffeyOf85j5oIzfG0yosxDgx/sswlqBnESYUcQH0vgZ0g== "@csstools/selector-specificity@^5.0.0": version "5.0.0" - resolved "https://registry.yarnpkg.com/@csstools/selector-specificity/-/selector-specificity-5.0.0.tgz#037817b574262134cabd68fc4ec1a454f168407b" + resolved "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-5.0.0.tgz" integrity sha512-PCqQV3c4CoVm3kdPhyeZ07VmBRdH2EpMFA/pd9OASpOEC3aXNGoqPDAZ80D0cLpMBxnmk0+yNhGsEx31hq7Gtw== "@csstools/utilities@^2.0.0": version "2.0.0" - resolved "https://registry.yarnpkg.com/@csstools/utilities/-/utilities-2.0.0.tgz#f7ff0fee38c9ffb5646d47b6906e0bc8868bde60" + resolved "https://registry.npmjs.org/@csstools/utilities/-/utilities-2.0.0.tgz" integrity sha512-5VdOr0Z71u+Yp3ozOx8T11N703wIFGVRgOWbOZMKgglPJsWA54MRIoMNVMa7shUToIhx5J8vX4sOZgD2XiihiQ== "@discoveryjs/json-ext@0.5.7": version "0.5.7" - resolved "https://registry.yarnpkg.com/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz#1d572bfbbe14b7704e0ba0f39b74815b84870d70" + resolved "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz" integrity sha512-dBVuXR082gk3jsFp7Rd/JI4kytwGHecnCoTtXFb7DB6CNHp4rg5k1bhg0nWdLGLnOV71lmDzGQaLMy8iPLY0pw== "@docsearch/css@4.2.0": version "4.2.0" - resolved "https://registry.yarnpkg.com/@docsearch/css/-/css-4.2.0.tgz#473bb4c51f4b2b037a71f423e569907ab19e6d72" + resolved "https://registry.npmjs.org/@docsearch/css/-/css-4.2.0.tgz" integrity sha512-65KU9Fw5fGsPPPlgIghonMcndyx1bszzrDQYLfierN+Ha29yotMHzVS94bPkZS6On9LS8dE4qmW4P/fGjtCf/g== "@docsearch/react@^3.9.0 || ^4.1.0": version "4.2.0" - resolved "https://registry.yarnpkg.com/@docsearch/react/-/react-4.2.0.tgz#9dac48dfb4c1e5f18cf7323d8221d99c0d5f3e4e" + resolved "https://registry.npmjs.org/@docsearch/react/-/react-4.2.0.tgz" integrity sha512-zSN/KblmtBcerf7Z87yuKIHZQmxuXvYc6/m0+qnjyNu+Ir67AVOagTa1zBqcxkVUVkmBqUExdcyrdo9hbGbqTw== dependencies: "@ai-sdk/react" "^2.0.30" @@ -1485,7 +1521,7 @@ "@docusaurus/babel@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/babel/-/babel-3.9.2.tgz#f956c638baeccf2040e482c71a742bc7e35fdb22" + resolved "https://registry.npmjs.org/@docusaurus/babel/-/babel-3.9.2.tgz" integrity sha512-GEANdi/SgER+L7Japs25YiGil/AUDnFFHaCGPBbundxoWtCkA2lmy7/tFmgED4y1htAy6Oi4wkJEQdGssnw9MA== dependencies: "@babel/core" "^7.25.9" @@ -1506,7 +1542,7 @@ "@docusaurus/bundler@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/bundler/-/bundler-3.9.2.tgz#0ca82cda4acf13a493e3f66061aea351e9d356cf" + resolved "https://registry.npmjs.org/@docusaurus/bundler/-/bundler-3.9.2.tgz" integrity sha512-ZOVi6GYgTcsZcUzjblpzk3wH1Fya2VNpd5jtHoCCFcJlMQ1EYXZetfAnRHLcyiFeBABaI1ltTYbOBtH/gahGVA== dependencies: "@babel/core" "^7.25.9" @@ -1534,9 +1570,9 @@ webpack "^5.95.0" webpackbar "^6.0.1" -"@docusaurus/core@3.9.2", "@docusaurus/core@^3.8.1": +"@docusaurus/core@^3.0.0", "@docusaurus/core@^3.8.1", "@docusaurus/core@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/core/-/core-3.9.2.tgz#cc970f29b85a8926d63c84f8cffdcda43ed266ff" + resolved "https://registry.npmjs.org/@docusaurus/core/-/core-3.9.2.tgz" integrity sha512-HbjwKeC+pHUFBfLMNzuSjqFE/58+rLVKmOU3lxQrpsxLBOGosYco/Q0GduBb0/jEMRiyEqjNT/01rRdOMWq5pw== dependencies: "@docusaurus/babel" "3.9.2" @@ -1584,7 +1620,7 @@ "@docusaurus/cssnano-preset@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/cssnano-preset/-/cssnano-preset-3.9.2.tgz#523aab65349db3c51a77f2489048d28527759428" + resolved "https://registry.npmjs.org/@docusaurus/cssnano-preset/-/cssnano-preset-3.9.2.tgz" integrity sha512-8gBKup94aGttRduABsj7bpPFTX7kbwu+xh3K9NMCF5K4bWBqTFYW+REKHF6iBVDHRJ4grZdIPbvkiHd/XNKRMQ== dependencies: cssnano-preset-advanced "^6.1.2" @@ -1594,7 +1630,7 @@ "@docusaurus/logger@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/logger/-/logger-3.9.2.tgz#6ec6364b90f5a618a438cc9fd01ac7376869f92a" + resolved "https://registry.npmjs.org/@docusaurus/logger/-/logger-3.9.2.tgz" integrity sha512-/SVCc57ByARzGSU60c50rMyQlBuMIJCjcsJlkphxY6B0GV4UH3tcA1994N8fFfbJ9kX3jIBe/xg3XP5qBtGDbA== dependencies: chalk "^4.1.2" @@ -1602,7 +1638,7 @@ "@docusaurus/mdx-loader@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/mdx-loader/-/mdx-loader-3.9.2.tgz#78d238de6c6203fa811cc2a7e90b9b79e111408c" + resolved "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.9.2.tgz" integrity sha512-wiYoGwF9gdd6rev62xDU8AAM8JuLI/hlwOtCzMmYcspEkzecKrP8J8X+KpYnTlACBUUtXNJpSoCwFWJhLRevzQ== dependencies: "@docusaurus/logger" "3.9.2" @@ -1630,9 +1666,9 @@ vfile "^6.0.1" webpack "^5.88.1" -"@docusaurus/module-type-aliases@3.9.2", "@docusaurus/module-type-aliases@^3.8.1": +"@docusaurus/module-type-aliases@^3.8.1", "@docusaurus/module-type-aliases@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/module-type-aliases/-/module-type-aliases-3.9.2.tgz#993c7cb0114363dea5ef6855e989b3ad4b843a34" + resolved "https://registry.npmjs.org/@docusaurus/module-type-aliases/-/module-type-aliases-3.9.2.tgz" integrity sha512-8qVe2QA9hVLzvnxP46ysuofJUIc/yYQ82tvA/rBTrnpXtCjNSFLxEZfd5U8cYZuJIVlkPxamsIgwd5tGZXfvew== dependencies: "@docusaurus/types" "3.9.2" @@ -1645,7 +1681,7 @@ "@docusaurus/plugin-client-redirects@^3.8.1": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-client-redirects/-/plugin-client-redirects-3.9.2.tgz#9c27025c72aeeedeb783a94720163911567da0e8" + resolved "https://registry.npmjs.org/@docusaurus/plugin-client-redirects/-/plugin-client-redirects-3.9.2.tgz" integrity sha512-lUgMArI9vyOYMzLRBUILcg9vcPTCyyI2aiuXq/4npcMVqOr6GfmwtmBYWSbNMlIUM0147smm4WhpXD0KFboffw== dependencies: "@docusaurus/core" "3.9.2" @@ -1660,7 +1696,7 @@ "@docusaurus/plugin-content-blog@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.9.2.tgz#d5ce51eb7757bdab0515e2dd26a793ed4e119df9" + resolved "https://registry.npmjs.org/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.9.2.tgz" integrity sha512-3I2HXy3L1QcjLJLGAoTvoBnpOwa6DPUa3Q0dMK19UTY9mhPkKQg/DYhAGTiBUKcTR0f08iw7kLPqOhIgdV3eVQ== dependencies: "@docusaurus/core" "3.9.2" @@ -1682,9 +1718,9 @@ utility-types "^3.10.0" webpack "^5.88.1" -"@docusaurus/plugin-content-docs@3.9.2": +"@docusaurus/plugin-content-docs@*", "@docusaurus/plugin-content-docs@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.9.2.tgz#cd8f2d1c06e53c3fa3d24bdfcb48d237bf2d6b2e" + resolved "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.9.2.tgz" integrity sha512-C5wZsGuKTY8jEYsqdxhhFOe1ZDjH0uIYJ9T/jebHwkyxqnr4wW0jTkB72OMqNjsoQRcb0JN3PcSeTwFlVgzCZg== dependencies: "@docusaurus/core" "3.9.2" @@ -1708,7 +1744,7 @@ "@docusaurus/plugin-content-pages@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.9.2.tgz#22db6c88ade91cec0a9e87a00b8089898051b08d" + resolved "https://registry.npmjs.org/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.9.2.tgz" integrity sha512-s4849w/p4noXUrGpPUF0BPqIAfdAe76BLaRGAGKZ1gTDNiGxGcpsLcwJ9OTi1/V8A+AzvsmI9pkjie2zjIQZKA== dependencies: "@docusaurus/core" "3.9.2" @@ -1722,7 +1758,7 @@ "@docusaurus/plugin-css-cascade-layers@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-css-cascade-layers/-/plugin-css-cascade-layers-3.9.2.tgz#358c85f63f1c6a11f611f1b8889d9435c11b22f8" + resolved "https://registry.npmjs.org/@docusaurus/plugin-css-cascade-layers/-/plugin-css-cascade-layers-3.9.2.tgz" integrity sha512-w1s3+Ss+eOQbscGM4cfIFBlVg/QKxyYgj26k5AnakuHkKxH6004ZtuLe5awMBotIYF2bbGDoDhpgQ4r/kcj4rQ== dependencies: "@docusaurus/core" "3.9.2" @@ -1733,7 +1769,7 @@ "@docusaurus/plugin-debug@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-debug/-/plugin-debug-3.9.2.tgz#b5df4db115583f5404a252dbf66f379ff933e53c" + resolved "https://registry.npmjs.org/@docusaurus/plugin-debug/-/plugin-debug-3.9.2.tgz" integrity sha512-j7a5hWuAFxyQAkilZwhsQ/b3T7FfHZ+0dub6j/GxKNFJp2h9qk/P1Bp7vrGASnvA9KNQBBL1ZXTe7jlh4VdPdA== dependencies: "@docusaurus/core" "3.9.2" @@ -1745,7 +1781,7 @@ "@docusaurus/plugin-google-analytics@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.9.2.tgz#857fe075fdeccdf6959e62954d9efe39769fa247" + resolved "https://registry.npmjs.org/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.9.2.tgz" integrity sha512-mAwwQJ1Us9jL/lVjXtErXto4p4/iaLlweC54yDUK1a97WfkC6Z2k5/769JsFgwOwOP+n5mUQGACXOEQ0XDuVUw== dependencies: "@docusaurus/core" "3.9.2" @@ -1755,7 +1791,7 @@ "@docusaurus/plugin-google-gtag@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.9.2.tgz#df75b1a90ae9266b0471909ba0265f46d5dcae62" + resolved "https://registry.npmjs.org/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.9.2.tgz" integrity sha512-YJ4lDCphabBtw19ooSlc1MnxtYGpjFV9rEdzjLsUnBCeis2djUyCozZaFhCg6NGEwOn7HDDyMh0yzcdRpnuIvA== dependencies: "@docusaurus/core" "3.9.2" @@ -1766,7 +1802,7 @@ "@docusaurus/plugin-google-tag-manager@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.9.2.tgz#d1a3cf935acb7d31b84685e92d70a1d342946677" + resolved "https://registry.npmjs.org/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.9.2.tgz" integrity sha512-LJtIrkZN/tuHD8NqDAW1Tnw0ekOwRTfobWPsdO15YxcicBo2ykKF0/D6n0vVBfd3srwr9Z6rzrIWYrMzBGrvNw== dependencies: "@docusaurus/core" "3.9.2" @@ -1776,7 +1812,7 @@ "@docusaurus/plugin-sitemap@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.9.2.tgz#e1d9f7012942562cc0c6543d3cb2cdc4ae713dc4" + resolved "https://registry.npmjs.org/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.9.2.tgz" integrity sha512-WLh7ymgDXjG8oPoM/T4/zUP7KcSuFYRZAUTl8vR6VzYkfc18GBM4xLhcT+AKOwun6kBivYKUJf+vlqYJkm+RHw== dependencies: "@docusaurus/core" "3.9.2" @@ -1791,7 +1827,7 @@ "@docusaurus/plugin-svgr@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/plugin-svgr/-/plugin-svgr-3.9.2.tgz#62857ed79d97c0150d25f7e7380fdee65671163a" + resolved "https://registry.npmjs.org/@docusaurus/plugin-svgr/-/plugin-svgr-3.9.2.tgz" integrity sha512-n+1DE+5b3Lnf27TgVU5jM1d4x5tUh2oW5LTsBxJX4PsAPV0JGcmI6p3yLYtEY0LRVEIJh+8RsdQmRE66wSV8mw== dependencies: "@docusaurus/core" "3.9.2" @@ -1805,7 +1841,7 @@ "@docusaurus/preset-classic@^3.8.1": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/preset-classic/-/preset-classic-3.9.2.tgz#85cc4f91baf177f8146c9ce896dfa1f0fd377050" + resolved "https://registry.npmjs.org/@docusaurus/preset-classic/-/preset-classic-3.9.2.tgz" integrity sha512-IgyYO2Gvaigi21LuDIe+nvmN/dfGXAiMcV/murFqcpjnZc7jxFAxW+9LEjdPt61uZLxG4ByW/oUmX/DDK9t/8w== dependencies: "@docusaurus/core" "3.9.2" @@ -1826,7 +1862,7 @@ "@docusaurus/theme-classic@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/theme-classic/-/theme-classic-3.9.2.tgz#6e514f99a0ff42b80afcf42d5e5d042618311ce0" + resolved "https://registry.npmjs.org/@docusaurus/theme-classic/-/theme-classic-3.9.2.tgz" integrity sha512-IGUsArG5hhekXd7RDb11v94ycpJpFdJPkLnt10fFQWOVxAtq5/D7hT6lzc2fhyQKaaCE62qVajOMKL7OiAFAIA== dependencies: "@docusaurus/core" "3.9.2" @@ -1857,7 +1893,7 @@ "@docusaurus/theme-common@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/theme-common/-/theme-common-3.9.2.tgz#487172c6fef9815c2746ef62a71e4f5b326f9ba5" + resolved "https://registry.npmjs.org/@docusaurus/theme-common/-/theme-common-3.9.2.tgz" integrity sha512-6c4DAbR6n6nPbnZhY2V3tzpnKnGL+6aOsLvFL26VRqhlczli9eWG0VDUNoCQEPnGwDMhPS42UhSAnz5pThm5Ag== dependencies: "@docusaurus/mdx-loader" "3.9.2" @@ -1875,7 +1911,7 @@ "@docusaurus/theme-search-algolia@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.9.2.tgz#420fd5b27fc1673b48151fdc9fe7167ba135ed50" + resolved "https://registry.npmjs.org/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.9.2.tgz" integrity sha512-GBDSFNwjnh5/LdkxCKQHkgO2pIMX1447BxYUBG2wBiajS21uj64a+gH/qlbQjDLxmGrbrllBrtJkUHxIsiwRnw== dependencies: "@docsearch/react" "^3.9.0 || ^4.1.0" @@ -1897,15 +1933,15 @@ "@docusaurus/theme-translations@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/theme-translations/-/theme-translations-3.9.2.tgz#238cd69c2da92d612be3d3b4f95944c1d0f1e041" + resolved "https://registry.npmjs.org/@docusaurus/theme-translations/-/theme-translations-3.9.2.tgz" integrity sha512-vIryvpP18ON9T9rjgMRFLr2xJVDpw1rtagEGf8Ccce4CkTrvM/fRB8N2nyWYOW5u3DdjkwKw5fBa+3tbn9P4PA== dependencies: fs-extra "^11.1.1" tslib "^2.6.0" -"@docusaurus/types@3.9.2", "@docusaurus/types@^3.8.1": +"@docusaurus/types@^3.8.1", "@docusaurus/types@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/types/-/types-3.9.2.tgz#e482cf18faea0d1fa5ce0e3f1e28e0f32d2593eb" + resolved "https://registry.npmjs.org/@docusaurus/types/-/types-3.9.2.tgz" integrity sha512-Ux1JUNswg+EfUEmajJjyhIohKceitY/yzjRUpu04WXgvVz+fbhVC0p+R0JhvEu4ytw8zIAys2hrdpQPBHRIa8Q== dependencies: "@mdx-js/mdx" "^3.0.0" @@ -1921,7 +1957,7 @@ "@docusaurus/utils-common@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/utils-common/-/utils-common-3.9.2.tgz#e89bfcf43d66359f43df45293fcdf22814847460" + resolved "https://registry.npmjs.org/@docusaurus/utils-common/-/utils-common-3.9.2.tgz" integrity sha512-I53UC1QctruA6SWLvbjbhCpAw7+X7PePoe5pYcwTOEXD/PxeP8LnECAhTHHwWCblyUX5bMi4QLRkxvyZ+IT8Aw== dependencies: "@docusaurus/types" "3.9.2" @@ -1929,7 +1965,7 @@ "@docusaurus/utils-validation@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/utils-validation/-/utils-validation-3.9.2.tgz#04aec285604790806e2fc5aa90aa950dc7ba75ae" + resolved "https://registry.npmjs.org/@docusaurus/utils-validation/-/utils-validation-3.9.2.tgz" integrity sha512-l7yk3X5VnNmATbwijJkexdhulNsQaNDwoagiwujXoxFbWLcxHQqNQ+c/IAlzrfMMOfa/8xSBZ7KEKDesE/2J7A== dependencies: "@docusaurus/logger" "3.9.2" @@ -1943,7 +1979,7 @@ "@docusaurus/utils@3.9.2": version "3.9.2" - resolved "https://registry.yarnpkg.com/@docusaurus/utils/-/utils-3.9.2.tgz#ffab7922631c7e0febcb54e6d499f648bf8a89eb" + resolved "https://registry.npmjs.org/@docusaurus/utils/-/utils-3.9.2.tgz" integrity sha512-lBSBiRruFurFKXr5Hbsl2thmGweAPmddhF3jb99U4EMDA5L+e5Y1rAkOS07Nvrup7HUMBDrCV45meaxZnt28nQ== dependencies: "@docusaurus/logger" "3.9.2" @@ -1970,26 +2006,26 @@ "@hapi/hoek@^9.0.0", "@hapi/hoek@^9.3.0": version "9.3.0" - resolved "https://registry.yarnpkg.com/@hapi/hoek/-/hoek-9.3.0.tgz#8368869dcb735be2e7f5cb7647de78e167a251fb" + resolved "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.3.0.tgz" integrity sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ== "@hapi/topo@^5.1.0": version "5.1.0" - resolved "https://registry.yarnpkg.com/@hapi/topo/-/topo-5.1.0.tgz#dc448e332c6c6e37a4dc02fd84ba8d44b9afb012" + resolved "https://registry.npmjs.org/@hapi/topo/-/topo-5.1.0.tgz" integrity sha512-foQZKJig7Ob0BMAYBfcJk8d77QtOe7Wo4ox7ff1lQYoNNAb6jwcY1ncdoy2e9wQZzvNy7ODZCYJkK8kzmcAnAg== dependencies: "@hapi/hoek" "^9.0.0" "@jest/schemas@^29.6.3": version "29.6.3" - resolved "https://registry.yarnpkg.com/@jest/schemas/-/schemas-29.6.3.tgz#430b5ce8a4e0044a7e3819663305a7b3091c8e03" + resolved "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz" integrity sha512-mo5j5X+jIZmJQveBKeS/clAueipV7KgiX1vMgCxam1RNYiqE1w62n0/tJJnHtjW8ZHcQco5gY85jA3mi0L+nSA== dependencies: "@sinclair/typebox" "^0.27.8" "@jest/types@^29.6.3": version "29.6.3" - resolved "https://registry.yarnpkg.com/@jest/types/-/types-29.6.3.tgz#1131f8cf634e7e84c5e77bab12f052af585fba59" + resolved "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz" integrity sha512-u3UPsIilWKOM3F9CXtrG8LEJmNxwoCQC/XVj4IKYXvvpx7QIi/Kg1LI5uDmDpKlac62NUtX7eLjRh+jVZcLOzw== dependencies: "@jest/schemas" "^29.6.3" @@ -2001,7 +2037,7 @@ "@jridgewell/gen-mapping@^0.3.12", "@jridgewell/gen-mapping@^0.3.5": version "0.3.13" - resolved "https://registry.yarnpkg.com/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz#6342a19f44347518c93e43b1ac69deb3c4656a1f" + resolved "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz" integrity sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA== dependencies: "@jridgewell/sourcemap-codec" "^1.5.0" @@ -2009,7 +2045,7 @@ "@jridgewell/remapping@^2.3.5": version "2.3.5" - resolved "https://registry.yarnpkg.com/@jridgewell/remapping/-/remapping-2.3.5.tgz#375c476d1972947851ba1e15ae8f123047445aa1" + resolved "https://registry.npmjs.org/@jridgewell/remapping/-/remapping-2.3.5.tgz" integrity sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ== dependencies: "@jridgewell/gen-mapping" "^0.3.5" @@ -2017,12 +2053,12 @@ "@jridgewell/resolve-uri@^3.1.0": version "3.1.2" - resolved "https://registry.yarnpkg.com/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz#7a0ee601f60f99a20c7c7c5ff0c80388c1189bd6" + resolved "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz" integrity sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw== "@jridgewell/source-map@^0.3.3": version "0.3.11" - resolved "https://registry.yarnpkg.com/@jridgewell/source-map/-/source-map-0.3.11.tgz#b21835cbd36db656b857c2ad02ebd413cc13a9ba" + resolved "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.11.tgz" integrity sha512-ZMp1V8ZFcPG5dIWnQLr3NSI1MiCU7UETdS/A0G8V/XWHvJv3ZsFqutJn1Y5RPmAPX6F3BiE397OqveU/9NCuIA== dependencies: "@jridgewell/gen-mapping" "^0.3.5" @@ -2030,12 +2066,12 @@ "@jridgewell/sourcemap-codec@^1.4.14", "@jridgewell/sourcemap-codec@^1.5.0": version "1.5.5" - resolved "https://registry.yarnpkg.com/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz#6912b00d2c631c0d15ce1a7ab57cd657f2a8f8ba" + resolved "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz" integrity sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og== "@jridgewell/trace-mapping@^0.3.18", "@jridgewell/trace-mapping@^0.3.24", "@jridgewell/trace-mapping@^0.3.25", "@jridgewell/trace-mapping@^0.3.28": version "0.3.31" - resolved "https://registry.yarnpkg.com/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz#db15d6781c931f3a251a3dac39501c98a6082fd0" + resolved "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz" integrity sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw== dependencies: "@jridgewell/resolve-uri" "^3.1.0" @@ -2043,22 +2079,22 @@ "@jsonjoy.com/base64@^1.1.2": version "1.1.2" - resolved "https://registry.yarnpkg.com/@jsonjoy.com/base64/-/base64-1.1.2.tgz#cf8ea9dcb849b81c95f14fc0aaa151c6b54d2578" + resolved "https://registry.npmjs.org/@jsonjoy.com/base64/-/base64-1.1.2.tgz" integrity sha512-q6XAnWQDIMA3+FTiOYajoYqySkO+JSat0ytXGSuRdq9uXE7o92gzuQwQM14xaCRlBLGq3v5miDGC4vkVTn54xA== "@jsonjoy.com/buffers@^1.0.0", "@jsonjoy.com/buffers@^1.2.0": version "1.2.1" - resolved "https://registry.yarnpkg.com/@jsonjoy.com/buffers/-/buffers-1.2.1.tgz#8d99c7f67eaf724d3428dfd9826c6455266a5c83" + resolved "https://registry.npmjs.org/@jsonjoy.com/buffers/-/buffers-1.2.1.tgz" integrity sha512-12cdlDwX4RUM3QxmUbVJWqZ/mrK6dFQH4Zxq6+r1YXKXYBNgZXndx2qbCJwh3+WWkCSn67IjnlG3XYTvmvYtgA== "@jsonjoy.com/codegen@^1.0.0": version "1.0.0" - resolved "https://registry.yarnpkg.com/@jsonjoy.com/codegen/-/codegen-1.0.0.tgz#5c23f796c47675f166d23b948cdb889184b93207" + resolved "https://registry.npmjs.org/@jsonjoy.com/codegen/-/codegen-1.0.0.tgz" integrity sha512-E8Oy+08cmCf0EK/NMxpaJZmOxPqM+6iSe2S4nlSBrPZOORoDJILxtbSUEDKQyTamm/BVAhIGllOBNU79/dwf0g== "@jsonjoy.com/json-pack@^1.11.0": version "1.21.0" - resolved "https://registry.yarnpkg.com/@jsonjoy.com/json-pack/-/json-pack-1.21.0.tgz#93f8dd57fe3a3a92132b33d1eb182dcd9e7629fa" + resolved "https://registry.npmjs.org/@jsonjoy.com/json-pack/-/json-pack-1.21.0.tgz" integrity sha512-+AKG+R2cfZMShzrF2uQw34v3zbeDYUqnQ+jg7ORic3BGtfw9p/+N6RJbq/kkV8JmYZaINknaEQ2m0/f693ZPpg== dependencies: "@jsonjoy.com/base64" "^1.1.2" @@ -2072,7 +2108,7 @@ "@jsonjoy.com/json-pointer@^1.0.2": version "1.0.2" - resolved "https://registry.yarnpkg.com/@jsonjoy.com/json-pointer/-/json-pointer-1.0.2.tgz#049cb530ac24e84cba08590c5e36b431c4843408" + resolved "https://registry.npmjs.org/@jsonjoy.com/json-pointer/-/json-pointer-1.0.2.tgz" integrity sha512-Fsn6wM2zlDzY1U+v4Nc8bo3bVqgfNTGcn6dMgs6FjrEnt4ZCe60o6ByKRjOGlI2gow0aE/Q41QOigdTqkyK5fg== dependencies: "@jsonjoy.com/codegen" "^1.0.0" @@ -2080,7 +2116,7 @@ "@jsonjoy.com/util@^1.9.0": version "1.9.0" - resolved "https://registry.yarnpkg.com/@jsonjoy.com/util/-/util-1.9.0.tgz#7ee95586aed0a766b746cd8d8363e336c3c47c46" + resolved "https://registry.npmjs.org/@jsonjoy.com/util/-/util-1.9.0.tgz" integrity sha512-pLuQo+VPRnN8hfPqUTLTHk126wuYdXVxE6aDmjSeV4NCAgyxWbiOIeNJVtID3h1Vzpoi9m4jXezf73I6LgabgQ== dependencies: "@jsonjoy.com/buffers" "^1.0.0" @@ -2088,17 +2124,17 @@ "@keyv/serialize@^1.1.1": version "1.1.1" - resolved "https://registry.yarnpkg.com/@keyv/serialize/-/serialize-1.1.1.tgz#0c01dd3a3483882af7cf3878d4e71d505c81fc4a" + resolved "https://registry.npmjs.org/@keyv/serialize/-/serialize-1.1.1.tgz" integrity sha512-dXn3FZhPv0US+7dtJsIi2R+c7qWYiReoEh5zUntWCf4oSpMNib8FDhSoed6m3QyZdx5hK7iLFkYk3rNxwt8vTA== "@leichtgewicht/ip-codec@^2.0.1": version "2.0.5" - resolved "https://registry.yarnpkg.com/@leichtgewicht/ip-codec/-/ip-codec-2.0.5.tgz#4fc56c15c580b9adb7dc3c333a134e540b44bfb1" + resolved "https://registry.npmjs.org/@leichtgewicht/ip-codec/-/ip-codec-2.0.5.tgz" integrity sha512-Vo+PSpZG2/fmgmiNzYK9qWRh8h/CHrwD0mo1h1DzL4yzHNSfWYujGTYsWGreD000gcgmZ7K4Ys6Tx9TxtsKdDw== "@mdx-js/mdx@^3.0.0": version "3.1.1" - resolved "https://registry.yarnpkg.com/@mdx-js/mdx/-/mdx-3.1.1.tgz#c5ffd991a7536b149e17175eee57a1a2a511c6d1" + resolved "https://registry.npmjs.org/@mdx-js/mdx/-/mdx-3.1.1.tgz" integrity sha512-f6ZO2ifpwAQIpzGWaBQT2TXxPv6z3RBzQKpVftEWN78Vl/YweF1uwussDx8ECAXVtr3Rs89fKyG9YlzUs9DyGQ== dependencies: "@types/estree" "^1.0.0" @@ -2129,27 +2165,27 @@ "@mdx-js/react@^3.0.0": version "3.1.1" - resolved "https://registry.yarnpkg.com/@mdx-js/react/-/react-3.1.1.tgz#24bda7fffceb2fe256f954482123cda1be5f5fef" + resolved "https://registry.npmjs.org/@mdx-js/react/-/react-3.1.1.tgz" integrity sha512-f++rKLQgUVYDAtECQ6fn/is15GkEH9+nZPM3MS0RcxVqoTfawHvDlSCH7JbMhAM6uJ32v3eXLvLmLvjGu7PTQw== dependencies: "@types/mdx" "^2.0.0" "@nodelib/fs.scandir@2.1.5": version "2.1.5" - resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5" + resolved "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz" integrity sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g== dependencies: "@nodelib/fs.stat" "2.0.5" run-parallel "^1.1.9" -"@nodelib/fs.stat@2.0.5", "@nodelib/fs.stat@^2.0.2": +"@nodelib/fs.stat@^2.0.2", "@nodelib/fs.stat@2.0.5": version "2.0.5" - resolved "https://registry.yarnpkg.com/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz#5bd262af94e9d25bd1e71b05deed44876a222e8b" + resolved "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz" integrity sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A== "@nodelib/fs.walk@^1.2.3": version "1.2.8" - resolved "https://registry.yarnpkg.com/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz#e95737e8bb6746ddedf69c556953494f196fe69a" + resolved "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz" integrity sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg== dependencies: "@nodelib/fs.scandir" "2.1.5" @@ -2157,24 +2193,24 @@ "@opentelemetry/api@1.9.0": version "1.9.0" - resolved "https://registry.yarnpkg.com/@opentelemetry/api/-/api-1.9.0.tgz#d03eba68273dc0f7509e2a3d5cba21eae10379fe" + resolved "https://registry.npmjs.org/@opentelemetry/api/-/api-1.9.0.tgz" integrity sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg== "@pnpm/config.env-replace@^1.1.0": version "1.1.0" - resolved "https://registry.yarnpkg.com/@pnpm/config.env-replace/-/config.env-replace-1.1.0.tgz#ab29da53df41e8948a00f2433f085f54de8b3a4c" + resolved "https://registry.npmjs.org/@pnpm/config.env-replace/-/config.env-replace-1.1.0.tgz" integrity sha512-htyl8TWnKL7K/ESFa1oW2UB5lVDxuF5DpM7tBi6Hu2LNL3mWkIzNLG6N4zoCUP1lCKNxWy/3iu8mS8MvToGd6w== "@pnpm/network.ca-file@^1.0.1": version "1.0.2" - resolved "https://registry.yarnpkg.com/@pnpm/network.ca-file/-/network.ca-file-1.0.2.tgz#2ab05e09c1af0cdf2fcf5035bea1484e222f7983" + resolved "https://registry.npmjs.org/@pnpm/network.ca-file/-/network.ca-file-1.0.2.tgz" integrity sha512-YcPQ8a0jwYU9bTdJDpXjMi7Brhkr1mXsXrUJvjqM2mQDgkRiz8jFaQGOdaLxgjtUfQgZhKy/O3cG/YwmgKaxLA== dependencies: graceful-fs "4.2.10" "@pnpm/npm-conf@^2.1.0": version "2.3.1" - resolved "https://registry.yarnpkg.com/@pnpm/npm-conf/-/npm-conf-2.3.1.tgz#bb375a571a0bd63ab0a23bece33033c683e9b6b0" + resolved "https://registry.npmjs.org/@pnpm/npm-conf/-/npm-conf-2.3.1.tgz" integrity sha512-c83qWb22rNRuB0UaVCI0uRPNRr8Z0FWnEIvT47jiHAmOIUHbBOg5XvV7pM5x+rKn9HRpjxquDbXYSXr3fAKFcw== dependencies: "@pnpm/config.env-replace" "^1.1.0" @@ -2183,49 +2219,49 @@ "@polka/url@^1.0.0-next.24": version "1.0.0-next.29" - resolved "https://registry.yarnpkg.com/@polka/url/-/url-1.0.0-next.29.tgz#5a40109a1ab5f84d6fd8fc928b19f367cbe7e7b1" + resolved "https://registry.npmjs.org/@polka/url/-/url-1.0.0-next.29.tgz" integrity sha512-wwQAWhWSuHaag8c4q/KN/vCoeOJYshAIvMQwD4GpSb3OiZklFfvAgmj0VCBBImRpuF/aFgIRzllXlVX93Jevww== "@sec-ant/readable-stream@^0.4.1": version "0.4.1" - resolved "https://registry.yarnpkg.com/@sec-ant/readable-stream/-/readable-stream-0.4.1.tgz#60de891bb126abfdc5410fdc6166aca065f10a0c" + resolved "https://registry.npmjs.org/@sec-ant/readable-stream/-/readable-stream-0.4.1.tgz" integrity sha512-831qok9r2t8AlxLko40y2ebgSDhenenCatLVeW/uBtnHPyhHOvG0C7TvfgecV+wHzIm5KUICgzmVpWS+IMEAeg== "@sideway/address@^4.1.5": version "4.1.5" - resolved "https://registry.yarnpkg.com/@sideway/address/-/address-4.1.5.tgz#4bc149a0076623ced99ca8208ba780d65a99b9d5" + resolved "https://registry.npmjs.org/@sideway/address/-/address-4.1.5.tgz" integrity sha512-IqO/DUQHUkPeixNQ8n0JA6102hT9CmaljNTPmQ1u8MEhBo/R4Q8eKLN/vGZxuebwOroDB4cbpjheD4+/sKFK4Q== dependencies: "@hapi/hoek" "^9.0.0" "@sideway/formula@^3.0.1": version "3.0.1" - resolved "https://registry.yarnpkg.com/@sideway/formula/-/formula-3.0.1.tgz#80fcbcbaf7ce031e0ef2dd29b1bfc7c3f583611f" + resolved "https://registry.npmjs.org/@sideway/formula/-/formula-3.0.1.tgz" integrity sha512-/poHZJJVjx3L+zVD6g9KgHfYnb443oi7wLu/XKojDviHy6HOEOA6z1Trk5aR1dGcmPenJEgb2sK2I80LeS3MIg== "@sideway/pinpoint@^2.0.0": version "2.0.0" - resolved "https://registry.yarnpkg.com/@sideway/pinpoint/-/pinpoint-2.0.0.tgz#cff8ffadc372ad29fd3f78277aeb29e632cc70df" + resolved "https://registry.npmjs.org/@sideway/pinpoint/-/pinpoint-2.0.0.tgz" integrity sha512-RNiOoTPkptFtSVzQevY/yWtZwf/RxyVnPy/OcA9HBM3MlGDnBEYL5B41H0MTn0Uec8Hi+2qUtTfG2WWZBmMejQ== "@sinclair/typebox@^0.27.8": version "0.27.8" - resolved "https://registry.yarnpkg.com/@sinclair/typebox/-/typebox-0.27.8.tgz#6667fac16c436b5434a387a34dedb013198f6e6e" + resolved "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz" integrity sha512-+Fj43pSMwJs4KRrH/938Uf+uAELIgVBmQzg/q1YG10djyfA3TnrU8N8XzqCh/okZdszqBQTZf96idMfE5lnwTA== "@sindresorhus/is@^4.6.0": version "4.6.0" - resolved "https://registry.yarnpkg.com/@sindresorhus/is/-/is-4.6.0.tgz#3c7c9c46e678feefe7a2e5bb609d3dbd665ffb3f" + resolved "https://registry.npmjs.org/@sindresorhus/is/-/is-4.6.0.tgz" integrity sha512-t09vSN3MdfsyCHoFcTRCH/iUtG7OJ0CsjzB8cjAmKc/va/kIgeDI/TxsigdncE/4be734m0cvIYwNaV4i2XqAw== "@sindresorhus/is@^7.0.1": version "7.1.0" - resolved "https://registry.yarnpkg.com/@sindresorhus/is/-/is-7.1.0.tgz#ae17a8f9188644a9be064e0e67932351f82fe967" + resolved "https://registry.npmjs.org/@sindresorhus/is/-/is-7.1.0.tgz" integrity sha512-7F/yz2IphV39hiS2zB4QYVkivrptHHh0K8qJJd9HhuWSdvf8AN7NpebW3CcDZDBQsUPMoDKWsY2WWgW7bqOcfA== "@slorber/remark-comment@^1.0.0": version "1.0.0" - resolved "https://registry.yarnpkg.com/@slorber/remark-comment/-/remark-comment-1.0.0.tgz#2a020b3f4579c89dec0361673206c28d67e08f5a" + resolved "https://registry.npmjs.org/@slorber/remark-comment/-/remark-comment-1.0.0.tgz" integrity sha512-RCE24n7jsOj1M0UPvIQCHTe7fI0sFL4S2nwKVWwHyVr/wI/H8GosgsJGyhnsZoGFnD/P2hLf1mSbrrgSLN93NA== dependencies: micromark-factory-space "^1.0.0" @@ -2234,52 +2270,52 @@ "@standard-schema/spec@^1.0.0": version "1.0.0" - resolved "https://registry.yarnpkg.com/@standard-schema/spec/-/spec-1.0.0.tgz#f193b73dc316c4170f2e82a881da0f550d551b9c" + resolved "https://registry.npmjs.org/@standard-schema/spec/-/spec-1.0.0.tgz" integrity sha512-m2bOd0f2RT9k8QJx1JN85cZYyH1RqFBdlwtkSlf4tBDYLCiiZnv1fIIwacK6cqwXavOydf0NPToMQgpKq+dVlA== "@svgr/babel-plugin-add-jsx-attribute@8.0.0": version "8.0.0" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-add-jsx-attribute/-/babel-plugin-add-jsx-attribute-8.0.0.tgz#4001f5d5dd87fa13303e36ee106e3ff3a7eb8b22" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-add-jsx-attribute/-/babel-plugin-add-jsx-attribute-8.0.0.tgz" integrity sha512-b9MIk7yhdS1pMCZM8VeNfUlSKVRhsHZNMl5O9SfaX0l0t5wjdgu4IDzGB8bpnGBBOjGST3rRFVsaaEtI4W6f7g== "@svgr/babel-plugin-remove-jsx-attribute@8.0.0": version "8.0.0" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-remove-jsx-attribute/-/babel-plugin-remove-jsx-attribute-8.0.0.tgz#69177f7937233caca3a1afb051906698f2f59186" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-remove-jsx-attribute/-/babel-plugin-remove-jsx-attribute-8.0.0.tgz" integrity sha512-BcCkm/STipKvbCl6b7QFrMh/vx00vIP63k2eM66MfHJzPr6O2U0jYEViXkHJWqXqQYjdeA9cuCl5KWmlwjDvbA== "@svgr/babel-plugin-remove-jsx-empty-expression@8.0.0": version "8.0.0" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-remove-jsx-empty-expression/-/babel-plugin-remove-jsx-empty-expression-8.0.0.tgz#c2c48104cfd7dcd557f373b70a56e9e3bdae1d44" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-remove-jsx-empty-expression/-/babel-plugin-remove-jsx-empty-expression-8.0.0.tgz" integrity sha512-5BcGCBfBxB5+XSDSWnhTThfI9jcO5f0Ai2V24gZpG+wXF14BzwxxdDb4g6trdOux0rhibGs385BeFMSmxtS3uA== "@svgr/babel-plugin-replace-jsx-attribute-value@8.0.0": version "8.0.0" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-replace-jsx-attribute-value/-/babel-plugin-replace-jsx-attribute-value-8.0.0.tgz#8fbb6b2e91fa26ac5d4aa25c6b6e4f20f9c0ae27" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-replace-jsx-attribute-value/-/babel-plugin-replace-jsx-attribute-value-8.0.0.tgz" integrity sha512-KVQ+PtIjb1BuYT3ht8M5KbzWBhdAjjUPdlMtpuw/VjT8coTrItWX6Qafl9+ji831JaJcu6PJNKCV0bp01lBNzQ== "@svgr/babel-plugin-svg-dynamic-title@8.0.0": version "8.0.0" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-svg-dynamic-title/-/babel-plugin-svg-dynamic-title-8.0.0.tgz#1d5ba1d281363fc0f2f29a60d6d936f9bbc657b0" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-svg-dynamic-title/-/babel-plugin-svg-dynamic-title-8.0.0.tgz" integrity sha512-omNiKqwjNmOQJ2v6ge4SErBbkooV2aAWwaPFs2vUY7p7GhVkzRkJ00kILXQvRhA6miHnNpXv7MRnnSjdRjK8og== "@svgr/babel-plugin-svg-em-dimensions@8.0.0": version "8.0.0" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-svg-em-dimensions/-/babel-plugin-svg-em-dimensions-8.0.0.tgz#35e08df300ea8b1d41cb8f62309c241b0369e501" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-svg-em-dimensions/-/babel-plugin-svg-em-dimensions-8.0.0.tgz" integrity sha512-mURHYnu6Iw3UBTbhGwE/vsngtCIbHE43xCRK7kCw4t01xyGqb2Pd+WXekRRoFOBIY29ZoOhUCTEweDMdrjfi9g== "@svgr/babel-plugin-transform-react-native-svg@8.1.0": version "8.1.0" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-transform-react-native-svg/-/babel-plugin-transform-react-native-svg-8.1.0.tgz#90a8b63998b688b284f255c6a5248abd5b28d754" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-transform-react-native-svg/-/babel-plugin-transform-react-native-svg-8.1.0.tgz" integrity sha512-Tx8T58CHo+7nwJ+EhUwx3LfdNSG9R2OKfaIXXs5soiy5HtgoAEkDay9LIimLOcG8dJQH1wPZp/cnAv6S9CrR1Q== "@svgr/babel-plugin-transform-svg-component@8.0.0": version "8.0.0" - resolved "https://registry.yarnpkg.com/@svgr/babel-plugin-transform-svg-component/-/babel-plugin-transform-svg-component-8.0.0.tgz#013b4bfca88779711f0ed2739f3f7efcefcf4f7e" + resolved "https://registry.npmjs.org/@svgr/babel-plugin-transform-svg-component/-/babel-plugin-transform-svg-component-8.0.0.tgz" integrity sha512-DFx8xa3cZXTdb/k3kfPeaixecQLgKh5NVBMwD0AQxOzcZawK4oo1Jh9LbrcACUivsCA7TLG8eeWgrDXjTMhRmw== "@svgr/babel-preset@8.1.0": version "8.1.0" - resolved "https://registry.yarnpkg.com/@svgr/babel-preset/-/babel-preset-8.1.0.tgz#0e87119aecdf1c424840b9d4565b7137cabf9ece" + resolved "https://registry.npmjs.org/@svgr/babel-preset/-/babel-preset-8.1.0.tgz" integrity sha512-7EYDbHE7MxHpv4sxvnVPngw5fuR6pw79SkcrILHJ/iMpuKySNCl5W1qcwPEpU+LgyRXOaAFgH0KhwD18wwg6ug== dependencies: "@svgr/babel-plugin-add-jsx-attribute" "8.0.0" @@ -2291,9 +2327,9 @@ "@svgr/babel-plugin-transform-react-native-svg" "8.1.0" "@svgr/babel-plugin-transform-svg-component" "8.0.0" -"@svgr/core@8.1.0": +"@svgr/core@*", "@svgr/core@8.1.0": version "8.1.0" - resolved "https://registry.yarnpkg.com/@svgr/core/-/core-8.1.0.tgz#41146f9b40b1a10beaf5cc4f361a16a3c1885e88" + resolved "https://registry.npmjs.org/@svgr/core/-/core-8.1.0.tgz" integrity sha512-8QqtOQT5ACVlmsvKOJNEaWmRPmcojMOzCz4Hs2BGG/toAp/K38LcsMRyLp349glq5AzJbCEeimEoxaX6v/fLrA== dependencies: "@babel/core" "^7.21.3" @@ -2304,7 +2340,7 @@ "@svgr/hast-util-to-babel-ast@8.0.0": version "8.0.0" - resolved "https://registry.yarnpkg.com/@svgr/hast-util-to-babel-ast/-/hast-util-to-babel-ast-8.0.0.tgz#6952fd9ce0f470e1aded293b792a2705faf4ffd4" + resolved "https://registry.npmjs.org/@svgr/hast-util-to-babel-ast/-/hast-util-to-babel-ast-8.0.0.tgz" integrity sha512-EbDKwO9GpfWP4jN9sGdYwPBU0kdomaPIL2Eu4YwmgP+sJeXT+L7bMwJUBnhzfH8Q2qMBqZ4fJwpCyYsAN3mt2Q== dependencies: "@babel/types" "^7.21.3" @@ -2312,7 +2348,7 @@ "@svgr/plugin-jsx@8.1.0": version "8.1.0" - resolved "https://registry.yarnpkg.com/@svgr/plugin-jsx/-/plugin-jsx-8.1.0.tgz#96969f04a24b58b174ee4cd974c60475acbd6928" + resolved "https://registry.npmjs.org/@svgr/plugin-jsx/-/plugin-jsx-8.1.0.tgz" integrity sha512-0xiIyBsLlr8quN+WyuxooNW9RJ0Dpr8uOnH/xrCVO8GLUcwHISwj1AG0k+LFzteTkAA0GbX0kj9q6Dk70PTiPA== dependencies: "@babel/core" "^7.21.3" @@ -2322,7 +2358,7 @@ "@svgr/plugin-svgo@8.1.0": version "8.1.0" - resolved "https://registry.yarnpkg.com/@svgr/plugin-svgo/-/plugin-svgo-8.1.0.tgz#b115b7b967b564f89ac58feae89b88c3decd0f00" + resolved "https://registry.npmjs.org/@svgr/plugin-svgo/-/plugin-svgo-8.1.0.tgz" integrity sha512-Ywtl837OGO9pTLIN/onoWLmDQ4zFUycI1g76vuKGEz6evR/ZTJlJuz3G/fIkb6OVBJ2g0o6CGJzaEjfmEo3AHA== dependencies: cosmiconfig "^8.1.3" @@ -2331,7 +2367,7 @@ "@svgr/webpack@^8.1.0": version "8.1.0" - resolved "https://registry.yarnpkg.com/@svgr/webpack/-/webpack-8.1.0.tgz#16f1b5346f102f89fda6ec7338b96a701d8be0c2" + resolved "https://registry.npmjs.org/@svgr/webpack/-/webpack-8.1.0.tgz" integrity sha512-LnhVjMWyMQV9ZmeEy26maJk+8HTIbd59cH4F2MJ439k9DqejRisfFNGAPvRYlKETuh9LrImlS8aKsBgKjMA8WA== dependencies: "@babel/core" "^7.21.3" @@ -2345,19 +2381,19 @@ "@szmarczak/http-timer@^5.0.1": version "5.0.1" - resolved "https://registry.yarnpkg.com/@szmarczak/http-timer/-/http-timer-5.0.1.tgz#c7c1bf1141cdd4751b0399c8fc7b8b664cd5be3a" + resolved "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz" integrity sha512-+PmQX0PiAYPMeVYe237LJAYvOMYW1j2rH5YROyS3b4CTVJum34HfRvKvAzozHAQG0TnHNdUfY9nCeUyRAs//cw== dependencies: defer-to-connect "^2.0.1" "@trysound/sax@0.2.0": version "0.2.0" - resolved "https://registry.yarnpkg.com/@trysound/sax/-/sax-0.2.0.tgz#cccaab758af56761eb7bf37af6f03f326dd798ad" + resolved "https://registry.npmjs.org/@trysound/sax/-/sax-0.2.0.tgz" integrity sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA== "@types/body-parser@*": version "1.19.6" - resolved "https://registry.yarnpkg.com/@types/body-parser/-/body-parser-1.19.6.tgz#1859bebb8fd7dac9918a45d54c1971ab8b5af474" + resolved "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.6.tgz" integrity sha512-HLFeCYgz89uk22N5Qg3dvGvsv46B8GLvKKo1zKG4NybA8U2DiEO3w9lqGg29t/tfLRJpJ6iQxnVw4OnB7MoM9g== dependencies: "@types/connect" "*" @@ -2365,14 +2401,14 @@ "@types/bonjour@^3.5.13": version "3.5.13" - resolved "https://registry.yarnpkg.com/@types/bonjour/-/bonjour-3.5.13.tgz#adf90ce1a105e81dd1f9c61fdc5afda1bfb92956" + resolved "https://registry.npmjs.org/@types/bonjour/-/bonjour-3.5.13.tgz" integrity sha512-z9fJ5Im06zvUL548KvYNecEVlA7cVDkGUi6kZusb04mpyEFKCIZJvloCcmpmLaIahDpOQGHaHmG6imtPMmPXGQ== dependencies: "@types/node" "*" "@types/connect-history-api-fallback@^1.5.4": version "1.5.4" - resolved "https://registry.yarnpkg.com/@types/connect-history-api-fallback/-/connect-history-api-fallback-1.5.4.tgz#7de71645a103056b48ac3ce07b3520b819c1d5b3" + resolved "https://registry.npmjs.org/@types/connect-history-api-fallback/-/connect-history-api-fallback-1.5.4.tgz" integrity sha512-n6Cr2xS1h4uAulPRdlw6Jl6s1oG8KrVilPN2yUITEs+K48EzMJJ3W1xy8K5eWuFvjp3R74AOIGSmp2UfBJ8HFw== dependencies: "@types/express-serve-static-core" "*" @@ -2380,21 +2416,21 @@ "@types/connect@*": version "3.4.38" - resolved "https://registry.yarnpkg.com/@types/connect/-/connect-3.4.38.tgz#5ba7f3bc4fbbdeaff8dded952e5ff2cc53f8d858" + resolved "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz" integrity sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug== dependencies: "@types/node" "*" "@types/debug@^4.0.0": version "4.1.12" - resolved "https://registry.yarnpkg.com/@types/debug/-/debug-4.1.12.tgz#a155f21690871953410df4b6b6f53187f0500917" + resolved "https://registry.npmjs.org/@types/debug/-/debug-4.1.12.tgz" integrity sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ== dependencies: "@types/ms" "*" "@types/eslint-scope@^3.7.7": version "3.7.7" - resolved "https://registry.yarnpkg.com/@types/eslint-scope/-/eslint-scope-3.7.7.tgz#3108bd5f18b0cdb277c867b3dd449c9ed7079ac5" + resolved "https://registry.npmjs.org/@types/eslint-scope/-/eslint-scope-3.7.7.tgz" integrity sha512-MzMFlSLBqNF2gcHWO0G1vP/YQyfvrxZ0bF+u7mzUdZ1/xK4A4sru+nraZz5i3iEIk1l1uyicaDVTB4QbbEkAYg== dependencies: "@types/eslint" "*" @@ -2402,7 +2438,7 @@ "@types/eslint@*": version "9.6.1" - resolved "https://registry.yarnpkg.com/@types/eslint/-/eslint-9.6.1.tgz#d5795ad732ce81715f27f75da913004a56751584" + resolved "https://registry.npmjs.org/@types/eslint/-/eslint-9.6.1.tgz" integrity sha512-FXx2pKgId/WyYo2jXw63kk7/+TY7u7AziEJxJAnSFzHlqTAS3Ync6SvgYAN/k4/PQpnnVuzoMuVnByKK2qp0ag== dependencies: "@types/estree" "*" @@ -2410,29 +2446,19 @@ "@types/estree-jsx@^1.0.0": version "1.0.5" - resolved "https://registry.yarnpkg.com/@types/estree-jsx/-/estree-jsx-1.0.5.tgz#858a88ea20f34fe65111f005a689fa1ebf70dc18" + resolved "https://registry.npmjs.org/@types/estree-jsx/-/estree-jsx-1.0.5.tgz" integrity sha512-52CcUVNFyfb1A2ALocQw/Dd1BQFNmSdkuC3BkZ6iqhdMfQz7JWOFRuJFloOzjk+6WijU56m9oKXFAXc7o3Towg== dependencies: "@types/estree" "*" "@types/estree@*", "@types/estree@^1.0.0", "@types/estree@^1.0.8": version "1.0.8" - resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.8.tgz#958b91c991b1867ced318bedea0e215ee050726e" + resolved "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz" integrity sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w== -"@types/express-serve-static-core@*", "@types/express-serve-static-core@^5.0.0": - version "5.1.0" - resolved "https://registry.yarnpkg.com/@types/express-serve-static-core/-/express-serve-static-core-5.1.0.tgz#74f47555b3d804b54cb7030e6f9aa0c7485cfc5b" - integrity sha512-jnHMsrd0Mwa9Cf4IdOzbz543y4XJepXrbia2T4b6+spXC2We3t1y6K44D3mR8XMFSXMCf3/l7rCgddfx7UNVBA== - dependencies: - "@types/node" "*" - "@types/qs" "*" - "@types/range-parser" "*" - "@types/send" "*" - -"@types/express-serve-static-core@^4.17.21", "@types/express-serve-static-core@^4.17.33": +"@types/express-serve-static-core@*", "@types/express-serve-static-core@^4.17.21", "@types/express-serve-static-core@^4.17.33": version "4.19.7" - resolved "https://registry.yarnpkg.com/@types/express-serve-static-core/-/express-serve-static-core-4.19.7.tgz#f1d306dcc03b1aafbfb6b4fe684cce8a31cffc10" + resolved "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.7.tgz" integrity sha512-FvPtiIf1LfhzsaIXhv/PHan/2FeQBbtBDtfX2QfvPxdUelMDEckK08SM6nqo1MIZY3RUlfA+HV8+hFUSio78qg== dependencies: "@types/node" "*" @@ -2440,18 +2466,9 @@ "@types/range-parser" "*" "@types/send" "*" -"@types/express@*": - version "5.0.3" - resolved "https://registry.yarnpkg.com/@types/express/-/express-5.0.3.tgz#6c4bc6acddc2e2a587142e1d8be0bce20757e956" - integrity sha512-wGA0NX93b19/dZC1J18tKWVIYWyyF2ZjT9vin/NRu0qzzvfVzWjs04iq2rQ3H65vCTQYlRqs3YHfY7zjdV+9Kw== - dependencies: - "@types/body-parser" "*" - "@types/express-serve-static-core" "^5.0.0" - "@types/serve-static" "*" - -"@types/express@^4.17.21": +"@types/express@*", "@types/express@^4.17.13", "@types/express@^4.17.21": version "4.17.23" - resolved "https://registry.yarnpkg.com/@types/express/-/express-4.17.23.tgz#35af3193c640bfd4d7fe77191cd0ed411a433bef" + resolved "https://registry.npmjs.org/@types/express/-/express-4.17.23.tgz" integrity sha512-Crp6WY9aTYP3qPi2wGDo9iUe/rceX01UMhnF1jmwDcKCFM6cx7YhGP/Mpr3y9AASpfHixIG0E6azCcL5OcDHsQ== dependencies: "@types/body-parser" "*" @@ -2461,126 +2478,126 @@ "@types/gtag.js@^0.0.12": version "0.0.12" - resolved "https://registry.yarnpkg.com/@types/gtag.js/-/gtag.js-0.0.12.tgz#095122edca896689bdfcdd73b057e23064d23572" + resolved "https://registry.npmjs.org/@types/gtag.js/-/gtag.js-0.0.12.tgz" integrity sha512-YQV9bUsemkzG81Ea295/nF/5GijnD2Af7QhEofh7xu+kvCN6RdodgNwwGWXB5GMI3NoyvQo0odNctoH/qLMIpg== "@types/hast@^3.0.0": version "3.0.4" - resolved "https://registry.yarnpkg.com/@types/hast/-/hast-3.0.4.tgz#1d6b39993b82cea6ad783945b0508c25903e15aa" + resolved "https://registry.npmjs.org/@types/hast/-/hast-3.0.4.tgz" integrity sha512-WPs+bbQw5aCj+x6laNGWLH3wviHtoCv/P3+otBhbOhJgG8qtpdAMlTCxLtsTWA7LH1Oh/bFCHsBn0TPS5m30EQ== dependencies: "@types/unist" "*" "@types/history@^4.7.11": version "4.7.11" - resolved "https://registry.yarnpkg.com/@types/history/-/history-4.7.11.tgz#56588b17ae8f50c53983a524fc3cc47437969d64" + resolved "https://registry.npmjs.org/@types/history/-/history-4.7.11.tgz" integrity sha512-qjDJRrmvBMiTx+jyLxvLfJU7UznFuokDv4f3WRuriHKERccVpFU+8XMQUAbDzoiJCsmexxRExQeMwwCdamSKDA== "@types/html-minifier-terser@^6.0.0": version "6.1.0" - resolved "https://registry.yarnpkg.com/@types/html-minifier-terser/-/html-minifier-terser-6.1.0.tgz#4fc33a00c1d0c16987b1a20cf92d20614c55ac35" + resolved "https://registry.npmjs.org/@types/html-minifier-terser/-/html-minifier-terser-6.1.0.tgz" integrity sha512-oh/6byDPnL1zeNXFrDXFLyZjkr1MsBG667IM792caf1L2UPOOMf65NFzjUH/ltyfwjAGfs1rsX1eftK0jC/KIg== "@types/http-cache-semantics@^4.0.4": version "4.0.4" - resolved "https://registry.yarnpkg.com/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz#b979ebad3919799c979b17c72621c0bc0a31c6c4" + resolved "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz" integrity sha512-1m0bIFVc7eJWyve9S0RnuRgcQqF/Xd5QsUZAZeQFr1Q3/p9JWoQQEqmVy+DPTNpGXwhgIetAoYF8JSc33q29QA== "@types/http-errors@*": version "2.0.5" - resolved "https://registry.yarnpkg.com/@types/http-errors/-/http-errors-2.0.5.tgz#5b749ab2b16ba113423feb1a64a95dcd30398472" + resolved "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.5.tgz" integrity sha512-r8Tayk8HJnX0FztbZN7oVqGccWgw98T/0neJphO91KkmOzug1KkofZURD4UaD5uH8AqcFLfdPErnBod0u71/qg== "@types/http-proxy@^1.17.8": version "1.17.16" - resolved "https://registry.yarnpkg.com/@types/http-proxy/-/http-proxy-1.17.16.tgz#dee360707b35b3cc85afcde89ffeebff7d7f9240" + resolved "https://registry.npmjs.org/@types/http-proxy/-/http-proxy-1.17.16.tgz" integrity sha512-sdWoUajOB1cd0A8cRRQ1cfyWNbmFKLAqBB89Y8x5iYyG/mkJHc0YUH8pdWBy2omi9qtCpiIgGjuwO0dQST2l5w== dependencies: "@types/node" "*" "@types/istanbul-lib-coverage@*", "@types/istanbul-lib-coverage@^2.0.0": version "2.0.6" - resolved "https://registry.yarnpkg.com/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz#7739c232a1fee9b4d3ce8985f314c0c6d33549d7" + resolved "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz" integrity sha512-2QF/t/auWm0lsy8XtKVPG19v3sSOQlJe/YHZgfjb/KBBHOGSV+J2q/S671rcq9uTBrLAXmZpqJiaQbMT+zNU1w== "@types/istanbul-lib-report@*": version "3.0.3" - resolved "https://registry.yarnpkg.com/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz#53047614ae72e19fc0401d872de3ae2b4ce350bf" + resolved "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz" integrity sha512-NQn7AHQnk/RSLOxrBbGyJM/aVQ+pjj5HCgasFxc0K/KhoATfQ/47AyUl15I2yBUpihjmas+a+VJBOqecrFH+uA== dependencies: "@types/istanbul-lib-coverage" "*" "@types/istanbul-reports@^3.0.0": version "3.0.4" - resolved "https://registry.yarnpkg.com/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz#0f03e3d2f670fbdac586e34b433783070cc16f54" + resolved "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz" integrity sha512-pk2B1NWalF9toCRu6gjBzR69syFjP4Od8WRAX+0mmf9lAjCRicLOWc+ZrxZHx/0XRjotgkF9t6iaMJ+aXcOdZQ== dependencies: "@types/istanbul-lib-report" "*" "@types/json-schema@*", "@types/json-schema@^7.0.15", "@types/json-schema@^7.0.8", "@types/json-schema@^7.0.9": version "7.0.15" - resolved "https://registry.yarnpkg.com/@types/json-schema/-/json-schema-7.0.15.tgz#596a1747233694d50f6ad8a7869fcb6f56cf5841" + resolved "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz" integrity sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA== "@types/mdast@^4.0.0", "@types/mdast@^4.0.2": version "4.0.4" - resolved "https://registry.yarnpkg.com/@types/mdast/-/mdast-4.0.4.tgz#7ccf72edd2f1aa7dd3437e180c64373585804dd6" + resolved "https://registry.npmjs.org/@types/mdast/-/mdast-4.0.4.tgz" integrity sha512-kGaNbPh1k7AFzgpud/gMdvIm5xuECykRR+JnWKQno9TAXVa6WIVCGTPvYGekIDL4uwCZQSYbUxNBSb1aUo79oA== dependencies: "@types/unist" "*" "@types/mdx@^2.0.0": version "2.0.13" - resolved "https://registry.yarnpkg.com/@types/mdx/-/mdx-2.0.13.tgz#68f6877043d377092890ff5b298152b0a21671bd" + resolved "https://registry.npmjs.org/@types/mdx/-/mdx-2.0.13.tgz" integrity sha512-+OWZQfAYyio6YkJb3HLxDrvnx6SWWDbC0zVPfBRzUk0/nqoDyf6dNxQi3eArPe8rJ473nobTMQ/8Zk+LxJ+Yuw== "@types/mime@^1": version "1.3.5" - resolved "https://registry.yarnpkg.com/@types/mime/-/mime-1.3.5.tgz#1ef302e01cf7d2b5a0fa526790c9123bf1d06690" + resolved "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz" integrity sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w== "@types/ms@*": version "2.1.0" - resolved "https://registry.yarnpkg.com/@types/ms/-/ms-2.1.0.tgz#052aa67a48eccc4309d7f0191b7e41434b90bb78" + resolved "https://registry.npmjs.org/@types/ms/-/ms-2.1.0.tgz" integrity sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA== "@types/node-forge@^1.3.0": version "1.3.14" - resolved "https://registry.yarnpkg.com/@types/node-forge/-/node-forge-1.3.14.tgz#006c2616ccd65550560c2757d8472eb6d3ecea0b" + resolved "https://registry.npmjs.org/@types/node-forge/-/node-forge-1.3.14.tgz" integrity sha512-mhVF2BnD4BO+jtOp7z1CdzaK4mbuK0LLQYAvdOLqHTavxFNq4zA1EmYkpnFjP8HOUzedfQkRnp0E2ulSAYSzAw== dependencies: "@types/node" "*" "@types/node@*": version "24.8.1" - resolved "https://registry.yarnpkg.com/@types/node/-/node-24.8.1.tgz#74c8ae00b045a0a351f2837ec00f25dfed0053be" + resolved "https://registry.npmjs.org/@types/node/-/node-24.8.1.tgz" integrity sha512-alv65KGRadQVfVcG69MuB4IzdYVpRwMG/mq8KWOaoOdyY617P5ivaDiMCGOFDWD2sAn5Q0mR3mRtUOgm99hL9Q== dependencies: undici-types "~7.14.0" "@types/node@^17.0.5": version "17.0.45" - resolved "https://registry.yarnpkg.com/@types/node/-/node-17.0.45.tgz#2c0fafd78705e7a18b7906b5201a522719dc5190" + resolved "https://registry.npmjs.org/@types/node/-/node-17.0.45.tgz" integrity sha512-w+tIMs3rq2afQdsPJlODhoUEKzFP1ayaoyl1CcnwtIlsVe7K7bA1NGm4s3PraqTLlXnbIN84zuBlxBWo1u9BLw== "@types/prismjs@^1.26.0": version "1.26.5" - resolved "https://registry.yarnpkg.com/@types/prismjs/-/prismjs-1.26.5.tgz#72499abbb4c4ec9982446509d2f14fb8483869d6" + resolved "https://registry.npmjs.org/@types/prismjs/-/prismjs-1.26.5.tgz" integrity sha512-AUZTa7hQ2KY5L7AmtSiqxlhWxb4ina0yd8hNbl4TWuqnv/pFP0nDMb3YrfSBf4hJVGLh2YEIBfKaBW/9UEl6IQ== "@types/qs@*": version "6.14.0" - resolved "https://registry.yarnpkg.com/@types/qs/-/qs-6.14.0.tgz#d8b60cecf62f2db0fb68e5e006077b9178b85de5" + resolved "https://registry.npmjs.org/@types/qs/-/qs-6.14.0.tgz" integrity sha512-eOunJqu0K1923aExK6y8p6fsihYEn/BYuQ4g0CxAAgFc4b/ZLN4CrsRZ55srTdqoiLzU2B2evC+apEIxprEzkQ== "@types/range-parser@*": version "1.2.7" - resolved "https://registry.yarnpkg.com/@types/range-parser/-/range-parser-1.2.7.tgz#50ae4353eaaddc04044279812f52c8c65857dbcb" + resolved "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz" integrity sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ== "@types/react-router-config@*", "@types/react-router-config@^5.0.7": version "5.0.11" - resolved "https://registry.yarnpkg.com/@types/react-router-config/-/react-router-config-5.0.11.tgz#2761a23acc7905a66a94419ee40294a65aaa483a" + resolved "https://registry.npmjs.org/@types/react-router-config/-/react-router-config-5.0.11.tgz" integrity sha512-WmSAg7WgqW7m4x8Mt4N6ZyKz0BubSj/2tVUMsAHp+Yd2AMwcSbeFq9WympT19p5heCFmF97R9eD5uUR/t4HEqw== dependencies: "@types/history" "^4.7.11" @@ -2589,7 +2606,7 @@ "@types/react-router-dom@*": version "5.3.3" - resolved "https://registry.yarnpkg.com/@types/react-router-dom/-/react-router-dom-5.3.3.tgz#e9d6b4a66fcdbd651a5f106c2656a30088cc1e83" + resolved "https://registry.npmjs.org/@types/react-router-dom/-/react-router-dom-5.3.3.tgz" integrity sha512-kpqnYK4wcdm5UaWI3fLcELopqLrHgLqNsdpHauzlQktfkHL3npOSwtj1Uz9oKBAzs7lFtVkV8j83voAz2D8fhw== dependencies: "@types/history" "^4.7.11" @@ -2598,41 +2615,41 @@ "@types/react-router@*", "@types/react-router@^5.1.0": version "5.1.20" - resolved "https://registry.yarnpkg.com/@types/react-router/-/react-router-5.1.20.tgz#88eccaa122a82405ef3efbcaaa5dcdd9f021387c" + resolved "https://registry.npmjs.org/@types/react-router/-/react-router-5.1.20.tgz" integrity sha512-jGjmu/ZqS7FjSH6owMcD5qpq19+1RS9DeVRqfl1FeBMxTDQAGwlMWOcs52NDoXaNKyG3d1cYQFMs9rCrb88o9Q== dependencies: "@types/history" "^4.7.11" "@types/react" "*" -"@types/react@*": - version "19.2.2" - resolved "https://registry.yarnpkg.com/@types/react/-/react-19.2.2.tgz#ba123a75d4c2a51158697160a4ea2ff70aa6bf36" - integrity sha512-6mDvHUFSjyT2B2yeNx2nUgMxh9LtOWvkhIU3uePn2I2oyNymUAX1NIsdgviM4CH+JSrp2D2hsMvJOkxY+0wNRA== +"@types/react@*", "@types/react@>= 16.8.0 < 20.0.0", "@types/react@>=16": + version "19.2.14" + resolved "https://registry.npmjs.org/@types/react/-/react-19.2.14.tgz" + integrity sha512-ilcTH/UniCkMdtexkoCN0bI7pMcJDvmQFPvuPvmEaYA/NSfFTAgdUSLAoVjaRJm7+6PvcM+q1zYOwS4wTYMF9w== dependencies: - csstype "^3.0.2" + csstype "^3.2.2" "@types/retry@0.12.2": version "0.12.2" - resolved "https://registry.yarnpkg.com/@types/retry/-/retry-0.12.2.tgz#ed279a64fa438bb69f2480eda44937912bb7480a" + resolved "https://registry.npmjs.org/@types/retry/-/retry-0.12.2.tgz" integrity sha512-XISRgDJ2Tc5q4TRqvgJtzsRkFYNJzZrhTdtMoGVBttwzzQJkPnS3WWTFc7kuDRoPtPakl+T+OfdEUjYJj7Jbow== "@types/sax@^1.2.1": version "1.2.7" - resolved "https://registry.yarnpkg.com/@types/sax/-/sax-1.2.7.tgz#ba5fe7df9aa9c89b6dff7688a19023dd2963091d" + resolved "https://registry.npmjs.org/@types/sax/-/sax-1.2.7.tgz" integrity sha512-rO73L89PJxeYM3s3pPPjiPgVVcymqU490g0YO5n5By0k2Erzj6tay/4lr1CHAAU4JyOWd1rpQ8bCf6cZfHU96A== dependencies: "@types/node" "*" "@types/send@*": version "1.2.0" - resolved "https://registry.yarnpkg.com/@types/send/-/send-1.2.0.tgz#ae9dfa0e3ab0306d3c566182324a54c4be2fb45a" + resolved "https://registry.npmjs.org/@types/send/-/send-1.2.0.tgz" integrity sha512-zBF6vZJn1IaMpg3xUF25VK3gd3l8zwE0ZLRX7dsQyQi+jp4E8mMDJNGDYnYse+bQhYwWERTxVwHpi3dMOq7RKQ== dependencies: "@types/node" "*" "@types/send@<1": version "0.17.5" - resolved "https://registry.yarnpkg.com/@types/send/-/send-0.17.5.tgz#d991d4f2b16f2b1ef497131f00a9114290791e74" + resolved "https://registry.npmjs.org/@types/send/-/send-0.17.5.tgz" integrity sha512-z6F2D3cOStZvuk2SaP6YrwkNO65iTZcwA2ZkSABegdkAh/lf+Aa/YQndZVfmEXT5vgAp6zv06VQ3ejSVjAny4w== dependencies: "@types/mime" "^1" @@ -2640,14 +2657,14 @@ "@types/serve-index@^1.9.4": version "1.9.4" - resolved "https://registry.yarnpkg.com/@types/serve-index/-/serve-index-1.9.4.tgz#e6ae13d5053cb06ed36392110b4f9a49ac4ec898" + resolved "https://registry.npmjs.org/@types/serve-index/-/serve-index-1.9.4.tgz" integrity sha512-qLpGZ/c2fhSs5gnYsQxtDEq3Oy8SXPClIXkW5ghvAvsNuVSA8k+gCONcUCS/UjLEYvYps+e8uBtfgXgvhwfNug== dependencies: "@types/express" "*" "@types/serve-static@*", "@types/serve-static@^1.15.5": version "1.15.9" - resolved "https://registry.yarnpkg.com/@types/serve-static/-/serve-static-1.15.9.tgz#f9b08ab7dd8bbb076f06f5f983b683654fe0a025" + resolved "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.9.tgz" integrity sha512-dOTIuqpWLyl3BBXU3maNQsS4A3zuuoYRNIvYSxxhebPfXg2mzWQEPne/nlJ37yOse6uGgR386uTpdsx4D0QZWA== dependencies: "@types/http-errors" "*" @@ -2656,53 +2673,53 @@ "@types/sockjs@^0.3.36": version "0.3.36" - resolved "https://registry.yarnpkg.com/@types/sockjs/-/sockjs-0.3.36.tgz#ce322cf07bcc119d4cbf7f88954f3a3bd0f67535" + resolved "https://registry.npmjs.org/@types/sockjs/-/sockjs-0.3.36.tgz" integrity sha512-MK9V6NzAS1+Ud7JV9lJLFqW85VbC9dq3LmwZCuBe4wBDgKC0Kj/jd8Xl+nSviU+Qc3+m7umHHyHg//2KSa0a0Q== dependencies: "@types/node" "*" "@types/unist@*", "@types/unist@^3.0.0": version "3.0.3" - resolved "https://registry.yarnpkg.com/@types/unist/-/unist-3.0.3.tgz#acaab0f919ce69cce629c2d4ed2eb4adc1b6c20c" + resolved "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz" integrity sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q== "@types/unist@^2.0.0": version "2.0.11" - resolved "https://registry.yarnpkg.com/@types/unist/-/unist-2.0.11.tgz#11af57b127e32487774841f7a4e54eab166d03c4" + resolved "https://registry.npmjs.org/@types/unist/-/unist-2.0.11.tgz" integrity sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA== "@types/ws@^8.5.10": version "8.18.1" - resolved "https://registry.yarnpkg.com/@types/ws/-/ws-8.18.1.tgz#48464e4bf2ddfd17db13d845467f6070ffea4aa9" + resolved "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz" integrity sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg== dependencies: "@types/node" "*" "@types/yargs-parser@*": version "21.0.3" - resolved "https://registry.yarnpkg.com/@types/yargs-parser/-/yargs-parser-21.0.3.tgz#815e30b786d2e8f0dcd85fd5bcf5e1a04d008f15" + resolved "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz" integrity sha512-I4q9QU9MQv4oEOz4tAHJtNz1cwuLxn2F3xcc2iV5WdqLPpUnj30aUuxt1mAxYTG+oe8CZMV/+6rU4S4gRDzqtQ== "@types/yargs@^17.0.8": version "17.0.33" - resolved "https://registry.yarnpkg.com/@types/yargs/-/yargs-17.0.33.tgz#8c32303da83eec050a84b3c7ae7b9f922d13e32d" + resolved "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.33.tgz" integrity sha512-WpxBCKWPLr4xSsHgz511rFJAM+wS28w2zEO1QDNY5zM/S8ok70NNfztH0xwhqKyaK0OHCbN98LDAZuy1ctxDkA== dependencies: "@types/yargs-parser" "*" "@ungap/structured-clone@^1.0.0": version "1.3.0" - resolved "https://registry.yarnpkg.com/@ungap/structured-clone/-/structured-clone-1.3.0.tgz#d06bbb384ebcf6c505fde1c3d0ed4ddffe0aaff8" + resolved "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.3.0.tgz" integrity sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g== "@vercel/oidc@3.0.3": version "3.0.3" - resolved "https://registry.yarnpkg.com/@vercel/oidc/-/oidc-3.0.3.tgz#82c2b6dd4d5c3b37dcb1189718cdeb9db402d052" + resolved "https://registry.npmjs.org/@vercel/oidc/-/oidc-3.0.3.tgz" integrity sha512-yNEQvPcVrK9sIe637+I0jD6leluPxzwJKx/Haw6F4H77CdDsszUn5V3o96LPziXkSNE2B83+Z3mjqGKBK/R6Gg== -"@webassemblyjs/ast@1.14.1", "@webassemblyjs/ast@^1.14.1": +"@webassemblyjs/ast@^1.14.1", "@webassemblyjs/ast@1.14.1": version "1.14.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/ast/-/ast-1.14.1.tgz#a9f6a07f2b03c95c8d38c4536a1fdfb521ff55b6" + resolved "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.14.1.tgz" integrity sha512-nuBEDgQfm1ccRp/8bCQrx1frohyufl4JlbMMZ4P1wpeOfDhF6FQkxZJ1b/e+PLwr6X1Nhw6OLme5usuBWYBvuQ== dependencies: "@webassemblyjs/helper-numbers" "1.13.2" @@ -2710,22 +2727,22 @@ "@webassemblyjs/floating-point-hex-parser@1.13.2": version "1.13.2" - resolved "https://registry.yarnpkg.com/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.13.2.tgz#fcca1eeddb1cc4e7b6eed4fc7956d6813b21b9fb" + resolved "https://registry.npmjs.org/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.13.2.tgz" integrity sha512-6oXyTOzbKxGH4steLbLNOu71Oj+C8Lg34n6CqRvqfS2O71BxY6ByfMDRhBytzknj9yGUPVJ1qIKhRlAwO1AovA== "@webassemblyjs/helper-api-error@1.13.2": version "1.13.2" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-api-error/-/helper-api-error-1.13.2.tgz#e0a16152248bc38daee76dd7e21f15c5ef3ab1e7" + resolved "https://registry.npmjs.org/@webassemblyjs/helper-api-error/-/helper-api-error-1.13.2.tgz" integrity sha512-U56GMYxy4ZQCbDZd6JuvvNV/WFildOjsaWD3Tzzvmw/mas3cXzRJPMjP83JqEsgSbyrmaGjBfDtV7KDXV9UzFQ== "@webassemblyjs/helper-buffer@1.14.1": version "1.14.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-buffer/-/helper-buffer-1.14.1.tgz#822a9bc603166531f7d5df84e67b5bf99b72b96b" + resolved "https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.14.1.tgz" integrity sha512-jyH7wtcHiKssDtFPRB+iQdxlDf96m0E39yb0k5uJVhFGleZFoNw1c4aeIcVUPPbXUVJ94wwnMOAqUHyzoEPVMA== "@webassemblyjs/helper-numbers@1.13.2": version "1.13.2" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-numbers/-/helper-numbers-1.13.2.tgz#dbd932548e7119f4b8a7877fd5a8d20e63490b2d" + resolved "https://registry.npmjs.org/@webassemblyjs/helper-numbers/-/helper-numbers-1.13.2.tgz" integrity sha512-FE8aCmS5Q6eQYcV3gI35O4J789wlQA+7JrqTTpJqn5emA4U2hvwJmvFRC0HODS+3Ye6WioDklgd6scJ3+PLnEA== dependencies: "@webassemblyjs/floating-point-hex-parser" "1.13.2" @@ -2734,12 +2751,12 @@ "@webassemblyjs/helper-wasm-bytecode@1.13.2": version "1.13.2" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.13.2.tgz#e556108758f448aae84c850e593ce18a0eb31e0b" + resolved "https://registry.npmjs.org/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.13.2.tgz" integrity sha512-3QbLKy93F0EAIXLh0ogEVR6rOubA9AoZ+WRYhNbFyuB70j3dRdwH9g+qXhLAO0kiYGlg3TxDV+I4rQTr/YNXkA== "@webassemblyjs/helper-wasm-section@1.14.1": version "1.14.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.14.1.tgz#9629dda9c4430eab54b591053d6dc6f3ba050348" + resolved "https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.14.1.tgz" integrity sha512-ds5mXEqTJ6oxRoqjhWDU83OgzAYjwsCV8Lo/N+oRsNDmx/ZDpqalmrtgOMkHwxsG0iI//3BwWAErYRHtgn0dZw== dependencies: "@webassemblyjs/ast" "1.14.1" @@ -2749,26 +2766,26 @@ "@webassemblyjs/ieee754@1.13.2": version "1.13.2" - resolved "https://registry.yarnpkg.com/@webassemblyjs/ieee754/-/ieee754-1.13.2.tgz#1c5eaace1d606ada2c7fd7045ea9356c59ee0dba" + resolved "https://registry.npmjs.org/@webassemblyjs/ieee754/-/ieee754-1.13.2.tgz" integrity sha512-4LtOzh58S/5lX4ITKxnAK2USuNEvpdVV9AlgGQb8rJDHaLeHciwG4zlGr0j/SNWlr7x3vO1lDEsuePvtcDNCkw== dependencies: "@xtuc/ieee754" "^1.2.0" "@webassemblyjs/leb128@1.13.2": version "1.13.2" - resolved "https://registry.yarnpkg.com/@webassemblyjs/leb128/-/leb128-1.13.2.tgz#57c5c3deb0105d02ce25fa3fd74f4ebc9fd0bbb0" + resolved "https://registry.npmjs.org/@webassemblyjs/leb128/-/leb128-1.13.2.tgz" integrity sha512-Lde1oNoIdzVzdkNEAWZ1dZ5orIbff80YPdHx20mrHwHrVNNTjNr8E3xz9BdpcGqRQbAEa+fkrCb+fRFTl/6sQw== dependencies: "@xtuc/long" "4.2.2" "@webassemblyjs/utf8@1.13.2": version "1.13.2" - resolved "https://registry.yarnpkg.com/@webassemblyjs/utf8/-/utf8-1.13.2.tgz#917a20e93f71ad5602966c2d685ae0c6c21f60f1" + resolved "https://registry.npmjs.org/@webassemblyjs/utf8/-/utf8-1.13.2.tgz" integrity sha512-3NQWGjKTASY1xV5m7Hr0iPeXD9+RDobLll3T9d2AO+g3my8xy5peVyjSag4I50mR1bBSN/Ct12lo+R9tJk0NZQ== "@webassemblyjs/wasm-edit@^1.14.1": version "1.14.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-edit/-/wasm-edit-1.14.1.tgz#ac6689f502219b59198ddec42dcd496b1004d597" + resolved "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.14.1.tgz" integrity sha512-RNJUIQH/J8iA/1NzlE4N7KtyZNHi3w7at7hDjvRNm5rcUXa00z1vRz3glZoULfJ5mpvYhLybmVcwcjGrC1pRrQ== dependencies: "@webassemblyjs/ast" "1.14.1" @@ -2782,7 +2799,7 @@ "@webassemblyjs/wasm-gen@1.14.1": version "1.14.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-gen/-/wasm-gen-1.14.1.tgz#991e7f0c090cb0bb62bbac882076e3d219da9570" + resolved "https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.14.1.tgz" integrity sha512-AmomSIjP8ZbfGQhumkNvgC33AY7qtMCXnN6bL2u2Js4gVCg8fp735aEiMSBbDR7UQIj90n4wKAFUSEd0QN2Ukg== dependencies: "@webassemblyjs/ast" "1.14.1" @@ -2793,7 +2810,7 @@ "@webassemblyjs/wasm-opt@1.14.1": version "1.14.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-opt/-/wasm-opt-1.14.1.tgz#e6f71ed7ccae46781c206017d3c14c50efa8106b" + resolved "https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.14.1.tgz" integrity sha512-PTcKLUNvBqnY2U6E5bdOQcSM+oVP/PmrDY9NzowJjislEjwP/C4an2303MCVS2Mg9d3AJpIGdUFIQQWbPds0Sw== dependencies: "@webassemblyjs/ast" "1.14.1" @@ -2801,9 +2818,9 @@ "@webassemblyjs/wasm-gen" "1.14.1" "@webassemblyjs/wasm-parser" "1.14.1" -"@webassemblyjs/wasm-parser@1.14.1", "@webassemblyjs/wasm-parser@^1.14.1": +"@webassemblyjs/wasm-parser@^1.14.1", "@webassemblyjs/wasm-parser@1.14.1": version "1.14.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wasm-parser/-/wasm-parser-1.14.1.tgz#b3e13f1893605ca78b52c68e54cf6a865f90b9fb" + resolved "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.14.1.tgz" integrity sha512-JLBl+KZ0R5qB7mCnud/yyX08jWFw5MsoalJ1pQ4EdFlgj9VdXKGuENGsiCIjegI1W7p91rUlcB/LB5yRJKNTcQ== dependencies: "@webassemblyjs/ast" "1.14.1" @@ -2815,7 +2832,7 @@ "@webassemblyjs/wast-printer@1.14.1": version "1.14.1" - resolved "https://registry.yarnpkg.com/@webassemblyjs/wast-printer/-/wast-printer-1.14.1.tgz#3bb3e9638a8ae5fdaf9610e7a06b4d9f9aa6fe07" + resolved "https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.14.1.tgz" integrity sha512-kPSSXE6De1XOR820C90RIo2ogvZG+c3KiHzqUoO/F34Y2shGzesfqv7o57xrxovZJH/MetF5UjroJ/R/3isoiw== dependencies: "@webassemblyjs/ast" "1.14.1" @@ -2823,17 +2840,17 @@ "@xtuc/ieee754@^1.2.0": version "1.2.0" - resolved "https://registry.yarnpkg.com/@xtuc/ieee754/-/ieee754-1.2.0.tgz#eef014a3145ae477a1cbc00cd1e552336dceb790" + resolved "https://registry.npmjs.org/@xtuc/ieee754/-/ieee754-1.2.0.tgz" integrity sha512-DX8nKgqcGwsc0eJSqYt5lwP4DH5FlHnmuWWBRy7X0NcaGR0ZtuyeESgMwTYVEtxmsNGY+qit4QYT/MIYTOTPeA== "@xtuc/long@4.2.2": version "4.2.2" - resolved "https://registry.yarnpkg.com/@xtuc/long/-/long-4.2.2.tgz#d291c6a4e97989b5c61d9acf396ae4fe133a718d" + resolved "https://registry.npmjs.org/@xtuc/long/-/long-4.2.2.tgz" integrity sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ== accepts@~1.3.4, accepts@~1.3.8: version "1.3.8" - resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.8.tgz#0bf0be125b67014adcb0b0921e62db7bffe16b2e" + resolved "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz" integrity sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw== dependencies: mime-types "~2.1.34" @@ -2841,42 +2858,42 @@ accepts@~1.3.4, accepts@~1.3.8: acorn-import-phases@^1.0.3: version "1.0.4" - resolved "https://registry.yarnpkg.com/acorn-import-phases/-/acorn-import-phases-1.0.4.tgz#16eb850ba99a056cb7cbfe872ffb8972e18c8bd7" + resolved "https://registry.npmjs.org/acorn-import-phases/-/acorn-import-phases-1.0.4.tgz" integrity sha512-wKmbr/DDiIXzEOiWrTTUcDm24kQ2vGfZQvM2fwg2vXqR5uW6aapr7ObPtj1th32b9u90/Pf4AItvdTh42fBmVQ== acorn-jsx@^5.0.0: version "5.3.2" - resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-5.3.2.tgz#7ed5bb55908b3b2f1bc55c6af1653bada7f07937" + resolved "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz" integrity sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ== acorn-walk@^8.0.0: version "8.3.4" - resolved "https://registry.yarnpkg.com/acorn-walk/-/acorn-walk-8.3.4.tgz#794dd169c3977edf4ba4ea47583587c5866236b7" + resolved "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.4.tgz" integrity sha512-ueEepnujpqee2o5aIYnvHU6C0A42MNdsIDeqy5BydrkuC5R1ZuUFnm27EeFJGoEHJQgn3uleRvmTXaJgfXbt4g== dependencies: acorn "^8.11.0" -acorn@^8.0.0, acorn@^8.0.4, acorn@^8.11.0, acorn@^8.15.0: +"acorn@^6.0.0 || ^7.0.0 || ^8.0.0", acorn@^8.0.0, acorn@^8.0.4, acorn@^8.11.0, acorn@^8.14.0, acorn@^8.15.0: version "8.15.0" - resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.15.0.tgz#a360898bc415edaac46c8241f6383975b930b816" + resolved "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz" integrity sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg== address@^1.0.1: version "1.2.2" - resolved "https://registry.yarnpkg.com/address/-/address-1.2.2.tgz#2b5248dac5485a6390532c6a517fda2e3faac89e" + resolved "https://registry.npmjs.org/address/-/address-1.2.2.tgz" integrity sha512-4B/qKCfeE/ODUaAUpSwfzazo5x29WD4r3vXiWsB7I2mSDAihwEqKO+g8GELZUQSSAo5e1XTYh3ZVfLyxBc12nA== aggregate-error@^3.0.0: version "3.1.0" - resolved "https://registry.yarnpkg.com/aggregate-error/-/aggregate-error-3.1.0.tgz#92670ff50f5359bdb7a3e0d40d0ec30c5737687a" + resolved "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz" integrity sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA== dependencies: clean-stack "^2.0.0" indent-string "^4.0.0" -ai@5.0.76, ai@^5.0.30: +ai@^5.0.30, ai@5.0.76: version "5.0.76" - resolved "https://registry.yarnpkg.com/ai/-/ai-5.0.76.tgz#cb34925808ecf557120aaa7648026c4b2d232d5d" + resolved "https://registry.npmjs.org/ai/-/ai-5.0.76.tgz" integrity sha512-ZCxi1vrpyCUnDbtYrO/W8GLvyacV9689f00yshTIQ3mFFphbD7eIv40a2AOZBv3GGRA7SSRYIDnr56wcS/gyQg== dependencies: "@ai-sdk/gateway" "2.0.0" @@ -2886,26 +2903,26 @@ ai@5.0.76, ai@^5.0.30: ajv-formats@^2.1.1: version "2.1.1" - resolved "https://registry.yarnpkg.com/ajv-formats/-/ajv-formats-2.1.1.tgz#6e669400659eb74973bbf2e33327180a0996b520" + resolved "https://registry.npmjs.org/ajv-formats/-/ajv-formats-2.1.1.tgz" integrity sha512-Wx0Kx52hxE7C18hkMEggYlEifqWZtYaRgouJor+WMdPnQyEK13vgEWyVNup7SoeeoLMsr4kf5h6dOW11I15MUA== dependencies: ajv "^8.0.0" ajv-keywords@^3.5.2: version "3.5.2" - resolved "https://registry.yarnpkg.com/ajv-keywords/-/ajv-keywords-3.5.2.tgz#31f29da5ab6e00d1c2d329acf7b5929614d5014d" + resolved "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz" integrity sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ== ajv-keywords@^5.1.0: version "5.1.0" - resolved "https://registry.yarnpkg.com/ajv-keywords/-/ajv-keywords-5.1.0.tgz#69d4d385a4733cdbeab44964a1170a88f87f0e16" + resolved "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz" integrity sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw== dependencies: fast-deep-equal "^3.1.3" -ajv@^6.12.5: +ajv@^6.12.5, ajv@^6.9.1: version "6.12.6" - resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4" + resolved "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz" integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g== dependencies: fast-deep-equal "^3.1.1" @@ -2913,9 +2930,9 @@ ajv@^6.12.5: json-schema-traverse "^0.4.1" uri-js "^4.2.2" -ajv@^8.0.0, ajv@^8.9.0: +ajv@^8.0.0, ajv@^8.8.2, ajv@^8.9.0: version "8.17.1" - resolved "https://registry.yarnpkg.com/ajv/-/ajv-8.17.1.tgz#37d9a5c776af6bc92d7f4f9510eba4c0a60d11a6" + resolved "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz" integrity sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g== dependencies: fast-deep-equal "^3.1.3" @@ -2925,14 +2942,14 @@ ajv@^8.0.0, ajv@^8.9.0: algoliasearch-helper@^3.26.0: version "3.26.0" - resolved "https://registry.yarnpkg.com/algoliasearch-helper/-/algoliasearch-helper-3.26.0.tgz#d6e283396a9fc5bf944f365dc3b712570314363f" + resolved "https://registry.npmjs.org/algoliasearch-helper/-/algoliasearch-helper-3.26.0.tgz" integrity sha512-Rv2x3GXleQ3ygwhkhJubhhYGsICmShLAiqtUuJTUkr9uOCOXyF2E71LVT4XDnVffbknv8XgScP4U0Oxtgm+hIw== dependencies: "@algolia/events" "^4.0.1" -algoliasearch@^5.28.0, algoliasearch@^5.37.0: +algoliasearch@^5.28.0, algoliasearch@^5.37.0, "algoliasearch@>= 3.1 < 6", "algoliasearch@>= 4.9.1 < 6": version "5.40.1" - resolved "https://registry.yarnpkg.com/algoliasearch/-/algoliasearch-5.40.1.tgz#e46565cb473fa967a12191398e2ddfa2596bf82b" + resolved "https://registry.npmjs.org/algoliasearch/-/algoliasearch-5.40.1.tgz" integrity sha512-iUNxcXUNg9085TJx0HJLjqtDE0r1RZ0GOGrt8KNQqQT5ugu8lZsHuMUYW/e0lHhq6xBvmktU9Bw4CXP9VQeKrg== dependencies: "@algolia/abtesting" "1.6.1" @@ -2952,48 +2969,48 @@ algoliasearch@^5.28.0, algoliasearch@^5.37.0: ansi-align@^3.0.1: version "3.0.1" - resolved "https://registry.yarnpkg.com/ansi-align/-/ansi-align-3.0.1.tgz#0cdf12e111ace773a86e9a1fad1225c43cb19a59" + resolved "https://registry.npmjs.org/ansi-align/-/ansi-align-3.0.1.tgz" integrity sha512-IOfwwBF5iczOjp/WeY4YxyjqAFMQoZufdQWDd19SEExbVLNXqvpzSJ/M7Za4/sCPmQ0+GRquoA7bGcINcxew6w== dependencies: string-width "^4.1.0" ansi-escapes@^4.3.2: version "4.3.2" - resolved "https://registry.yarnpkg.com/ansi-escapes/-/ansi-escapes-4.3.2.tgz#6b2291d1db7d98b6521d5f1efa42d0f3a9feb65e" + resolved "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz" integrity sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ== dependencies: type-fest "^0.21.3" ansi-html-community@^0.0.8: version "0.0.8" - resolved "https://registry.yarnpkg.com/ansi-html-community/-/ansi-html-community-0.0.8.tgz#69fbc4d6ccbe383f9736934ae34c3f8290f1bf41" + resolved "https://registry.npmjs.org/ansi-html-community/-/ansi-html-community-0.0.8.tgz" integrity sha512-1APHAyr3+PCamwNw3bXCPp4HFLONZt/yIH0sZp0/469KWNTEy+qN5jQ3GVX6DMZ1UXAi34yVwtTeaG/HpBuuzw== ansi-regex@^5.0.1: version "5.0.1" - resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304" + resolved "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz" integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ== ansi-regex@^6.0.1: version "6.2.2" - resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-6.2.2.tgz#60216eea464d864597ce2832000738a0589650c1" + resolved "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz" integrity sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg== ansi-styles@^4.0.0, ansi-styles@^4.1.0: version "4.3.0" - resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-4.3.0.tgz#edd803628ae71c04c85ae7a0906edad34b648937" + resolved "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz" integrity sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg== dependencies: color-convert "^2.0.1" ansi-styles@^6.1.0: version "6.2.3" - resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-6.2.3.tgz#c044d5dcc521a076413472597a1acb1f103c4041" + resolved "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz" integrity sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg== anymatch@~3.1.2: version "3.1.3" - resolved "https://registry.yarnpkg.com/anymatch/-/anymatch-3.1.3.tgz#790c58b19ba1720a84205b57c618d5ad8524973e" + resolved "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz" integrity sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw== dependencies: normalize-path "^3.0.0" @@ -3001,39 +3018,39 @@ anymatch@~3.1.2: arg@^5.0.0: version "5.0.2" - resolved "https://registry.yarnpkg.com/arg/-/arg-5.0.2.tgz#c81433cc427c92c4dcf4865142dbca6f15acd59c" + resolved "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz" integrity sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg== argparse@^1.0.7: version "1.0.10" - resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911" + resolved "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz" integrity sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg== dependencies: sprintf-js "~1.0.2" argparse@^2.0.1: version "2.0.1" - resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38" + resolved "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz" integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q== array-flatten@1.1.1: version "1.1.1" - resolved "https://registry.yarnpkg.com/array-flatten/-/array-flatten-1.1.1.tgz#9a5f699051b1e7073328f2a008968b64ea2955d2" + resolved "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz" integrity sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg== array-union@^2.1.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/array-union/-/array-union-2.1.0.tgz#b798420adbeb1de828d84acd8a2e23d3efe85e8d" + resolved "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz" integrity sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw== astring@^1.8.0: version "1.9.0" - resolved "https://registry.yarnpkg.com/astring/-/astring-1.9.0.tgz#cc73e6062a7eb03e7d19c22d8b0b3451fd9bfeef" + resolved "https://registry.npmjs.org/astring/-/astring-1.9.0.tgz" integrity sha512-LElXdjswlqjWrPpJFg1Fx4wpkOCxj1TDHlSV4PlaRxHGWko024xICaa97ZkMfs6DRKlCguiAI+rbXv5GWwXIkg== autoprefixer@^10.4.19, autoprefixer@^10.4.21: version "10.4.21" - resolved "https://registry.yarnpkg.com/autoprefixer/-/autoprefixer-10.4.21.tgz#77189468e7a8ad1d9a37fbc08efc9f480cf0a95d" + resolved "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.21.tgz" integrity sha512-O+A6LWV5LDHSJD3LjHYoNi4VLsj/Whi7k6zG12xTYaU4cQ8oxQGckXNX8cRHK5yOZ/ppVHe0ZBXGzSV9jXdVbQ== dependencies: browserslist "^4.24.4" @@ -3045,7 +3062,7 @@ autoprefixer@^10.4.19, autoprefixer@^10.4.21: babel-loader@^9.2.1: version "9.2.1" - resolved "https://registry.yarnpkg.com/babel-loader/-/babel-loader-9.2.1.tgz#04c7835db16c246dd19ba0914418f3937797587b" + resolved "https://registry.npmjs.org/babel-loader/-/babel-loader-9.2.1.tgz" integrity sha512-fqe8naHt46e0yIdkjUZYqddSXfej3AHajX+CSO5X7oy0EmPc6o5Xh+RClNoHjnieWz9AW4kZxW9yyFMhVB1QLA== dependencies: find-cache-dir "^4.0.0" @@ -3053,14 +3070,14 @@ babel-loader@^9.2.1: babel-plugin-dynamic-import-node@^2.3.3: version "2.3.3" - resolved "https://registry.yarnpkg.com/babel-plugin-dynamic-import-node/-/babel-plugin-dynamic-import-node-2.3.3.tgz#84fda19c976ec5c6defef57f9427b3def66e17a3" + resolved "https://registry.npmjs.org/babel-plugin-dynamic-import-node/-/babel-plugin-dynamic-import-node-2.3.3.tgz" integrity sha512-jZVI+s9Zg3IqA/kdi0i6UDCybUI3aSBLnglhYbSSjKlV7yF1F/5LWv8MakQmvYpnbJDS6fcBL2KzHSxNCMtWSQ== dependencies: object.assign "^4.1.0" babel-plugin-polyfill-corejs2@^0.4.14: version "0.4.14" - resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.14.tgz#8101b82b769c568835611542488d463395c2ef8f" + resolved "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.14.tgz" integrity sha512-Co2Y9wX854ts6U8gAAPXfn0GmAyctHuK8n0Yhfjd6t30g7yvKjspvvOo9yG+z52PZRgFErt7Ka2pYnXCjLKEpg== dependencies: "@babel/compat-data" "^7.27.7" @@ -3069,7 +3086,7 @@ babel-plugin-polyfill-corejs2@^0.4.14: babel-plugin-polyfill-corejs3@^0.13.0: version "0.13.0" - resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.13.0.tgz#bb7f6aeef7addff17f7602a08a6d19a128c30164" + resolved "https://registry.npmjs.org/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.13.0.tgz" integrity sha512-U+GNwMdSFgzVmfhNm8GJUX88AadB3uo9KpJqS3FaqNIPKgySuvMb+bHPsOmmuWyIcuqZj/pzt1RUIUZns4y2+A== dependencies: "@babel/helper-define-polyfill-provider" "^0.6.5" @@ -3077,44 +3094,44 @@ babel-plugin-polyfill-corejs3@^0.13.0: babel-plugin-polyfill-regenerator@^0.6.5: version "0.6.5" - resolved "https://registry.yarnpkg.com/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.6.5.tgz#32752e38ab6f6767b92650347bf26a31b16ae8c5" + resolved "https://registry.npmjs.org/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.6.5.tgz" integrity sha512-ISqQ2frbiNU9vIJkzg7dlPpznPZ4jOiUQ1uSmB0fEHeowtN3COYRsXr/xexn64NpU13P06jc/L5TgiJXOgrbEg== dependencies: "@babel/helper-define-polyfill-provider" "^0.6.5" bail@^2.0.0: version "2.0.2" - resolved "https://registry.yarnpkg.com/bail/-/bail-2.0.2.tgz#d26f5cd8fe5d6f832a31517b9f7c356040ba6d5d" + resolved "https://registry.npmjs.org/bail/-/bail-2.0.2.tgz" integrity sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw== balanced-match@^1.0.0: version "1.0.2" - resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee" + resolved "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz" integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw== baseline-browser-mapping@^2.8.9: version "2.8.17" - resolved "https://registry.yarnpkg.com/baseline-browser-mapping/-/baseline-browser-mapping-2.8.17.tgz#85aff3f7dd6326ea25b77ce834b96bb698545dc6" + resolved "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.8.17.tgz" integrity sha512-j5zJcx6golJYTG6c05LUZ3Z8Gi+M62zRT/ycz4Xq4iCOdpcxwg7ngEYD4KA0eWZC7U17qh/Smq8bYbACJ0ipBA== batch@0.6.1: version "0.6.1" - resolved "https://registry.yarnpkg.com/batch/-/batch-0.6.1.tgz#dc34314f4e679318093fc760272525f94bf25c16" + resolved "https://registry.npmjs.org/batch/-/batch-0.6.1.tgz" integrity sha512-x+VAiMRL6UPkx+kudNvxTl6hB2XNNCG2r+7wixVfIYwu/2HKRXimwQyaumLjMveWvT2Hkd/cAJw+QBMfJ/EKVw== big.js@^5.2.2: version "5.2.2" - resolved "https://registry.yarnpkg.com/big.js/-/big.js-5.2.2.tgz#65f0af382f578bcdc742bd9c281e9cb2d7768328" + resolved "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz" integrity sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ== binary-extensions@^2.0.0: version "2.3.0" - resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-2.3.0.tgz#f6e14a97858d327252200242d4ccfe522c445522" + resolved "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz" integrity sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw== body-parser@1.20.3: version "1.20.3" - resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.20.3.tgz#1953431221c6fb5cd63c4b36d53fab0928e548c6" + resolved "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz" integrity sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g== dependencies: bytes "3.1.2" @@ -3132,7 +3149,7 @@ body-parser@1.20.3: bonjour-service@^1.2.1: version "1.3.0" - resolved "https://registry.yarnpkg.com/bonjour-service/-/bonjour-service-1.3.0.tgz#80d867430b5a0da64e82a8047fc1e355bdb71722" + resolved "https://registry.npmjs.org/bonjour-service/-/bonjour-service-1.3.0.tgz" integrity sha512-3YuAUiSkWykd+2Azjgyxei8OWf8thdn8AITIog2M4UICzoqfjlqr64WIjEXZllf/W6vK1goqleSR6brGomxQqA== dependencies: fast-deep-equal "^3.1.3" @@ -3140,12 +3157,12 @@ bonjour-service@^1.2.1: boolbase@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/boolbase/-/boolbase-1.0.0.tgz#68dff5fbe60c51eb37725ea9e3ed310dcc1e776e" + resolved "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz" integrity sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww== boxen@^6.2.1: version "6.2.1" - resolved "https://registry.yarnpkg.com/boxen/-/boxen-6.2.1.tgz#b098a2278b2cd2845deef2dff2efc38d329b434d" + resolved "https://registry.npmjs.org/boxen/-/boxen-6.2.1.tgz" integrity sha512-H4PEsJXfFI/Pt8sjDWbHlQPx4zL/bvSQjcilJmaulGt5mLDorHOHpmdXAJcBcmru7PhYSp/cDMWRko4ZUMFkSw== dependencies: ansi-align "^3.0.1" @@ -3159,7 +3176,7 @@ boxen@^6.2.1: boxen@^7.0.0: version "7.1.1" - resolved "https://registry.yarnpkg.com/boxen/-/boxen-7.1.1.tgz#f9ba525413c2fec9cdb88987d835c4f7cad9c8f4" + resolved "https://registry.npmjs.org/boxen/-/boxen-7.1.1.tgz" integrity sha512-2hCgjEmP8YLWQ130n2FerGv7rYpfBmnmp9Uy2Le1vge6X3gZIfSmEzP5QTDElFxcvVcXlEn8Aq6MU/PZygIOog== dependencies: ansi-align "^3.0.1" @@ -3173,7 +3190,7 @@ boxen@^7.0.0: brace-expansion@^1.1.7: version "1.1.12" - resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.12.tgz#ab9b454466e5a8cc3a187beaad580412a9c5b843" + resolved "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz" integrity sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg== dependencies: balanced-match "^1.0.0" @@ -3181,21 +3198,21 @@ brace-expansion@^1.1.7: brace-expansion@^2.0.2: version "2.1.0" - resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-2.1.0.tgz#4f41a41190216ee36067ec381526fe9539c4f0ae" + resolved "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz" integrity sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w== dependencies: balanced-match "^1.0.0" braces@^3.0.3, braces@~3.0.2: version "3.0.3" - resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789" + resolved "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz" integrity sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA== dependencies: fill-range "^7.1.1" -browserslist@^4.0.0, browserslist@^4.23.0, browserslist@^4.24.0, browserslist@^4.24.4, browserslist@^4.26.0, browserslist@^4.26.3: +browserslist@^4.0.0, browserslist@^4.23.0, browserslist@^4.24.0, browserslist@^4.24.4, browserslist@^4.26.0, browserslist@^4.26.3, "browserslist@>= 4.21.0": version "4.26.3" - resolved "https://registry.yarnpkg.com/browserslist/-/browserslist-4.26.3.tgz#40fbfe2d1cd420281ce5b1caa8840049c79afb56" + resolved "https://registry.npmjs.org/browserslist/-/browserslist-4.26.3.tgz" integrity sha512-lAUU+02RFBuCKQPj/P6NgjlbCnLBMp4UtgTx7vNHd3XSIJF87s9a5rA3aH2yw3GS9DqZAUbOtZdCCiZeVRqt0w== dependencies: baseline-browser-mapping "^2.8.9" @@ -3206,34 +3223,34 @@ browserslist@^4.0.0, browserslist@^4.23.0, browserslist@^4.24.0, browserslist@^4 buffer-from@^1.0.0: version "1.1.2" - resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.2.tgz#2b146a6fd72e80b4f55d255f35ed59a3a9a41bd5" + resolved "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz" integrity sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ== bundle-name@^4.1.0: version "4.1.0" - resolved "https://registry.yarnpkg.com/bundle-name/-/bundle-name-4.1.0.tgz#f3b96b34160d6431a19d7688135af7cfb8797889" + resolved "https://registry.npmjs.org/bundle-name/-/bundle-name-4.1.0.tgz" integrity sha512-tjwM5exMg6BGRI+kNmTntNsvdZS1X8BFYS6tnJ2hdH0kVxM6/eVZ2xy+FqStSWvYmtfFMDLIxurorHwDKfDz5Q== dependencies: run-applescript "^7.0.0" bytes@3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.0.0.tgz#d32815404d689699f85a4ea4fa8755dd13a96048" + resolved "https://registry.npmjs.org/bytes/-/bytes-3.0.0.tgz" integrity sha512-pMhOfFDPiv9t5jjIXkHosWmkSyQbvsgEVNkz0ERHbuLh2T/7j4Mqqpz523Fe8MVY89KC6Sh/QfS2sM+SjgFDcw== bytes@3.1.2: version "3.1.2" - resolved "https://registry.yarnpkg.com/bytes/-/bytes-3.1.2.tgz#8b0beeb98605adf1b128fa4386403c009e0221a5" + resolved "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz" integrity sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg== cacheable-lookup@^7.0.0: version "7.0.0" - resolved "https://registry.yarnpkg.com/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz#3476a8215d046e5a3202a9209dd13fec1f933a27" + resolved "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz" integrity sha512-+qJyx4xiKra8mZrcwhjMRMUhD5NR1R8esPkzIYxX96JiecFoxAXFuz/GpR3+ev4PE1WamHip78wV0vcmPQtp8w== cacheable-request@^13.0.12: version "13.0.12" - resolved "https://registry.yarnpkg.com/cacheable-request/-/cacheable-request-13.0.12.tgz#193da6b5eddefc45e06127ac6bc0f321ef102dda" + resolved "https://registry.npmjs.org/cacheable-request/-/cacheable-request-13.0.12.tgz" integrity sha512-qqK/etGeI/9DV5yRkO50ApDTjip9UXPml1NHYJksUAw15yMLOf8VUO1/8bu4P8birOCqR+hYQ/nh1Lezc8sZrA== dependencies: "@types/http-cache-semantics" "^4.0.4" @@ -3246,7 +3263,7 @@ cacheable-request@^13.0.12: call-bind-apply-helpers@^1.0.0, call-bind-apply-helpers@^1.0.1, call-bind-apply-helpers@^1.0.2: version "1.0.2" - resolved "https://registry.yarnpkg.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz#4b5428c222be985d79c3d82657479dbe0b59b2d6" + resolved "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz" integrity sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ== dependencies: es-errors "^1.3.0" @@ -3254,7 +3271,7 @@ call-bind-apply-helpers@^1.0.0, call-bind-apply-helpers@^1.0.1, call-bind-apply- call-bind@^1.0.8: version "1.0.8" - resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.8.tgz#0736a9660f537e3388826f440d5ec45f744eaa4c" + resolved "https://registry.npmjs.org/call-bind/-/call-bind-1.0.8.tgz" integrity sha512-oKlSFMcMwpUg2ednkhQ454wfWiU/ul3CkJe/PEHcTKuiX6RpbehUiFMXu13HalGZxfUwCQzZG747YXBn1im9ww== dependencies: call-bind-apply-helpers "^1.0.0" @@ -3264,7 +3281,7 @@ call-bind@^1.0.8: call-bound@^1.0.2, call-bound@^1.0.3: version "1.0.4" - resolved "https://registry.yarnpkg.com/call-bound/-/call-bound-1.0.4.tgz#238de935d2a2a692928c538c7ccfa91067fd062a" + resolved "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz" integrity sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg== dependencies: call-bind-apply-helpers "^1.0.2" @@ -3272,12 +3289,12 @@ call-bound@^1.0.2, call-bound@^1.0.3: callsites@^3.0.0: version "3.1.0" - resolved "https://registry.yarnpkg.com/callsites/-/callsites-3.1.0.tgz#b3630abd8943432f54b3f0519238e33cd7df2f73" + resolved "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz" integrity sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ== camel-case@^4.1.2: version "4.1.2" - resolved "https://registry.yarnpkg.com/camel-case/-/camel-case-4.1.2.tgz#9728072a954f805228225a6deea6b38461e1bd5a" + resolved "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz" integrity sha512-gxGWBrTT1JuMx6R+o5PTXMmUnhnVzLQ9SNutD4YqKtI6ap897t3tKECYla6gCWEkplXnlNybEkZg9GEGxKFCgw== dependencies: pascal-case "^3.1.2" @@ -3285,17 +3302,17 @@ camel-case@^4.1.2: camelcase@^6.2.0: version "6.3.0" - resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-6.3.0.tgz#5685b95eb209ac9c0c177467778c9c84df58ba9a" + resolved "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz" integrity sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA== camelcase@^7.0.1: version "7.0.1" - resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-7.0.1.tgz#f02e50af9fd7782bc8b88a3558c32fd3a388f048" + resolved "https://registry.npmjs.org/camelcase/-/camelcase-7.0.1.tgz" integrity sha512-xlx1yCK2Oc1APsPXDL2LdlNP6+uu8OCDdhOBSVT279M/S+y75O30C2VuD8T2ogdePBBl7PfPF4504tnLgX3zfw== caniuse-api@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/caniuse-api/-/caniuse-api-3.0.0.tgz#5e4d90e2274961d46291997df599e3ed008ee4c0" + resolved "https://registry.npmjs.org/caniuse-api/-/caniuse-api-3.0.0.tgz" integrity sha512-bsTwuIg/BZZK/vreVTYYbSWoe2F+71P7K5QGEX+pT250DZbfU1MQ5prOKpPR+LL6uWKK3KMwMCAS74QB3Um1uw== dependencies: browserslist "^4.0.0" @@ -3305,17 +3322,17 @@ caniuse-api@^3.0.0: caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001702, caniuse-lite@^1.0.30001746: version "1.0.30001751" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001751.tgz#dacd5d9f4baeea841641640139d2b2a4df4226ad" + resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001751.tgz" integrity sha512-A0QJhug0Ly64Ii3eIqHu5X51ebln3k4yTUkY1j8drqpWHVreg/VLijN48cZ1bYPiqOQuqpkIKnzr/Ul8V+p6Cw== ccount@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/ccount/-/ccount-2.0.1.tgz#17a3bf82302e0870d6da43a01311a8bc02a3ecf5" + resolved "https://registry.npmjs.org/ccount/-/ccount-2.0.1.tgz" integrity sha512-eyrF0jiFpY+3drT6383f1qhkbGsLSifNAjA61IUjZjmLCWjItY6LB9ft9YhoDgwfmclB2zhu51Lc7+95b8NRAg== chalk@^4.0.0, chalk@^4.1.2: version "4.1.2" - resolved "https://registry.yarnpkg.com/chalk/-/chalk-4.1.2.tgz#aac4e2b7734a740867aeb16bf02aad556a1e7a01" + resolved "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz" integrity sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA== dependencies: ansi-styles "^4.1.0" @@ -3323,37 +3340,37 @@ chalk@^4.0.0, chalk@^4.1.2: chalk@^5.0.1, chalk@^5.2.0: version "5.6.2" - resolved "https://registry.yarnpkg.com/chalk/-/chalk-5.6.2.tgz#b1238b6e23ea337af71c7f8a295db5af0c158aea" + resolved "https://registry.npmjs.org/chalk/-/chalk-5.6.2.tgz" integrity sha512-7NzBL0rN6fMUW+f7A6Io4h40qQlG+xGmtMxfbnH/K7TAtt8JQWVQK+6g0UXKMeVJoyV5EkkNsErQ8pVD3bLHbA== char-regex@^1.0.2: version "1.0.2" - resolved "https://registry.yarnpkg.com/char-regex/-/char-regex-1.0.2.tgz#d744358226217f981ed58f479b1d6bcc29545dcf" + resolved "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz" integrity sha512-kWWXztvZ5SBQV+eRgKFeh8q5sLuZY2+8WUIzlxWVTg+oGwY14qylx1KbKzHd8P6ZYkAg0xyIDU9JMHhyJMZ1jw== character-entities-html4@^2.0.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/character-entities-html4/-/character-entities-html4-2.1.0.tgz#1f1adb940c971a4b22ba39ddca6b618dc6e56b2b" + resolved "https://registry.npmjs.org/character-entities-html4/-/character-entities-html4-2.1.0.tgz" integrity sha512-1v7fgQRj6hnSwFpq1Eu0ynr/CDEw0rXo2B61qXrLNdHZmPKgb7fqS1a2JwF0rISo9q77jDI8VMEHoApn8qDoZA== character-entities-legacy@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/character-entities-legacy/-/character-entities-legacy-3.0.0.tgz#76bc83a90738901d7bc223a9e93759fdd560125b" + resolved "https://registry.npmjs.org/character-entities-legacy/-/character-entities-legacy-3.0.0.tgz" integrity sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ== character-entities@^2.0.0: version "2.0.2" - resolved "https://registry.yarnpkg.com/character-entities/-/character-entities-2.0.2.tgz#2d09c2e72cd9523076ccb21157dff66ad43fcc22" + resolved "https://registry.npmjs.org/character-entities/-/character-entities-2.0.2.tgz" integrity sha512-shx7oQ0Awen/BRIdkjkvz54PnEEI/EjwXDSIZp86/KKdbafHh1Df/RYGBhn4hbe2+uKC9FnT5UCEdyPz3ai9hQ== character-reference-invalid@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/character-reference-invalid/-/character-reference-invalid-2.0.1.tgz#85c66b041e43b47210faf401278abf808ac45cb9" + resolved "https://registry.npmjs.org/character-reference-invalid/-/character-reference-invalid-2.0.1.tgz" integrity sha512-iBZ4F4wRbyORVsu0jPV7gXkOsGYjGHPmAyv+HiHG8gi5PtC9KI2j1+v8/tlibRvjoWX027ypmG/n0HtO5t7unw== cheerio-select@^2.1.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/cheerio-select/-/cheerio-select-2.1.0.tgz#4d8673286b8126ca2a8e42740d5e3c4884ae21b4" + resolved "https://registry.npmjs.org/cheerio-select/-/cheerio-select-2.1.0.tgz" integrity sha512-9v9kG0LvzrlcungtnJtpGNxY+fzECQKhK4EGJX2vByejiMX84MFNQw4UxPJl3bFbTMw+Dfs37XaIkCwTZfLh4g== dependencies: boolbase "^1.0.0" @@ -3365,7 +3382,7 @@ cheerio-select@^2.1.0: cheerio@1.0.0-rc.12: version "1.0.0-rc.12" - resolved "https://registry.yarnpkg.com/cheerio/-/cheerio-1.0.0-rc.12.tgz#788bf7466506b1c6bf5fae51d24a2c4d62e47683" + resolved "https://registry.npmjs.org/cheerio/-/cheerio-1.0.0-rc.12.tgz" integrity sha512-VqR8m68vM46BNnuZ5NtnGBKIE/DfN0cRIzg9n40EIq9NOv90ayxLBXA8fXC5gquFRGJSTRqBq25Jt2ECLR431Q== dependencies: cheerio-select "^2.1.0" @@ -3378,7 +3395,7 @@ cheerio@1.0.0-rc.12: chokidar@^3.5.3, chokidar@^3.6.0: version "3.6.0" - resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-3.6.0.tgz#197c6cc669ef2a8dc5e7b4d97ee4e092c3eb0d5b" + resolved "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz" integrity sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw== dependencies: anymatch "~3.1.2" @@ -3393,34 +3410,34 @@ chokidar@^3.5.3, chokidar@^3.6.0: chrome-trace-event@^1.0.2: version "1.0.4" - resolved "https://registry.yarnpkg.com/chrome-trace-event/-/chrome-trace-event-1.0.4.tgz#05bffd7ff928465093314708c93bdfa9bd1f0f5b" + resolved "https://registry.npmjs.org/chrome-trace-event/-/chrome-trace-event-1.0.4.tgz" integrity sha512-rNjApaLzuwaOTjCiT8lSDdGN1APCiqkChLMJxJPWLunPAt5fy8xgU9/jNOchV84wfIxrA0lRQB7oCT8jrn/wrQ== ci-info@^3.2.0: version "3.9.0" - resolved "https://registry.yarnpkg.com/ci-info/-/ci-info-3.9.0.tgz#4279a62028a7b1f262f3473fc9605f5e218c59b4" + resolved "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz" integrity sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ== clean-css@^5.2.2, clean-css@^5.3.3, clean-css@~5.3.2: version "5.3.3" - resolved "https://registry.yarnpkg.com/clean-css/-/clean-css-5.3.3.tgz#b330653cd3bd6b75009cc25c714cae7b93351ccd" + resolved "https://registry.npmjs.org/clean-css/-/clean-css-5.3.3.tgz" integrity sha512-D5J+kHaVb/wKSFcyyV75uCn8fiY4sV38XJoe4CUyGQ+mOU/fMVYUdH1hJC+CJQ5uY3EnW27SbJYS4X8BiLrAFg== dependencies: source-map "~0.6.0" clean-stack@^2.0.0: version "2.2.0" - resolved "https://registry.yarnpkg.com/clean-stack/-/clean-stack-2.2.0.tgz#ee8472dbb129e727b31e8a10a427dee9dfe4008b" + resolved "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz" integrity sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A== cli-boxes@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/cli-boxes/-/cli-boxes-3.0.0.tgz#71a10c716feeba005e4504f36329ef0b17cf3145" + resolved "https://registry.npmjs.org/cli-boxes/-/cli-boxes-3.0.0.tgz" integrity sha512-/lzGpEWL/8PfI0BmBOPRwp0c/wFNX1RdUML3jK/RcSBA9T8mZDdQpqYBKtCFTOfQbwPqWEOpjqW+Fnayc0969g== cli-table3@^0.6.3: version "0.6.5" - resolved "https://registry.yarnpkg.com/cli-table3/-/cli-table3-0.6.5.tgz#013b91351762739c16a9567c21a04632e449bf2f" + resolved "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.5.tgz" integrity sha512-+W/5efTR7y5HRD7gACw9yQjqMVvEMLBHmboM/kPWam+H+Hmyrgjh6YncVKK122YZkXrLudzTuAukUw9FnMf7IQ== dependencies: string-width "^4.2.0" @@ -3429,7 +3446,7 @@ cli-table3@^0.6.3: clone-deep@^4.0.1: version "4.0.1" - resolved "https://registry.yarnpkg.com/clone-deep/-/clone-deep-4.0.1.tgz#c19fd9bdbbf85942b4fd979c84dcf7d5f07c2387" + resolved "https://registry.npmjs.org/clone-deep/-/clone-deep-4.0.1.tgz" integrity sha512-neHB9xuzh/wk0dIHweyAXv2aPGZIVk3pLMe+/RNzINf17fe0OG96QroktYAUm7SM1PBnzTabaLboqqxDyMU+SQ== dependencies: is-plain-object "^2.0.4" @@ -3443,81 +3460,81 @@ clsx@^2.0.0: collapse-white-space@^2.0.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/collapse-white-space/-/collapse-white-space-2.1.0.tgz#640257174f9f42c740b40f3b55ee752924feefca" + resolved "https://registry.npmjs.org/collapse-white-space/-/collapse-white-space-2.1.0.tgz" integrity sha512-loKTxY1zCOuG4j9f6EPnuyyYkf58RnhhWTvRoZEokgB+WbdXehfjFviyOVYkqzEWz1Q5kRiZdBYS5SwxbQYwzw== color-convert@^2.0.1: version "2.0.1" - resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-2.0.1.tgz#72d3a68d598c9bdb3af2ad1e84f21d896abd4de3" + resolved "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz" integrity sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ== dependencies: color-name "~1.1.4" color-name@~1.1.4: version "1.1.4" - resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.4.tgz#c2a09a87acbde69543de6f63fa3995c826c536a2" + resolved "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz" integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA== colord@^2.9.3: version "2.9.3" - resolved "https://registry.yarnpkg.com/colord/-/colord-2.9.3.tgz#4f8ce919de456f1d5c1c368c307fe20f3e59fb43" + resolved "https://registry.npmjs.org/colord/-/colord-2.9.3.tgz" integrity sha512-jeC1axXpnb0/2nn/Y1LPuLdgXBLH7aDcHu4KEKfqw3CUhX7ZpfBSlPKyqXE6btIgEzfWtrX3/tyBCaCvXvMkOw== colorette@^2.0.10: version "2.0.20" - resolved "https://registry.yarnpkg.com/colorette/-/colorette-2.0.20.tgz#9eb793e6833067f7235902fcd3b09917a000a95a" + resolved "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz" integrity sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w== combine-promises@^1.1.0: version "1.2.0" - resolved "https://registry.yarnpkg.com/combine-promises/-/combine-promises-1.2.0.tgz#5f2e68451862acf85761ded4d9e2af7769c2ca6a" + resolved "https://registry.npmjs.org/combine-promises/-/combine-promises-1.2.0.tgz" integrity sha512-VcQB1ziGD0NXrhKxiwyNbCDmRzs/OShMs2GqW2DlU2A/Sd0nQxE1oWDAE5O0ygSx5mgQOn9eIFh7yKPgFRVkPQ== comma-separated-tokens@^2.0.0: version "2.0.3" - resolved "https://registry.yarnpkg.com/comma-separated-tokens/-/comma-separated-tokens-2.0.3.tgz#4e89c9458acb61bc8fef19f4529973b2392839ee" + resolved "https://registry.npmjs.org/comma-separated-tokens/-/comma-separated-tokens-2.0.3.tgz" integrity sha512-Fu4hJdvzeylCfQPp9SGWidpzrMs7tTrlu6Vb8XGaRGck8QSNZJJp538Wrb60Lax4fPwR64ViY468OIUTbRlGZg== commander@^10.0.0: version "10.0.1" - resolved "https://registry.yarnpkg.com/commander/-/commander-10.0.1.tgz#881ee46b4f77d1c1dccc5823433aa39b022cbe06" + resolved "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz" integrity sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug== commander@^2.20.0: version "2.20.3" - resolved "https://registry.yarnpkg.com/commander/-/commander-2.20.3.tgz#fd485e84c03eb4881c20722ba48035e8531aeb33" + resolved "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz" integrity sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ== commander@^5.1.0: version "5.1.0" - resolved "https://registry.yarnpkg.com/commander/-/commander-5.1.0.tgz#46abbd1652f8e059bddaef99bbdcb2ad9cf179ae" + resolved "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz" integrity sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg== commander@^7.2.0: version "7.2.0" - resolved "https://registry.yarnpkg.com/commander/-/commander-7.2.0.tgz#a36cb57d0b501ce108e4d20559a150a391d97ab7" + resolved "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz" integrity sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw== commander@^8.3.0: version "8.3.0" - resolved "https://registry.yarnpkg.com/commander/-/commander-8.3.0.tgz#4837ea1b2da67b9c616a67afbb0fafee567bca66" + resolved "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz" integrity sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww== common-path-prefix@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/common-path-prefix/-/common-path-prefix-3.0.0.tgz#7d007a7e07c58c4b4d5f433131a19141b29f11e0" + resolved "https://registry.npmjs.org/common-path-prefix/-/common-path-prefix-3.0.0.tgz" integrity sha512-QE33hToZseCH3jS0qN96O/bSh3kaw/h+Tq7ngyY9eWDUnTlTNUyqfqvCXioLe5Na5jFsL78ra/wuBU4iuEgd4w== compressible@~2.0.18: version "2.0.18" - resolved "https://registry.yarnpkg.com/compressible/-/compressible-2.0.18.tgz#af53cca6b070d4c3c0750fbd77286a6d7cc46fba" + resolved "https://registry.npmjs.org/compressible/-/compressible-2.0.18.tgz" integrity sha512-AF3r7P5dWxL8MxyITRMlORQNaOA2IkAFaTr4k7BUumjPtRpGDTZpl0Pb1XCO6JeDCBdp126Cgs9sMxqSjgYyRg== dependencies: mime-db ">= 1.43.0 < 2" compression@^1.7.4: version "1.8.1" - resolved "https://registry.yarnpkg.com/compression/-/compression-1.8.1.tgz#4a45d909ac16509195a9a28bd91094889c180d79" + resolved "https://registry.npmjs.org/compression/-/compression-1.8.1.tgz" integrity sha512-9mAqGPHLakhCLeNyxPkK4xVo746zQ/czLH1Ky+vkitMnWfWZps8r0qXuwhwizagCRttsL4lfG4pIOvaWLpAP0w== dependencies: bytes "3.1.2" @@ -3530,12 +3547,12 @@ compression@^1.7.4: concat-map@0.0.1: version "0.0.1" - resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b" + resolved "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz" integrity sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg== config-chain@^1.1.11: version "1.1.13" - resolved "https://registry.yarnpkg.com/config-chain/-/config-chain-1.1.13.tgz#fad0795aa6a6cdaff9ed1b68e9dff94372c232f4" + resolved "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz" integrity sha512-qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ== dependencies: ini "^1.3.4" @@ -3543,7 +3560,7 @@ config-chain@^1.1.11: configstore@^6.0.0: version "6.0.0" - resolved "https://registry.yarnpkg.com/configstore/-/configstore-6.0.0.tgz#49eca2ebc80983f77e09394a1a56e0aca8235566" + resolved "https://registry.npmjs.org/configstore/-/configstore-6.0.0.tgz" integrity sha512-cD31W1v3GqUlQvbBCGcXmd2Nj9SvLDOP1oQ0YFuLETufzSPaKp11rYBsSOm7rCsW3OnIRAFM3OxRhceaXNYHkA== dependencies: dot-prop "^6.0.1" @@ -3554,49 +3571,49 @@ configstore@^6.0.0: connect-history-api-fallback@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/connect-history-api-fallback/-/connect-history-api-fallback-2.0.0.tgz#647264845251a0daf25b97ce87834cace0f5f1c8" + resolved "https://registry.npmjs.org/connect-history-api-fallback/-/connect-history-api-fallback-2.0.0.tgz" integrity sha512-U73+6lQFmfiNPrYbXqr6kZ1i1wiRqXnp2nhMsINseWXO8lDau0LGEffJ8kQi4EjLZympVgRdvqjAgiZ1tgzDDA== consola@^3.2.3: version "3.4.2" - resolved "https://registry.yarnpkg.com/consola/-/consola-3.4.2.tgz#5af110145397bb67afdab77013fdc34cae590ea7" + resolved "https://registry.npmjs.org/consola/-/consola-3.4.2.tgz" integrity sha512-5IKcdX0nnYavi6G7TtOhwkYzyjfJlatbjMjuLSfE2kYT5pMDOilZ4OvMhi637CcDICTmz3wARPoyhqyX1Y+XvA== content-disposition@0.5.2: version "0.5.2" - resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.2.tgz#0cf68bb9ddf5f2be7961c3a85178cb85dba78cb4" + resolved "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.2.tgz" integrity sha512-kRGRZw3bLlFISDBgwTSA1TMBFN6J6GWDeubmDE3AF+3+yXL8hTWv8r5rkLbqYXY4RjPk/EzHnClI3zQf1cFmHA== content-disposition@0.5.4: version "0.5.4" - resolved "https://registry.yarnpkg.com/content-disposition/-/content-disposition-0.5.4.tgz#8b82b4efac82512a02bb0b1dcec9d2c5e8eb5bfe" + resolved "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz" integrity sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ== dependencies: safe-buffer "5.2.1" content-type@~1.0.4, content-type@~1.0.5: version "1.0.5" - resolved "https://registry.yarnpkg.com/content-type/-/content-type-1.0.5.tgz#8b773162656d1d1086784c8f23a54ce6d73d7918" + resolved "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz" integrity sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA== convert-source-map@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/convert-source-map/-/convert-source-map-2.0.0.tgz#4b560f649fc4e918dd0ab75cf4961e8bc882d82a" + resolved "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz" integrity sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg== cookie-signature@1.0.6: version "1.0.6" - resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c" + resolved "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz" integrity sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ== cookie@0.7.1: version "0.7.1" - resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.1.tgz#2f73c42142d5d5cf71310a74fc4ae61670e5dbc9" + resolved "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz" integrity sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w== copy-webpack-plugin@^11.0.0: version "11.0.0" - resolved "https://registry.yarnpkg.com/copy-webpack-plugin/-/copy-webpack-plugin-11.0.0.tgz#96d4dbdb5f73d02dd72d0528d1958721ab72e04a" + resolved "https://registry.npmjs.org/copy-webpack-plugin/-/copy-webpack-plugin-11.0.0.tgz" integrity sha512-fX2MWpamkW0hZxMEg0+mYnA40LTosOSa5TqZ9GYIBzyJa9C3QUaMPSE2xAi/buNr8u89SfD9wHSQVBzrRa/SOQ== dependencies: fast-glob "^3.2.11" @@ -3608,29 +3625,29 @@ copy-webpack-plugin@^11.0.0: core-js-compat@^3.43.0: version "3.46.0" - resolved "https://registry.yarnpkg.com/core-js-compat/-/core-js-compat-3.46.0.tgz#0c87126a19a1af00371e12b02a2b088a40f3c6f7" + resolved "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.46.0.tgz" integrity sha512-p9hObIIEENxSV8xIu+V68JjSeARg6UVMG5mR+JEUguG3sI6MsiS1njz2jHmyJDvA+8jX/sytkBHup6kxhM9law== dependencies: browserslist "^4.26.3" core-js-pure@^3.43.0: version "3.46.0" - resolved "https://registry.yarnpkg.com/core-js-pure/-/core-js-pure-3.46.0.tgz#9bb80248584c6334bb54cd381b0f41c619ef1b43" + resolved "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.46.0.tgz" integrity sha512-NMCW30bHNofuhwLhYPt66OLOKTMbOhgTTatKVbaQC3KRHpTCiRIBYvtshr+NBYSnBxwAFhjW/RfJ0XbIjS16rw== core-js@^3.31.1: version "3.46.0" - resolved "https://registry.yarnpkg.com/core-js/-/core-js-3.46.0.tgz#323a092b96381a9184d0cd49ee9083b2f93373bb" + resolved "https://registry.npmjs.org/core-js/-/core-js-3.46.0.tgz" integrity sha512-vDMm9B0xnqqZ8uSBpZ8sNtRtOdmfShrvT6h2TuQGLs0Is+cR0DYbj/KWP6ALVNbWPpqA/qPLoOuppJN07humpA== core-util-is@~1.0.0: version "1.0.3" - resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.3.tgz#a6042d3634c2b27e9328f837b965fac83808db85" + resolved "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz" integrity sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ== cosmiconfig@^8.1.3, cosmiconfig@^8.3.5: version "8.3.6" - resolved "https://registry.yarnpkg.com/cosmiconfig/-/cosmiconfig-8.3.6.tgz#060a2b871d66dba6c8538ea1118ba1ac16f5fae3" + resolved "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-8.3.6.tgz" integrity sha512-kcZ6+W5QzcJ3P1Mt+83OUv/oHFqZHIx8DuxG6eZ5RGMERoLqp4BuGjhHLYGK+Kf5XVkQvqBSmAy/nGWN3qDgEA== dependencies: import-fresh "^3.3.0" @@ -3640,7 +3657,7 @@ cosmiconfig@^8.1.3, cosmiconfig@^8.3.5: cross-spawn@^7.0.3: version "7.0.6" - resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f" + resolved "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz" integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA== dependencies: path-key "^3.1.0" @@ -3649,26 +3666,26 @@ cross-spawn@^7.0.3: crypto-random-string@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/crypto-random-string/-/crypto-random-string-4.0.0.tgz#5a3cc53d7dd86183df5da0312816ceeeb5bb1fc2" + resolved "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-4.0.0.tgz" integrity sha512-x8dy3RnvYdlUcPOjkEHqozhiwzKNSq7GcPuXFbnyMOCHxX8V3OgIg/pYuabl2sbUPfIJaeAQB7PMOK8DFIdoRA== dependencies: type-fest "^1.0.1" css-blank-pseudo@^7.0.1: version "7.0.1" - resolved "https://registry.yarnpkg.com/css-blank-pseudo/-/css-blank-pseudo-7.0.1.tgz#32020bff20a209a53ad71b8675852b49e8d57e46" + resolved "https://registry.npmjs.org/css-blank-pseudo/-/css-blank-pseudo-7.0.1.tgz" integrity sha512-jf+twWGDf6LDoXDUode+nc7ZlrqfaNphrBIBrcmeP3D8yw1uPaix1gCC8LUQUGQ6CycuK2opkbFFWFuq/a94ag== dependencies: postcss-selector-parser "^7.0.0" css-declaration-sorter@^7.2.0: version "7.3.0" - resolved "https://registry.yarnpkg.com/css-declaration-sorter/-/css-declaration-sorter-7.3.0.tgz#edc45c36bcdfea0788b1d4452829f142ef1c4a4a" + resolved "https://registry.npmjs.org/css-declaration-sorter/-/css-declaration-sorter-7.3.0.tgz" integrity sha512-LQF6N/3vkAMYF4xoHLJfG718HRJh34Z8BnNhd6bosOMIVjMlhuZK5++oZa3uYAgrI5+7x2o27gUqTR2U/KjUOQ== css-has-pseudo@^7.0.3: version "7.0.3" - resolved "https://registry.yarnpkg.com/css-has-pseudo/-/css-has-pseudo-7.0.3.tgz#a5ee2daf5f70a2032f3cefdf1e36e7f52a243873" + resolved "https://registry.npmjs.org/css-has-pseudo/-/css-has-pseudo-7.0.3.tgz" integrity sha512-oG+vKuGyqe/xvEMoxAQrhi7uY16deJR3i7wwhBerVrGQKSqUC5GiOVxTpM9F9B9hw0J+eKeOWLH7E9gZ1Dr5rA== dependencies: "@csstools/selector-specificity" "^5.0.0" @@ -3677,7 +3694,7 @@ css-has-pseudo@^7.0.3: css-loader@^6.11.0: version "6.11.0" - resolved "https://registry.yarnpkg.com/css-loader/-/css-loader-6.11.0.tgz#33bae3bf6363d0a7c2cf9031c96c744ff54d85ba" + resolved "https://registry.npmjs.org/css-loader/-/css-loader-6.11.0.tgz" integrity sha512-CTJ+AEQJjq5NzLga5pE39qdiSV56F8ywCIsqNIRF0r7BDgWsN25aazToqAFg7ZrtA/U016xudB3ffgweORxX7g== dependencies: icss-utils "^5.1.0" @@ -3691,7 +3708,7 @@ css-loader@^6.11.0: css-minimizer-webpack-plugin@^5.0.1: version "5.0.1" - resolved "https://registry.yarnpkg.com/css-minimizer-webpack-plugin/-/css-minimizer-webpack-plugin-5.0.1.tgz#33effe662edb1a0bf08ad633c32fa75d0f7ec565" + resolved "https://registry.npmjs.org/css-minimizer-webpack-plugin/-/css-minimizer-webpack-plugin-5.0.1.tgz" integrity sha512-3caImjKFQkS+ws1TGcFn0V1HyDJFq1Euy589JlD6/3rV2kj+w7r5G9WDMgSHvpvXHNZ2calVypZWuEDQd9wfLg== dependencies: "@jridgewell/trace-mapping" "^0.3.18" @@ -3703,12 +3720,12 @@ css-minimizer-webpack-plugin@^5.0.1: css-prefers-color-scheme@^10.0.0: version "10.0.0" - resolved "https://registry.yarnpkg.com/css-prefers-color-scheme/-/css-prefers-color-scheme-10.0.0.tgz#ba001b99b8105b8896ca26fc38309ddb2278bd3c" + resolved "https://registry.npmjs.org/css-prefers-color-scheme/-/css-prefers-color-scheme-10.0.0.tgz" integrity sha512-VCtXZAWivRglTZditUfB4StnsWr6YVZ2PRtuxQLKTNRdtAf8tpzaVPE9zXIF3VaSc7O70iK/j1+NXxyQCqdPjQ== css-select@^4.1.3: version "4.3.0" - resolved "https://registry.yarnpkg.com/css-select/-/css-select-4.3.0.tgz#db7129b2846662fd8628cfc496abb2b59e41529b" + resolved "https://registry.npmjs.org/css-select/-/css-select-4.3.0.tgz" integrity sha512-wPpOYtnsVontu2mODhA19JrqWxNsfdatRKd64kmpRbQgh1KtItko5sTnEpPdpSaJszTOhEMlF/RPz28qj4HqhQ== dependencies: boolbase "^1.0.0" @@ -3719,7 +3736,7 @@ css-select@^4.1.3: css-select@^5.1.0: version "5.2.2" - resolved "https://registry.yarnpkg.com/css-select/-/css-select-5.2.2.tgz#01b6e8d163637bb2dd6c982ca4ed65863682786e" + resolved "https://registry.npmjs.org/css-select/-/css-select-5.2.2.tgz" integrity sha512-TizTzUddG/xYLA3NXodFM0fSbNizXjOKhqiQQwvhlspadZokn1KDy0NZFS0wuEubIYAV5/c1/lAr0TaaFXEXzw== dependencies: boolbase "^1.0.0" @@ -3730,7 +3747,7 @@ css-select@^5.1.0: css-tree@^2.3.1: version "2.3.1" - resolved "https://registry.yarnpkg.com/css-tree/-/css-tree-2.3.1.tgz#10264ce1e5442e8572fc82fbe490644ff54b5c20" + resolved "https://registry.npmjs.org/css-tree/-/css-tree-2.3.1.tgz" integrity sha512-6Fv1DV/TYw//QF5IzQdqsNDjx/wc8TrMBZsqjL9eW01tWb7R7k/mq+/VXfJCl7SoD5emsJop9cOByJZfs8hYIw== dependencies: mdn-data "2.0.30" @@ -3738,7 +3755,7 @@ css-tree@^2.3.1: css-tree@~2.2.0: version "2.2.1" - resolved "https://registry.yarnpkg.com/css-tree/-/css-tree-2.2.1.tgz#36115d382d60afd271e377f9c5f67d02bd48c032" + resolved "https://registry.npmjs.org/css-tree/-/css-tree-2.2.1.tgz" integrity sha512-OA0mILzGc1kCOCSJerOeqDxDQ4HOh+G8NbOJFOTgOCzpw7fCBubk0fEyxp8AgOL/jvLgYA/uV0cMbe43ElF1JA== dependencies: mdn-data "2.0.28" @@ -3746,22 +3763,22 @@ css-tree@~2.2.0: css-what@^6.0.1, css-what@^6.1.0: version "6.2.2" - resolved "https://registry.yarnpkg.com/css-what/-/css-what-6.2.2.tgz#cdcc8f9b6977719fdfbd1de7aec24abf756b9dea" + resolved "https://registry.npmjs.org/css-what/-/css-what-6.2.2.tgz" integrity sha512-u/O3vwbptzhMs3L1fQE82ZSLHQQfto5gyZzwteVIEyeaY5Fc7R4dapF/BvRoSYFeqfBk4m0V1Vafq5Pjv25wvA== cssdb@^8.4.2: version "8.4.2" - resolved "https://registry.yarnpkg.com/cssdb/-/cssdb-8.4.2.tgz#1a367ab1904c97af0bb2c7ae179764deae7b078b" + resolved "https://registry.npmjs.org/cssdb/-/cssdb-8.4.2.tgz" integrity sha512-PzjkRkRUS+IHDJohtxkIczlxPPZqRo0nXplsYXOMBRPjcVRjj1W4DfvRgshUYTVuUigU7ptVYkFJQ7abUB0nyg== cssesc@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/cssesc/-/cssesc-3.0.0.tgz#37741919903b868565e1c09ea747445cd18983ee" + resolved "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz" integrity sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg== cssnano-preset-advanced@^6.1.2: version "6.1.2" - resolved "https://registry.yarnpkg.com/cssnano-preset-advanced/-/cssnano-preset-advanced-6.1.2.tgz#82b090872b8f98c471f681d541c735acf8b94d3f" + resolved "https://registry.npmjs.org/cssnano-preset-advanced/-/cssnano-preset-advanced-6.1.2.tgz" integrity sha512-Nhao7eD8ph2DoHolEzQs5CfRpiEP0xa1HBdnFZ82kvqdmbwVBUr2r1QuQ4t1pi+D1ZpqpcO4T+wy/7RxzJ/WPQ== dependencies: autoprefixer "^10.4.19" @@ -3774,7 +3791,7 @@ cssnano-preset-advanced@^6.1.2: cssnano-preset-default@^6.1.2: version "6.1.2" - resolved "https://registry.yarnpkg.com/cssnano-preset-default/-/cssnano-preset-default-6.1.2.tgz#adf4b89b975aa775f2750c89dbaf199bbd9da35e" + resolved "https://registry.npmjs.org/cssnano-preset-default/-/cssnano-preset-default-6.1.2.tgz" integrity sha512-1C0C+eNaeN8OcHQa193aRgYexyJtU8XwbdieEjClw+J9d94E41LwT6ivKH0WT+fYwYWB0Zp3I3IZ7tI/BbUbrg== dependencies: browserslist "^4.23.0" @@ -3810,12 +3827,12 @@ cssnano-preset-default@^6.1.2: cssnano-utils@^4.0.2: version "4.0.2" - resolved "https://registry.yarnpkg.com/cssnano-utils/-/cssnano-utils-4.0.2.tgz#56f61c126cd0f11f2eef1596239d730d9fceff3c" + resolved "https://registry.npmjs.org/cssnano-utils/-/cssnano-utils-4.0.2.tgz" integrity sha512-ZR1jHg+wZ8o4c3zqf1SIUSTIvm/9mU343FMR6Obe/unskbvpGhZOo1J6d/r8D1pzkRQYuwbcH3hToOuoA2G7oQ== cssnano@^6.0.1, cssnano@^6.1.2: version "6.1.2" - resolved "https://registry.yarnpkg.com/cssnano/-/cssnano-6.1.2.tgz#4bd19e505bd37ee7cf0dc902d3d869f6d79c66b8" + resolved "https://registry.npmjs.org/cssnano/-/cssnano-6.1.2.tgz" integrity sha512-rYk5UeX7VAM/u0lNqewCdasdtPK81CgX8wJFLEIXHbV2oldWRgJAsZrdhRXkV1NJzA2g850KiFm9mMU2HxNxMA== dependencies: cssnano-preset-default "^6.1.2" @@ -3823,67 +3840,67 @@ cssnano@^6.0.1, cssnano@^6.1.2: csso@^5.0.5: version "5.0.5" - resolved "https://registry.yarnpkg.com/csso/-/csso-5.0.5.tgz#f9b7fe6cc6ac0b7d90781bb16d5e9874303e2ca6" + resolved "https://registry.npmjs.org/csso/-/csso-5.0.5.tgz" integrity sha512-0LrrStPOdJj+SPCCrGhzryycLjwcgUSHBtxNA8aIDxf0GLsRh1cKYhB00Gd1lDOS4yGH69+SNn13+TWbVHETFQ== dependencies: css-tree "~2.2.0" -csstype@^3.0.2: - version "3.1.3" - resolved "https://registry.yarnpkg.com/csstype/-/csstype-3.1.3.tgz#d80ff294d114fb0e6ac500fbf85b60137d7eff81" - integrity sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw== +csstype@^3.2.2: + version "3.2.3" + resolved "https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz" + integrity sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ== debounce@^1.2.1: version "1.2.1" - resolved "https://registry.yarnpkg.com/debounce/-/debounce-1.2.1.tgz#38881d8f4166a5c5848020c11827b834bcb3e0a5" + resolved "https://registry.npmjs.org/debounce/-/debounce-1.2.1.tgz" integrity sha512-XRRe6Glud4rd/ZGQfiV1ruXSfbvfJedlV9Y6zOlP+2K04vBYiJEte6stfFkCP03aMnY5tsipamumUjL14fofug== +debug@^4.0.0, debug@^4.1.0, debug@^4.3.1, debug@^4.4.1, debug@4: + version "4.4.3" + resolved "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz" + integrity sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA== + dependencies: + ms "^2.1.3" + debug@2.6.9: version "2.6.9" - resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f" + resolved "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz" integrity sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA== dependencies: ms "2.0.0" -debug@4, debug@^4.0.0, debug@^4.1.0, debug@^4.3.1, debug@^4.4.1: - version "4.4.3" - resolved "https://registry.yarnpkg.com/debug/-/debug-4.4.3.tgz#c6ae432d9bd9662582fce08709b038c58e9e3d6a" - integrity sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA== - dependencies: - ms "^2.1.3" - decode-named-character-reference@^1.0.0: version "1.2.0" - resolved "https://registry.yarnpkg.com/decode-named-character-reference/-/decode-named-character-reference-1.2.0.tgz#25c32ae6dd5e21889549d40f676030e9514cc0ed" + resolved "https://registry.npmjs.org/decode-named-character-reference/-/decode-named-character-reference-1.2.0.tgz" integrity sha512-c6fcElNV6ShtZXmsgNgFFV5tVX2PaV4g+MOAkb8eXHvn6sryJBrZa9r0zV6+dtTyoCKxtDy5tyQ5ZwQuidtd+Q== dependencies: character-entities "^2.0.0" decompress-response@^10.0.0: version "10.0.0" - resolved "https://registry.yarnpkg.com/decompress-response/-/decompress-response-10.0.0.tgz#d8abd2a4c136c3b99b49a08d1f9a709fe35675a4" + resolved "https://registry.npmjs.org/decompress-response/-/decompress-response-10.0.0.tgz" integrity sha512-oj7KWToJuuxlPr7VV0vabvxEIiqNMo+q0NueIiL3XhtwC6FVOX7Hr1c0C4eD0bmf7Zr+S/dSf2xvkH3Ad6sU3Q== dependencies: mimic-response "^4.0.0" deep-extend@^0.6.0: version "0.6.0" - resolved "https://registry.yarnpkg.com/deep-extend/-/deep-extend-0.6.0.tgz#c4fa7c95404a17a9c3e8ca7e1537312b736330ac" + resolved "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz" integrity sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA== deepmerge@^4.3.1: version "4.3.1" - resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-4.3.1.tgz#44b5f2147cd3b00d4b56137685966f26fd25dd4a" + resolved "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz" integrity sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A== default-browser-id@^5.0.0: version "5.0.0" - resolved "https://registry.yarnpkg.com/default-browser-id/-/default-browser-id-5.0.0.tgz#a1d98bf960c15082d8a3fa69e83150ccccc3af26" + resolved "https://registry.npmjs.org/default-browser-id/-/default-browser-id-5.0.0.tgz" integrity sha512-A6p/pu/6fyBcA1TRz/GqWYPViplrftcW2gZC9q79ngNCKAeR/X3gcEdXQHl4KNXV+3wgIJ1CPkJQ3IHM6lcsyA== default-browser@^5.2.1: version "5.2.1" - resolved "https://registry.yarnpkg.com/default-browser/-/default-browser-5.2.1.tgz#7b7ba61204ff3e425b556869ae6d3e9d9f1712cf" + resolved "https://registry.npmjs.org/default-browser/-/default-browser-5.2.1.tgz" integrity sha512-WY/3TUME0x3KPYdRRxEJJvXRHV4PyPoUsxtZa78lwItwRQRHhd2U9xOscaT/YTf8uCXIAjeJOFBVEh/7FtD8Xg== dependencies: bundle-name "^4.1.0" @@ -3891,12 +3908,12 @@ default-browser@^5.2.1: defer-to-connect@^2.0.1: version "2.0.1" - resolved "https://registry.yarnpkg.com/defer-to-connect/-/defer-to-connect-2.0.1.tgz#8016bdb4143e4632b77a3449c6236277de520587" + resolved "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz" integrity sha512-4tvttepXG1VaYGrRibk5EwJd1t4udunSOVMdLSAL6mId1ix438oPwPZMALY41FCijukO1L0twNcGsdzS7dHgDg== define-data-property@^1.0.1, define-data-property@^1.1.4: version "1.1.4" - resolved "https://registry.yarnpkg.com/define-data-property/-/define-data-property-1.1.4.tgz#894dc141bb7d3060ae4366f6a0107e68fbe48c5e" + resolved "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz" integrity sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A== dependencies: es-define-property "^1.0.0" @@ -3905,51 +3922,51 @@ define-data-property@^1.0.1, define-data-property@^1.1.4: define-lazy-prop@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz#3f7ae421129bcaaac9bc74905c98a0009ec9ee7f" + resolved "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz" integrity sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og== define-lazy-prop@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz#dbb19adfb746d7fc6d734a06b72f4a00d021255f" + resolved "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz" integrity sha512-N+MeXYoqr3pOgn8xfyRPREN7gHakLYjhsHhWGT3fWAiL4IkAt0iDw14QiiEm2bE30c5XX5q0FtAA3CK5f9/BUg== define-properties@^1.2.1: version "1.2.1" - resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.2.1.tgz#10781cc616eb951a80a034bafcaa7377f6af2b6c" + resolved "https://registry.npmjs.org/define-properties/-/define-properties-1.2.1.tgz" integrity sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg== dependencies: define-data-property "^1.0.1" has-property-descriptors "^1.0.0" object-keys "^1.1.1" -depd@2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/depd/-/depd-2.0.0.tgz#b696163cc757560d09cf22cc8fad1571b79e76df" - integrity sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw== - depd@~1.1.2: version "1.1.2" - resolved "https://registry.yarnpkg.com/depd/-/depd-1.1.2.tgz#9bcd52e14c097763e749b274c4346ed2e560b5a9" + resolved "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz" integrity sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ== +depd@2.0.0: + version "2.0.0" + resolved "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz" + integrity sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw== + dequal@^2.0.0, dequal@^2.0.3: version "2.0.3" - resolved "https://registry.yarnpkg.com/dequal/-/dequal-2.0.3.tgz#2644214f1997d39ed0ee0ece72335490a7ac67be" + resolved "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz" integrity sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA== destroy@1.2.0: version "1.2.0" - resolved "https://registry.yarnpkg.com/destroy/-/destroy-1.2.0.tgz#4803735509ad8be552934c67df614f94e66fa015" + resolved "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz" integrity sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg== detect-node@^2.0.4: version "2.1.0" - resolved "https://registry.yarnpkg.com/detect-node/-/detect-node-2.1.0.tgz#c9c70775a49c3d03bc2c06d9a73be550f978f8b1" + resolved "https://registry.npmjs.org/detect-node/-/detect-node-2.1.0.tgz" integrity sha512-T0NIuQpnTvFDATNuHN5roPwSBG83rFsuO+MXXH9/3N1eFbn4wcPjttvjMLEPWJ0RGUYgQE7cGgS3tNxbqCGM7g== detect-port@^1.5.1: version "1.6.1" - resolved "https://registry.yarnpkg.com/detect-port/-/detect-port-1.6.1.tgz#45e4073997c5f292b957cb678fb0bb8ed4250a67" + resolved "https://registry.npmjs.org/detect-port/-/detect-port-1.6.1.tgz" integrity sha512-CmnVc+Hek2egPx1PeTFVta2W78xy2K/9Rkf6cC4T59S50tVnzKj+tnx5mmx5lwvCkujZ4uRrpRSuV+IVs3f90Q== dependencies: address "^1.0.1" @@ -3957,28 +3974,28 @@ detect-port@^1.5.1: devlop@^1.0.0, devlop@^1.1.0: version "1.1.0" - resolved "https://registry.yarnpkg.com/devlop/-/devlop-1.1.0.tgz#4db7c2ca4dc6e0e834c30be70c94bbc976dc7018" + resolved "https://registry.npmjs.org/devlop/-/devlop-1.1.0.tgz" integrity sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA== dependencies: dequal "^2.0.0" dir-glob@^3.0.1: version "3.0.1" - resolved "https://registry.yarnpkg.com/dir-glob/-/dir-glob-3.0.1.tgz#56dbf73d992a4a93ba1584f4534063fd2e41717f" + resolved "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz" integrity sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA== dependencies: path-type "^4.0.0" dns-packet@^5.2.2: version "5.6.1" - resolved "https://registry.yarnpkg.com/dns-packet/-/dns-packet-5.6.1.tgz#ae888ad425a9d1478a0674256ab866de1012cf2f" + resolved "https://registry.npmjs.org/dns-packet/-/dns-packet-5.6.1.tgz" integrity sha512-l4gcSouhcgIKRvyy99RNVOgxXiicE+2jZoNmaNmZ6JXiGajBOJAesk1OBlJuM5k2c+eudGdLxDqXuPCKIj6kpw== dependencies: "@leichtgewicht/ip-codec" "^2.0.1" docusaurus-plugin-llms@^0.4.0: version "0.4.0" - resolved "https://registry.yarnpkg.com/docusaurus-plugin-llms/-/docusaurus-plugin-llms-0.4.0.tgz#020f00d83459c7feb71c7b6e61774d864336d8ae" + resolved "https://registry.npmjs.org/docusaurus-plugin-llms/-/docusaurus-plugin-llms-0.4.0.tgz" integrity sha512-jYlj2HJ5+gu7oJZuJ83Hk8KlB65YlZZ/7UpHXiL7Qr+qpNBkVocmt2Molc6F3HNr5RqcfhWD/98CvgyNztg/ow== dependencies: gray-matter "^4.0.3" @@ -3987,14 +4004,14 @@ docusaurus-plugin-llms@^0.4.0: dom-converter@^0.2.0: version "0.2.0" - resolved "https://registry.yarnpkg.com/dom-converter/-/dom-converter-0.2.0.tgz#6721a9daee2e293682955b6afe416771627bb768" + resolved "https://registry.npmjs.org/dom-converter/-/dom-converter-0.2.0.tgz" integrity sha512-gd3ypIPfOMr9h5jIKq8E3sHOTCjeirnl0WK5ZdS1AW0Odt0b1PaWaHdJ4Qk4klv+YB9aJBS7mESXjFoDQPu6DA== dependencies: utila "~0.4" dom-serializer@^1.0.1: version "1.4.1" - resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-1.4.1.tgz#de5d41b1aea290215dc45a6dae8adcf1d32e2d30" + resolved "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz" integrity sha512-VHwB3KfrcOOkelEG2ZOfxqLZdfkil8PtJi4P8N2MMXucZq2yLp75ClViUlOVwyoHEDjYU433Aq+5zWP61+RGag== dependencies: domelementtype "^2.0.1" @@ -4003,7 +4020,7 @@ dom-serializer@^1.0.1: dom-serializer@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-2.0.0.tgz#e41b802e1eedf9f6cae183ce5e622d789d7d8e53" + resolved "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz" integrity sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg== dependencies: domelementtype "^2.3.0" @@ -4012,26 +4029,26 @@ dom-serializer@^2.0.0: domelementtype@^2.0.1, domelementtype@^2.2.0, domelementtype@^2.3.0: version "2.3.0" - resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-2.3.0.tgz#5c45e8e869952626331d7aab326d01daf65d589d" + resolved "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz" integrity sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw== domhandler@^4.0.0, domhandler@^4.2.0, domhandler@^4.3.1: version "4.3.1" - resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-4.3.1.tgz#8d792033416f59d68bc03a5aa7b018c1ca89279c" + resolved "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz" integrity sha512-GrwoxYN+uWlzO8uhUXRl0P+kHE4GtVPfYzVLcUxPL7KNdHKj66vvlhiweIHqYYXWlw+T8iLMp42Lm67ghw4WMQ== dependencies: domelementtype "^2.2.0" domhandler@^5.0.2, domhandler@^5.0.3: version "5.0.3" - resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-5.0.3.tgz#cc385f7f751f1d1fc650c21374804254538c7d31" + resolved "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz" integrity sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w== dependencies: domelementtype "^2.3.0" domutils@^2.5.2, domutils@^2.8.0: version "2.8.0" - resolved "https://registry.yarnpkg.com/domutils/-/domutils-2.8.0.tgz#4437def5db6e2d1f5d6ee859bd95ca7d02048135" + resolved "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz" integrity sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A== dependencies: dom-serializer "^1.0.1" @@ -4040,7 +4057,7 @@ domutils@^2.5.2, domutils@^2.8.0: domutils@^3.0.1: version "3.2.2" - resolved "https://registry.yarnpkg.com/domutils/-/domutils-3.2.2.tgz#edbfe2b668b0c1d97c24baf0f1062b132221bc78" + resolved "https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz" integrity sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw== dependencies: dom-serializer "^2.0.0" @@ -4049,7 +4066,7 @@ domutils@^3.0.1: dot-case@^3.0.4: version "3.0.4" - resolved "https://registry.yarnpkg.com/dot-case/-/dot-case-3.0.4.tgz#9b2b670d00a431667a8a75ba29cd1b98809ce751" + resolved "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz" integrity sha512-Kv5nKlh6yRrdrGvxeJ2e5y2eRUpkUosIW4A2AS38zwSz27zu7ufDwQPi5Jhs3XAlGNetl3bmnGhQsMtkKJnj3w== dependencies: no-case "^3.0.4" @@ -4057,14 +4074,14 @@ dot-case@^3.0.4: dot-prop@^6.0.1: version "6.0.1" - resolved "https://registry.yarnpkg.com/dot-prop/-/dot-prop-6.0.1.tgz#fc26b3cf142b9e59b74dbd39ed66ce620c681083" + resolved "https://registry.npmjs.org/dot-prop/-/dot-prop-6.0.1.tgz" integrity sha512-tE7ztYzXHIeyvc7N+hR3oi7FIbf/NIjVP9hmAt3yMXzrQ072/fpjGLx2GxNxGxUl5V73MEqYzioOMoVhGMJ5cA== dependencies: is-obj "^2.0.0" dunder-proto@^1.0.1: version "1.0.1" - resolved "https://registry.yarnpkg.com/dunder-proto/-/dunder-proto-1.0.1.tgz#d7ae667e1dc83482f8b70fd0f6eefc50da30f58a" + resolved "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz" integrity sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A== dependencies: call-bind-apply-helpers "^1.0.1" @@ -4073,62 +4090,62 @@ dunder-proto@^1.0.1: duplexer@^0.1.2: version "0.1.2" - resolved "https://registry.yarnpkg.com/duplexer/-/duplexer-0.1.2.tgz#3abe43aef3835f8ae077d136ddce0f276b0400e6" + resolved "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz" integrity sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg== eastasianwidth@^0.2.0: version "0.2.0" - resolved "https://registry.yarnpkg.com/eastasianwidth/-/eastasianwidth-0.2.0.tgz#696ce2ec0aa0e6ea93a397ffcf24aa7840c827cb" + resolved "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz" integrity sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA== ee-first@1.1.1: version "1.1.1" - resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d" + resolved "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz" integrity sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow== electron-to-chromium@^1.5.227: version "1.5.237" - resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.5.237.tgz#eacf61cef3f6345d0069ab427585c5a04d7084f0" + resolved "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.237.tgz" integrity sha512-icUt1NvfhGLar5lSWH3tHNzablaA5js3HVHacQimfP8ViEBOQv+L7DKEuHdbTZ0SKCO1ogTJTIL1Gwk9S6Qvcg== emoji-regex@^8.0.0: version "8.0.0" - resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-8.0.0.tgz#e818fd69ce5ccfcb404594f842963bf53164cc37" + resolved "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz" integrity sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A== emoji-regex@^9.2.2: version "9.2.2" - resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-9.2.2.tgz#840c8803b0d8047f4ff0cf963176b32d4ef3ed72" + resolved "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz" integrity sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg== emojilib@^2.4.0: version "2.4.0" - resolved "https://registry.yarnpkg.com/emojilib/-/emojilib-2.4.0.tgz#ac518a8bb0d5f76dda57289ccb2fdf9d39ae721e" + resolved "https://registry.npmjs.org/emojilib/-/emojilib-2.4.0.tgz" integrity sha512-5U0rVMU5Y2n2+ykNLQqMoqklN9ICBT/KsvC1Gz6vqHbz2AXXGkG+Pm5rMWk/8Vjrr/mY9985Hi8DYzn1F09Nyw== emojis-list@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/emojis-list/-/emojis-list-3.0.0.tgz#5570662046ad29e2e916e71aae260abdff4f6a78" + resolved "https://registry.npmjs.org/emojis-list/-/emojis-list-3.0.0.tgz" integrity sha512-/kyM18EfinwXZbno9FyUGeFh87KC8HRQBQGildHZbEuRyWFOmv1U10o9BBp8XVZDVNNuQKyIGIu5ZYAAXJ0V2Q== emoticon@^4.0.1: version "4.1.0" - resolved "https://registry.yarnpkg.com/emoticon/-/emoticon-4.1.0.tgz#d5a156868ee173095627a33de3f1e914c3dde79e" + resolved "https://registry.npmjs.org/emoticon/-/emoticon-4.1.0.tgz" integrity sha512-VWZfnxqwNcc51hIy/sbOdEem6D+cVtpPzEEtVAFdaas30+1dgkyaOQ4sQ6Bp0tOMqWO1v+HQfYaoodOkdhK6SQ== encodeurl@~1.0.2: version "1.0.2" - resolved "https://registry.yarnpkg.com/encodeurl/-/encodeurl-1.0.2.tgz#ad3ff4c86ec2d029322f5a02c3a9a606c95b3f59" + resolved "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz" integrity sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w== encodeurl@~2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/encodeurl/-/encodeurl-2.0.0.tgz#7b8ea898077d7e409d3ac45474ea38eaf0857a58" + resolved "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz" integrity sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg== enhanced-resolve@^5.17.3: version "5.18.3" - resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.18.3.tgz#9b5f4c5c076b8787c78fe540392ce76a88855b44" + resolved "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.18.3.tgz" integrity sha512-d4lC8xfavMeBjzGr2vECC3fsGXziXZQyJxD868h2M/mBI3PwAuODxAkLkq5HYuvrPYcUtiLzsTo8U3PgX3Ocww== dependencies: graceful-fs "^4.2.4" @@ -4136,51 +4153,51 @@ enhanced-resolve@^5.17.3: entities@^2.0.0: version "2.2.0" - resolved "https://registry.yarnpkg.com/entities/-/entities-2.2.0.tgz#098dc90ebb83d8dffa089d55256b351d34c4da55" + resolved "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz" integrity sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A== entities@^4.2.0, entities@^4.4.0: version "4.5.0" - resolved "https://registry.yarnpkg.com/entities/-/entities-4.5.0.tgz#5d268ea5e7113ec74c4d033b79ea5a35a488fb48" + resolved "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz" integrity sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw== entities@^6.0.0: version "6.0.1" - resolved "https://registry.yarnpkg.com/entities/-/entities-6.0.1.tgz#c28c34a43379ca7f61d074130b2f5f7020a30694" + resolved "https://registry.npmjs.org/entities/-/entities-6.0.1.tgz" integrity sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g== error-ex@^1.3.1: version "1.3.4" - resolved "https://registry.yarnpkg.com/error-ex/-/error-ex-1.3.4.tgz#b3a8d8bb6f92eecc1629e3e27d3c8607a8a32414" + resolved "https://registry.npmjs.org/error-ex/-/error-ex-1.3.4.tgz" integrity sha512-sqQamAnR14VgCr1A618A3sGrygcpK+HEbenA/HiEAkkUwcZIIB/tgWqHFxWgOyDh4nB4JCRimh79dR5Ywc9MDQ== dependencies: is-arrayish "^0.2.1" es-define-property@^1.0.0, es-define-property@^1.0.1: version "1.0.1" - resolved "https://registry.yarnpkg.com/es-define-property/-/es-define-property-1.0.1.tgz#983eb2f9a6724e9303f61addf011c72e09e0b0fa" + resolved "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz" integrity sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g== es-errors@^1.3.0: version "1.3.0" - resolved "https://registry.yarnpkg.com/es-errors/-/es-errors-1.3.0.tgz#05f75a25dab98e4fb1dcd5e1472c0546d5057c8f" + resolved "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz" integrity sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw== es-module-lexer@^1.2.1: version "1.7.0" - resolved "https://registry.yarnpkg.com/es-module-lexer/-/es-module-lexer-1.7.0.tgz#9159601561880a85f2734560a9099b2c31e5372a" + resolved "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.7.0.tgz" integrity sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA== es-object-atoms@^1.0.0, es-object-atoms@^1.1.1: version "1.1.1" - resolved "https://registry.yarnpkg.com/es-object-atoms/-/es-object-atoms-1.1.1.tgz#1c4f2c4837327597ce69d2ca190a7fdd172338c1" + resolved "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz" integrity sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA== dependencies: es-errors "^1.3.0" esast-util-from-estree@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/esast-util-from-estree/-/esast-util-from-estree-2.0.0.tgz#8d1cfb51ad534d2f159dc250e604f3478a79f1ad" + resolved "https://registry.npmjs.org/esast-util-from-estree/-/esast-util-from-estree-2.0.0.tgz" integrity sha512-4CyanoAudUSBAn5K13H4JhsMH6L9ZP7XbLVe/dKybkxMO7eDyLsT8UHl9TRNrU2Gr9nz+FovfSIjuXWJ81uVwQ== dependencies: "@types/estree-jsx" "^1.0.0" @@ -4190,7 +4207,7 @@ esast-util-from-estree@^2.0.0: esast-util-from-js@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/esast-util-from-js/-/esast-util-from-js-2.0.1.tgz#5147bec34cc9da44accf52f87f239a40ac3e8225" + resolved "https://registry.npmjs.org/esast-util-from-js/-/esast-util-from-js-2.0.1.tgz" integrity sha512-8Ja+rNJ0Lt56Pcf3TAmpBZjmx8ZcK5Ts4cAzIOjsjevg9oSXJnl6SUQ2EevU8tv3h6ZLWmoKL5H4fgWvdvfETw== dependencies: "@types/estree-jsx" "^1.0.0" @@ -4200,37 +4217,37 @@ esast-util-from-js@^2.0.0: escalade@^3.1.1, escalade@^3.2.0: version "3.2.0" - resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.2.0.tgz#011a3f69856ba189dffa7dc8fcce99d2a87903e5" + resolved "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz" integrity sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA== escape-goat@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/escape-goat/-/escape-goat-4.0.0.tgz#9424820331b510b0666b98f7873fe11ac4aa8081" + resolved "https://registry.npmjs.org/escape-goat/-/escape-goat-4.0.0.tgz" integrity sha512-2Sd4ShcWxbx6OY1IHyla/CVNwvg7XwZVoXZHcSu9w9SReNP1EzzD5T8NWKIR38fIqEns9kDWKUQTXXAmlDrdPg== escape-html@^1.0.3, escape-html@~1.0.3: version "1.0.3" - resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988" + resolved "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz" integrity sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow== escape-string-regexp@^1.0.5: version "1.0.5" - resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4" + resolved "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz" integrity sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg== escape-string-regexp@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz#14ba83a5d373e3d311e5afca29cf5bfad965bf34" + resolved "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz" integrity sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA== escape-string-regexp@^5.0.0: version "5.0.0" - resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-5.0.0.tgz#4683126b500b61762f2dbebace1806e8be31b1c8" + resolved "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-5.0.0.tgz" integrity sha512-/veY75JbMK4j1yjvuUxuVsiS/hr/4iHs9FTT6cgTexxdE0Ly/glccBAkloH/DofkjRbZU3bnoj38mOmhkZ0lHw== eslint-scope@5.1.1: version "5.1.1" - resolved "https://registry.yarnpkg.com/eslint-scope/-/eslint-scope-5.1.1.tgz#e786e59a66cb92b3f6c1fb0d508aab174848f48c" + resolved "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz" integrity sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw== dependencies: esrecurse "^4.3.0" @@ -4238,36 +4255,36 @@ eslint-scope@5.1.1: esprima@^4.0.0: version "4.0.1" - resolved "https://registry.yarnpkg.com/esprima/-/esprima-4.0.1.tgz#13b04cdb3e6c5d19df91ab6987a8695619b0aa71" + resolved "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz" integrity sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A== esrecurse@^4.3.0: version "4.3.0" - resolved "https://registry.yarnpkg.com/esrecurse/-/esrecurse-4.3.0.tgz#7ad7964d679abb28bee72cec63758b1c5d2c9921" + resolved "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz" integrity sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag== dependencies: estraverse "^5.2.0" estraverse@^4.1.1: version "4.3.0" - resolved "https://registry.yarnpkg.com/estraverse/-/estraverse-4.3.0.tgz#398ad3f3c5a24948be7725e83d11a7de28cdbd1d" + resolved "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz" integrity sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw== estraverse@^5.2.0: version "5.3.0" - resolved "https://registry.yarnpkg.com/estraverse/-/estraverse-5.3.0.tgz#2eea5290702f26ab8fe5370370ff86c965d21123" + resolved "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz" integrity sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA== estree-util-attach-comments@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/estree-util-attach-comments/-/estree-util-attach-comments-3.0.0.tgz#344bde6a64c8a31d15231e5ee9e297566a691c2d" + resolved "https://registry.npmjs.org/estree-util-attach-comments/-/estree-util-attach-comments-3.0.0.tgz" integrity sha512-cKUwm/HUcTDsYh/9FgnuFqpfquUbwIqwKM26BVCGDPVgvaCl/nDCCjUfiLlx6lsEZ3Z4RFxNbOQ60pkaEwFxGw== dependencies: "@types/estree" "^1.0.0" estree-util-build-jsx@^3.0.0: version "3.0.1" - resolved "https://registry.yarnpkg.com/estree-util-build-jsx/-/estree-util-build-jsx-3.0.1.tgz#b6d0bced1dcc4f06f25cf0ceda2b2dcaf98168f1" + resolved "https://registry.npmjs.org/estree-util-build-jsx/-/estree-util-build-jsx-3.0.1.tgz" integrity sha512-8U5eiL6BTrPxp/CHbs2yMgP8ftMhR5ww1eIKoWRMlqvltHF8fZn5LRDvTKuxD3DUn+shRbLGqXemcP51oFCsGQ== dependencies: "@types/estree-jsx" "^1.0.0" @@ -4277,12 +4294,12 @@ estree-util-build-jsx@^3.0.0: estree-util-is-identifier-name@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/estree-util-is-identifier-name/-/estree-util-is-identifier-name-3.0.0.tgz#0b5ef4c4ff13508b34dcd01ecfa945f61fce5dbd" + resolved "https://registry.npmjs.org/estree-util-is-identifier-name/-/estree-util-is-identifier-name-3.0.0.tgz" integrity sha512-hFtqIDZTIUZ9BXLb8y4pYGyk6+wekIivNVTcmvk8NoOh+VeRn5y6cEHzbURrWbfp1fIqdVipilzj+lfaadNZmg== estree-util-scope@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/estree-util-scope/-/estree-util-scope-1.0.0.tgz#9cbdfc77f5cb51e3d9ed4ad9c4adbff22d43e585" + resolved "https://registry.npmjs.org/estree-util-scope/-/estree-util-scope-1.0.0.tgz" integrity sha512-2CAASclonf+JFWBNJPndcOpA8EMJwa0Q8LUFJEKqXLW6+qBvbFZuF5gItbQOs/umBUkjviCSDCbBwU2cXbmrhQ== dependencies: "@types/estree" "^1.0.0" @@ -4290,7 +4307,7 @@ estree-util-scope@^1.0.0: estree-util-to-js@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/estree-util-to-js/-/estree-util-to-js-2.0.0.tgz#10a6fb924814e6abb62becf0d2bc4dea51d04f17" + resolved "https://registry.npmjs.org/estree-util-to-js/-/estree-util-to-js-2.0.0.tgz" integrity sha512-WDF+xj5rRWmD5tj6bIqRi6CkLIXbbNQUcxQHzGysQzvHmdYG2G7p/Tf0J0gpxGgkeMZNTIjT/AoSvC9Xehcgdg== dependencies: "@types/estree-jsx" "^1.0.0" @@ -4299,14 +4316,14 @@ estree-util-to-js@^2.0.0: estree-util-value-to-estree@^3.0.1: version "3.4.0" - resolved "https://registry.yarnpkg.com/estree-util-value-to-estree/-/estree-util-value-to-estree-3.4.0.tgz#827122e40c3a756d3c4cf5d5d296fa06026a1a4f" + resolved "https://registry.npmjs.org/estree-util-value-to-estree/-/estree-util-value-to-estree-3.4.0.tgz" integrity sha512-Zlp+gxis+gCfK12d3Srl2PdX2ybsEA8ZYy6vQGVQTNNYLEGRQQ56XB64bjemN8kxIKXP1nC9ip4Z+ILy9LGzvQ== dependencies: "@types/estree" "^1.0.0" estree-util-visit@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/estree-util-visit/-/estree-util-visit-2.0.0.tgz#13a9a9f40ff50ed0c022f831ddf4b58d05446feb" + resolved "https://registry.npmjs.org/estree-util-visit/-/estree-util-visit-2.0.0.tgz" integrity sha512-m5KgiH85xAhhW8Wta0vShLcUvOsh3LLPI2YVwcbio1l7E09NTLL1EyMZFM1OyWowoH0skScNbhOPl4kcBgzTww== dependencies: "@types/estree-jsx" "^1.0.0" @@ -4314,29 +4331,29 @@ estree-util-visit@^2.0.0: estree-walker@^3.0.0: version "3.0.3" - resolved "https://registry.yarnpkg.com/estree-walker/-/estree-walker-3.0.3.tgz#67c3e549ec402a487b4fc193d1953a524752340d" + resolved "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz" integrity sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g== dependencies: "@types/estree" "^1.0.0" esutils@^2.0.2: version "2.0.3" - resolved "https://registry.yarnpkg.com/esutils/-/esutils-2.0.3.tgz#74d2eb4de0b8da1293711910d50775b9b710ef64" + resolved "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz" integrity sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g== eta@^2.2.0: version "2.2.0" - resolved "https://registry.yarnpkg.com/eta/-/eta-2.2.0.tgz#eb8b5f8c4e8b6306561a455e62cd7492fe3a9b8a" + resolved "https://registry.npmjs.org/eta/-/eta-2.2.0.tgz" integrity sha512-UVQ72Rqjy/ZKQalzV5dCCJP80GrmPrMxh6NlNf+erV6ObL0ZFkhCstWRawS85z3smdr3d2wXPsZEY7rDPfGd2g== etag@~1.8.1: version "1.8.1" - resolved "https://registry.yarnpkg.com/etag/-/etag-1.8.1.tgz#41ae2eeb65efa62268aebfea83ac7d79299b0887" + resolved "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz" integrity sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg== eval@^0.1.8: version "0.1.8" - resolved "https://registry.yarnpkg.com/eval/-/eval-0.1.8.tgz#2b903473b8cc1d1989b83a1e7923f883eb357f85" + resolved "https://registry.npmjs.org/eval/-/eval-0.1.8.tgz" integrity sha512-EzV94NYKoO09GLXGjXj9JIlXijVck4ONSr5wiCWDvhsvj5jxSrzTmRU/9C1DyB6uToszLs8aifA6NQ7lEQdvFw== dependencies: "@types/node" "*" @@ -4344,22 +4361,22 @@ eval@^0.1.8: eventemitter3@^4.0.0, eventemitter3@^4.0.4: version "4.0.7" - resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-4.0.7.tgz#2de9b68f6528d5644ef5c59526a1b4a07306169f" + resolved "https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz" integrity sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw== events@^3.2.0: version "3.3.0" - resolved "https://registry.yarnpkg.com/events/-/events-3.3.0.tgz#31a95ad0a924e2d2c419a813aeb2c4e878ea7400" + resolved "https://registry.npmjs.org/events/-/events-3.3.0.tgz" integrity sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q== eventsource-parser@^3.0.5: version "3.0.6" - resolved "https://registry.yarnpkg.com/eventsource-parser/-/eventsource-parser-3.0.6.tgz#292e165e34cacbc936c3c92719ef326d4aeb4e90" + resolved "https://registry.npmjs.org/eventsource-parser/-/eventsource-parser-3.0.6.tgz" integrity sha512-Vo1ab+QXPzZ4tCa8SwIHJFaSzy4R6SHf7BY79rFBDf0idraZWAkYrDjDj8uWaSm3S2TK+hJ7/t1CEmZ7jXw+pg== execa@5.1.1: version "5.1.1" - resolved "https://registry.yarnpkg.com/execa/-/execa-5.1.1.tgz#f80ad9cbf4298f7bd1d4c9555c21e93741c411dd" + resolved "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz" integrity sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg== dependencies: cross-spawn "^7.0.3" @@ -4374,7 +4391,7 @@ execa@5.1.1: express@^4.21.2: version "4.21.2" - resolved "https://registry.yarnpkg.com/express/-/express-4.21.2.tgz#cf250e48362174ead6cea4a566abef0162c1ec32" + resolved "https://registry.npmjs.org/express/-/express-4.21.2.tgz" integrity sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA== dependencies: accepts "~1.3.8" @@ -4411,24 +4428,24 @@ express@^4.21.2: extend-shallow@^2.0.1: version "2.0.1" - resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-2.0.1.tgz#51af7d614ad9a9f610ea1bafbb989d6b1c56890f" + resolved "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz" integrity sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug== dependencies: is-extendable "^0.1.0" extend@^3.0.0: version "3.0.2" - resolved "https://registry.yarnpkg.com/extend/-/extend-3.0.2.tgz#f8b1136b4071fbd8eb140aff858b1019ec2915fa" + resolved "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz" integrity sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g== fast-deep-equal@^3.1.1, fast-deep-equal@^3.1.3: version "3.1.3" - resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz#3a7d56b559d6cbc3eb512325244e619a65c6c525" + resolved "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz" integrity sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q== fast-glob@^3.2.11, fast-glob@^3.2.9, fast-glob@^3.3.0: version "3.3.3" - resolved "https://registry.yarnpkg.com/fast-glob/-/fast-glob-3.3.3.tgz#d06d585ce8dba90a16b0505c543c3ccfb3aeb818" + resolved "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.3.tgz" integrity sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg== dependencies: "@nodelib/fs.stat" "^2.0.2" @@ -4439,52 +4456,52 @@ fast-glob@^3.2.11, fast-glob@^3.2.9, fast-glob@^3.3.0: fast-json-stable-stringify@^2.0.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633" + resolved "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz" integrity sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw== fast-uri@^3.0.1: version "3.1.0" - resolved "https://registry.yarnpkg.com/fast-uri/-/fast-uri-3.1.0.tgz#66eecff6c764c0df9b762e62ca7edcfb53b4edfa" + resolved "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz" integrity sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA== fastq@^1.6.0: version "1.19.1" - resolved "https://registry.yarnpkg.com/fastq/-/fastq-1.19.1.tgz#d50eaba803c8846a883c16492821ebcd2cda55f5" + resolved "https://registry.npmjs.org/fastq/-/fastq-1.19.1.tgz" integrity sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ== dependencies: reusify "^1.0.4" fault@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/fault/-/fault-2.0.1.tgz#d47ca9f37ca26e4bd38374a7c500b5a384755b6c" + resolved "https://registry.npmjs.org/fault/-/fault-2.0.1.tgz" integrity sha512-WtySTkS4OKev5JtpHXnib4Gxiurzh5NCGvWrFaZ34m6JehfTUhKZvn9njTfw48t6JumVQOmrKqpmGcdwxnhqBQ== dependencies: format "^0.2.0" faye-websocket@^0.11.3: version "0.11.4" - resolved "https://registry.yarnpkg.com/faye-websocket/-/faye-websocket-0.11.4.tgz#7f0d9275cfdd86a1c963dc8b65fcc451edcbb1da" + resolved "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.4.tgz" integrity sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g== dependencies: websocket-driver ">=0.5.1" feed@^4.2.2: version "4.2.2" - resolved "https://registry.yarnpkg.com/feed/-/feed-4.2.2.tgz#865783ef6ed12579e2c44bbef3c9113bc4956a7e" + resolved "https://registry.npmjs.org/feed/-/feed-4.2.2.tgz" integrity sha512-u5/sxGfiMfZNtJ3OvQpXcvotFpYkL0n9u9mM2vkui2nGo8b4wvDkJ8gAkYqbA8QpGyFCv3RK0Z+Iv+9veCS9bQ== dependencies: xml-js "^1.6.11" figures@^3.2.0: version "3.2.0" - resolved "https://registry.yarnpkg.com/figures/-/figures-3.2.0.tgz#625c18bd293c604dc4a8ddb2febf0c88341746af" + resolved "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz" integrity sha512-yaduQFRKLXYOGgEn6AZau90j3ggSOyiqXU0F9JZfeXYhNa+Jk4X+s45A2zg5jns87GAFa34BBm2kXw4XpNcbdg== dependencies: escape-string-regexp "^1.0.5" -file-loader@^6.2.0: +file-loader@*, file-loader@^6.2.0: version "6.2.0" - resolved "https://registry.yarnpkg.com/file-loader/-/file-loader-6.2.0.tgz#baef7cf8e1840df325e4390b4484879480eebe4d" + resolved "https://registry.npmjs.org/file-loader/-/file-loader-6.2.0.tgz" integrity sha512-qo3glqyTa61Ytg4u73GultjHGjdRyig3tG6lPtyX/jOEJvHif9uB0/OCI2Kif6ctF3caQTW2G5gym21oAsI4pw== dependencies: loader-utils "^2.0.0" @@ -4492,14 +4509,14 @@ file-loader@^6.2.0: fill-range@^7.1.1: version "7.1.1" - resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292" + resolved "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz" integrity sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg== dependencies: to-regex-range "^5.0.1" finalhandler@1.3.1: version "1.3.1" - resolved "https://registry.yarnpkg.com/finalhandler/-/finalhandler-1.3.1.tgz#0c575f1d1d324ddd1da35ad7ece3df7d19088019" + resolved "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz" integrity sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ== dependencies: debug "2.6.9" @@ -4512,7 +4529,7 @@ finalhandler@1.3.1: find-cache-dir@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/find-cache-dir/-/find-cache-dir-4.0.0.tgz#a30ee0448f81a3990708f6453633c733e2f6eec2" + resolved "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-4.0.0.tgz" integrity sha512-9ZonPT4ZAK4a+1pUPVPZJapbi7O5qbbJPdYw/NOQWZZbVLdDTYM3A4R9z/DpAM08IDaFGsvPgiGZ82WEwUDWjg== dependencies: common-path-prefix "^3.0.0" @@ -4520,7 +4537,7 @@ find-cache-dir@^4.0.0: find-up@^6.3.0: version "6.3.0" - resolved "https://registry.yarnpkg.com/find-up/-/find-up-6.3.0.tgz#2abab3d3280b2dc7ac10199ef324c4e002c8c790" + resolved "https://registry.npmjs.org/find-up/-/find-up-6.3.0.tgz" integrity sha512-v2ZsoEuVHYy8ZIlYqwPe/39Cy+cFDzp4dXPaxNvkEuouymu+2Jbz0PxpKarJHYJTmv2HWT3O382qY8l4jMWthw== dependencies: locate-path "^7.1.0" @@ -4528,66 +4545,61 @@ find-up@^6.3.0: flat@^5.0.2: version "5.0.2" - resolved "https://registry.yarnpkg.com/flat/-/flat-5.0.2.tgz#8ca6fe332069ffa9d324c327198c598259ceb241" + resolved "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz" integrity sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ== follow-redirects@^1.0.0: version "1.15.11" - resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.11.tgz#777d73d72a92f8ec4d2e410eb47352a56b8e8340" + resolved "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz" integrity sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ== form-data-encoder@^4.0.2: version "4.1.0" - resolved "https://registry.yarnpkg.com/form-data-encoder/-/form-data-encoder-4.1.0.tgz#497cedc94810bd5d53b99b5d4f6c152d5cbc9db2" + resolved "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-4.1.0.tgz" integrity sha512-G6NsmEW15s0Uw9XnCg+33H3ViYRyiM0hMrMhhqQOR8NFc5GhYrI+6I3u7OTw7b91J2g8rtvMBZJDbcGb2YUniw== format@^0.2.0: version "0.2.2" - resolved "https://registry.yarnpkg.com/format/-/format-0.2.2.tgz#d6170107e9efdc4ed30c9dc39016df942b5cb58b" + resolved "https://registry.npmjs.org/format/-/format-0.2.2.tgz" integrity sha512-wzsgA6WOq+09wrU1tsJ09udeR/YZRaeArL9e1wPbFg3GG2yDnC2ldKpxs4xunpFF9DgqCqOIra3bc1HWrJ37Ww== forwarded@0.2.0: version "0.2.0" - resolved "https://registry.yarnpkg.com/forwarded/-/forwarded-0.2.0.tgz#2269936428aad4c15c7ebe9779a84bf0b2a81811" + resolved "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz" integrity sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow== fraction.js@^4.3.7: version "4.3.7" - resolved "https://registry.yarnpkg.com/fraction.js/-/fraction.js-4.3.7.tgz#06ca0085157e42fda7f9e726e79fefc4068840f7" + resolved "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.7.tgz" integrity sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew== fresh@0.5.2: version "0.5.2" - resolved "https://registry.yarnpkg.com/fresh/-/fresh-0.5.2.tgz#3d8cadd90d976569fa835ab1f8e4b23a105605a7" + resolved "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz" integrity sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q== fs-extra@^11.1.1, fs-extra@^11.2.0: version "11.3.2" - resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-11.3.2.tgz#c838aeddc6f4a8c74dd15f85e11fe5511bfe02a4" + resolved "https://registry.npmjs.org/fs-extra/-/fs-extra-11.3.2.tgz" integrity sha512-Xr9F6z6up6Ws+NjzMCZc6WXg2YFRlrLP9NQDO3VQrWrfiojdhS56TzueT88ze0uBdCTwEIhQ3ptnmKeWGFAe0A== dependencies: graceful-fs "^4.2.0" jsonfile "^6.0.1" universalify "^2.0.0" -fsevents@~2.3.2: - version "2.3.3" - resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-2.3.3.tgz#cac6407785d03675a2a5e1a5305c697b347d90d6" - integrity sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw== - function-bind@^1.1.2: version "1.1.2" - resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.2.tgz#2c02d864d97f3ea6c8830c464cbd11ab6eab7a1c" + resolved "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz" integrity sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA== gensync@^1.0.0-beta.2: version "1.0.0-beta.2" - resolved "https://registry.yarnpkg.com/gensync/-/gensync-1.0.0-beta.2.tgz#32a6ee76c3d7f52d46b2b1ae5d93fea8580a25e0" + resolved "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz" integrity sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg== get-intrinsic@^1.2.4, get-intrinsic@^1.2.5, get-intrinsic@^1.3.0: version "1.3.0" - resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.3.0.tgz#743f0e3b6964a93a5491ed1bffaae054d7f98d01" + resolved "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz" integrity sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ== dependencies: call-bind-apply-helpers "^1.0.2" @@ -4603,12 +4615,12 @@ get-intrinsic@^1.2.4, get-intrinsic@^1.2.5, get-intrinsic@^1.3.0: get-own-enumerable-property-symbols@^3.0.0: version "3.0.2" - resolved "https://registry.yarnpkg.com/get-own-enumerable-property-symbols/-/get-own-enumerable-property-symbols-3.0.2.tgz#b5fde77f22cbe35f390b4e089922c50bce6ef664" + resolved "https://registry.npmjs.org/get-own-enumerable-property-symbols/-/get-own-enumerable-property-symbols-3.0.2.tgz" integrity sha512-I0UBV/XOz1XkIJHEUDMZAbzCThU/H8DxmSfmdGcKPnVhu2VfFqr34jr9777IyaTYvxjedWhqVIilEDsCdP5G6g== get-proto@^1.0.1: version "1.0.1" - resolved "https://registry.yarnpkg.com/get-proto/-/get-proto-1.0.1.tgz#150b3f2743869ef3e851ec0c49d15b1d14d00ee1" + resolved "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz" integrity sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g== dependencies: dunder-proto "^1.0.1" @@ -4616,12 +4628,12 @@ get-proto@^1.0.1: get-stream@^6.0.0: version "6.0.1" - resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-6.0.1.tgz#a262d8eef67aced57c2852ad6167526a43cbf7b7" + resolved "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz" integrity sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg== get-stream@^9.0.1: version "9.0.1" - resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-9.0.1.tgz#95157d21df8eb90d1647102b63039b1df60ebd27" + resolved "https://registry.npmjs.org/get-stream/-/get-stream-9.0.1.tgz" integrity sha512-kVCxPF3vQM/N0B1PmoqVUqgHP+EeVjmZSQn+1oCRPxd2P21P2F19lIgbR3HBosbB1PUhOAoctJnfEn2GbN2eZA== dependencies: "@sec-ant/readable-stream" "^0.4.1" @@ -4629,43 +4641,43 @@ get-stream@^9.0.1: github-slugger@^1.5.0: version "1.5.0" - resolved "https://registry.yarnpkg.com/github-slugger/-/github-slugger-1.5.0.tgz#17891bbc73232051474d68bd867a34625c955f7d" + resolved "https://registry.npmjs.org/github-slugger/-/github-slugger-1.5.0.tgz" integrity sha512-wIh+gKBI9Nshz2o46B0B3f5k/W+WI9ZAv6y5Dn5WJ5SK1t0TnDimB4WE5rmTD05ZAIn8HALCZVmCsvj0w0v0lw== glob-parent@^5.1.2, glob-parent@~5.1.2: version "5.1.2" - resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4" + resolved "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz" integrity sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow== dependencies: is-glob "^4.0.1" glob-parent@^6.0.1: version "6.0.2" - resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-6.0.2.tgz#6d237d99083950c79290f24c7642a3de9a28f9e3" + resolved "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz" integrity sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A== dependencies: is-glob "^4.0.3" glob-to-regex.js@^1.0.1: version "1.2.0" - resolved "https://registry.yarnpkg.com/glob-to-regex.js/-/glob-to-regex.js-1.2.0.tgz#2b323728271d133830850e32311f40766c5f6413" + resolved "https://registry.npmjs.org/glob-to-regex.js/-/glob-to-regex.js-1.2.0.tgz" integrity sha512-QMwlOQKU/IzqMUOAZWubUOT8Qft+Y0KQWnX9nK3ch0CJg0tTp4TvGZsTfudYKv2NzoQSyPcnA6TYeIQ3jGichQ== glob-to-regexp@^0.4.1: version "0.4.1" - resolved "https://registry.yarnpkg.com/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz#c75297087c851b9a578bd217dd59a92f59fe546e" + resolved "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz" integrity sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw== global-dirs@^3.0.0: version "3.0.1" - resolved "https://registry.yarnpkg.com/global-dirs/-/global-dirs-3.0.1.tgz#0c488971f066baceda21447aecb1a8b911d22485" + resolved "https://registry.npmjs.org/global-dirs/-/global-dirs-3.0.1.tgz" integrity sha512-NBcGGFbBA9s1VzD41QXDG+3++t9Mn5t1FpLdhESY6oKY4gYTFpX4wO3sqGUa0Srjtbfj3szX0RnemmrVRUdULA== dependencies: ini "2.0.0" globby@^11.1.0: version "11.1.0" - resolved "https://registry.yarnpkg.com/globby/-/globby-11.1.0.tgz#bd4be98bb042f83d796f7e3811991fbe82a0d34b" + resolved "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz" integrity sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g== dependencies: array-union "^2.1.0" @@ -4677,7 +4689,7 @@ globby@^11.1.0: globby@^13.1.1: version "13.2.2" - resolved "https://registry.yarnpkg.com/globby/-/globby-13.2.2.tgz#63b90b1bf68619c2135475cbd4e71e66aa090592" + resolved "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz" integrity sha512-Y1zNGV+pzQdh7H39l9zgB4PJqjRNqydvdYCDG4HFXM4XuvSaQQlEc91IU1yALL8gUTDomgBAfz3XJdmUS+oo0w== dependencies: dir-glob "^3.0.1" @@ -4688,12 +4700,12 @@ globby@^13.1.1: gopd@^1.0.1, gopd@^1.2.0: version "1.2.0" - resolved "https://registry.yarnpkg.com/gopd/-/gopd-1.2.0.tgz#89f56b8217bdbc8802bd299df6d7f1081d7e51a1" + resolved "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz" integrity sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg== -got@^12.1.0, got@^14.0.0: +got@^12.1.0: version "14.6.0" - resolved "https://registry.yarnpkg.com/got/-/got-14.6.0.tgz#d6a7ec7324f8a1ee841dcc6075796c16c29296f2" + resolved "https://registry.npmjs.org/got/-/got-14.6.0.tgz" integrity sha512-K30JHMsHcwhy+JYet3IxRFw+L9rb77y5LE3OkoAD4qzMR9/g30bWYBfkHYVJL2BBPgfU4lJsRwhy4HUkLPQc3g== dependencies: "@sindresorhus/is" "^7.0.1" @@ -4709,19 +4721,19 @@ got@^12.1.0, got@^14.0.0: responselike "^4.0.2" type-fest "^4.26.1" -graceful-fs@4.2.10: - version "4.2.10" - resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c" - integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA== - graceful-fs@^4.1.2, graceful-fs@^4.1.6, graceful-fs@^4.2.0, graceful-fs@^4.2.11, graceful-fs@^4.2.4, graceful-fs@^4.2.6, graceful-fs@^4.2.9: version "4.2.11" - resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3" + resolved "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz" integrity sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ== +graceful-fs@4.2.10: + version "4.2.10" + resolved "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz" + integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA== + gray-matter@^4.0.3: version "4.0.3" - resolved "https://registry.yarnpkg.com/gray-matter/-/gray-matter-4.0.3.tgz#e893c064825de73ea1f5f7d88c7a9f7274288798" + resolved "https://registry.npmjs.org/gray-matter/-/gray-matter-4.0.3.tgz" integrity sha512-5v6yZd4JK3eMI3FqqCouswVqwugaA9r4dNZB1wwcmrD02QkV5H0y7XBQW8QwQqEaZY1pM9aqORSORhJRdNK44Q== dependencies: js-yaml "^3.13.1" @@ -4731,48 +4743,48 @@ gray-matter@^4.0.3: gzip-size@^6.0.0: version "6.0.0" - resolved "https://registry.yarnpkg.com/gzip-size/-/gzip-size-6.0.0.tgz#065367fd50c239c0671cbcbad5be3e2eeb10e462" + resolved "https://registry.npmjs.org/gzip-size/-/gzip-size-6.0.0.tgz" integrity sha512-ax7ZYomf6jqPTQ4+XCpUGyXKHk5WweS+e05MBO4/y3WJ5RkmPXNKvX+bx1behVILVwr6JSQvZAku021CHPXG3Q== dependencies: duplexer "^0.1.2" handle-thing@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/handle-thing/-/handle-thing-2.0.1.tgz#857f79ce359580c340d43081cc648970d0bb234e" + resolved "https://registry.npmjs.org/handle-thing/-/handle-thing-2.0.1.tgz" integrity sha512-9Qn4yBxelxoh2Ow62nP+Ka/kMnOXRi8BXnRaUwezLNhqelnN49xKz4F/dPP8OYLxLxq6JDtZb2i9XznUQbNPTg== has-flag@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-4.0.0.tgz#944771fd9c81c81265c4d6941860da06bb59479b" + resolved "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz" integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ== has-property-descriptors@^1.0.0, has-property-descriptors@^1.0.2: version "1.0.2" - resolved "https://registry.yarnpkg.com/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz#963ed7d071dc7bf5f084c5bfbe0d1b6222586854" + resolved "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz" integrity sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg== dependencies: es-define-property "^1.0.0" has-symbols@^1.1.0: version "1.1.0" - resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.1.0.tgz#fc9c6a783a084951d0b971fe1018de813707a338" + resolved "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz" integrity sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ== has-yarn@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/has-yarn/-/has-yarn-3.0.0.tgz#c3c21e559730d1d3b57e28af1f30d06fac38147d" + resolved "https://registry.npmjs.org/has-yarn/-/has-yarn-3.0.0.tgz" integrity sha512-IrsVwUHhEULx3R8f/aA8AHuEzAorplsab/v8HBzEiIukwq5i/EC+xmOW+HfP1OaDP+2JkgT1yILHN2O3UFIbcA== hasown@^2.0.2: version "2.0.2" - resolved "https://registry.yarnpkg.com/hasown/-/hasown-2.0.2.tgz#003eaf91be7adc372e84ec59dc37252cedb80003" + resolved "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz" integrity sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ== dependencies: function-bind "^1.1.2" hast-util-from-parse5@^8.0.0: version "8.0.3" - resolved "https://registry.yarnpkg.com/hast-util-from-parse5/-/hast-util-from-parse5-8.0.3.tgz#830a35022fff28c3fea3697a98c2f4cc6b835a2e" + resolved "https://registry.npmjs.org/hast-util-from-parse5/-/hast-util-from-parse5-8.0.3.tgz" integrity sha512-3kxEVkEKt0zvcZ3hCRYI8rqrgwtlIOFMWkbclACvjlDw8Li9S2hk/d51OI0nr/gIpdMHNepwgOKqZ/sy0Clpyg== dependencies: "@types/hast" "^3.0.0" @@ -4786,14 +4798,14 @@ hast-util-from-parse5@^8.0.0: hast-util-parse-selector@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/hast-util-parse-selector/-/hast-util-parse-selector-4.0.0.tgz#352879fa86e25616036037dd8931fb5f34cb4a27" + resolved "https://registry.npmjs.org/hast-util-parse-selector/-/hast-util-parse-selector-4.0.0.tgz" integrity sha512-wkQCkSYoOGCRKERFWcxMVMOcYE2K1AaNLU8DXS9arxnLOUEWbOXKXiJUNzEpqZ3JOKpnha3jkFrumEjVliDe7A== dependencies: "@types/hast" "^3.0.0" hast-util-raw@^9.0.0: version "9.1.0" - resolved "https://registry.yarnpkg.com/hast-util-raw/-/hast-util-raw-9.1.0.tgz#79b66b26f6f68fb50dfb4716b2cdca90d92adf2e" + resolved "https://registry.npmjs.org/hast-util-raw/-/hast-util-raw-9.1.0.tgz" integrity sha512-Y8/SBAHkZGoNkpzqqfCldijcuUKh7/su31kEBp67cFY09Wy0mTRgtsLYsiIxMJxlu0f6AA5SUTbDR8K0rxnbUw== dependencies: "@types/hast" "^3.0.0" @@ -4812,7 +4824,7 @@ hast-util-raw@^9.0.0: hast-util-to-estree@^3.0.0: version "3.1.3" - resolved "https://registry.yarnpkg.com/hast-util-to-estree/-/hast-util-to-estree-3.1.3.tgz#e654c1c9374645135695cc0ab9f70b8fcaf733d7" + resolved "https://registry.npmjs.org/hast-util-to-estree/-/hast-util-to-estree-3.1.3.tgz" integrity sha512-48+B/rJWAp0jamNbAAf9M7Uf//UVqAoMmgXhBdxTDJLGKY+LRnZ99qcG+Qjl5HfMpYNzS5v4EAwVEF34LeAj7w== dependencies: "@types/estree" "^1.0.0" @@ -4834,7 +4846,7 @@ hast-util-to-estree@^3.0.0: hast-util-to-jsx-runtime@^2.0.0: version "2.3.6" - resolved "https://registry.yarnpkg.com/hast-util-to-jsx-runtime/-/hast-util-to-jsx-runtime-2.3.6.tgz#ff31897aae59f62232e21594eac7ef6b63333e98" + resolved "https://registry.npmjs.org/hast-util-to-jsx-runtime/-/hast-util-to-jsx-runtime-2.3.6.tgz" integrity sha512-zl6s8LwNyo1P9uw+XJGvZtdFF1GdAkOg8ujOw+4Pyb76874fLps4ueHXDhXWdk6YHQ6OgUtinliG7RsYvCbbBg== dependencies: "@types/estree" "^1.0.0" @@ -4855,7 +4867,7 @@ hast-util-to-jsx-runtime@^2.0.0: hast-util-to-parse5@^8.0.0: version "8.0.0" - resolved "https://registry.yarnpkg.com/hast-util-to-parse5/-/hast-util-to-parse5-8.0.0.tgz#477cd42d278d4f036bc2ea58586130f6f39ee6ed" + resolved "https://registry.npmjs.org/hast-util-to-parse5/-/hast-util-to-parse5-8.0.0.tgz" integrity sha512-3KKrV5ZVI8if87DVSi1vDeByYrkGzg4mEfeu4alwgmmIeARiBLKCZS2uw5Gb6nU9x9Yufyj3iudm6i7nl52PFw== dependencies: "@types/hast" "^3.0.0" @@ -4868,14 +4880,14 @@ hast-util-to-parse5@^8.0.0: hast-util-whitespace@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/hast-util-whitespace/-/hast-util-whitespace-3.0.0.tgz#7778ed9d3c92dd9e8c5c8f648a49c21fc51cb621" + resolved "https://registry.npmjs.org/hast-util-whitespace/-/hast-util-whitespace-3.0.0.tgz" integrity sha512-88JUN06ipLwsnv+dVn+OIYOvAuvBMy/Qoi6O7mQHxdPXpjy+Cd6xRkWwux7DKO+4sYILtLBRIKgsdpS2gQc7qw== dependencies: "@types/hast" "^3.0.0" hastscript@^9.0.0: version "9.0.1" - resolved "https://registry.yarnpkg.com/hastscript/-/hastscript-9.0.1.tgz#dbc84bef6051d40084342c229c451cd9dc567dff" + resolved "https://registry.npmjs.org/hastscript/-/hastscript-9.0.1.tgz" integrity sha512-g7df9rMFX/SPi34tyGCyUBREQoKkapwdY/T04Qn9TDWfHhAYt4/I0gMVirzK5wEzeUqIjEB+LXC/ypb7Aqno5w== dependencies: "@types/hast" "^3.0.0" @@ -4886,12 +4898,12 @@ hastscript@^9.0.0: he@^1.2.0: version "1.2.0" - resolved "https://registry.yarnpkg.com/he/-/he-1.2.0.tgz#84ae65fa7eafb165fddb61566ae14baf05664f0f" + resolved "https://registry.npmjs.org/he/-/he-1.2.0.tgz" integrity sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw== history@^4.9.0: version "4.10.1" - resolved "https://registry.yarnpkg.com/history/-/history-4.10.1.tgz#33371a65e3a83b267434e2b3f3b1b4c58aad4cf3" + resolved "https://registry.npmjs.org/history/-/history-4.10.1.tgz" integrity sha512-36nwAD620w12kuzPAsyINPWJqlNbij+hpK1k9XRloDtym8mxzGYl2c17LnV6IAGB2Dmg4tEa7G7DlawS0+qjew== dependencies: "@babel/runtime" "^7.1.2" @@ -4903,14 +4915,14 @@ history@^4.9.0: hoist-non-react-statics@^3.1.0: version "3.3.2" - resolved "https://registry.yarnpkg.com/hoist-non-react-statics/-/hoist-non-react-statics-3.3.2.tgz#ece0acaf71d62c2969c2ec59feff42a4b1a85b45" + resolved "https://registry.npmjs.org/hoist-non-react-statics/-/hoist-non-react-statics-3.3.2.tgz" integrity sha512-/gGivxi8JPKWNm/W0jSmzcMPpfpPLc3dY/6GxhX2hQ9iGj3aDfklV4ET7NjKpSinLpJ5vafa9iiGIEZg10SfBw== dependencies: react-is "^16.7.0" hpack.js@^2.1.6: version "2.1.6" - resolved "https://registry.yarnpkg.com/hpack.js/-/hpack.js-2.1.6.tgz#87774c0949e513f42e84575b3c45681fade2a0b2" + resolved "https://registry.npmjs.org/hpack.js/-/hpack.js-2.1.6.tgz" integrity sha512-zJxVehUdMGIKsRaNt7apO2Gqp0BdqW5yaiGHXXmbpvxgBYVZnAql+BJb4RO5ad2MgpbZKn5G6nMnegrH1FcNYQ== dependencies: inherits "^2.0.1" @@ -4920,12 +4932,12 @@ hpack.js@^2.1.6: html-escaper@^2.0.2: version "2.0.2" - resolved "https://registry.yarnpkg.com/html-escaper/-/html-escaper-2.0.2.tgz#dfd60027da36a36dfcbe236262c00a5822681453" + resolved "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz" integrity sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg== html-minifier-terser@^6.0.2: version "6.1.0" - resolved "https://registry.yarnpkg.com/html-minifier-terser/-/html-minifier-terser-6.1.0.tgz#bfc818934cc07918f6b3669f5774ecdfd48f32ab" + resolved "https://registry.npmjs.org/html-minifier-terser/-/html-minifier-terser-6.1.0.tgz" integrity sha512-YXxSlJBZTP7RS3tWnQw74ooKa6L9b9i9QYXY21eUEvhZ3u9XLfv6OnFsQq6RxkhHygsaUMvYsZRV5rU/OVNZxw== dependencies: camel-case "^4.1.2" @@ -4938,7 +4950,7 @@ html-minifier-terser@^6.0.2: html-minifier-terser@^7.2.0: version "7.2.0" - resolved "https://registry.yarnpkg.com/html-minifier-terser/-/html-minifier-terser-7.2.0.tgz#18752e23a2f0ed4b0f550f217bb41693e975b942" + resolved "https://registry.npmjs.org/html-minifier-terser/-/html-minifier-terser-7.2.0.tgz" integrity sha512-tXgn3QfqPIpGl9o+K5tpcj3/MN4SfLtsx2GWwBC3SSd0tXQGyF3gsSqad8loJgKZGM3ZxbYDd5yhiBIdWpmvLA== dependencies: camel-case "^4.1.2" @@ -4951,17 +4963,17 @@ html-minifier-terser@^7.2.0: html-tags@^3.3.1: version "3.3.1" - resolved "https://registry.yarnpkg.com/html-tags/-/html-tags-3.3.1.tgz#a04026a18c882e4bba8a01a3d39cfe465d40b5ce" + resolved "https://registry.npmjs.org/html-tags/-/html-tags-3.3.1.tgz" integrity sha512-ztqyC3kLto0e9WbNp0aeP+M3kTt+nbaIveGmUxAtZa+8iFgKLUOD4YKM5j+f3QD89bra7UeumolZHKuOXnTmeQ== html-void-elements@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/html-void-elements/-/html-void-elements-3.0.0.tgz#fc9dbd84af9e747249034d4d62602def6517f1d7" + resolved "https://registry.npmjs.org/html-void-elements/-/html-void-elements-3.0.0.tgz" integrity sha512-bEqo66MRXsUGxWHV5IP0PUiAWwoEjba4VCzg0LjFJBpchPaTfyfCKTG6bc5F8ucKec3q5y6qOdGyYTSBEvhCrg== html-webpack-plugin@^5.6.0: version "5.6.4" - resolved "https://registry.yarnpkg.com/html-webpack-plugin/-/html-webpack-plugin-5.6.4.tgz#d8cb0f7edff7745ae7d6cccb0bff592e9f7f7959" + resolved "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.6.4.tgz" integrity sha512-V/PZeWsqhfpE27nKeX9EO2sbR+D17A+tLf6qU+ht66jdUsN0QLKJN27Z+1+gHrVMKgndBahes0PU6rRihDgHTw== dependencies: "@types/html-minifier-terser" "^6.0.0" @@ -4972,7 +4984,7 @@ html-webpack-plugin@^5.6.0: htmlparser2@^6.1.0: version "6.1.0" - resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-6.1.0.tgz#c4d762b6c3371a05dbe65e94ae43a9f845fb8fb7" + resolved "https://registry.npmjs.org/htmlparser2/-/htmlparser2-6.1.0.tgz" integrity sha512-gyyPk6rgonLFEDGoeRgQNaEUvdJ4ktTmmUh/h2t7s+M8oPpIPxgNACWa+6ESR57kXstwqPiCut0V8NRpcwgU7A== dependencies: domelementtype "^2.0.1" @@ -4982,7 +4994,7 @@ htmlparser2@^6.1.0: htmlparser2@^8.0.1: version "8.0.2" - resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-8.0.2.tgz#f002151705b383e62433b5cf466f5b716edaec21" + resolved "https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz" integrity sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA== dependencies: domelementtype "^2.3.0" @@ -4992,17 +5004,27 @@ htmlparser2@^8.0.1: http-cache-semantics@^4.2.0: version "4.2.0" - resolved "https://registry.yarnpkg.com/http-cache-semantics/-/http-cache-semantics-4.2.0.tgz#205f4db64f8562b76a4ff9235aa5279839a09dd5" + resolved "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.2.0.tgz" integrity sha512-dTxcvPXqPvXBQpq5dUr6mEMJX4oIEFv6bwom3FDwKRDsuIjjJGANqhBuoAn9c1RQJIdAKav33ED65E2ys+87QQ== http-deceiver@^1.2.7: version "1.2.7" - resolved "https://registry.yarnpkg.com/http-deceiver/-/http-deceiver-1.2.7.tgz#fa7168944ab9a519d337cb0bec7284dc3e723d87" + resolved "https://registry.npmjs.org/http-deceiver/-/http-deceiver-1.2.7.tgz" integrity sha512-LmpOGxTfbpgtGVxJrj5k7asXHCgNZp5nLfp+hWc8QQRqtb7fUy6kRY3BO1h9ddF6yIPYUARgxGOwB42DnxIaNw== +http-errors@~1.6.2: + version "1.6.3" + resolved "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz" + integrity sha512-lks+lVC8dgGyh97jxvxeYTWQFvh4uw4yC12gVl63Cg30sjPX4wuGcdkICVXDAESr6OJGjqGA8Iz5mkeN6zlD7A== + dependencies: + depd "~1.1.2" + inherits "2.0.3" + setprototypeof "1.1.0" + statuses ">= 1.4.0 < 2" + http-errors@2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-2.0.0.tgz#b7774a1486ef73cf7667ac9ae0858c012c57b9d3" + resolved "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz" integrity sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ== dependencies: depd "2.0.0" @@ -5011,24 +5033,14 @@ http-errors@2.0.0: statuses "2.0.1" toidentifier "1.0.1" -http-errors@~1.6.2: - version "1.6.3" - resolved "https://registry.yarnpkg.com/http-errors/-/http-errors-1.6.3.tgz#8b55680bb4be283a0b5bf4ea2e38580be1d9320d" - integrity sha512-lks+lVC8dgGyh97jxvxeYTWQFvh4uw4yC12gVl63Cg30sjPX4wuGcdkICVXDAESr6OJGjqGA8Iz5mkeN6zlD7A== - dependencies: - depd "~1.1.2" - inherits "2.0.3" - setprototypeof "1.1.0" - statuses ">= 1.4.0 < 2" - http-parser-js@>=0.5.1: version "0.5.10" - resolved "https://registry.yarnpkg.com/http-parser-js/-/http-parser-js-0.5.10.tgz#b3277bd6d7ed5588e20ea73bf724fcbe44609075" + resolved "https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.10.tgz" integrity sha512-Pysuw9XpUq5dVc/2SMHpuTY01RFl8fttgcyunjL7eEMhGM3cI4eOmiCycJDVCo/7O7ClfQD3SaI6ftDzqOXYMA== http-proxy-middleware@^2.0.9: version "2.0.9" - resolved "https://registry.yarnpkg.com/http-proxy-middleware/-/http-proxy-middleware-2.0.9.tgz#e9e63d68afaa4eee3d147f39149ab84c0c2815ef" + resolved "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.9.tgz" integrity sha512-c1IyJYLYppU574+YI7R4QyX2ystMtVXZwIdzazUIPIJsHuWNd+mho2j+bKoHftndicGj9yh+xjd+l0yj7VeT1Q== dependencies: "@types/http-proxy" "^1.17.8" @@ -5039,7 +5051,7 @@ http-proxy-middleware@^2.0.9: http-proxy@^1.18.1: version "1.18.1" - resolved "https://registry.yarnpkg.com/http-proxy/-/http-proxy-1.18.1.tgz#401541f0534884bbf95260334e72f88ee3976549" + resolved "https://registry.npmjs.org/http-proxy/-/http-proxy-1.18.1.tgz" integrity sha512-7mz/721AbnJwIVbnaSv1Cz3Am0ZLT/UBwkC92VlxhXv/k/BBQfM2fXElQNC27BVGr0uwUpplYPQM9LnaBMR5NQ== dependencies: eventemitter3 "^4.0.0" @@ -5048,7 +5060,7 @@ http-proxy@^1.18.1: http2-wrapper@^2.2.1: version "2.2.1" - resolved "https://registry.yarnpkg.com/http2-wrapper/-/http2-wrapper-2.2.1.tgz#310968153dcdedb160d8b72114363ef5fce1f64a" + resolved "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz" integrity sha512-V5nVw1PAOgfI3Lmeaj2Exmeg7fenjhRUgz1lPSezy1CuhPYbgQtbQj4jZfEAEMlaL+vupsvhjqCyjzob0yxsmQ== dependencies: quick-lru "^5.1.1" @@ -5056,39 +5068,39 @@ http2-wrapper@^2.2.1: human-signals@^2.1.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/human-signals/-/human-signals-2.1.0.tgz#dc91fcba42e4d06e4abaed33b3e7a3c02f514ea0" + resolved "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz" integrity sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw== hyperdyperid@^1.2.0: version "1.2.0" - resolved "https://registry.yarnpkg.com/hyperdyperid/-/hyperdyperid-1.2.0.tgz#59668d323ada92228d2a869d3e474d5a33b69e6b" + resolved "https://registry.npmjs.org/hyperdyperid/-/hyperdyperid-1.2.0.tgz" integrity sha512-Y93lCzHYgGWdrJ66yIktxiaGULYc6oGiABxhcO5AufBeOyoIdZF7bIfLaOrbM0iGIOXQQgxxRrFEnb+Y6w1n4A== iconv-lite@0.4.24: version "0.4.24" - resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.4.24.tgz#2022b4b25fbddc21d2f524974a474aafe733908b" + resolved "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz" integrity sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA== dependencies: safer-buffer ">= 2.1.2 < 3" icss-utils@^5.0.0, icss-utils@^5.1.0: version "5.1.0" - resolved "https://registry.yarnpkg.com/icss-utils/-/icss-utils-5.1.0.tgz#c6be6858abd013d768e98366ae47e25d5887b1ae" + resolved "https://registry.npmjs.org/icss-utils/-/icss-utils-5.1.0.tgz" integrity sha512-soFhflCVWLfRNOPU3iv5Z9VUdT44xFRbzjLsEzSr5AQmgqPMTHdU3PMT1Cf1ssx8fLNJDA1juftYl+PUcv3MqA== ignore@^5.2.0, ignore@^5.2.4: version "5.3.2" - resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.2.tgz#3cd40e729f3643fd87cb04e50bf0eb722bc596f5" + resolved "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz" integrity sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g== image-size@^2.0.2: version "2.0.2" - resolved "https://registry.yarnpkg.com/image-size/-/image-size-2.0.2.tgz#84a7b43704db5736f364bf0d1b029821299b4bdc" + resolved "https://registry.npmjs.org/image-size/-/image-size-2.0.2.tgz" integrity sha512-IRqXKlaXwgSMAMtpNzZa1ZAe8m+Sa1770Dhk8VkSsP9LS+iHD62Zd8FQKs8fbPiagBE7BzoFX23cxFnwshpV6w== import-fresh@^3.3.0: version "3.3.1" - resolved "https://registry.yarnpkg.com/import-fresh/-/import-fresh-3.3.1.tgz#9cecb56503c0ada1f2741dbbd6546e4b13b57ccf" + resolved "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.1.tgz" integrity sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ== dependencies: parent-module "^1.0.0" @@ -5096,74 +5108,79 @@ import-fresh@^3.3.0: import-lazy@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/import-lazy/-/import-lazy-4.0.0.tgz#e8eb627483a0a43da3c03f3e35548be5cb0cc153" + resolved "https://registry.npmjs.org/import-lazy/-/import-lazy-4.0.0.tgz" integrity sha512-rKtvo6a868b5Hu3heneU+L4yEQ4jYKLtjpnPeUdK7h0yzXGmyBTypknlkCvHFBqfX9YlorEiMM6Dnq/5atfHkw== imurmurhash@^0.1.4: version "0.1.4" - resolved "https://registry.yarnpkg.com/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea" + resolved "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz" integrity sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA== indent-string@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/indent-string/-/indent-string-4.0.0.tgz#624f8f4497d619b2d9768531d58f4122854d7251" + resolved "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz" integrity sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg== infima@0.2.0-alpha.45: version "0.2.0-alpha.45" - resolved "https://registry.yarnpkg.com/infima/-/infima-0.2.0-alpha.45.tgz#542aab5a249274d81679631b492973dd2c1e7466" + resolved "https://registry.npmjs.org/infima/-/infima-0.2.0-alpha.45.tgz" integrity sha512-uyH0zfr1erU1OohLk0fT4Rrb94AOhguWNOcD9uGrSpRvNB+6gZXUoJX5J0NtvzBO10YZ9PgvA4NFgt+fYg8ojw== +inherits@^2.0.1, inherits@^2.0.3, inherits@~2.0.3, inherits@2.0.4: + version "2.0.4" + resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz" + integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== + inherits@2.0.3: version "2.0.3" - resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.3.tgz#633c2c83e3da42a502f52466022480f4208261de" + resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz" integrity sha512-x00IRNXNy63jwGkJmzPigoySHbaqpNuzKbBOmzK+g2OdZpQ9w+sxCN+VSB3ja7IAge2OP2qpfxTjeNcyjmW1uw== -inherits@2.0.4, inherits@^2.0.1, inherits@^2.0.3, inherits@~2.0.3: - version "2.0.4" - resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c" - integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== +ini@^1.3.4: + version "1.3.8" + resolved "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz" + integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew== + +ini@~1.3.0: + version "1.3.8" + resolved "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz" + integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew== ini@2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/ini/-/ini-2.0.0.tgz#e5fd556ecdd5726be978fa1001862eacb0a94bc5" + resolved "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz" integrity sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA== -ini@^1.3.4, ini@~1.3.0: - version "1.3.8" - resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c" - integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew== - inline-style-parser@0.2.4: version "0.2.4" - resolved "https://registry.yarnpkg.com/inline-style-parser/-/inline-style-parser-0.2.4.tgz#f4af5fe72e612839fcd453d989a586566d695f22" + resolved "https://registry.npmjs.org/inline-style-parser/-/inline-style-parser-0.2.4.tgz" integrity sha512-0aO8FkhNZlj/ZIbNi7Lxxr12obT7cL1moPfE4tg1LkX7LlLfC6DeX4l2ZEud1ukP9jNQyNnfzQVqwbwmAATY4Q== invariant@^2.2.4: version "2.2.4" - resolved "https://registry.yarnpkg.com/invariant/-/invariant-2.2.4.tgz#610f3c92c9359ce1db616e538008d23ff35158e6" + resolved "https://registry.npmjs.org/invariant/-/invariant-2.2.4.tgz" integrity sha512-phJfQVBuaJM5raOpJjSfkiD6BpbCE4Ns//LaXl6wGYtUBY83nWS6Rf9tXm2e8VaK60JEjYldbPif/A2B1C2gNA== dependencies: loose-envify "^1.0.0" -ipaddr.js@1.9.1: - version "1.9.1" - resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-1.9.1.tgz#bff38543eeb8984825079ff3a2a8e6cbd46781b3" - integrity sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g== - ipaddr.js@^2.1.0: version "2.2.0" - resolved "https://registry.yarnpkg.com/ipaddr.js/-/ipaddr.js-2.2.0.tgz#d33fa7bac284f4de7af949638c9d68157c6b92e8" + resolved "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-2.2.0.tgz" integrity sha512-Ag3wB2o37wslZS19hZqorUnrnzSkpOVy+IiiDEiTqNubEYpYuHWIf6K4psgN2ZWKExS4xhVCrRVfb/wfW8fWJA== +ipaddr.js@1.9.1: + version "1.9.1" + resolved "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz" + integrity sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g== + is-alphabetical@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/is-alphabetical/-/is-alphabetical-2.0.1.tgz#01072053ea7c1036df3c7d19a6daaec7f19e789b" + resolved "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-2.0.1.tgz" integrity sha512-FWyyY60MeTNyeSRpkM2Iry0G9hpr7/9kD40mD/cGQEuilcZYS4okz8SN2Q6rLCJ8gbCt6fN+rC+6tMGS99LaxQ== is-alphanumerical@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/is-alphanumerical/-/is-alphanumerical-2.0.1.tgz#7c03fbe96e3e931113e57f964b0a368cc2dfd875" + resolved "https://registry.npmjs.org/is-alphanumerical/-/is-alphanumerical-2.0.1.tgz" integrity sha512-hmbYhX/9MUMF5uh7tOXyK/n0ZvWpad5caBA17GsC6vyuCqaWliRG5K1qS9inmUhEMaOBIW7/whAnSwveW/LtZw== dependencies: is-alphabetical "^2.0.0" @@ -5171,82 +5188,82 @@ is-alphanumerical@^2.0.0: is-arrayish@^0.2.1: version "0.2.1" - resolved "https://registry.yarnpkg.com/is-arrayish/-/is-arrayish-0.2.1.tgz#77c99840527aa8ecb1a8ba697b80645a7a926a9d" + resolved "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz" integrity sha512-zz06S8t0ozoDXMG+ube26zeCTNXcKIPJZJi8hBrF4idCLms4CG9QtK7qBl1boi5ODzFpjswb5JPmHCbMpjaYzg== is-binary-path@~2.1.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/is-binary-path/-/is-binary-path-2.1.0.tgz#ea1f7f3b80f064236e83470f86c09c254fb45b09" + resolved "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz" integrity sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw== dependencies: binary-extensions "^2.0.0" is-ci@^3.0.1: version "3.0.1" - resolved "https://registry.yarnpkg.com/is-ci/-/is-ci-3.0.1.tgz#db6ecbed1bd659c43dac0f45661e7674103d1867" + resolved "https://registry.npmjs.org/is-ci/-/is-ci-3.0.1.tgz" integrity sha512-ZYvCgrefwqoQ6yTyYUbQu64HsITZ3NfKX1lzaEYdkTDcfKzzCI/wthRRYKkdjHKFVgNiXKAKm65Zo1pk2as/QQ== dependencies: ci-info "^3.2.0" is-core-module@^2.16.0: version "2.16.1" - resolved "https://registry.yarnpkg.com/is-core-module/-/is-core-module-2.16.1.tgz#2a98801a849f43e2add644fbb6bc6229b19a4ef4" + resolved "https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.1.tgz" integrity sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w== dependencies: hasown "^2.0.2" is-decimal@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/is-decimal/-/is-decimal-2.0.1.tgz#9469d2dc190d0214fd87d78b78caecc0cc14eef7" + resolved "https://registry.npmjs.org/is-decimal/-/is-decimal-2.0.1.tgz" integrity sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A== is-docker@^2.0.0, is-docker@^2.1.1: version "2.2.1" - resolved "https://registry.yarnpkg.com/is-docker/-/is-docker-2.2.1.tgz#33eeabe23cfe86f14bde4408a02c0cfb853acdaa" + resolved "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz" integrity sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ== is-docker@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/is-docker/-/is-docker-3.0.0.tgz#90093aa3106277d8a77a5910dbae71747e15a200" + resolved "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz" integrity sha512-eljcgEDlEns/7AXFosB5K/2nCM4P7FQPkGc/DWLy5rmFEWvZayGrik1d9/QIY5nJ4f9YsVvBkA6kJpHn9rISdQ== is-extendable@^0.1.0: version "0.1.1" - resolved "https://registry.yarnpkg.com/is-extendable/-/is-extendable-0.1.1.tgz#62b110e289a471418e3ec36a617d472e301dfc89" + resolved "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz" integrity sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw== is-extglob@^2.1.1: version "2.1.1" - resolved "https://registry.yarnpkg.com/is-extglob/-/is-extglob-2.1.1.tgz#a88c02535791f02ed37c76a1b9ea9773c833f8c2" + resolved "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz" integrity sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ== is-fullwidth-code-point@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz#f116f8064fe90b3f7844a38997c0b75051269f1d" + resolved "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz" integrity sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg== is-glob@^4.0.1, is-glob@^4.0.3, is-glob@~4.0.1: version "4.0.3" - resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-4.0.3.tgz#64f61e42cbbb2eec2071a9dac0b28ba1e65d5084" + resolved "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz" integrity sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg== dependencies: is-extglob "^2.1.1" is-hexadecimal@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/is-hexadecimal/-/is-hexadecimal-2.0.1.tgz#86b5bf668fca307498d319dfc03289d781a90027" + resolved "https://registry.npmjs.org/is-hexadecimal/-/is-hexadecimal-2.0.1.tgz" integrity sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg== is-inside-container@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/is-inside-container/-/is-inside-container-1.0.0.tgz#e81fba699662eb31dbdaf26766a61d4814717ea4" + resolved "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz" integrity sha512-KIYLCCJghfHZxqjYBE7rEy0OBuTd5xCHS7tHVgvCLkx7StIoaxwNW3hCALgEUjFfeRk+MG/Qxmp/vtETEF3tRA== dependencies: is-docker "^3.0.0" is-installed-globally@^0.4.0: version "0.4.0" - resolved "https://registry.yarnpkg.com/is-installed-globally/-/is-installed-globally-0.4.0.tgz#9a0fd407949c30f86eb6959ef1b7994ed0b7b520" + resolved "https://registry.npmjs.org/is-installed-globally/-/is-installed-globally-0.4.0.tgz" integrity sha512-iwGqO3J21aaSkC7jWnHP/difazwS7SFeIqxv6wEtLU8Y5KlzFTjyqcSIT0d8s4+dDhKytsk9PJZ2BkS5eZwQRQ== dependencies: global-dirs "^3.0.0" @@ -5254,113 +5271,113 @@ is-installed-globally@^0.4.0: is-network-error@^1.0.0: version "1.3.0" - resolved "https://registry.yarnpkg.com/is-network-error/-/is-network-error-1.3.0.tgz#2ce62cbca444abd506f8a900f39d20b898d37512" + resolved "https://registry.npmjs.org/is-network-error/-/is-network-error-1.3.0.tgz" integrity sha512-6oIwpsgRfnDiyEDLMay/GqCl3HoAtH5+RUKW29gYkL0QA+ipzpDLA16yQs7/RHCSu+BwgbJaOUqa4A99qNVQVw== is-npm@^6.0.0: version "6.1.0" - resolved "https://registry.yarnpkg.com/is-npm/-/is-npm-6.1.0.tgz#f70e0b6c132dfc817ac97d3badc0134945b098d3" + resolved "https://registry.npmjs.org/is-npm/-/is-npm-6.1.0.tgz" integrity sha512-O2z4/kNgyjhQwVR1Wpkbfc19JIhggF97NZNCpWTnjH7kVcZMUrnut9XSN7txI7VdyIYk5ZatOq3zvSuWpU8hoA== is-number@^7.0.0: version "7.0.0" - resolved "https://registry.yarnpkg.com/is-number/-/is-number-7.0.0.tgz#7535345b896734d5f80c4d06c50955527a14f12b" + resolved "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz" integrity sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng== is-obj@^1.0.1: version "1.0.1" - resolved "https://registry.yarnpkg.com/is-obj/-/is-obj-1.0.1.tgz#3e4729ac1f5fde025cd7d83a896dab9f4f67db0f" + resolved "https://registry.npmjs.org/is-obj/-/is-obj-1.0.1.tgz" integrity sha512-l4RyHgRqGN4Y3+9JHVrNqO+tN0rV5My76uW5/nuO4K1b6vw5G8d/cmFjP9tRfEsdhZNt0IFdZuK/c2Vr4Nb+Qg== is-obj@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/is-obj/-/is-obj-2.0.0.tgz#473fb05d973705e3fd9620545018ca8e22ef4982" + resolved "https://registry.npmjs.org/is-obj/-/is-obj-2.0.0.tgz" integrity sha512-drqDG3cbczxxEJRoOXcOjtdp1J/lyp1mNn0xaznRs8+muBhgQcrnbspox5X5fOw0HnMnbfDzvnEMEtqDEJEo8w== is-path-inside@^3.0.2: version "3.0.3" - resolved "https://registry.yarnpkg.com/is-path-inside/-/is-path-inside-3.0.3.tgz#d231362e53a07ff2b0e0ea7fed049161ffd16283" + resolved "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz" integrity sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ== is-plain-obj@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/is-plain-obj/-/is-plain-obj-3.0.0.tgz#af6f2ea14ac5a646183a5bbdb5baabbc156ad9d7" + resolved "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-3.0.0.tgz" integrity sha512-gwsOE28k+23GP1B6vFl1oVh/WOzmawBrKwo5Ev6wMKzPkaXaCDIQKzLnvsA42DRlbVTWorkgTKIviAKCWkfUwA== is-plain-obj@^4.0.0: version "4.1.0" - resolved "https://registry.yarnpkg.com/is-plain-obj/-/is-plain-obj-4.1.0.tgz#d65025edec3657ce032fd7db63c97883eaed71f0" + resolved "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz" integrity sha512-+Pgi+vMuUNkJyExiMBt5IlFoMyKnr5zhJ4Uspz58WOhBF5QoIZkFyNHIbBAtHwzVAgk5RtndVNsDRN61/mmDqg== is-plain-object@^2.0.4: version "2.0.4" - resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-2.0.4.tgz#2c163b3fafb1b606d9d17928f05c2a1c38e07677" + resolved "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz" integrity sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og== dependencies: isobject "^3.0.1" is-regexp@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/is-regexp/-/is-regexp-1.0.0.tgz#fd2d883545c46bac5a633e7b9a09e87fa2cb5069" + resolved "https://registry.npmjs.org/is-regexp/-/is-regexp-1.0.0.tgz" integrity sha512-7zjFAPO4/gwyQAAgRRmqeEeyIICSdmCqa3tsVHMdBzaXXRiqopZL4Cyghg/XulGWrtABTpbnYYzzIRffLkP4oA== is-stream@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/is-stream/-/is-stream-2.0.1.tgz#fac1e3d53b97ad5a9d0ae9cef2389f5810a5c077" + resolved "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz" integrity sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg== is-stream@^4.0.1: version "4.0.1" - resolved "https://registry.yarnpkg.com/is-stream/-/is-stream-4.0.1.tgz#375cf891e16d2e4baec250b85926cffc14720d9b" + resolved "https://registry.npmjs.org/is-stream/-/is-stream-4.0.1.tgz" integrity sha512-Dnz92NInDqYckGEUJv689RbRiTSEHCQ7wOVeALbkOz999YpqT46yMRIGtSNl2iCL1waAZSx40+h59NV/EwzV/A== is-typedarray@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/is-typedarray/-/is-typedarray-1.0.0.tgz#e479c80858df0c1b11ddda6940f96011fcda4a9a" + resolved "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz" integrity sha512-cyA56iCMHAh5CdzjJIa4aohJyeO1YbwLi3Jc35MmRU6poroFjIGZzUzupGiRPOjgHg9TLu43xbpwXk523fMxKA== is-wsl@^2.2.0: version "2.2.0" - resolved "https://registry.yarnpkg.com/is-wsl/-/is-wsl-2.2.0.tgz#74a4c76e77ca9fd3f932f290c17ea326cd157271" + resolved "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz" integrity sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww== dependencies: is-docker "^2.0.0" is-wsl@^3.1.0: version "3.1.0" - resolved "https://registry.yarnpkg.com/is-wsl/-/is-wsl-3.1.0.tgz#e1c657e39c10090afcbedec61720f6b924c3cbd2" + resolved "https://registry.npmjs.org/is-wsl/-/is-wsl-3.1.0.tgz" integrity sha512-UcVfVfaK4Sc4m7X3dUSoHoozQGBEFeDC+zVo06t98xe8CzHSZZBekNXH+tu0NalHolcJ/QAGqS46Hef7QXBIMw== dependencies: is-inside-container "^1.0.0" is-yarn-global@^0.4.0: version "0.4.1" - resolved "https://registry.yarnpkg.com/is-yarn-global/-/is-yarn-global-0.4.1.tgz#b312d902b313f81e4eaf98b6361ba2b45cd694bb" + resolved "https://registry.npmjs.org/is-yarn-global/-/is-yarn-global-0.4.1.tgz" integrity sha512-/kppl+R+LO5VmhYSEWARUFjodS25D68gvj8W7z0I7OWhUla5xWu8KL6CtB2V0R6yqhnRgbcaREMr4EEM6htLPQ== -isarray@0.0.1: - version "0.0.1" - resolved "https://registry.yarnpkg.com/isarray/-/isarray-0.0.1.tgz#8a18acfca9a8f4177e09abfc6038939b05d1eedf" - integrity sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ== - isarray@~1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11" + resolved "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz" integrity sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ== +isarray@0.0.1: + version "0.0.1" + resolved "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz" + integrity sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ== + isexe@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10" + resolved "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz" integrity sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw== isobject@^3.0.1: version "3.0.1" - resolved "https://registry.yarnpkg.com/isobject/-/isobject-3.0.1.tgz#4e431e92b11a9731636aa1f9c8d1ccbcfdab78df" + resolved "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz" integrity sha512-WhB9zCku7EGTj/HQQRz5aUQEUeoQZH2bWcltRErOpymJ4boYE6wL9Tbr23krRPSZ+C5zqNSrSw+Cc7sZZ4b7vg== jest-util@^29.7.0: version "29.7.0" - resolved "https://registry.yarnpkg.com/jest-util/-/jest-util-29.7.0.tgz#23c2b62bfb22be82b44de98055802ff3710fc0bc" + resolved "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz" integrity sha512-z6EbKajIpqGKU56y5KBUgy1dt1ihhQJgWzUlZHArA/+X2ad7Cb5iF+AK1EWVL/Bo7Rz9uurpqw6SiBCefUbCGA== dependencies: "@jest/types" "^29.6.3" @@ -5372,7 +5389,7 @@ jest-util@^29.7.0: jest-worker@^27.4.5: version "27.5.1" - resolved "https://registry.yarnpkg.com/jest-worker/-/jest-worker-27.5.1.tgz#8d146f0900e8973b106b6f73cc1e9a8cb86f8db0" + resolved "https://registry.npmjs.org/jest-worker/-/jest-worker-27.5.1.tgz" integrity sha512-7vuh85V5cdDofPyxn58nrPjBktZo0u9x1g8WtjQol+jZDaE+fhN+cIvTj11GndBnMnyfrUOG1sZQxCdjKh+DKg== dependencies: "@types/node" "*" @@ -5381,7 +5398,7 @@ jest-worker@^27.4.5: jest-worker@^29.4.3: version "29.7.0" - resolved "https://registry.yarnpkg.com/jest-worker/-/jest-worker-29.7.0.tgz#acad073acbbaeb7262bd5389e1bcf43e10058d4a" + resolved "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz" integrity sha512-eIz2msL/EzL9UFTFFx7jBTkeZfku0yUAyZZZmJ93H2TYEiroIx2PQjEXcwYtYl8zXCxb+PAmA2hLIt/6ZEkPHw== dependencies: "@types/node" "*" @@ -5391,12 +5408,12 @@ jest-worker@^29.4.3: jiti@^1.20.0: version "1.21.7" - resolved "https://registry.yarnpkg.com/jiti/-/jiti-1.21.7.tgz#9dd81043424a3d28458b193d965f0d18a2300ba9" + resolved "https://registry.npmjs.org/jiti/-/jiti-1.21.7.tgz" integrity sha512-/imKNG4EbWNrVjoNC/1H5/9GFy+tqjGBHCaSsN+P2RnPqjsLmv6UD3Ej+Kj8nBWaRAwyk7kK5ZUc+OEatnTR3A== joi@^17.9.2: version "17.13.3" - resolved "https://registry.yarnpkg.com/joi/-/joi-17.13.3.tgz#0f5cc1169c999b30d344366d384b12d92558bcec" + resolved "https://registry.npmjs.org/joi/-/joi-17.13.3.tgz" integrity sha512-otDA4ldcIx+ZXsKHWmp0YizCweVRZG96J10b0FevjfuncLO1oX59THoAmHkNubYJ+9gWsYsp5k8v4ib6oDv1fA== dependencies: "@hapi/hoek" "^9.3.0" @@ -5407,12 +5424,12 @@ joi@^17.9.2: "js-tokens@^3.0.0 || ^4.0.0", js-tokens@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499" + resolved "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz" integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ== js-yaml@^3.13.1: version "3.14.1" - resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.14.1.tgz#dae812fdb3825fa306609a8717383c50c36a0537" + resolved "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz" integrity sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g== dependencies: argparse "^1.0.7" @@ -5420,44 +5437,44 @@ js-yaml@^3.13.1: js-yaml@^4.1.0: version "4.1.0" - resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602" + resolved "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz" integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA== dependencies: argparse "^2.0.1" jsesc@^3.0.2, jsesc@~3.1.0: version "3.1.0" - resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-3.1.0.tgz#74d335a234f67ed19907fdadfac7ccf9d409825d" + resolved "https://registry.npmjs.org/jsesc/-/jsesc-3.1.0.tgz" integrity sha512-/sM3dO2FOzXjKQhJuo0Q173wf2KOo8t4I8vHy6lF9poUp7bKT0/NHE8fPX23PwfhnykfqnC2xRxOnVw5XuGIaA== json-parse-even-better-errors@^2.3.0, json-parse-even-better-errors@^2.3.1: version "2.3.1" - resolved "https://registry.yarnpkg.com/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz#7c47805a94319928e05777405dc12e1f7a4ee02d" + resolved "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz" integrity sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w== json-schema-traverse@^0.4.1: version "0.4.1" - resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660" + resolved "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz" integrity sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg== json-schema-traverse@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz#ae7bcb3656ab77a73ba5c49bf654f38e6b6860e2" + resolved "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz" integrity sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug== json-schema@^0.4.0: version "0.4.0" - resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.4.0.tgz#f7de4cf6efab838ebaeb3236474cbba5a1930ab5" + resolved "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz" integrity sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA== json5@^2.1.2, json5@^2.2.3: version "2.2.3" - resolved "https://registry.yarnpkg.com/json5/-/json5-2.2.3.tgz#78cd6f1a19bdc12b73db5ad0c61efd66c1e29283" + resolved "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz" integrity sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg== jsonfile@^6.0.1: version "6.2.0" - resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-6.2.0.tgz#7c265bd1b65de6977478300087c99f1c84383f62" + resolved "https://registry.npmjs.org/jsonfile/-/jsonfile-6.2.0.tgz" integrity sha512-FGuPw30AdOIUTRMC2OMRtQV+jkVj2cfPqSeWXv1NEAJ1qZ5zb1X6z1mFhbfOB/iy3ssJCD+3KuZ8r8C3uVFlAg== dependencies: universalify "^2.0.0" @@ -5466,31 +5483,31 @@ jsonfile@^6.0.1: keyv@^5.5.3: version "5.5.3" - resolved "https://registry.yarnpkg.com/keyv/-/keyv-5.5.3.tgz#db7b7f89b3e13ade5a8d0fe59d765aebb596e84b" + resolved "https://registry.npmjs.org/keyv/-/keyv-5.5.3.tgz" integrity sha512-h0Un1ieD+HUrzBH6dJXhod3ifSghk5Hw/2Y4/KHBziPlZecrFyE9YOTPU6eOs0V9pYl8gOs86fkr/KN8lUX39A== dependencies: "@keyv/serialize" "^1.1.1" kind-of@^6.0.0, kind-of@^6.0.2: version "6.0.3" - resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-6.0.3.tgz#07c05034a6c349fa06e24fa35aa76db4580ce4dd" + resolved "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz" integrity sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw== kleur@^3.0.3: version "3.0.3" - resolved "https://registry.yarnpkg.com/kleur/-/kleur-3.0.3.tgz#a79c9ecc86ee1ce3fa6206d1216c501f147fc07e" + resolved "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz" integrity sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w== latest-version@^7.0.0: version "7.0.0" - resolved "https://registry.yarnpkg.com/latest-version/-/latest-version-7.0.0.tgz#843201591ea81a4d404932eeb61240fe04e9e5da" + resolved "https://registry.npmjs.org/latest-version/-/latest-version-7.0.0.tgz" integrity sha512-KvNT4XqAMzdcL6ka6Tl3i2lYeFDgXNCuIX+xNx6ZMVR1dFq+idXd9FLKNMOIx0t9mJ9/HudyX4oZWXZQ0UJHeg== dependencies: package-json "^8.1.0" launch-editor@^2.6.1: version "2.11.1" - resolved "https://registry.yarnpkg.com/launch-editor/-/launch-editor-2.11.1.tgz#61a0b7314a42fd84a6cbb564573d9e9ffcf3d72b" + resolved "https://registry.npmjs.org/launch-editor/-/launch-editor-2.11.1.tgz" integrity sha512-SEET7oNfgSaB6Ym0jufAdCeo3meJVeCaaDyzRygy0xsp2BFKCprcfHljTq4QkzTLUxEKkFK6OK4811YM2oSrRg== dependencies: picocolors "^1.1.1" @@ -5498,27 +5515,27 @@ launch-editor@^2.6.1: leven@^3.1.0: version "3.1.0" - resolved "https://registry.yarnpkg.com/leven/-/leven-3.1.0.tgz#77891de834064cccba82ae7842bb6b14a13ed7f2" + resolved "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz" integrity sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A== lilconfig@^3.1.1: version "3.1.3" - resolved "https://registry.yarnpkg.com/lilconfig/-/lilconfig-3.1.3.tgz#a1bcfd6257f9585bf5ae14ceeebb7b559025e4c4" + resolved "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.3.tgz" integrity sha512-/vlFKAoH5Cgt3Ie+JLhRbwOsCQePABiU3tJ1egGvyQ+33R/vcwM2Zl2QR/LzjsBeItPt3oSVXapn+m4nQDvpzw== lines-and-columns@^1.1.6: version "1.2.4" - resolved "https://registry.yarnpkg.com/lines-and-columns/-/lines-and-columns-1.2.4.tgz#eca284f75d2965079309dc0ad9255abb2ebc1632" + resolved "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz" integrity sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg== loader-runner@^4.2.0: version "4.3.1" - resolved "https://registry.yarnpkg.com/loader-runner/-/loader-runner-4.3.1.tgz#6c76ed29b0ccce9af379208299f07f876de737e3" + resolved "https://registry.npmjs.org/loader-runner/-/loader-runner-4.3.1.tgz" integrity sha512-IWqP2SCPhyVFTBtRcgMHdzlf9ul25NwaFx4wCEH/KjAXuuHY4yNjvPXsBokp8jCB936PyWRaPKUNh8NvylLp2Q== loader-utils@^2.0.0: version "2.0.4" - resolved "https://registry.yarnpkg.com/loader-utils/-/loader-utils-2.0.4.tgz#8b5cb38b5c34a9a018ee1fc0e6a066d1dfcc528c" + resolved "https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.4.tgz" integrity sha512-xXqpXoINfFhgua9xiqD8fPFHgkoq1mmmpE92WlDbm9rNRd/EbRb+Gqf908T2DMfuHjjJlksiK2RbHVOdD/MqSw== dependencies: big.js "^5.2.2" @@ -5527,92 +5544,92 @@ loader-utils@^2.0.0: locate-path@^7.1.0: version "7.2.0" - resolved "https://registry.yarnpkg.com/locate-path/-/locate-path-7.2.0.tgz#69cb1779bd90b35ab1e771e1f2f89a202c2a8a8a" + resolved "https://registry.npmjs.org/locate-path/-/locate-path-7.2.0.tgz" integrity sha512-gvVijfZvn7R+2qyPX8mAuKcFGDf6Nc61GdvGafQsHL0sBIxfKzA+usWn4GFC/bk+QdwPUD4kWFJLhElipq+0VA== dependencies: p-locate "^6.0.0" lodash.debounce@^4.0.8: version "4.0.8" - resolved "https://registry.yarnpkg.com/lodash.debounce/-/lodash.debounce-4.0.8.tgz#82d79bff30a67c4005ffd5e2515300ad9ca4d7af" + resolved "https://registry.npmjs.org/lodash.debounce/-/lodash.debounce-4.0.8.tgz" integrity sha512-FT1yDzDYEoYWhnSGnpE/4Kj1fLZkDFyqRb7fNt6FdYOSxlUWAtp42Eh6Wb0rGIv/m9Bgo7x4GhQbm5Ys4SG5ow== lodash.memoize@^4.1.2: version "4.1.2" - resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-4.1.2.tgz#bcc6c49a42a2840ed997f323eada5ecd182e0bfe" + resolved "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz" integrity sha512-t7j+NzmgnQzTAYXcsHYLgimltOV1MXHtlOWf6GjL9Kj8GK5FInw5JotxvbOs+IvV1/Dzo04/fCGfLVs7aXb4Ag== lodash.uniq@^4.5.0: version "4.5.0" - resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773" + resolved "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz" integrity sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ== lodash@^4.17.20, lodash@^4.17.21: version "4.17.21" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" + resolved "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz" integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== longest-streak@^3.0.0: version "3.1.0" - resolved "https://registry.yarnpkg.com/longest-streak/-/longest-streak-3.1.0.tgz#62fa67cd958742a1574af9f39866364102d90cd4" + resolved "https://registry.npmjs.org/longest-streak/-/longest-streak-3.1.0.tgz" integrity sha512-9Ri+o0JYgehTaVBBDoMqIl8GXtbWg711O3srftcHhZ0dqnETqLaoIK0x17fUw9rFSlK/0NlsKe0Ahhyl5pXE2g== loose-envify@^1.0.0, loose-envify@^1.2.0, loose-envify@^1.3.1, loose-envify@^1.4.0: version "1.4.0" - resolved "https://registry.yarnpkg.com/loose-envify/-/loose-envify-1.4.0.tgz#71ee51fa7be4caec1a63839f7e682d8132d30caf" + resolved "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz" integrity sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q== dependencies: js-tokens "^3.0.0 || ^4.0.0" lower-case@^2.0.2: version "2.0.2" - resolved "https://registry.yarnpkg.com/lower-case/-/lower-case-2.0.2.tgz#6fa237c63dbdc4a82ca0fd882e4722dc5e634e28" + resolved "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz" integrity sha512-7fm3l3NAF9WfN6W3JOmf5drwpVqX78JtoGJ3A6W0a6ZnldM41w2fV5D490psKFTpMds8TJse/eHLFFsNHHjHgg== dependencies: tslib "^2.0.3" lowercase-keys@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/lowercase-keys/-/lowercase-keys-3.0.0.tgz#c5e7d442e37ead247ae9db117a9d0a467c89d4f2" + resolved "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz" integrity sha512-ozCC6gdQ+glXOQsveKD0YsDy8DSQFjDTz4zyzEHNV5+JP5D62LmfDZ6o1cycFx9ouG940M5dE8C8CTewdj2YWQ== lru-cache@^5.1.1: version "5.1.1" - resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-5.1.1.tgz#1da27e6710271947695daf6848e847f01d84b920" + resolved "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz" integrity sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w== dependencies: yallist "^3.0.2" markdown-extensions@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/markdown-extensions/-/markdown-extensions-2.0.0.tgz#34bebc83e9938cae16e0e017e4a9814a8330d3c4" + resolved "https://registry.npmjs.org/markdown-extensions/-/markdown-extensions-2.0.0.tgz" integrity sha512-o5vL7aDWatOTX8LzaS1WMoaoxIiLRQJuIKKe2wAw6IeULDHaqbiqiggmx+pKvZDb1Sj+pE46Sn1T7lCqfFtg1Q== markdown-table@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/markdown-table/-/markdown-table-2.0.0.tgz#194a90ced26d31fe753d8b9434430214c011865b" + resolved "https://registry.npmjs.org/markdown-table/-/markdown-table-2.0.0.tgz" integrity sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A== dependencies: repeat-string "^1.0.0" markdown-table@^3.0.0: version "3.0.4" - resolved "https://registry.yarnpkg.com/markdown-table/-/markdown-table-3.0.4.tgz#fe44d6d410ff9d6f2ea1797a3f60aa4d2b631c2a" + resolved "https://registry.npmjs.org/markdown-table/-/markdown-table-3.0.4.tgz" integrity sha512-wiYz4+JrLyb/DqW2hkFJxP7Vd7JuTDm77fvbM8VfEQdmSMqcImWeeRbHwZjBjIFki/VaMK2BhFi7oUUZeM5bqw== marked@^16.3.0: version "16.4.1" - resolved "https://registry.yarnpkg.com/marked/-/marked-16.4.1.tgz#db37c878cfa28fa57b8dd471fe92a83282911052" + resolved "https://registry.npmjs.org/marked/-/marked-16.4.1.tgz" integrity sha512-ntROs7RaN3EvWfy3EZi14H4YxmT6A5YvywfhO+0pm+cH/dnSQRmdAmoFIc3B9aiwTehyk7pESH4ofyBY+V5hZg== math-intrinsics@^1.1.0: version "1.1.0" - resolved "https://registry.yarnpkg.com/math-intrinsics/-/math-intrinsics-1.1.0.tgz#a0dd74be81e2aa5c2f27e65ce283605ee4e2b7f9" + resolved "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz" integrity sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g== mdast-util-directive@^3.0.0: version "3.1.0" - resolved "https://registry.yarnpkg.com/mdast-util-directive/-/mdast-util-directive-3.1.0.tgz#f3656f4aab6ae3767d3c72cfab5e8055572ccba1" + resolved "https://registry.npmjs.org/mdast-util-directive/-/mdast-util-directive-3.1.0.tgz" integrity sha512-I3fNFt+DHmpWCYAT7quoM6lHf9wuqtI+oCOfvILnoicNIqjh5E3dEJWiXuYME2gNe8vl1iMQwyUHa7bgFmak6Q== dependencies: "@types/mdast" "^4.0.0" @@ -5627,7 +5644,7 @@ mdast-util-directive@^3.0.0: mdast-util-find-and-replace@^3.0.0, mdast-util-find-and-replace@^3.0.1: version "3.0.2" - resolved "https://registry.yarnpkg.com/mdast-util-find-and-replace/-/mdast-util-find-and-replace-3.0.2.tgz#70a3174c894e14df722abf43bc250cbae44b11df" + resolved "https://registry.npmjs.org/mdast-util-find-and-replace/-/mdast-util-find-and-replace-3.0.2.tgz" integrity sha512-Tmd1Vg/m3Xz43afeNxDIhWRtFZgM2VLyaf4vSTYwudTyeuTneoL3qtWMA5jeLyz/O1vDJmmV4QuScFCA2tBPwg== dependencies: "@types/mdast" "^4.0.0" @@ -5637,7 +5654,7 @@ mdast-util-find-and-replace@^3.0.0, mdast-util-find-and-replace@^3.0.1: mdast-util-from-markdown@^2.0.0: version "2.0.2" - resolved "https://registry.yarnpkg.com/mdast-util-from-markdown/-/mdast-util-from-markdown-2.0.2.tgz#4850390ca7cf17413a9b9a0fbefcd1bc0eb4160a" + resolved "https://registry.npmjs.org/mdast-util-from-markdown/-/mdast-util-from-markdown-2.0.2.tgz" integrity sha512-uZhTV/8NBuw0WHkPTrCqDOl0zVe1BIng5ZtHoDk49ME1qqcjYmmLmOf0gELgcRMxN4w2iuIeVso5/6QymSrgmA== dependencies: "@types/mdast" "^4.0.0" @@ -5655,7 +5672,7 @@ mdast-util-from-markdown@^2.0.0: mdast-util-frontmatter@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/mdast-util-frontmatter/-/mdast-util-frontmatter-2.0.1.tgz#f5f929eb1eb36c8a7737475c7eb438261f964ee8" + resolved "https://registry.npmjs.org/mdast-util-frontmatter/-/mdast-util-frontmatter-2.0.1.tgz" integrity sha512-LRqI9+wdgC25P0URIJY9vwocIzCcksduHQ9OF2joxQoyTNVduwLAFUzjoopuRJbJAReaKrNQKAZKL3uCMugWJA== dependencies: "@types/mdast" "^4.0.0" @@ -5667,7 +5684,7 @@ mdast-util-frontmatter@^2.0.0: mdast-util-gfm-autolink-literal@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/mdast-util-gfm-autolink-literal/-/mdast-util-gfm-autolink-literal-2.0.1.tgz#abd557630337bd30a6d5a4bd8252e1c2dc0875d5" + resolved "https://registry.npmjs.org/mdast-util-gfm-autolink-literal/-/mdast-util-gfm-autolink-literal-2.0.1.tgz" integrity sha512-5HVP2MKaP6L+G6YaxPNjuL0BPrq9orG3TsrZ9YXbA3vDw/ACI4MEsnoDpn6ZNm7GnZgtAcONJyPhOP8tNJQavQ== dependencies: "@types/mdast" "^4.0.0" @@ -5678,7 +5695,7 @@ mdast-util-gfm-autolink-literal@^2.0.0: mdast-util-gfm-footnote@^2.0.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/mdast-util-gfm-footnote/-/mdast-util-gfm-footnote-2.1.0.tgz#7778e9d9ca3df7238cc2bd3fa2b1bf6a65b19403" + resolved "https://registry.npmjs.org/mdast-util-gfm-footnote/-/mdast-util-gfm-footnote-2.1.0.tgz" integrity sha512-sqpDWlsHn7Ac9GNZQMeUzPQSMzR6Wv0WKRNvQRg0KqHh02fpTz69Qc1QSseNX29bhz1ROIyNyxExfawVKTm1GQ== dependencies: "@types/mdast" "^4.0.0" @@ -5689,7 +5706,7 @@ mdast-util-gfm-footnote@^2.0.0: mdast-util-gfm-strikethrough@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/mdast-util-gfm-strikethrough/-/mdast-util-gfm-strikethrough-2.0.0.tgz#d44ef9e8ed283ac8c1165ab0d0dfd058c2764c16" + resolved "https://registry.npmjs.org/mdast-util-gfm-strikethrough/-/mdast-util-gfm-strikethrough-2.0.0.tgz" integrity sha512-mKKb915TF+OC5ptj5bJ7WFRPdYtuHv0yTRxK2tJvi+BDqbkiG7h7u/9SI89nRAYcmap2xHQL9D+QG/6wSrTtXg== dependencies: "@types/mdast" "^4.0.0" @@ -5698,7 +5715,7 @@ mdast-util-gfm-strikethrough@^2.0.0: mdast-util-gfm-table@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/mdast-util-gfm-table/-/mdast-util-gfm-table-2.0.0.tgz#7a435fb6223a72b0862b33afbd712b6dae878d38" + resolved "https://registry.npmjs.org/mdast-util-gfm-table/-/mdast-util-gfm-table-2.0.0.tgz" integrity sha512-78UEvebzz/rJIxLvE7ZtDd/vIQ0RHv+3Mh5DR96p7cS7HsBhYIICDBCu8csTNWNO6tBWfqXPWekRuj2FNOGOZg== dependencies: "@types/mdast" "^4.0.0" @@ -5709,7 +5726,7 @@ mdast-util-gfm-table@^2.0.0: mdast-util-gfm-task-list-item@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/mdast-util-gfm-task-list-item/-/mdast-util-gfm-task-list-item-2.0.0.tgz#e68095d2f8a4303ef24094ab642e1047b991a936" + resolved "https://registry.npmjs.org/mdast-util-gfm-task-list-item/-/mdast-util-gfm-task-list-item-2.0.0.tgz" integrity sha512-IrtvNvjxC1o06taBAVJznEnkiHxLFTzgonUdy8hzFVeDun0uTjxxrRGVaNFqkU1wJR3RBPEfsxmU6jDWPofrTQ== dependencies: "@types/mdast" "^4.0.0" @@ -5719,7 +5736,7 @@ mdast-util-gfm-task-list-item@^2.0.0: mdast-util-gfm@^3.0.0: version "3.1.0" - resolved "https://registry.yarnpkg.com/mdast-util-gfm/-/mdast-util-gfm-3.1.0.tgz#2cdf63b92c2a331406b0fb0db4c077c1b0331751" + resolved "https://registry.npmjs.org/mdast-util-gfm/-/mdast-util-gfm-3.1.0.tgz" integrity sha512-0ulfdQOM3ysHhCJ1p06l0b0VKlhU0wuQs3thxZQagjcjPrlFRqY215uZGHHJan9GEAXd9MbfPjFJz+qMkVR6zQ== dependencies: mdast-util-from-markdown "^2.0.0" @@ -5732,7 +5749,7 @@ mdast-util-gfm@^3.0.0: mdast-util-mdx-expression@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/mdast-util-mdx-expression/-/mdast-util-mdx-expression-2.0.1.tgz#43f0abac9adc756e2086f63822a38c8d3c3a5096" + resolved "https://registry.npmjs.org/mdast-util-mdx-expression/-/mdast-util-mdx-expression-2.0.1.tgz" integrity sha512-J6f+9hUp+ldTZqKRSg7Vw5V6MqjATc+3E4gf3CFNcuZNWD8XdyI6zQ8GqH7f8169MM6P7hMBRDVGnn7oHB9kXQ== dependencies: "@types/estree-jsx" "^1.0.0" @@ -5744,7 +5761,7 @@ mdast-util-mdx-expression@^2.0.0: mdast-util-mdx-jsx@^3.0.0: version "3.2.0" - resolved "https://registry.yarnpkg.com/mdast-util-mdx-jsx/-/mdast-util-mdx-jsx-3.2.0.tgz#fd04c67a2a7499efb905a8a5c578dddc9fdada0d" + resolved "https://registry.npmjs.org/mdast-util-mdx-jsx/-/mdast-util-mdx-jsx-3.2.0.tgz" integrity sha512-lj/z8v0r6ZtsN/cGNNtemmmfoLAFZnjMbNyLzBafjzikOM+glrjNHPlf6lQDOTccj9n5b0PPihEBbhneMyGs1Q== dependencies: "@types/estree-jsx" "^1.0.0" @@ -5762,7 +5779,7 @@ mdast-util-mdx-jsx@^3.0.0: mdast-util-mdx@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/mdast-util-mdx/-/mdast-util-mdx-3.0.0.tgz#792f9cf0361b46bee1fdf1ef36beac424a099c41" + resolved "https://registry.npmjs.org/mdast-util-mdx/-/mdast-util-mdx-3.0.0.tgz" integrity sha512-JfbYLAW7XnYTTbUsmpu0kdBUVe+yKVJZBItEjwyYJiDJuZ9w4eeaqks4HQO+R7objWgS2ymV60GYpI14Ug554w== dependencies: mdast-util-from-markdown "^2.0.0" @@ -5773,7 +5790,7 @@ mdast-util-mdx@^3.0.0: mdast-util-mdxjs-esm@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/mdast-util-mdxjs-esm/-/mdast-util-mdxjs-esm-2.0.1.tgz#019cfbe757ad62dd557db35a695e7314bcc9fa97" + resolved "https://registry.npmjs.org/mdast-util-mdxjs-esm/-/mdast-util-mdxjs-esm-2.0.1.tgz" integrity sha512-EcmOpxsZ96CvlP03NghtH1EsLtr0n9Tm4lPUJUBccV9RwUOneqSycg19n5HGzCf+10LozMRSObtVr3ee1WoHtg== dependencies: "@types/estree-jsx" "^1.0.0" @@ -5785,7 +5802,7 @@ mdast-util-mdxjs-esm@^2.0.0: mdast-util-phrasing@^4.0.0: version "4.1.0" - resolved "https://registry.yarnpkg.com/mdast-util-phrasing/-/mdast-util-phrasing-4.1.0.tgz#7cc0a8dec30eaf04b7b1a9661a92adb3382aa6e3" + resolved "https://registry.npmjs.org/mdast-util-phrasing/-/mdast-util-phrasing-4.1.0.tgz" integrity sha512-TqICwyvJJpBwvGAMZjj4J2n0X8QWp21b9l0o7eXyVJ25YNWYbJDVIyD1bZXE6WtV6RmKJVYmQAKWa0zWOABz2w== dependencies: "@types/mdast" "^4.0.0" @@ -5793,7 +5810,7 @@ mdast-util-phrasing@^4.0.0: mdast-util-to-hast@^13.0.0: version "13.2.0" - resolved "https://registry.yarnpkg.com/mdast-util-to-hast/-/mdast-util-to-hast-13.2.0.tgz#5ca58e5b921cc0a3ded1bc02eed79a4fe4fe41f4" + resolved "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-13.2.0.tgz" integrity sha512-QGYKEuUsYT9ykKBCMOEDLsU5JRObWQusAolFMeko/tYPufNkRffBAQjIE+99jbA87xv6FgmjLtwjh9wBWajwAA== dependencies: "@types/hast" "^3.0.0" @@ -5808,7 +5825,7 @@ mdast-util-to-hast@^13.0.0: mdast-util-to-markdown@^2.0.0: version "2.1.2" - resolved "https://registry.yarnpkg.com/mdast-util-to-markdown/-/mdast-util-to-markdown-2.1.2.tgz#f910ffe60897f04bb4b7e7ee434486f76288361b" + resolved "https://registry.npmjs.org/mdast-util-to-markdown/-/mdast-util-to-markdown-2.1.2.tgz" integrity sha512-xj68wMTvGXVOKonmog6LwyJKrYXZPvlwabaryTjLh9LuvovB/KAH+kvi8Gjj+7rJjsFi23nkUxRQv1KqSroMqA== dependencies: "@types/mdast" "^4.0.0" @@ -5823,29 +5840,29 @@ mdast-util-to-markdown@^2.0.0: mdast-util-to-string@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/mdast-util-to-string/-/mdast-util-to-string-4.0.0.tgz#7a5121475556a04e7eddeb67b264aae79d312814" + resolved "https://registry.npmjs.org/mdast-util-to-string/-/mdast-util-to-string-4.0.0.tgz" integrity sha512-0H44vDimn51F0YwvxSJSm0eCDOJTRlmN0R1yBh4HLj9wiV1Dn0QoXGbvFAWj2hSItVTlCmBF1hqKlIyUBVFLPg== dependencies: "@types/mdast" "^4.0.0" mdn-data@2.0.28: version "2.0.28" - resolved "https://registry.yarnpkg.com/mdn-data/-/mdn-data-2.0.28.tgz#5ec48e7bef120654539069e1ae4ddc81ca490eba" + resolved "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.28.tgz" integrity sha512-aylIc7Z9y4yzHYAJNuESG3hfhC+0Ibp/MAMiaOZgNv4pmEdFyfZhhhny4MNiAfWdBQ1RQ2mfDWmM1x8SvGyp8g== mdn-data@2.0.30: version "2.0.30" - resolved "https://registry.yarnpkg.com/mdn-data/-/mdn-data-2.0.30.tgz#ce4df6f80af6cfbe218ecd5c552ba13c4dfa08cc" + resolved "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.30.tgz" integrity sha512-GaqWWShW4kv/G9IEucWScBx9G1/vsFZZJUO+tD26M8J8z3Kw5RDQjaoZe03YAClgeS/SWPOcb4nkFBTEi5DUEA== media-typer@0.3.0: version "0.3.0" - resolved "https://registry.yarnpkg.com/media-typer/-/media-typer-0.3.0.tgz#8710d7af0aa626f8fffa1ce00168545263255748" + resolved "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz" integrity sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ== memfs@^4.43.1: version "4.49.0" - resolved "https://registry.yarnpkg.com/memfs/-/memfs-4.49.0.tgz#bc35069570d41a31c62e31f1a6ec6057a8ea82f0" + resolved "https://registry.npmjs.org/memfs/-/memfs-4.49.0.tgz" integrity sha512-L9uC9vGuc4xFybbdOpRLoOAOq1YEBBsocCs5NVW32DfU+CZWWIn3OVF+lB8Gp4ttBVSMazwrTrjv8ussX/e3VQ== dependencies: "@jsonjoy.com/json-pack" "^1.11.0" @@ -5857,27 +5874,27 @@ memfs@^4.43.1: merge-descriptors@1.0.3: version "1.0.3" - resolved "https://registry.yarnpkg.com/merge-descriptors/-/merge-descriptors-1.0.3.tgz#d80319a65f3c7935351e5cfdac8f9318504dbed5" + resolved "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz" integrity sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ== merge-stream@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/merge-stream/-/merge-stream-2.0.0.tgz#52823629a14dd00c9770fb6ad47dc6310f2c1f60" + resolved "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz" integrity sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w== merge2@^1.3.0, merge2@^1.4.1: version "1.4.1" - resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae" + resolved "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz" integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg== methods@~1.1.2: version "1.1.2" - resolved "https://registry.yarnpkg.com/methods/-/methods-1.1.2.tgz#5529a4d67654134edcc5266656835b0f851afcee" + resolved "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz" integrity sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w== micromark-core-commonmark@^2.0.0: version "2.0.3" - resolved "https://registry.yarnpkg.com/micromark-core-commonmark/-/micromark-core-commonmark-2.0.3.tgz#c691630e485021a68cf28dbc2b2ca27ebf678cd4" + resolved "https://registry.npmjs.org/micromark-core-commonmark/-/micromark-core-commonmark-2.0.3.tgz" integrity sha512-RDBrHEMSxVFLg6xvnXmb1Ayr2WzLAWjeSATAoxwKYJV94TeNavgoIdA0a9ytzDSVzBy2YKFK+emCPOEibLeCrg== dependencies: decode-named-character-reference "^1.0.0" @@ -5899,7 +5916,7 @@ micromark-core-commonmark@^2.0.0: micromark-extension-directive@^3.0.0: version "3.0.2" - resolved "https://registry.yarnpkg.com/micromark-extension-directive/-/micromark-extension-directive-3.0.2.tgz#2eb61985d1995a7c1ff7621676a4f32af29409e8" + resolved "https://registry.npmjs.org/micromark-extension-directive/-/micromark-extension-directive-3.0.2.tgz" integrity sha512-wjcXHgk+PPdmvR58Le9d7zQYWy+vKEU9Se44p2CrCDPiLr2FMyiT4Fyb5UFKFC66wGB3kPlgD7q3TnoqPS7SZA== dependencies: devlop "^1.0.0" @@ -5912,7 +5929,7 @@ micromark-extension-directive@^3.0.0: micromark-extension-frontmatter@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/micromark-extension-frontmatter/-/micromark-extension-frontmatter-2.0.0.tgz#651c52ffa5d7a8eeed687c513cd869885882d67a" + resolved "https://registry.npmjs.org/micromark-extension-frontmatter/-/micromark-extension-frontmatter-2.0.0.tgz" integrity sha512-C4AkuM3dA58cgZha7zVnuVxBhDsbttIMiytjgsM2XbHAB2faRVaHRle40558FBN+DJcrLNCoqG5mlrpdU4cRtg== dependencies: fault "^2.0.0" @@ -5922,7 +5939,7 @@ micromark-extension-frontmatter@^2.0.0: micromark-extension-gfm-autolink-literal@^2.0.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/micromark-extension-gfm-autolink-literal/-/micromark-extension-gfm-autolink-literal-2.1.0.tgz#6286aee9686c4462c1e3552a9d505feddceeb935" + resolved "https://registry.npmjs.org/micromark-extension-gfm-autolink-literal/-/micromark-extension-gfm-autolink-literal-2.1.0.tgz" integrity sha512-oOg7knzhicgQ3t4QCjCWgTmfNhvQbDDnJeVu9v81r7NltNCVmhPy1fJRX27pISafdjL+SVc4d3l48Gb6pbRypw== dependencies: micromark-util-character "^2.0.0" @@ -5932,7 +5949,7 @@ micromark-extension-gfm-autolink-literal@^2.0.0: micromark-extension-gfm-footnote@^2.0.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/micromark-extension-gfm-footnote/-/micromark-extension-gfm-footnote-2.1.0.tgz#4dab56d4e398b9853f6fe4efac4fc9361f3e0750" + resolved "https://registry.npmjs.org/micromark-extension-gfm-footnote/-/micromark-extension-gfm-footnote-2.1.0.tgz" integrity sha512-/yPhxI1ntnDNsiHtzLKYnE3vf9JZ6cAisqVDauhp4CEHxlb4uoOTxOCJ+9s51bIB8U1N1FJ1RXOKTIlD5B/gqw== dependencies: devlop "^1.0.0" @@ -5946,7 +5963,7 @@ micromark-extension-gfm-footnote@^2.0.0: micromark-extension-gfm-strikethrough@^2.0.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/micromark-extension-gfm-strikethrough/-/micromark-extension-gfm-strikethrough-2.1.0.tgz#86106df8b3a692b5f6a92280d3879be6be46d923" + resolved "https://registry.npmjs.org/micromark-extension-gfm-strikethrough/-/micromark-extension-gfm-strikethrough-2.1.0.tgz" integrity sha512-ADVjpOOkjz1hhkZLlBiYA9cR2Anf8F4HqZUO6e5eDcPQd0Txw5fxLzzxnEkSkfnD0wziSGiv7sYhk/ktvbf1uw== dependencies: devlop "^1.0.0" @@ -5958,7 +5975,7 @@ micromark-extension-gfm-strikethrough@^2.0.0: micromark-extension-gfm-table@^2.0.0: version "2.1.1" - resolved "https://registry.yarnpkg.com/micromark-extension-gfm-table/-/micromark-extension-gfm-table-2.1.1.tgz#fac70bcbf51fe65f5f44033118d39be8a9b5940b" + resolved "https://registry.npmjs.org/micromark-extension-gfm-table/-/micromark-extension-gfm-table-2.1.1.tgz" integrity sha512-t2OU/dXXioARrC6yWfJ4hqB7rct14e8f7m0cbI5hUmDyyIlwv5vEtooptH8INkbLzOatzKuVbQmAYcbWoyz6Dg== dependencies: devlop "^1.0.0" @@ -5969,14 +5986,14 @@ micromark-extension-gfm-table@^2.0.0: micromark-extension-gfm-tagfilter@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/micromark-extension-gfm-tagfilter/-/micromark-extension-gfm-tagfilter-2.0.0.tgz#f26d8a7807b5985fba13cf61465b58ca5ff7dc57" + resolved "https://registry.npmjs.org/micromark-extension-gfm-tagfilter/-/micromark-extension-gfm-tagfilter-2.0.0.tgz" integrity sha512-xHlTOmuCSotIA8TW1mDIM6X2O1SiX5P9IuDtqGonFhEK0qgRI4yeC6vMxEV2dgyr2TiD+2PQ10o+cOhdVAcwfg== dependencies: micromark-util-types "^2.0.0" micromark-extension-gfm-task-list-item@^2.0.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/micromark-extension-gfm-task-list-item/-/micromark-extension-gfm-task-list-item-2.1.0.tgz#bcc34d805639829990ec175c3eea12bb5b781f2c" + resolved "https://registry.npmjs.org/micromark-extension-gfm-task-list-item/-/micromark-extension-gfm-task-list-item-2.1.0.tgz" integrity sha512-qIBZhqxqI6fjLDYFTBIa4eivDMnP+OZqsNwmQ3xNLE4Cxwc+zfQEfbs6tzAo2Hjq+bh6q5F+Z8/cksrLFYWQQw== dependencies: devlop "^1.0.0" @@ -5987,7 +6004,7 @@ micromark-extension-gfm-task-list-item@^2.0.0: micromark-extension-gfm@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/micromark-extension-gfm/-/micromark-extension-gfm-3.0.0.tgz#3e13376ab95dd7a5cfd0e29560dfe999657b3c5b" + resolved "https://registry.npmjs.org/micromark-extension-gfm/-/micromark-extension-gfm-3.0.0.tgz" integrity sha512-vsKArQsicm7t0z2GugkCKtZehqUm31oeGBV/KVSorWSy8ZlNAv7ytjFhvaryUiCUJYqs+NoE6AFhpQvBTM6Q4w== dependencies: micromark-extension-gfm-autolink-literal "^2.0.0" @@ -6001,7 +6018,7 @@ micromark-extension-gfm@^3.0.0: micromark-extension-mdx-expression@^3.0.0: version "3.0.1" - resolved "https://registry.yarnpkg.com/micromark-extension-mdx-expression/-/micromark-extension-mdx-expression-3.0.1.tgz#43d058d999532fb3041195a3c3c05c46fa84543b" + resolved "https://registry.npmjs.org/micromark-extension-mdx-expression/-/micromark-extension-mdx-expression-3.0.1.tgz" integrity sha512-dD/ADLJ1AeMvSAKBwO22zG22N4ybhe7kFIZ3LsDI0GlsNr2A3KYxb0LdC1u5rj4Nw+CHKY0RVdnHX8vj8ejm4Q== dependencies: "@types/estree" "^1.0.0" @@ -6015,7 +6032,7 @@ micromark-extension-mdx-expression@^3.0.0: micromark-extension-mdx-jsx@^3.0.0: version "3.0.2" - resolved "https://registry.yarnpkg.com/micromark-extension-mdx-jsx/-/micromark-extension-mdx-jsx-3.0.2.tgz#ffc98bdb649798902fa9fc5689f67f9c1c902044" + resolved "https://registry.npmjs.org/micromark-extension-mdx-jsx/-/micromark-extension-mdx-jsx-3.0.2.tgz" integrity sha512-e5+q1DjMh62LZAJOnDraSSbDMvGJ8x3cbjygy2qFEi7HCeUT4BDKCvMozPozcD6WmOt6sVvYDNBKhFSz3kjOVQ== dependencies: "@types/estree" "^1.0.0" @@ -6031,14 +6048,14 @@ micromark-extension-mdx-jsx@^3.0.0: micromark-extension-mdx-md@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/micromark-extension-mdx-md/-/micromark-extension-mdx-md-2.0.0.tgz#1d252881ea35d74698423ab44917e1f5b197b92d" + resolved "https://registry.npmjs.org/micromark-extension-mdx-md/-/micromark-extension-mdx-md-2.0.0.tgz" integrity sha512-EpAiszsB3blw4Rpba7xTOUptcFeBFi+6PY8VnJ2hhimH+vCQDirWgsMpz7w1XcZE7LVrSAUGb9VJpG9ghlYvYQ== dependencies: micromark-util-types "^2.0.0" micromark-extension-mdxjs-esm@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/micromark-extension-mdxjs-esm/-/micromark-extension-mdxjs-esm-3.0.0.tgz#de21b2b045fd2059bd00d36746081de38390d54a" + resolved "https://registry.npmjs.org/micromark-extension-mdxjs-esm/-/micromark-extension-mdxjs-esm-3.0.0.tgz" integrity sha512-DJFl4ZqkErRpq/dAPyeWp15tGrcrrJho1hKK5uBS70BCtfrIFg81sqcTVu3Ta+KD1Tk5vAtBNElWxtAa+m8K9A== dependencies: "@types/estree" "^1.0.0" @@ -6053,7 +6070,7 @@ micromark-extension-mdxjs-esm@^3.0.0: micromark-extension-mdxjs@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/micromark-extension-mdxjs/-/micromark-extension-mdxjs-3.0.0.tgz#b5a2e0ed449288f3f6f6c544358159557549de18" + resolved "https://registry.npmjs.org/micromark-extension-mdxjs/-/micromark-extension-mdxjs-3.0.0.tgz" integrity sha512-A873fJfhnJ2siZyUrJ31l34Uqwy4xIFmvPY1oj+Ean5PHcPBYzEsvqvWGaWcfEIr11O5Dlw3p2y0tZWpKHDejQ== dependencies: acorn "^8.0.0" @@ -6067,7 +6084,7 @@ micromark-extension-mdxjs@^3.0.0: micromark-factory-destination@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-factory-destination/-/micromark-factory-destination-2.0.1.tgz#8fef8e0f7081f0474fbdd92deb50c990a0264639" + resolved "https://registry.npmjs.org/micromark-factory-destination/-/micromark-factory-destination-2.0.1.tgz" integrity sha512-Xe6rDdJlkmbFRExpTOmRj9N3MaWmbAgdpSrBQvCFqhezUn4AHqJHbaEnfbVYYiexVSs//tqOdY/DxhjdCiJnIA== dependencies: micromark-util-character "^2.0.0" @@ -6076,7 +6093,7 @@ micromark-factory-destination@^2.0.0: micromark-factory-label@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-factory-label/-/micromark-factory-label-2.0.1.tgz#5267efa97f1e5254efc7f20b459a38cb21058ba1" + resolved "https://registry.npmjs.org/micromark-factory-label/-/micromark-factory-label-2.0.1.tgz" integrity sha512-VFMekyQExqIW7xIChcXn4ok29YE3rnuyveW3wZQWWqF4Nv9Wk5rgJ99KzPvHjkmPXF93FXIbBp6YdW3t71/7Vg== dependencies: devlop "^1.0.0" @@ -6086,7 +6103,7 @@ micromark-factory-label@^2.0.0: micromark-factory-mdx-expression@^2.0.0: version "2.0.3" - resolved "https://registry.yarnpkg.com/micromark-factory-mdx-expression/-/micromark-factory-mdx-expression-2.0.3.tgz#bb09988610589c07d1c1e4425285895041b3dfa9" + resolved "https://registry.npmjs.org/micromark-factory-mdx-expression/-/micromark-factory-mdx-expression-2.0.3.tgz" integrity sha512-kQnEtA3vzucU2BkrIa8/VaSAsP+EJ3CKOvhMuJgOEGg9KDC6OAY6nSnNDVRiVNRqj7Y4SlSzcStaH/5jge8JdQ== dependencies: "@types/estree" "^1.0.0" @@ -6101,7 +6118,7 @@ micromark-factory-mdx-expression@^2.0.0: micromark-factory-space@^1.0.0: version "1.1.0" - resolved "https://registry.yarnpkg.com/micromark-factory-space/-/micromark-factory-space-1.1.0.tgz#c8f40b0640a0150751d3345ed885a080b0d15faf" + resolved "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-1.1.0.tgz" integrity sha512-cRzEj7c0OL4Mw2v6nwzttyOZe8XY/Z8G0rzmWQZTBi/jjwyw/U4uqKtUORXQrR5bAZZnbTI/feRV/R7hc4jQYQ== dependencies: micromark-util-character "^1.0.0" @@ -6109,7 +6126,7 @@ micromark-factory-space@^1.0.0: micromark-factory-space@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz#36d0212e962b2b3121f8525fc7a3c7c029f334fc" + resolved "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz" integrity sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg== dependencies: micromark-util-character "^2.0.0" @@ -6117,7 +6134,7 @@ micromark-factory-space@^2.0.0: micromark-factory-title@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-factory-title/-/micromark-factory-title-2.0.1.tgz#237e4aa5d58a95863f01032d9ee9b090f1de6e94" + resolved "https://registry.npmjs.org/micromark-factory-title/-/micromark-factory-title-2.0.1.tgz" integrity sha512-5bZ+3CjhAd9eChYTHsjy6TGxpOFSKgKKJPJxr293jTbfry2KDoWkhBb6TcPVB4NmzaPhMs1Frm9AZH7OD4Cjzw== dependencies: micromark-factory-space "^2.0.0" @@ -6127,7 +6144,7 @@ micromark-factory-title@^2.0.0: micromark-factory-whitespace@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-factory-whitespace/-/micromark-factory-whitespace-2.0.1.tgz#06b26b2983c4d27bfcc657b33e25134d4868b0b1" + resolved "https://registry.npmjs.org/micromark-factory-whitespace/-/micromark-factory-whitespace-2.0.1.tgz" integrity sha512-Ob0nuZ3PKt/n0hORHyvoD9uZhr+Za8sFoP+OnMcnWK5lngSzALgQYKMr9RJVOWLqQYuyn6ulqGWSXdwf6F80lQ== dependencies: micromark-factory-space "^2.0.0" @@ -6137,7 +6154,7 @@ micromark-factory-whitespace@^2.0.0: micromark-util-character@^1.0.0, micromark-util-character@^1.1.0: version "1.2.0" - resolved "https://registry.yarnpkg.com/micromark-util-character/-/micromark-util-character-1.2.0.tgz#4fedaa3646db249bc58caeb000eb3549a8ca5dcc" + resolved "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-1.2.0.tgz" integrity sha512-lXraTwcX3yH/vMDaFWCQJP1uIszLVebzUa3ZHdrgxr7KEU/9mL4mVgCpGbyhvNLNlauROiNUq7WN5u7ndbY6xg== dependencies: micromark-util-symbol "^1.0.0" @@ -6145,7 +6162,7 @@ micromark-util-character@^1.0.0, micromark-util-character@^1.1.0: micromark-util-character@^2.0.0: version "2.1.1" - resolved "https://registry.yarnpkg.com/micromark-util-character/-/micromark-util-character-2.1.1.tgz#2f987831a40d4c510ac261e89852c4e9703ccda6" + resolved "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz" integrity sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q== dependencies: micromark-util-symbol "^2.0.0" @@ -6153,14 +6170,14 @@ micromark-util-character@^2.0.0: micromark-util-chunked@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-util-chunked/-/micromark-util-chunked-2.0.1.tgz#47fbcd93471a3fccab86cff03847fc3552db1051" + resolved "https://registry.npmjs.org/micromark-util-chunked/-/micromark-util-chunked-2.0.1.tgz" integrity sha512-QUNFEOPELfmvv+4xiNg2sRYeS/P84pTW0TCgP5zc9FpXetHY0ab7SxKyAQCNCc1eK0459uoLI1y5oO5Vc1dbhA== dependencies: micromark-util-symbol "^2.0.0" micromark-util-classify-character@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-util-classify-character/-/micromark-util-classify-character-2.0.1.tgz#d399faf9c45ca14c8b4be98b1ea481bced87b629" + resolved "https://registry.npmjs.org/micromark-util-classify-character/-/micromark-util-classify-character-2.0.1.tgz" integrity sha512-K0kHzM6afW/MbeWYWLjoHQv1sgg2Q9EccHEDzSkxiP/EaagNzCm7T/WMKZ3rjMbvIpvBiZgwR3dKMygtA4mG1Q== dependencies: micromark-util-character "^2.0.0" @@ -6169,7 +6186,7 @@ micromark-util-classify-character@^2.0.0: micromark-util-combine-extensions@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-util-combine-extensions/-/micromark-util-combine-extensions-2.0.1.tgz#2a0f490ab08bff5cc2fd5eec6dd0ca04f89b30a9" + resolved "https://registry.npmjs.org/micromark-util-combine-extensions/-/micromark-util-combine-extensions-2.0.1.tgz" integrity sha512-OnAnH8Ujmy59JcyZw8JSbK9cGpdVY44NKgSM7E9Eh7DiLS2E9RNQf0dONaGDzEG9yjEl5hcqeIsj4hfRkLH/Bg== dependencies: micromark-util-chunked "^2.0.0" @@ -6177,14 +6194,14 @@ micromark-util-combine-extensions@^2.0.0: micromark-util-decode-numeric-character-reference@^2.0.0: version "2.0.2" - resolved "https://registry.yarnpkg.com/micromark-util-decode-numeric-character-reference/-/micromark-util-decode-numeric-character-reference-2.0.2.tgz#fcf15b660979388e6f118cdb6bf7d79d73d26fe5" + resolved "https://registry.npmjs.org/micromark-util-decode-numeric-character-reference/-/micromark-util-decode-numeric-character-reference-2.0.2.tgz" integrity sha512-ccUbYk6CwVdkmCQMyr64dXz42EfHGkPQlBj5p7YVGzq8I7CtjXZJrubAYezf7Rp+bjPseiROqe7G6foFd+lEuw== dependencies: micromark-util-symbol "^2.0.0" micromark-util-decode-string@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-util-decode-string/-/micromark-util-decode-string-2.0.1.tgz#6cb99582e5d271e84efca8e61a807994d7161eb2" + resolved "https://registry.npmjs.org/micromark-util-decode-string/-/micromark-util-decode-string-2.0.1.tgz" integrity sha512-nDV/77Fj6eH1ynwscYTOsbK7rR//Uj0bZXBwJZRfaLEJ1iGBR6kIfNmlNqaqJf649EP0F3NWNdeJi03elllNUQ== dependencies: decode-named-character-reference "^1.0.0" @@ -6194,12 +6211,12 @@ micromark-util-decode-string@^2.0.0: micromark-util-encode@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-util-encode/-/micromark-util-encode-2.0.1.tgz#0d51d1c095551cfaac368326963cf55f15f540b8" + resolved "https://registry.npmjs.org/micromark-util-encode/-/micromark-util-encode-2.0.1.tgz" integrity sha512-c3cVx2y4KqUnwopcO9b/SCdo2O67LwJJ/UyqGfbigahfegL9myoEFoDYZgkT7f36T0bLrM9hZTAaAyH+PCAXjw== micromark-util-events-to-acorn@^2.0.0: version "2.0.3" - resolved "https://registry.yarnpkg.com/micromark-util-events-to-acorn/-/micromark-util-events-to-acorn-2.0.3.tgz#e7a8a6b55a47e5a06c720d5a1c4abae8c37c98f3" + resolved "https://registry.npmjs.org/micromark-util-events-to-acorn/-/micromark-util-events-to-acorn-2.0.3.tgz" integrity sha512-jmsiEIiZ1n7X1Rr5k8wVExBQCg5jy4UXVADItHmNk1zkwEVhBuIUKRu3fqv+hs4nxLISi2DQGlqIOGiFxgbfHg== dependencies: "@types/estree" "^1.0.0" @@ -6212,26 +6229,26 @@ micromark-util-events-to-acorn@^2.0.0: micromark-util-html-tag-name@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-util-html-tag-name/-/micromark-util-html-tag-name-2.0.1.tgz#e40403096481986b41c106627f98f72d4d10b825" + resolved "https://registry.npmjs.org/micromark-util-html-tag-name/-/micromark-util-html-tag-name-2.0.1.tgz" integrity sha512-2cNEiYDhCWKI+Gs9T0Tiysk136SnR13hhO8yW6BGNyhOC4qYFnwF1nKfD3HFAIXA5c45RrIG1ub11GiXeYd1xA== micromark-util-normalize-identifier@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-util-normalize-identifier/-/micromark-util-normalize-identifier-2.0.1.tgz#c30d77b2e832acf6526f8bf1aa47bc9c9438c16d" + resolved "https://registry.npmjs.org/micromark-util-normalize-identifier/-/micromark-util-normalize-identifier-2.0.1.tgz" integrity sha512-sxPqmo70LyARJs0w2UclACPUUEqltCkJ6PhKdMIDuJ3gSf/Q+/GIe3WKl0Ijb/GyH9lOpUkRAO2wp0GVkLvS9Q== dependencies: micromark-util-symbol "^2.0.0" micromark-util-resolve-all@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-util-resolve-all/-/micromark-util-resolve-all-2.0.1.tgz#e1a2d62cdd237230a2ae11839027b19381e31e8b" + resolved "https://registry.npmjs.org/micromark-util-resolve-all/-/micromark-util-resolve-all-2.0.1.tgz" integrity sha512-VdQyxFWFT2/FGJgwQnJYbe1jjQoNTS4RjglmSjTUlpUMa95Htx9NHeYW4rGDJzbjvCsl9eLjMQwGeElsqmzcHg== dependencies: micromark-util-types "^2.0.0" micromark-util-sanitize-uri@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-util-sanitize-uri/-/micromark-util-sanitize-uri-2.0.1.tgz#ab89789b818a58752b73d6b55238621b7faa8fd7" + resolved "https://registry.npmjs.org/micromark-util-sanitize-uri/-/micromark-util-sanitize-uri-2.0.1.tgz" integrity sha512-9N9IomZ/YuGGZZmQec1MbgxtlgougxTodVwDzzEouPKo3qFWvymFHWcnDi2vzV1ff6kas9ucW+o3yzJK9YB1AQ== dependencies: micromark-util-character "^2.0.0" @@ -6240,7 +6257,7 @@ micromark-util-sanitize-uri@^2.0.0: micromark-util-subtokenize@^2.0.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/micromark-util-subtokenize/-/micromark-util-subtokenize-2.1.0.tgz#d8ade5ba0f3197a1cf6a2999fbbfe6357a1a19ee" + resolved "https://registry.npmjs.org/micromark-util-subtokenize/-/micromark-util-subtokenize-2.1.0.tgz" integrity sha512-XQLu552iSctvnEcgXw6+Sx75GflAPNED1qx7eBJ+wydBb2KCbRZe+NwvIEEMM83uml1+2WSXpBAcp9IUCgCYWA== dependencies: devlop "^1.0.0" @@ -6250,27 +6267,27 @@ micromark-util-subtokenize@^2.0.0: micromark-util-symbol@^1.0.0, micromark-util-symbol@^1.0.1: version "1.1.0" - resolved "https://registry.yarnpkg.com/micromark-util-symbol/-/micromark-util-symbol-1.1.0.tgz#813cd17837bdb912d069a12ebe3a44b6f7063142" + resolved "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-1.1.0.tgz" integrity sha512-uEjpEYY6KMs1g7QfJ2eX1SQEV+ZT4rUD3UcF6l57acZvLNK7PBZL+ty82Z1qhK1/yXIY4bdx04FKMgR0g4IAag== micromark-util-symbol@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz#e5da494e8eb2b071a0d08fb34f6cefec6c0a19b8" + resolved "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz" integrity sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q== micromark-util-types@^1.0.0: version "1.1.0" - resolved "https://registry.yarnpkg.com/micromark-util-types/-/micromark-util-types-1.1.0.tgz#e6676a8cae0bb86a2171c498167971886cb7e283" + resolved "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-1.1.0.tgz" integrity sha512-ukRBgie8TIAcacscVHSiddHjO4k/q3pnedmzMQ4iwDcK0FtFCohKOlFbaOL/mPgfnPsL3C1ZyxJa4sbWrBl3jg== micromark-util-types@^2.0.0: version "2.0.2" - resolved "https://registry.yarnpkg.com/micromark-util-types/-/micromark-util-types-2.0.2.tgz#f00225f5f5a0ebc3254f96c36b6605c4b393908e" + resolved "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-2.0.2.tgz" integrity sha512-Yw0ECSpJoViF1qTU4DC6NwtC4aWGt1EkzaQB8KPPyCRR8z9TWeV0HbEFGTO+ZY1wB22zmxnJqhPyTpOVCpeHTA== micromark@^4.0.0: version "4.0.2" - resolved "https://registry.yarnpkg.com/micromark/-/micromark-4.0.2.tgz#91395a3e1884a198e62116e33c9c568e39936fdb" + resolved "https://registry.npmjs.org/micromark/-/micromark-4.0.2.tgz" integrity sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA== dependencies: "@types/debug" "^4.0.0" @@ -6293,66 +6310,85 @@ micromark@^4.0.0: micromatch@^4.0.2, micromatch@^4.0.5, micromatch@^4.0.8: version "4.0.8" - resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.8.tgz#d66fa18f3a47076789320b9b1af32bd86d9fa202" + resolved "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz" integrity sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA== dependencies: braces "^3.0.3" picomatch "^2.3.1" -mime-db@1.52.0: - version "1.52.0" - resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70" - integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg== +mime-db@^1.54.0: + version "1.54.0" + resolved "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz" + integrity sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ== -"mime-db@>= 1.43.0 < 2", mime-db@^1.54.0: +"mime-db@>= 1.43.0 < 2": version "1.54.0" - resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.54.0.tgz#cddb3ee4f9c64530dff640236661d42cb6a314f5" + resolved "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz" integrity sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ== mime-db@~1.33.0: version "1.33.0" - resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.33.0.tgz#a3492050a5cb9b63450541e39d9788d2272783db" + resolved "https://registry.npmjs.org/mime-db/-/mime-db-1.33.0.tgz" integrity sha512-BHJ/EKruNIqJf/QahvxwQZXKygOQ256myeN/Ew+THcAa5q+PjyTTMMeNQC4DZw5AwfvelsUrA6B67NKMqXDbzQ== -mime-types@2.1.18: - version "2.1.18" - resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.18.tgz#6f323f60a83d11146f831ff11fd66e2fe5503bb8" - integrity sha512-lc/aahn+t4/SWV/qcmumYjymLsWfN3ELhpmVuUFjgsORruuZPVSwAQryq+HHGvO/SI2KVX26bx+En+zhM8g8hQ== - dependencies: - mime-db "~1.33.0" +mime-db@1.52.0: + version "1.52.0" + resolved "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz" + integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg== -mime-types@^2.1.27, mime-types@~2.1.17, mime-types@~2.1.24, mime-types@~2.1.34: +mime-types@^2.1.27: version "2.1.35" - resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.35.tgz#381a871b62a734450660ae3deee44813f70d959a" + resolved "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz" integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== dependencies: mime-db "1.52.0" mime-types@^3.0.1: version "3.0.1" - resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-3.0.1.tgz#b1d94d6997a9b32fd69ebaed0db73de8acb519ce" + resolved "https://registry.npmjs.org/mime-types/-/mime-types-3.0.1.tgz" integrity sha512-xRc4oEhT6eaBpU1XF7AjpOFD+xQmXNB5OVKwp4tqCuBpHLS/ZbBDrc07mYTDqVMg6PfxUjjNp85O6Cd2Z/5HWA== dependencies: mime-db "^1.54.0" +mime-types@~2.1.17, mime-types@2.1.18: + version "2.1.18" + resolved "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz" + integrity sha512-lc/aahn+t4/SWV/qcmumYjymLsWfN3ELhpmVuUFjgsORruuZPVSwAQryq+HHGvO/SI2KVX26bx+En+zhM8g8hQ== + dependencies: + mime-db "~1.33.0" + +mime-types@~2.1.24: + version "2.1.35" + resolved "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz" + integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== + dependencies: + mime-db "1.52.0" + +mime-types@~2.1.34: + version "2.1.35" + resolved "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz" + integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== + dependencies: + mime-db "1.52.0" + mime@1.6.0: version "1.6.0" - resolved "https://registry.yarnpkg.com/mime/-/mime-1.6.0.tgz#32cd9e5c64553bd58d19a568af452acff04981b1" + resolved "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz" integrity sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg== mimic-fn@^2.1.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/mimic-fn/-/mimic-fn-2.1.0.tgz#7ed2c2ccccaf84d3ffcb7a69b57711fc2083401b" + resolved "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz" integrity sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg== mimic-response@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/mimic-response/-/mimic-response-4.0.0.tgz#35468b19e7c75d10f5165ea25e75a5ceea7cf70f" + resolved "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz" integrity sha512-e5ISH9xMYU0DzrT+jl8q2ze9D6eWBto+I8CNpe+VI+K2J/F/k3PdkdTdz4wvGVH4NTpo+NRYTVIuMQEMMcsLqg== mini-css-extract-plugin@^2.9.2: version "2.9.4" - resolved "https://registry.yarnpkg.com/mini-css-extract-plugin/-/mini-css-extract-plugin-2.9.4.tgz#cafa1a42f8c71357f49cd1566810d74ff1cb0200" + resolved "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.9.4.tgz" integrity sha512-ZWYT7ln73Hptxqxk2DxPU9MmapXRhxkJD6tkSR04dnQxm8BGu2hzgKLugK5yySD97u/8yy7Ma7E76k9ZdvtjkQ== dependencies: schema-utils "^4.0.0" @@ -6360,46 +6396,46 @@ mini-css-extract-plugin@^2.9.2: minimalistic-assert@^1.0.0: version "1.0.1" - resolved "https://registry.yarnpkg.com/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz#2e194de044626d4a10e7f7fbc00ce73e83e4d5c7" + resolved "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz" integrity sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A== -minimatch@3.1.2: - version "3.1.2" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b" - integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== - dependencies: - brace-expansion "^1.1.7" - minimatch@^9.0.3: version "9.0.9" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-9.0.9.tgz#9b0cb9fcb78087f6fd7eababe2511c4d3d60574e" + resolved "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz" integrity sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg== dependencies: brace-expansion "^2.0.2" +minimatch@3.1.2: + version "3.1.2" + resolved "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz" + integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== + dependencies: + brace-expansion "^1.1.7" + minimist@^1.2.0: version "1.2.8" - resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.8.tgz#c1a464e7693302e082a075cee0c057741ac4772c" + resolved "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz" integrity sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA== mrmime@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/mrmime/-/mrmime-2.0.1.tgz#bc3e87f7987853a54c9850eeb1f1078cd44adddc" + resolved "https://registry.npmjs.org/mrmime/-/mrmime-2.0.1.tgz" integrity sha512-Y3wQdFg2Va6etvQ5I82yUhGdsKrcYox6p7FfL1LbK2J4V01F9TGlepTIhnK24t7koZibmg82KGglhA1XK5IsLQ== +ms@^2.1.3, ms@2.1.3: + version "2.1.3" + resolved "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz" + integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA== + ms@2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8" + resolved "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz" integrity sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A== -ms@2.1.3, ms@^2.1.3: - version "2.1.3" - resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2" - integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA== - multicast-dns@^7.2.5: version "7.2.5" - resolved "https://registry.yarnpkg.com/multicast-dns/-/multicast-dns-7.2.5.tgz#77eb46057f4d7adbd16d9290fa7299f6fa64cced" + resolved "https://registry.npmjs.org/multicast-dns/-/multicast-dns-7.2.5.tgz" integrity sha512-2eznPJP8z2BFLX50tf0LuODrpINqP1RVIm/CObbTcBRITQgmC/TjcREF1NeTBzIcR5XO/ukWo+YHOjBbFwIupg== dependencies: dns-packet "^5.2.2" @@ -6407,27 +6443,27 @@ multicast-dns@^7.2.5: nanoid@^3.3.11: version "3.3.11" - resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.11.tgz#4f4f112cefbe303202f2199838128936266d185b" + resolved "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz" integrity sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w== -negotiator@0.6.3: - version "0.6.3" - resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.3.tgz#58e323a72fedc0d6f9cd4d31fe49f51479590ccd" - integrity sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg== - negotiator@~0.6.4: version "0.6.4" - resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.4.tgz#777948e2452651c570b712dd01c23e262713fff7" + resolved "https://registry.npmjs.org/negotiator/-/negotiator-0.6.4.tgz" integrity sha512-myRT3DiWPHqho5PrJaIRyaMv2kgYf0mUVgBNOYMuCH5Ki1yEiQaf/ZJuQ62nvpc44wL5WDbTX7yGJi1Neevw8w== +negotiator@0.6.3: + version "0.6.3" + resolved "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz" + integrity sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg== + neo-async@^2.6.2: version "2.6.2" - resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.2.tgz#b4aafb93e3aeb2d8174ca53cf163ab7d7308305f" + resolved "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz" integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw== no-case@^3.0.4: version "3.0.4" - resolved "https://registry.yarnpkg.com/no-case/-/no-case-3.0.4.tgz#d361fd5c9800f558551a8369fc0dcd4662b6124d" + resolved "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz" integrity sha512-fgAN3jGAh+RoxUGZHTSOLJIqUc2wmoBwGR4tbpNAKmmovFoWq0OdRkb0VkldReO2a2iBT/OEulG9XSUc10r3zg== dependencies: lower-case "^2.0.2" @@ -6435,7 +6471,7 @@ no-case@^3.0.4: node-emoji@^2.1.0: version "2.2.0" - resolved "https://registry.yarnpkg.com/node-emoji/-/node-emoji-2.2.0.tgz#1d000e3c76e462577895be1b436f4aa2d6760eb0" + resolved "https://registry.npmjs.org/node-emoji/-/node-emoji-2.2.0.tgz" integrity sha512-Z3lTE9pLaJF47NyMhd4ww1yFTAP8YhYI8SleJiHzM46Fgpm5cnNzSl9XfzFNqbaz+VlJrIj3fXQ4DeN1Rjm6cw== dependencies: "@sindresorhus/is" "^4.6.0" @@ -6445,51 +6481,51 @@ node-emoji@^2.1.0: node-forge@^1: version "1.3.1" - resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.3.1.tgz#be8da2af243b2417d5f646a770663a92b7e9ded3" + resolved "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz" integrity sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA== node-releases@^2.0.21: version "2.0.25" - resolved "https://registry.yarnpkg.com/node-releases/-/node-releases-2.0.25.tgz#95479437bd409231e03981c1f6abee67f5e962df" + resolved "https://registry.npmjs.org/node-releases/-/node-releases-2.0.25.tgz" integrity sha512-4auku8B/vw5psvTiiN9j1dAOsXvMoGqJuKJcR+dTdqiXEK20mMTk1UEo3HS16LeGQsVG6+qKTPM9u/qQ2LqATA== normalize-path@^3.0.0, normalize-path@~3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/normalize-path/-/normalize-path-3.0.0.tgz#0dcd69ff23a1c9b11fd0978316644a0388216a65" + resolved "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz" integrity sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA== normalize-range@^0.1.2: version "0.1.2" - resolved "https://registry.yarnpkg.com/normalize-range/-/normalize-range-0.1.2.tgz#2d10c06bdfd312ea9777695a4d28439456b75942" + resolved "https://registry.npmjs.org/normalize-range/-/normalize-range-0.1.2.tgz" integrity sha512-bdok/XvKII3nUpklnV6P2hxtMNrCboOjAcyBuQnWEhO665FwrSNRxU+AqpsyvO6LgGYPspN+lu5CLtw4jPRKNA== normalize-url@^8.1.0: version "8.1.0" - resolved "https://registry.yarnpkg.com/normalize-url/-/normalize-url-8.1.0.tgz#d33504f67970decf612946fd4880bc8c0983486d" + resolved "https://registry.npmjs.org/normalize-url/-/normalize-url-8.1.0.tgz" integrity sha512-X06Mfd/5aKsRHc0O0J5CUedwnPmnDtLF2+nq+KN9KSDlJHkPuh0JUviWjEWMe0SW/9TDdSLVPuk7L5gGTIA1/w== npm-run-path@^4.0.1: version "4.0.1" - resolved "https://registry.yarnpkg.com/npm-run-path/-/npm-run-path-4.0.1.tgz#b7ecd1e5ed53da8e37a55e1c2269e0b97ed748ea" + resolved "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz" integrity sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw== dependencies: path-key "^3.0.0" nprogress@^0.2.0: version "0.2.0" - resolved "https://registry.yarnpkg.com/nprogress/-/nprogress-0.2.0.tgz#cb8f34c53213d895723fcbab907e9422adbcafb1" + resolved "https://registry.npmjs.org/nprogress/-/nprogress-0.2.0.tgz" integrity sha512-I19aIingLgR1fmhftnbWWO3dXc0hSxqHQHQb3H8m+K3TnEn/iSeTZZOyvKXWqQESMwuUVnatlCnZdLBZZt2VSA== nth-check@^2.0.1: version "2.1.1" - resolved "https://registry.yarnpkg.com/nth-check/-/nth-check-2.1.1.tgz#c9eab428effce36cd6b92c924bdb000ef1f1ed1d" + resolved "https://registry.npmjs.org/nth-check/-/nth-check-2.1.1.tgz" integrity sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w== dependencies: boolbase "^1.0.0" null-loader@^4.0.1: version "4.0.1" - resolved "https://registry.yarnpkg.com/null-loader/-/null-loader-4.0.1.tgz#8e63bd3a2dd3c64236a4679428632edd0a6dbc6a" + resolved "https://registry.npmjs.org/null-loader/-/null-loader-4.0.1.tgz" integrity sha512-pxqVbi4U6N26lq+LmgIbB5XATP0VdZKOG25DhHi8btMmJJefGArFyDg1yc4U3hWCJbMqSrw0qyrz1UQX+qYXqg== dependencies: loader-utils "^2.0.0" @@ -6497,22 +6533,22 @@ null-loader@^4.0.1: object-assign@^4.1.1: version "4.1.1" - resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863" + resolved "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz" integrity sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg== object-inspect@^1.13.3: version "1.13.4" - resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.13.4.tgz#8375265e21bc20d0fa582c22e1b13485d6e00213" + resolved "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz" integrity sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew== object-keys@^1.1.1: version "1.1.1" - resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.1.1.tgz#1c47f272df277f3b1daf061677d9c82e2322c60e" + resolved "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz" integrity sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA== object.assign@^4.1.0: version "4.1.7" - resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.7.tgz#8c14ca1a424c6a561b0bb2a22f66f5049a945d3d" + resolved "https://registry.npmjs.org/object.assign/-/object.assign-4.1.7.tgz" integrity sha512-nK28WOo+QIjBkDduTINE4JkF/UJJKyf2EJxvJKfblDpyg0Q+pkOHNTL0Qwy6NP6FhE/EnzV73BxxqcJaXY9anw== dependencies: call-bind "^1.0.8" @@ -6524,31 +6560,31 @@ object.assign@^4.1.0: obuf@^1.0.0, obuf@^1.1.2: version "1.1.2" - resolved "https://registry.yarnpkg.com/obuf/-/obuf-1.1.2.tgz#09bea3343d41859ebd446292d11c9d4db619084e" + resolved "https://registry.npmjs.org/obuf/-/obuf-1.1.2.tgz" integrity sha512-PX1wu0AmAdPqOL1mWhqmlOd8kOIZQwGZw6rh7uby9fTc5lhaOWFLX3I6R1hrF9k3zUY40e6igsLGkDXK92LJNg== -on-finished@2.4.1, on-finished@^2.4.1: +on-finished@^2.4.1, on-finished@2.4.1: version "2.4.1" - resolved "https://registry.yarnpkg.com/on-finished/-/on-finished-2.4.1.tgz#58c8c44116e54845ad57f14ab10b03533184ac3f" + resolved "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz" integrity sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg== dependencies: ee-first "1.1.1" on-headers@~1.1.0: version "1.1.0" - resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.1.0.tgz#59da4f91c45f5f989c6e4bcedc5a3b0aed70ff65" + resolved "https://registry.npmjs.org/on-headers/-/on-headers-1.1.0.tgz" integrity sha512-737ZY3yNnXy37FHkQxPzt4UZ2UWPWiCZWLvFZ4fu5cueciegX0zGPnrlY6bwRg4FdQOe9YU8MkmJwGhoMybl8A== onetime@^5.1.2: version "5.1.2" - resolved "https://registry.yarnpkg.com/onetime/-/onetime-5.1.2.tgz#d0e96ebb56b07476df1dd9c4806e5237985ca45e" + resolved "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz" integrity sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg== dependencies: mimic-fn "^2.1.0" open@^10.0.3: version "10.2.0" - resolved "https://registry.yarnpkg.com/open/-/open-10.2.0.tgz#b9d855be007620e80b6fb05fac98141fe62db73c" + resolved "https://registry.npmjs.org/open/-/open-10.2.0.tgz" integrity sha512-YgBpdJHPyQ2UE5x+hlSXcnejzAvD0b22U2OuAP+8OnlJT+PjWPxtgmGqKKc+RgTM63U9gN0YzrYc71R2WT/hTA== dependencies: default-browser "^5.2.1" @@ -6558,7 +6594,7 @@ open@^10.0.3: open@^8.4.0: version "8.4.2" - resolved "https://registry.yarnpkg.com/open/-/open-8.4.2.tgz#5b5ffe2a8f793dcd2aad73e550cb87b59cb084f9" + resolved "https://registry.npmjs.org/open/-/open-8.4.2.tgz" integrity sha512-7x81NCL719oNbsq/3mh+hVrAWmFuEYUqrq/Iw3kUzH8ReypT9QQ0BLoJS7/G9k6N81XjW4qHWtjWwe/9eLy1EQ== dependencies: define-lazy-prop "^2.0.0" @@ -6567,43 +6603,43 @@ open@^8.4.0: opener@^1.5.2: version "1.5.2" - resolved "https://registry.yarnpkg.com/opener/-/opener-1.5.2.tgz#5d37e1f35077b9dcac4301372271afdeb2a13598" + resolved "https://registry.npmjs.org/opener/-/opener-1.5.2.tgz" integrity sha512-ur5UIdyw5Y7yEj9wLzhqXiy6GZ3Mwx0yGI+5sMn2r0N0v3cKJvUmFH5yPP+WXh9e0xfyzyJX95D8l088DNFj7A== p-cancelable@^4.0.1: version "4.0.1" - resolved "https://registry.yarnpkg.com/p-cancelable/-/p-cancelable-4.0.1.tgz#2d1edf1ab8616b72c73db41c4bc9ecdd10af640e" + resolved "https://registry.npmjs.org/p-cancelable/-/p-cancelable-4.0.1.tgz" integrity sha512-wBowNApzd45EIKdO1LaU+LrMBwAcjfPaYtVzV3lmfM3gf8Z4CHZsiIqlM8TZZ8okYvh5A1cP6gTfCRQtwUpaUg== p-finally@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/p-finally/-/p-finally-1.0.0.tgz#3fbcfb15b899a44123b34b6dcc18b724336a2cae" + resolved "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz" integrity sha512-LICb2p9CB7FS+0eR1oqWnHhp0FljGLZCWBE9aix0Uye9W8LTQPwMTYVGWQWIw9RdQiDg4+epXQODwIYJtSJaow== p-limit@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-4.0.0.tgz#914af6544ed32bfa54670b061cafcbd04984b644" + resolved "https://registry.npmjs.org/p-limit/-/p-limit-4.0.0.tgz" integrity sha512-5b0R4txpzjPWVw/cXXUResoD4hb6U/x9BH08L7nw+GN1sezDzPdxeRvpc9c433fZhBan/wusjbCsqwqm4EIBIQ== dependencies: yocto-queue "^1.0.0" p-locate@^6.0.0: version "6.0.0" - resolved "https://registry.yarnpkg.com/p-locate/-/p-locate-6.0.0.tgz#3da9a49d4934b901089dca3302fa65dc5a05c04f" + resolved "https://registry.npmjs.org/p-locate/-/p-locate-6.0.0.tgz" integrity sha512-wPrq66Llhl7/4AGC6I+cqxT07LhXvWL08LNXz1fENOw0Ap4sRZZ/gZpTTJ5jpurzzzfS2W/Ge9BY3LgLjCShcw== dependencies: p-limit "^4.0.0" p-map@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/p-map/-/p-map-4.0.0.tgz#bb2f95a5eda2ec168ec9274e06a747c3e2904d2b" + resolved "https://registry.npmjs.org/p-map/-/p-map-4.0.0.tgz" integrity sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ== dependencies: aggregate-error "^3.0.0" p-queue@^6.6.2: version "6.6.2" - resolved "https://registry.yarnpkg.com/p-queue/-/p-queue-6.6.2.tgz#2068a9dcf8e67dd0ec3e7a2bcb76810faa85e426" + resolved "https://registry.npmjs.org/p-queue/-/p-queue-6.6.2.tgz" integrity sha512-RwFpb72c/BhQLEXIZ5K2e+AhgNVmIejGlTgiB9MzZ0e93GRvqZ7uSi0dvRF7/XIXDeNkra2fNHBxTyPDGySpjQ== dependencies: eventemitter3 "^4.0.4" @@ -6611,7 +6647,7 @@ p-queue@^6.6.2: p-retry@^6.2.0: version "6.2.1" - resolved "https://registry.yarnpkg.com/p-retry/-/p-retry-6.2.1.tgz#81828f8dc61c6ef5a800585491572cc9892703af" + resolved "https://registry.npmjs.org/p-retry/-/p-retry-6.2.1.tgz" integrity sha512-hEt02O4hUct5wtwg4H4KcWgDdm+l1bOaEy/hWzd8xtXB9BqxTWBBhb+2ImAtH4Cv4rPjV76xN3Zumqk3k3AhhQ== dependencies: "@types/retry" "0.12.2" @@ -6620,14 +6656,14 @@ p-retry@^6.2.0: p-timeout@^3.2.0: version "3.2.0" - resolved "https://registry.yarnpkg.com/p-timeout/-/p-timeout-3.2.0.tgz#c7e17abc971d2a7962ef83626b35d635acf23dfe" + resolved "https://registry.npmjs.org/p-timeout/-/p-timeout-3.2.0.tgz" integrity sha512-rhIwUycgwwKcP9yTOOFK/AKsAopjjCakVqLHePO3CC6Mir1Z99xT+R63jZxAT5lFZLa2inS5h+ZS2GvR99/FBg== dependencies: p-finally "^1.0.0" package-json@^8.1.0: version "8.1.1" - resolved "https://registry.yarnpkg.com/package-json/-/package-json-8.1.1.tgz#3e9948e43df40d1e8e78a85485f1070bf8f03dc8" + resolved "https://registry.npmjs.org/package-json/-/package-json-8.1.1.tgz" integrity sha512-cbH9IAIJHNj9uXi196JVsRlt7cHKak6u/e6AkL/bkRelZ7rlL3X1YKxsZwa36xipOEKAsdtmaG6aAJoM1fx2zA== dependencies: got "^12.1.0" @@ -6637,7 +6673,7 @@ package-json@^8.1.0: param-case@^3.0.4: version "3.0.4" - resolved "https://registry.yarnpkg.com/param-case/-/param-case-3.0.4.tgz#7d17fe4aa12bde34d4a77d91acfb6219caad01c5" + resolved "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz" integrity sha512-RXlj7zCYokReqWpOPH9oYivUzLYZ5vAPIfEmCTNViosC78F8F0H9y7T7gG2M39ymgutxF5gcFEsyZQSph9Bp3A== dependencies: dot-case "^3.0.4" @@ -6645,14 +6681,14 @@ param-case@^3.0.4: parent-module@^1.0.0: version "1.0.1" - resolved "https://registry.yarnpkg.com/parent-module/-/parent-module-1.0.1.tgz#691d2709e78c79fae3a156622452d00762caaaa2" + resolved "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz" integrity sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g== dependencies: callsites "^3.0.0" parse-entities@^4.0.0: version "4.0.2" - resolved "https://registry.yarnpkg.com/parse-entities/-/parse-entities-4.0.2.tgz#61d46f5ed28e4ee62e9ddc43d6b010188443f159" + resolved "https://registry.npmjs.org/parse-entities/-/parse-entities-4.0.2.tgz" integrity sha512-GG2AQYWoLgL877gQIKeRPGO1xF9+eG1ujIb5soS5gPvLQ1y2o8FL90w2QWNdf9I361Mpp7726c+lj3U0qK1uGw== dependencies: "@types/unist" "^2.0.0" @@ -6665,7 +6701,7 @@ parse-entities@^4.0.0: parse-json@^5.2.0: version "5.2.0" - resolved "https://registry.yarnpkg.com/parse-json/-/parse-json-5.2.0.tgz#c76fc66dee54231c962b22bcc8a72cf2f99753cd" + resolved "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz" integrity sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg== dependencies: "@babel/code-frame" "^7.0.0" @@ -6675,12 +6711,12 @@ parse-json@^5.2.0: parse-numeric-range@^1.3.0: version "1.3.0" - resolved "https://registry.yarnpkg.com/parse-numeric-range/-/parse-numeric-range-1.3.0.tgz#7c63b61190d61e4d53a1197f0c83c47bb670ffa3" + resolved "https://registry.npmjs.org/parse-numeric-range/-/parse-numeric-range-1.3.0.tgz" integrity sha512-twN+njEipszzlMJd4ONUYgSfZPDxgHhT9Ahed5uTigpQn90FggW4SA/AIPq/6a149fTbE9qBEcSwE3FAEp6wQQ== parse5-htmlparser2-tree-adapter@^7.0.0: version "7.1.0" - resolved "https://registry.yarnpkg.com/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-7.1.0.tgz#b5a806548ed893a43e24ccb42fbb78069311e81b" + resolved "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-7.1.0.tgz" integrity sha512-ruw5xyKs6lrpo9x9rCZqZZnIUntICjQAd0Wsmp396Ul9lN/h+ifgVV1x1gZHi8euej6wTfpqX8j+BFQxF0NS/g== dependencies: domhandler "^5.0.3" @@ -6688,19 +6724,19 @@ parse5-htmlparser2-tree-adapter@^7.0.0: parse5@^7.0.0: version "7.3.0" - resolved "https://registry.yarnpkg.com/parse5/-/parse5-7.3.0.tgz#d7e224fa72399c7a175099f45fc2ad024b05ec05" + resolved "https://registry.npmjs.org/parse5/-/parse5-7.3.0.tgz" integrity sha512-IInvU7fabl34qmi9gY8XOVxhYyMyuH2xUNpb2q8/Y+7552KlejkRvqvD19nMoUW/uQGGbqNpA6Tufu5FL5BZgw== dependencies: entities "^6.0.0" parseurl@~1.3.2, parseurl@~1.3.3: version "1.3.3" - resolved "https://registry.yarnpkg.com/parseurl/-/parseurl-1.3.3.tgz#9da19e7bee8d12dff0513ed5b76957793bc2e8d4" + resolved "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz" integrity sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ== pascal-case@^3.1.2: version "3.1.2" - resolved "https://registry.yarnpkg.com/pascal-case/-/pascal-case-3.1.2.tgz#b48e0ef2b98e205e7c1dae747d0b1508237660eb" + resolved "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz" integrity sha512-uWlGT3YSnK9x3BQJaOdcZwrnV6hPpd8jFH1/ucpiLRPh/2zCVJKS19E4GvYHvaCcACn3foXZ0cLB9Wrx1KGe5g== dependencies: no-case "^3.0.4" @@ -6708,73 +6744,73 @@ pascal-case@^3.1.2: path-exists@^5.0.0: version "5.0.0" - resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-5.0.0.tgz#a6aad9489200b21fab31e49cf09277e5116fb9e7" + resolved "https://registry.npmjs.org/path-exists/-/path-exists-5.0.0.tgz" integrity sha512-RjhtfwJOxzcFmNOi6ltcbcu4Iu+FL3zEj83dk4kAS+fVpTxXLO1b38RvJgT/0QwvV/L3aY9TAnyv0EOqW4GoMQ== path-is-inside@1.0.2: version "1.0.2" - resolved "https://registry.yarnpkg.com/path-is-inside/-/path-is-inside-1.0.2.tgz#365417dede44430d1c11af61027facf074bdfc53" + resolved "https://registry.npmjs.org/path-is-inside/-/path-is-inside-1.0.2.tgz" integrity sha512-DUWJr3+ULp4zXmol/SZkFf3JGsS9/SIv+Y3Rt93/UjPpDpklB5f1er4O3POIbUuUJ3FXgqte2Q7SrU6zAqwk8w== path-key@^3.0.0, path-key@^3.1.0: version "3.1.1" - resolved "https://registry.yarnpkg.com/path-key/-/path-key-3.1.1.tgz#581f6ade658cbba65a0d3380de7753295054f375" + resolved "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz" integrity sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q== path-parse@^1.0.7: version "1.0.7" - resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + resolved "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz" integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== +path-to-regexp@^1.7.0: + version "1.9.0" + resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.9.0.tgz" + integrity sha512-xIp7/apCFJuUHdDLWe8O1HIkb0kQrOMb/0u6FXQjemHn/ii5LrIzU6bdECnsiTF/GjZkMEKg1xdiZwNqDYlZ6g== + dependencies: + isarray "0.0.1" + path-to-regexp@0.1.12: version "0.1.12" - resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.12.tgz#d5e1a12e478a976d432ef3c58d534b9923164bb7" + resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz" integrity sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ== path-to-regexp@3.3.0: version "3.3.0" - resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-3.3.0.tgz#f7f31d32e8518c2660862b644414b6d5c63a611b" + resolved "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-3.3.0.tgz" integrity sha512-qyCH421YQPS2WFDxDjftfc1ZR5WKQzVzqsp4n9M2kQhVOo/ByahFoUNJfl58kOcEGfQ//7weFTDhm+ss8Ecxgw== -path-to-regexp@^1.7.0: - version "1.9.0" - resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-1.9.0.tgz#5dc0753acbf8521ca2e0f137b4578b917b10cf24" - integrity sha512-xIp7/apCFJuUHdDLWe8O1HIkb0kQrOMb/0u6FXQjemHn/ii5LrIzU6bdECnsiTF/GjZkMEKg1xdiZwNqDYlZ6g== - dependencies: - isarray "0.0.1" - path-type@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b" + resolved "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz" integrity sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw== picocolors@^1.0.0, picocolors@^1.1.1: version "1.1.1" - resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.1.tgz#3d321af3eab939b083c8f929a1d12cda81c26b6b" + resolved "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz" integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA== picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.2.3, picomatch@^2.3.1: version "2.3.1" - resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42" + resolved "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz" integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA== pkg-dir@^7.0.0: version "7.0.0" - resolved "https://registry.yarnpkg.com/pkg-dir/-/pkg-dir-7.0.0.tgz#8f0c08d6df4476756c5ff29b3282d0bab7517d11" + resolved "https://registry.npmjs.org/pkg-dir/-/pkg-dir-7.0.0.tgz" integrity sha512-Ie9z/WINcxxLp27BKOCHGde4ITq9UklYKDzVo1nhk5sqGEXU3FpkwP5GM2voTGJkGd9B3Otl+Q4uwSOeSUtOBA== dependencies: find-up "^6.3.0" postcss-attribute-case-insensitive@^7.0.1: version "7.0.1" - resolved "https://registry.yarnpkg.com/postcss-attribute-case-insensitive/-/postcss-attribute-case-insensitive-7.0.1.tgz#0c4500e3bcb2141848e89382c05b5a31c23033a3" + resolved "https://registry.npmjs.org/postcss-attribute-case-insensitive/-/postcss-attribute-case-insensitive-7.0.1.tgz" integrity sha512-Uai+SupNSqzlschRyNx3kbCTWgY/2hcwtHEI/ej2LJWc9JJ77qKgGptd8DHwY1mXtZ7Aoh4z4yxfwMBue9eNgw== dependencies: postcss-selector-parser "^7.0.0" postcss-calc@^9.0.1: version "9.0.1" - resolved "https://registry.yarnpkg.com/postcss-calc/-/postcss-calc-9.0.1.tgz#a744fd592438a93d6de0f1434c572670361eb6c6" + resolved "https://registry.npmjs.org/postcss-calc/-/postcss-calc-9.0.1.tgz" integrity sha512-TipgjGyzP5QzEhsOZUaIkeO5mKeMFpebWzRogWG/ysonUlnHcq5aJe0jOjpfzUU8PeSaBQnrE8ehR0QA5vs8PQ== dependencies: postcss-selector-parser "^6.0.11" @@ -6782,14 +6818,14 @@ postcss-calc@^9.0.1: postcss-clamp@^4.1.0: version "4.1.0" - resolved "https://registry.yarnpkg.com/postcss-clamp/-/postcss-clamp-4.1.0.tgz#7263e95abadd8c2ba1bd911b0b5a5c9c93e02363" + resolved "https://registry.npmjs.org/postcss-clamp/-/postcss-clamp-4.1.0.tgz" integrity sha512-ry4b1Llo/9zz+PKC+030KUnPITTJAHeOwjfAyyB60eT0AorGLdzp52s31OsPRHRf8NchkgFoG2y6fCfn1IV1Ow== dependencies: postcss-value-parser "^4.2.0" postcss-color-functional-notation@^7.0.12: version "7.0.12" - resolved "https://registry.yarnpkg.com/postcss-color-functional-notation/-/postcss-color-functional-notation-7.0.12.tgz#9a3df2296889e629fde18b873bb1f50a4ecf4b83" + resolved "https://registry.npmjs.org/postcss-color-functional-notation/-/postcss-color-functional-notation-7.0.12.tgz" integrity sha512-TLCW9fN5kvO/u38/uesdpbx3e8AkTYhMvDZYa9JpmImWuTE99bDQ7GU7hdOADIZsiI9/zuxfAJxny/khknp1Zw== dependencies: "@csstools/css-color-parser" "^3.1.0" @@ -6800,7 +6836,7 @@ postcss-color-functional-notation@^7.0.12: postcss-color-hex-alpha@^10.0.0: version "10.0.0" - resolved "https://registry.yarnpkg.com/postcss-color-hex-alpha/-/postcss-color-hex-alpha-10.0.0.tgz#5dd3eba1f8facb4ea306cba6e3f7712e876b0c76" + resolved "https://registry.npmjs.org/postcss-color-hex-alpha/-/postcss-color-hex-alpha-10.0.0.tgz" integrity sha512-1kervM2cnlgPs2a8Vt/Qbe5cQ++N7rkYo/2rz2BkqJZIHQwaVuJgQH38REHrAi4uM0b1fqxMkWYmese94iMp3w== dependencies: "@csstools/utilities" "^2.0.0" @@ -6808,7 +6844,7 @@ postcss-color-hex-alpha@^10.0.0: postcss-color-rebeccapurple@^10.0.0: version "10.0.0" - resolved "https://registry.yarnpkg.com/postcss-color-rebeccapurple/-/postcss-color-rebeccapurple-10.0.0.tgz#5ada28406ac47e0796dff4056b0a9d5a6ecead98" + resolved "https://registry.npmjs.org/postcss-color-rebeccapurple/-/postcss-color-rebeccapurple-10.0.0.tgz" integrity sha512-JFta737jSP+hdAIEhk1Vs0q0YF5P8fFcj+09pweS8ktuGuZ8pPlykHsk6mPxZ8awDl4TrcxUqJo9l1IhVr/OjQ== dependencies: "@csstools/utilities" "^2.0.0" @@ -6816,7 +6852,7 @@ postcss-color-rebeccapurple@^10.0.0: postcss-colormin@^6.1.0: version "6.1.0" - resolved "https://registry.yarnpkg.com/postcss-colormin/-/postcss-colormin-6.1.0.tgz#076e8d3fb291fbff7b10e6b063be9da42ff6488d" + resolved "https://registry.npmjs.org/postcss-colormin/-/postcss-colormin-6.1.0.tgz" integrity sha512-x9yX7DOxeMAR+BgGVnNSAxmAj98NX/YxEMNFP+SDCEeNLb2r3i6Hh1ksMsnW8Ub5SLCpbescQqn9YEbE9554Sw== dependencies: browserslist "^4.23.0" @@ -6826,7 +6862,7 @@ postcss-colormin@^6.1.0: postcss-convert-values@^6.1.0: version "6.1.0" - resolved "https://registry.yarnpkg.com/postcss-convert-values/-/postcss-convert-values-6.1.0.tgz#3498387f8efedb817cbc63901d45bd1ceaa40f48" + resolved "https://registry.npmjs.org/postcss-convert-values/-/postcss-convert-values-6.1.0.tgz" integrity sha512-zx8IwP/ts9WvUM6NkVSkiU902QZL1bwPhaVaLynPtCsOTqp+ZKbNi+s6XJg3rfqpKGA/oc7Oxk5t8pOQJcwl/w== dependencies: browserslist "^4.23.0" @@ -6834,7 +6870,7 @@ postcss-convert-values@^6.1.0: postcss-custom-media@^11.0.6: version "11.0.6" - resolved "https://registry.yarnpkg.com/postcss-custom-media/-/postcss-custom-media-11.0.6.tgz#6b450e5bfa209efb736830066682e6567bd04967" + resolved "https://registry.npmjs.org/postcss-custom-media/-/postcss-custom-media-11.0.6.tgz" integrity sha512-C4lD4b7mUIw+RZhtY7qUbf4eADmb7Ey8BFA2px9jUbwg7pjTZDl4KY4bvlUV+/vXQvzQRfiGEVJyAbtOsCMInw== dependencies: "@csstools/cascade-layer-name-parser" "^2.0.5" @@ -6844,7 +6880,7 @@ postcss-custom-media@^11.0.6: postcss-custom-properties@^14.0.6: version "14.0.6" - resolved "https://registry.yarnpkg.com/postcss-custom-properties/-/postcss-custom-properties-14.0.6.tgz#1af73a650bf115ba052cf915287c9982825fc90e" + resolved "https://registry.npmjs.org/postcss-custom-properties/-/postcss-custom-properties-14.0.6.tgz" integrity sha512-fTYSp3xuk4BUeVhxCSJdIPhDLpJfNakZKoiTDx7yRGCdlZrSJR7mWKVOBS4sBF+5poPQFMj2YdXx1VHItBGihQ== dependencies: "@csstools/cascade-layer-name-parser" "^2.0.5" @@ -6855,7 +6891,7 @@ postcss-custom-properties@^14.0.6: postcss-custom-selectors@^8.0.5: version "8.0.5" - resolved "https://registry.yarnpkg.com/postcss-custom-selectors/-/postcss-custom-selectors-8.0.5.tgz#9448ed37a12271d7ab6cb364b6f76a46a4a323e8" + resolved "https://registry.npmjs.org/postcss-custom-selectors/-/postcss-custom-selectors-8.0.5.tgz" integrity sha512-9PGmckHQswiB2usSO6XMSswO2yFWVoCAuih1yl9FVcwkscLjRKjwsjM3t+NIWpSU2Jx3eOiK2+t4vVTQaoCHHg== dependencies: "@csstools/cascade-layer-name-parser" "^2.0.5" @@ -6865,41 +6901,41 @@ postcss-custom-selectors@^8.0.5: postcss-dir-pseudo-class@^9.0.1: version "9.0.1" - resolved "https://registry.yarnpkg.com/postcss-dir-pseudo-class/-/postcss-dir-pseudo-class-9.0.1.tgz#80d9e842c9ae9d29f6bf5fd3cf9972891d6cc0ca" + resolved "https://registry.npmjs.org/postcss-dir-pseudo-class/-/postcss-dir-pseudo-class-9.0.1.tgz" integrity sha512-tRBEK0MHYvcMUrAuYMEOa0zg9APqirBcgzi6P21OhxtJyJADo/SWBwY1CAwEohQ/6HDaa9jCjLRG7K3PVQYHEA== dependencies: postcss-selector-parser "^7.0.0" postcss-discard-comments@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/postcss-discard-comments/-/postcss-discard-comments-6.0.2.tgz#e768dcfdc33e0216380623652b0a4f69f4678b6c" + resolved "https://registry.npmjs.org/postcss-discard-comments/-/postcss-discard-comments-6.0.2.tgz" integrity sha512-65w/uIqhSBBfQmYnG92FO1mWZjJ4GL5b8atm5Yw2UgrwD7HiNiSSNwJor1eCFGzUgYnN/iIknhNRVqjrrpuglw== postcss-discard-duplicates@^6.0.3: version "6.0.3" - resolved "https://registry.yarnpkg.com/postcss-discard-duplicates/-/postcss-discard-duplicates-6.0.3.tgz#d121e893c38dc58a67277f75bb58ba43fce4c3eb" + resolved "https://registry.npmjs.org/postcss-discard-duplicates/-/postcss-discard-duplicates-6.0.3.tgz" integrity sha512-+JA0DCvc5XvFAxwx6f/e68gQu/7Z9ud584VLmcgto28eB8FqSFZwtrLwB5Kcp70eIoWP/HXqz4wpo8rD8gpsTw== postcss-discard-empty@^6.0.3: version "6.0.3" - resolved "https://registry.yarnpkg.com/postcss-discard-empty/-/postcss-discard-empty-6.0.3.tgz#ee39c327219bb70473a066f772621f81435a79d9" + resolved "https://registry.npmjs.org/postcss-discard-empty/-/postcss-discard-empty-6.0.3.tgz" integrity sha512-znyno9cHKQsK6PtxL5D19Fj9uwSzC2mB74cpT66fhgOadEUPyXFkbgwm5tvc3bt3NAy8ltE5MrghxovZRVnOjQ== postcss-discard-overridden@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/postcss-discard-overridden/-/postcss-discard-overridden-6.0.2.tgz#4e9f9c62ecd2df46e8fdb44dc17e189776572e2d" + resolved "https://registry.npmjs.org/postcss-discard-overridden/-/postcss-discard-overridden-6.0.2.tgz" integrity sha512-j87xzI4LUggC5zND7KdjsI25APtyMuynXZSujByMaav2roV6OZX+8AaCUcZSWqckZpjAjRyFDdpqybgjFO0HJQ== postcss-discard-unused@^6.0.5: version "6.0.5" - resolved "https://registry.yarnpkg.com/postcss-discard-unused/-/postcss-discard-unused-6.0.5.tgz#c1b0e8c032c6054c3fbd22aaddba5b248136f338" + resolved "https://registry.npmjs.org/postcss-discard-unused/-/postcss-discard-unused-6.0.5.tgz" integrity sha512-wHalBlRHkaNnNwfC8z+ppX57VhvS+HWgjW508esjdaEYr3Mx7Gnn2xA4R/CKf5+Z9S5qsqC+Uzh4ueENWwCVUA== dependencies: postcss-selector-parser "^6.0.16" postcss-double-position-gradients@^6.0.4: version "6.0.4" - resolved "https://registry.yarnpkg.com/postcss-double-position-gradients/-/postcss-double-position-gradients-6.0.4.tgz#b482d08b5ced092b393eb297d07976ab482d4cad" + resolved "https://registry.npmjs.org/postcss-double-position-gradients/-/postcss-double-position-gradients-6.0.4.tgz" integrity sha512-m6IKmxo7FxSP5nF2l63QbCC3r+bWpFUWmZXZf096WxG0m7Vl1Q1+ruFOhpdDRmKrRS+S3Jtk+TVk/7z0+BVK6g== dependencies: "@csstools/postcss-progressive-custom-properties" "^4.2.1" @@ -6908,31 +6944,31 @@ postcss-double-position-gradients@^6.0.4: postcss-focus-visible@^10.0.1: version "10.0.1" - resolved "https://registry.yarnpkg.com/postcss-focus-visible/-/postcss-focus-visible-10.0.1.tgz#1f7904904368a2d1180b220595d77b6f8a957868" + resolved "https://registry.npmjs.org/postcss-focus-visible/-/postcss-focus-visible-10.0.1.tgz" integrity sha512-U58wyjS/I1GZgjRok33aE8juW9qQgQUNwTSdxQGuShHzwuYdcklnvK/+qOWX1Q9kr7ysbraQ6ht6r+udansalA== dependencies: postcss-selector-parser "^7.0.0" postcss-focus-within@^9.0.1: version "9.0.1" - resolved "https://registry.yarnpkg.com/postcss-focus-within/-/postcss-focus-within-9.0.1.tgz#ac01ce80d3f2e8b2b3eac4ff84f8e15cd0057bc7" + resolved "https://registry.npmjs.org/postcss-focus-within/-/postcss-focus-within-9.0.1.tgz" integrity sha512-fzNUyS1yOYa7mOjpci/bR+u+ESvdar6hk8XNK/TRR0fiGTp2QT5N+ducP0n3rfH/m9I7H/EQU6lsa2BrgxkEjw== dependencies: postcss-selector-parser "^7.0.0" postcss-font-variant@^5.0.0: version "5.0.0" - resolved "https://registry.yarnpkg.com/postcss-font-variant/-/postcss-font-variant-5.0.0.tgz#efd59b4b7ea8bb06127f2d031bfbb7f24d32fa66" + resolved "https://registry.npmjs.org/postcss-font-variant/-/postcss-font-variant-5.0.0.tgz" integrity sha512-1fmkBaCALD72CK2a9i468mA/+tr9/1cBxRRMXOUaZqO43oWPR5imcyPjXwuv7PXbCid4ndlP5zWhidQVVa3hmA== postcss-gap-properties@^6.0.0: version "6.0.0" - resolved "https://registry.yarnpkg.com/postcss-gap-properties/-/postcss-gap-properties-6.0.0.tgz#d5ff0bdf923c06686499ed2b12e125fe64054fed" + resolved "https://registry.npmjs.org/postcss-gap-properties/-/postcss-gap-properties-6.0.0.tgz" integrity sha512-Om0WPjEwiM9Ru+VhfEDPZJAKWUd0mV1HmNXqp2C29z80aQ2uP9UVhLc7e3aYMIor/S5cVhoPgYQ7RtfeZpYTRw== postcss-image-set-function@^7.0.0: version "7.0.0" - resolved "https://registry.yarnpkg.com/postcss-image-set-function/-/postcss-image-set-function-7.0.0.tgz#538e94e16716be47f9df0573b56bbaca86e1da53" + resolved "https://registry.npmjs.org/postcss-image-set-function/-/postcss-image-set-function-7.0.0.tgz" integrity sha512-QL7W7QNlZuzOwBTeXEmbVckNt1FSmhQtbMRvGGqqU4Nf4xk6KUEQhAoWuMzwbSv5jxiRiSZ5Tv7eiDB9U87znA== dependencies: "@csstools/utilities" "^2.0.0" @@ -6940,7 +6976,7 @@ postcss-image-set-function@^7.0.0: postcss-lab-function@^7.0.12: version "7.0.12" - resolved "https://registry.yarnpkg.com/postcss-lab-function/-/postcss-lab-function-7.0.12.tgz#eb555ac542607730eb0a87555074e4a5c6eef6e4" + resolved "https://registry.npmjs.org/postcss-lab-function/-/postcss-lab-function-7.0.12.tgz" integrity sha512-tUcyRk1ZTPec3OuKFsqtRzW2Go5lehW29XA21lZ65XmzQkz43VY2tyWEC202F7W3mILOjw0voOiuxRGTsN+J9w== dependencies: "@csstools/css-color-parser" "^3.1.0" @@ -6951,7 +6987,7 @@ postcss-lab-function@^7.0.12: postcss-loader@^7.3.4: version "7.3.4" - resolved "https://registry.yarnpkg.com/postcss-loader/-/postcss-loader-7.3.4.tgz#aed9b79ce4ed7e9e89e56199d25ad1ec8f606209" + resolved "https://registry.npmjs.org/postcss-loader/-/postcss-loader-7.3.4.tgz" integrity sha512-iW5WTTBSC5BfsBJ9daFMPVrLT36MrNiC6fqOZTTaHjBNX6Pfd5p+hSBqe/fEeNd7pc13QiAyGt7VdGMw4eRC4A== dependencies: cosmiconfig "^8.3.5" @@ -6960,14 +6996,14 @@ postcss-loader@^7.3.4: postcss-logical@^8.1.0: version "8.1.0" - resolved "https://registry.yarnpkg.com/postcss-logical/-/postcss-logical-8.1.0.tgz#4092b16b49e3ecda70c4d8945257da403d167228" + resolved "https://registry.npmjs.org/postcss-logical/-/postcss-logical-8.1.0.tgz" integrity sha512-pL1hXFQ2fEXNKiNiAgtfA005T9FBxky5zkX6s4GZM2D8RkVgRqz3f4g1JUoq925zXv495qk8UNldDwh8uGEDoA== dependencies: postcss-value-parser "^4.2.0" postcss-merge-idents@^6.0.3: version "6.0.3" - resolved "https://registry.yarnpkg.com/postcss-merge-idents/-/postcss-merge-idents-6.0.3.tgz#7b9c31c7bc823c94bec50f297f04e3c2b838ea65" + resolved "https://registry.npmjs.org/postcss-merge-idents/-/postcss-merge-idents-6.0.3.tgz" integrity sha512-1oIoAsODUs6IHQZkLQGO15uGEbK3EAl5wi9SS8hs45VgsxQfMnxvt+L+zIr7ifZFIH14cfAeVe2uCTa+SPRa3g== dependencies: cssnano-utils "^4.0.2" @@ -6975,7 +7011,7 @@ postcss-merge-idents@^6.0.3: postcss-merge-longhand@^6.0.5: version "6.0.5" - resolved "https://registry.yarnpkg.com/postcss-merge-longhand/-/postcss-merge-longhand-6.0.5.tgz#ba8a8d473617c34a36abbea8dda2b215750a065a" + resolved "https://registry.npmjs.org/postcss-merge-longhand/-/postcss-merge-longhand-6.0.5.tgz" integrity sha512-5LOiordeTfi64QhICp07nzzuTDjNSO8g5Ksdibt44d+uvIIAE1oZdRn8y/W5ZtYgRH/lnLDlvi9F8btZcVzu3w== dependencies: postcss-value-parser "^4.2.0" @@ -6983,7 +7019,7 @@ postcss-merge-longhand@^6.0.5: postcss-merge-rules@^6.1.1: version "6.1.1" - resolved "https://registry.yarnpkg.com/postcss-merge-rules/-/postcss-merge-rules-6.1.1.tgz#7aa539dceddab56019469c0edd7d22b64c3dea9d" + resolved "https://registry.npmjs.org/postcss-merge-rules/-/postcss-merge-rules-6.1.1.tgz" integrity sha512-KOdWF0gju31AQPZiD+2Ar9Qjowz1LTChSjFFbS+e2sFgc4uHOp3ZvVX4sNeTlk0w2O31ecFGgrFzhO0RSWbWwQ== dependencies: browserslist "^4.23.0" @@ -6993,14 +7029,14 @@ postcss-merge-rules@^6.1.1: postcss-minify-font-values@^6.1.0: version "6.1.0" - resolved "https://registry.yarnpkg.com/postcss-minify-font-values/-/postcss-minify-font-values-6.1.0.tgz#a0e574c02ee3f299be2846369211f3b957ea4c59" + resolved "https://registry.npmjs.org/postcss-minify-font-values/-/postcss-minify-font-values-6.1.0.tgz" integrity sha512-gklfI/n+9rTh8nYaSJXlCo3nOKqMNkxuGpTn/Qm0gstL3ywTr9/WRKznE+oy6fvfolH6dF+QM4nCo8yPLdvGJg== dependencies: postcss-value-parser "^4.2.0" postcss-minify-gradients@^6.0.3: version "6.0.3" - resolved "https://registry.yarnpkg.com/postcss-minify-gradients/-/postcss-minify-gradients-6.0.3.tgz#ca3eb55a7bdb48a1e187a55c6377be918743dbd6" + resolved "https://registry.npmjs.org/postcss-minify-gradients/-/postcss-minify-gradients-6.0.3.tgz" integrity sha512-4KXAHrYlzF0Rr7uc4VrfwDJ2ajrtNEpNEuLxFgwkhFZ56/7gaE4Nr49nLsQDZyUe+ds+kEhf+YAUolJiYXF8+Q== dependencies: colord "^2.9.3" @@ -7009,7 +7045,7 @@ postcss-minify-gradients@^6.0.3: postcss-minify-params@^6.1.0: version "6.1.0" - resolved "https://registry.yarnpkg.com/postcss-minify-params/-/postcss-minify-params-6.1.0.tgz#54551dec77b9a45a29c3cb5953bf7325a399ba08" + resolved "https://registry.npmjs.org/postcss-minify-params/-/postcss-minify-params-6.1.0.tgz" integrity sha512-bmSKnDtyyE8ujHQK0RQJDIKhQ20Jq1LYiez54WiaOoBtcSuflfK3Nm596LvbtlFcpipMjgClQGyGr7GAs+H1uA== dependencies: browserslist "^4.23.0" @@ -7018,19 +7054,19 @@ postcss-minify-params@^6.1.0: postcss-minify-selectors@^6.0.4: version "6.0.4" - resolved "https://registry.yarnpkg.com/postcss-minify-selectors/-/postcss-minify-selectors-6.0.4.tgz#197f7d72e6dd19eed47916d575d69dc38b396aff" + resolved "https://registry.npmjs.org/postcss-minify-selectors/-/postcss-minify-selectors-6.0.4.tgz" integrity sha512-L8dZSwNLgK7pjTto9PzWRoMbnLq5vsZSTu8+j1P/2GB8qdtGQfn+K1uSvFgYvgh83cbyxT5m43ZZhUMTJDSClQ== dependencies: postcss-selector-parser "^6.0.16" postcss-modules-extract-imports@^3.1.0: version "3.1.0" - resolved "https://registry.yarnpkg.com/postcss-modules-extract-imports/-/postcss-modules-extract-imports-3.1.0.tgz#b4497cb85a9c0c4b5aabeb759bb25e8d89f15002" + resolved "https://registry.npmjs.org/postcss-modules-extract-imports/-/postcss-modules-extract-imports-3.1.0.tgz" integrity sha512-k3kNe0aNFQDAZGbin48pL2VNidTF0w4/eASDsxlyspobzU3wZQLOGj7L9gfRe0Jo9/4uud09DsjFNH7winGv8Q== postcss-modules-local-by-default@^4.0.5: version "4.2.0" - resolved "https://registry.yarnpkg.com/postcss-modules-local-by-default/-/postcss-modules-local-by-default-4.2.0.tgz#d150f43837831dae25e4085596e84f6f5d6ec368" + resolved "https://registry.npmjs.org/postcss-modules-local-by-default/-/postcss-modules-local-by-default-4.2.0.tgz" integrity sha512-5kcJm/zk+GJDSfw+V/42fJ5fhjL5YbFDl8nVdXkJPLLW+Vf9mTD5Xe0wqIaDnLuL2U6cDNpTr+UQ+v2HWIBhzw== dependencies: icss-utils "^5.0.0" @@ -7039,21 +7075,21 @@ postcss-modules-local-by-default@^4.0.5: postcss-modules-scope@^3.2.0: version "3.2.1" - resolved "https://registry.yarnpkg.com/postcss-modules-scope/-/postcss-modules-scope-3.2.1.tgz#1bbccddcb398f1d7a511e0a2d1d047718af4078c" + resolved "https://registry.npmjs.org/postcss-modules-scope/-/postcss-modules-scope-3.2.1.tgz" integrity sha512-m9jZstCVaqGjTAuny8MdgE88scJnCiQSlSrOWcTQgM2t32UBe+MUmFSO5t7VMSfAf/FJKImAxBav8ooCHJXCJA== dependencies: postcss-selector-parser "^7.0.0" postcss-modules-values@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/postcss-modules-values/-/postcss-modules-values-4.0.0.tgz#d7c5e7e68c3bb3c9b27cbf48ca0bb3ffb4602c9c" + resolved "https://registry.npmjs.org/postcss-modules-values/-/postcss-modules-values-4.0.0.tgz" integrity sha512-RDxHkAiEGI78gS2ofyvCsu7iycRv7oqw5xMWn9iMoR0N/7mf9D50ecQqUo5BZ9Zh2vH4bCUR/ktCqbB9m8vJjQ== dependencies: icss-utils "^5.0.0" postcss-nesting@^13.0.2: version "13.0.2" - resolved "https://registry.yarnpkg.com/postcss-nesting/-/postcss-nesting-13.0.2.tgz#fde0d4df772b76d03b52eccc84372e8d1ca1402e" + resolved "https://registry.npmjs.org/postcss-nesting/-/postcss-nesting-13.0.2.tgz" integrity sha512-1YCI290TX+VP0U/K/aFxzHzQWHWURL+CtHMSbex1lCdpXD1SoR2sYuxDu5aNI9lPoXpKTCggFZiDJbwylU0LEQ== dependencies: "@csstools/selector-resolve-nested" "^3.1.0" @@ -7062,47 +7098,47 @@ postcss-nesting@^13.0.2: postcss-normalize-charset@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/postcss-normalize-charset/-/postcss-normalize-charset-6.0.2.tgz#1ec25c435057a8001dac942942a95ffe66f721e1" + resolved "https://registry.npmjs.org/postcss-normalize-charset/-/postcss-normalize-charset-6.0.2.tgz" integrity sha512-a8N9czmdnrjPHa3DeFlwqst5eaL5W8jYu3EBbTTkI5FHkfMhFZh1EGbku6jhHhIzTA6tquI2P42NtZ59M/H/kQ== postcss-normalize-display-values@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/postcss-normalize-display-values/-/postcss-normalize-display-values-6.0.2.tgz#54f02764fed0b288d5363cbb140d6950dbbdd535" + resolved "https://registry.npmjs.org/postcss-normalize-display-values/-/postcss-normalize-display-values-6.0.2.tgz" integrity sha512-8H04Mxsb82ON/aAkPeq8kcBbAtI5Q2a64X/mnRRfPXBq7XeogoQvReqxEfc0B4WPq1KimjezNC8flUtC3Qz6jg== dependencies: postcss-value-parser "^4.2.0" postcss-normalize-positions@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/postcss-normalize-positions/-/postcss-normalize-positions-6.0.2.tgz#e982d284ec878b9b819796266f640852dbbb723a" + resolved "https://registry.npmjs.org/postcss-normalize-positions/-/postcss-normalize-positions-6.0.2.tgz" integrity sha512-/JFzI441OAB9O7VnLA+RtSNZvQ0NCFZDOtp6QPFo1iIyawyXg0YI3CYM9HBy1WvwCRHnPep/BvI1+dGPKoXx/Q== dependencies: postcss-value-parser "^4.2.0" postcss-normalize-repeat-style@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/postcss-normalize-repeat-style/-/postcss-normalize-repeat-style-6.0.2.tgz#f8006942fd0617c73f049dd8b6201c3a3040ecf3" + resolved "https://registry.npmjs.org/postcss-normalize-repeat-style/-/postcss-normalize-repeat-style-6.0.2.tgz" integrity sha512-YdCgsfHkJ2jEXwR4RR3Tm/iOxSfdRt7jplS6XRh9Js9PyCR/aka/FCb6TuHT2U8gQubbm/mPmF6L7FY9d79VwQ== dependencies: postcss-value-parser "^4.2.0" postcss-normalize-string@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/postcss-normalize-string/-/postcss-normalize-string-6.0.2.tgz#e3cc6ad5c95581acd1fc8774b309dd7c06e5e363" + resolved "https://registry.npmjs.org/postcss-normalize-string/-/postcss-normalize-string-6.0.2.tgz" integrity sha512-vQZIivlxlfqqMp4L9PZsFE4YUkWniziKjQWUtsxUiVsSSPelQydwS8Wwcuw0+83ZjPWNTl02oxlIvXsmmG+CiQ== dependencies: postcss-value-parser "^4.2.0" postcss-normalize-timing-functions@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/postcss-normalize-timing-functions/-/postcss-normalize-timing-functions-6.0.2.tgz#40cb8726cef999de984527cbd9d1db1f3e9062c0" + resolved "https://registry.npmjs.org/postcss-normalize-timing-functions/-/postcss-normalize-timing-functions-6.0.2.tgz" integrity sha512-a+YrtMox4TBtId/AEwbA03VcJgtyW4dGBizPl7e88cTFULYsprgHWTbfyjSLyHeBcK/Q9JhXkt2ZXiwaVHoMzA== dependencies: postcss-value-parser "^4.2.0" postcss-normalize-unicode@^6.1.0: version "6.1.0" - resolved "https://registry.yarnpkg.com/postcss-normalize-unicode/-/postcss-normalize-unicode-6.1.0.tgz#aaf8bbd34c306e230777e80f7f12a4b7d27ce06e" + resolved "https://registry.npmjs.org/postcss-normalize-unicode/-/postcss-normalize-unicode-6.1.0.tgz" integrity sha512-QVC5TQHsVj33otj8/JD869Ndr5Xcc/+fwRh4HAsFsAeygQQXm+0PySrKbr/8tkDKzW+EVT3QkqZMfFrGiossDg== dependencies: browserslist "^4.23.0" @@ -7110,26 +7146,26 @@ postcss-normalize-unicode@^6.1.0: postcss-normalize-url@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/postcss-normalize-url/-/postcss-normalize-url-6.0.2.tgz#292792386be51a8de9a454cb7b5c58ae22db0f79" + resolved "https://registry.npmjs.org/postcss-normalize-url/-/postcss-normalize-url-6.0.2.tgz" integrity sha512-kVNcWhCeKAzZ8B4pv/DnrU1wNh458zBNp8dh4y5hhxih5RZQ12QWMuQrDgPRw3LRl8mN9vOVfHl7uhvHYMoXsQ== dependencies: postcss-value-parser "^4.2.0" postcss-normalize-whitespace@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/postcss-normalize-whitespace/-/postcss-normalize-whitespace-6.0.2.tgz#fbb009e6ebd312f8b2efb225c2fcc7cf32b400cd" + resolved "https://registry.npmjs.org/postcss-normalize-whitespace/-/postcss-normalize-whitespace-6.0.2.tgz" integrity sha512-sXZ2Nj1icbJOKmdjXVT9pnyHQKiSAyuNQHSgRCUgThn2388Y9cGVDR+E9J9iAYbSbLHI+UUwLVl1Wzco/zgv0Q== dependencies: postcss-value-parser "^4.2.0" postcss-opacity-percentage@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/postcss-opacity-percentage/-/postcss-opacity-percentage-3.0.0.tgz#0b0db5ed5db5670e067044b8030b89c216e1eb0a" + resolved "https://registry.npmjs.org/postcss-opacity-percentage/-/postcss-opacity-percentage-3.0.0.tgz" integrity sha512-K6HGVzyxUxd/VgZdX04DCtdwWJ4NGLG212US4/LA1TLAbHgmAsTWVR86o+gGIbFtnTkfOpb9sCRBx8K7HO66qQ== postcss-ordered-values@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/postcss-ordered-values/-/postcss-ordered-values-6.0.2.tgz#366bb663919707093451ab70c3f99c05672aaae5" + resolved "https://registry.npmjs.org/postcss-ordered-values/-/postcss-ordered-values-6.0.2.tgz" integrity sha512-VRZSOB+JU32RsEAQrO94QPkClGPKJEL/Z9PCBImXMhIeK5KAYo6slP/hBYlLgrCjFxyqvn5VC81tycFEDBLG1Q== dependencies: cssnano-utils "^4.0.2" @@ -7137,26 +7173,26 @@ postcss-ordered-values@^6.0.2: postcss-overflow-shorthand@^6.0.0: version "6.0.0" - resolved "https://registry.yarnpkg.com/postcss-overflow-shorthand/-/postcss-overflow-shorthand-6.0.0.tgz#f5252b4a2ee16c68cd8a9029edb5370c4a9808af" + resolved "https://registry.npmjs.org/postcss-overflow-shorthand/-/postcss-overflow-shorthand-6.0.0.tgz" integrity sha512-BdDl/AbVkDjoTofzDQnwDdm/Ym6oS9KgmO7Gr+LHYjNWJ6ExORe4+3pcLQsLA9gIROMkiGVjjwZNoL/mpXHd5Q== dependencies: postcss-value-parser "^4.2.0" postcss-page-break@^3.0.4: version "3.0.4" - resolved "https://registry.yarnpkg.com/postcss-page-break/-/postcss-page-break-3.0.4.tgz#7fbf741c233621622b68d435babfb70dd8c1ee5f" + resolved "https://registry.npmjs.org/postcss-page-break/-/postcss-page-break-3.0.4.tgz" integrity sha512-1JGu8oCjVXLa9q9rFTo4MbeeA5FMe00/9C7lN4va606Rdb+HkxXtXsmEDrIraQ11fGz/WvKWa8gMuCKkrXpTsQ== postcss-place@^10.0.0: version "10.0.0" - resolved "https://registry.yarnpkg.com/postcss-place/-/postcss-place-10.0.0.tgz#ba36ee4786ca401377ced17a39d9050ed772e5a9" + resolved "https://registry.npmjs.org/postcss-place/-/postcss-place-10.0.0.tgz" integrity sha512-5EBrMzat2pPAxQNWYavwAfoKfYcTADJ8AXGVPcUZ2UkNloUTWzJQExgrzrDkh3EKzmAx1evfTAzF9I8NGcc+qw== dependencies: postcss-value-parser "^4.2.0" postcss-preset-env@^10.2.1: version "10.4.0" - resolved "https://registry.yarnpkg.com/postcss-preset-env/-/postcss-preset-env-10.4.0.tgz#fa6167a307f337b2bcdd1d125604ff97cdeb5142" + resolved "https://registry.npmjs.org/postcss-preset-env/-/postcss-preset-env-10.4.0.tgz" integrity sha512-2kqpOthQ6JhxqQq1FSAAZGe9COQv75Aw8WbsOvQVNJ2nSevc9Yx/IKZGuZ7XJ+iOTtVon7LfO7ELRzg8AZ+sdw== dependencies: "@csstools/postcss-alpha-function" "^1.0.1" @@ -7229,21 +7265,21 @@ postcss-preset-env@^10.2.1: postcss-pseudo-class-any-link@^10.0.1: version "10.0.1" - resolved "https://registry.yarnpkg.com/postcss-pseudo-class-any-link/-/postcss-pseudo-class-any-link-10.0.1.tgz#06455431171bf44b84d79ebaeee9fd1c05946544" + resolved "https://registry.npmjs.org/postcss-pseudo-class-any-link/-/postcss-pseudo-class-any-link-10.0.1.tgz" integrity sha512-3el9rXlBOqTFaMFkWDOkHUTQekFIYnaQY55Rsp8As8QQkpiSgIYEcF/6Ond93oHiDsGb4kad8zjt+NPlOC1H0Q== dependencies: postcss-selector-parser "^7.0.0" postcss-reduce-idents@^6.0.3: version "6.0.3" - resolved "https://registry.yarnpkg.com/postcss-reduce-idents/-/postcss-reduce-idents-6.0.3.tgz#b0d9c84316d2a547714ebab523ec7d13704cd486" + resolved "https://registry.npmjs.org/postcss-reduce-idents/-/postcss-reduce-idents-6.0.3.tgz" integrity sha512-G3yCqZDpsNPoQgbDUy3T0E6hqOQ5xigUtBQyrmq3tn2GxlyiL0yyl7H+T8ulQR6kOcHJ9t7/9H4/R2tv8tJbMA== dependencies: postcss-value-parser "^4.2.0" postcss-reduce-initial@^6.1.0: version "6.1.0" - resolved "https://registry.yarnpkg.com/postcss-reduce-initial/-/postcss-reduce-initial-6.1.0.tgz#4401297d8e35cb6e92c8e9586963e267105586ba" + resolved "https://registry.npmjs.org/postcss-reduce-initial/-/postcss-reduce-initial-6.1.0.tgz" integrity sha512-RarLgBK/CrL1qZags04oKbVbrrVK2wcxhvta3GCxrZO4zveibqbRPmm2VI8sSgCXwoUHEliRSbOfpR0b/VIoiw== dependencies: browserslist "^4.23.0" @@ -7251,26 +7287,26 @@ postcss-reduce-initial@^6.1.0: postcss-reduce-transforms@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/postcss-reduce-transforms/-/postcss-reduce-transforms-6.0.2.tgz#6fa2c586bdc091a7373caeee4be75a0f3e12965d" + resolved "https://registry.npmjs.org/postcss-reduce-transforms/-/postcss-reduce-transforms-6.0.2.tgz" integrity sha512-sB+Ya++3Xj1WaT9+5LOOdirAxP7dJZms3GRcYheSPi1PiTMigsxHAdkrbItHxwYHr4kt1zL7mmcHstgMYT+aiA== dependencies: postcss-value-parser "^4.2.0" postcss-replace-overflow-wrap@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/postcss-replace-overflow-wrap/-/postcss-replace-overflow-wrap-4.0.0.tgz#d2df6bed10b477bf9c52fab28c568b4b29ca4319" + resolved "https://registry.npmjs.org/postcss-replace-overflow-wrap/-/postcss-replace-overflow-wrap-4.0.0.tgz" integrity sha512-KmF7SBPphT4gPPcKZc7aDkweHiKEEO8cla/GjcBK+ckKxiZslIu3C4GCRW3DNfL0o7yW7kMQu9xlZ1kXRXLXtw== postcss-selector-not@^8.0.1: version "8.0.1" - resolved "https://registry.yarnpkg.com/postcss-selector-not/-/postcss-selector-not-8.0.1.tgz#f2df9c6ac9f95e9fe4416ca41a957eda16130172" + resolved "https://registry.npmjs.org/postcss-selector-not/-/postcss-selector-not-8.0.1.tgz" integrity sha512-kmVy/5PYVb2UOhy0+LqUYAhKj7DUGDpSWa5LZqlkWJaaAV+dxxsOG3+St0yNLu6vsKD7Dmqx+nWQt0iil89+WA== dependencies: postcss-selector-parser "^7.0.0" postcss-selector-parser@^6.0.11, postcss-selector-parser@^6.0.16: version "6.1.2" - resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz#27ecb41fb0e3b6ba7a1ec84fff347f734c7929de" + resolved "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz" integrity sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg== dependencies: cssesc "^3.0.0" @@ -7278,7 +7314,7 @@ postcss-selector-parser@^6.0.11, postcss-selector-parser@^6.0.16: postcss-selector-parser@^7.0.0: version "7.1.0" - resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz#4d6af97eba65d73bc4d84bcb343e865d7dd16262" + resolved "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz" integrity sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA== dependencies: cssesc "^3.0.0" @@ -7286,14 +7322,14 @@ postcss-selector-parser@^7.0.0: postcss-sort-media-queries@^5.2.0: version "5.2.0" - resolved "https://registry.yarnpkg.com/postcss-sort-media-queries/-/postcss-sort-media-queries-5.2.0.tgz#4556b3f982ef27d3bac526b99b6c0d3359a6cf97" + resolved "https://registry.npmjs.org/postcss-sort-media-queries/-/postcss-sort-media-queries-5.2.0.tgz" integrity sha512-AZ5fDMLD8SldlAYlvi8NIqo0+Z8xnXU2ia0jxmuhxAU+Lqt9K+AlmLNJ/zWEnE9x+Zx3qL3+1K20ATgNOr3fAA== dependencies: sort-css-media-queries "2.2.0" postcss-svgo@^6.0.3: version "6.0.3" - resolved "https://registry.yarnpkg.com/postcss-svgo/-/postcss-svgo-6.0.3.tgz#1d6e180d6df1fa8a3b30b729aaa9161e94f04eaa" + resolved "https://registry.npmjs.org/postcss-svgo/-/postcss-svgo-6.0.3.tgz" integrity sha512-dlrahRmxP22bX6iKEjOM+c8/1p+81asjKT+V5lrgOH944ryx/OHpclnIbGsKVd3uWOXFLYJwCVf0eEkJGvO96g== dependencies: postcss-value-parser "^4.2.0" @@ -7301,24 +7337,24 @@ postcss-svgo@^6.0.3: postcss-unique-selectors@^6.0.4: version "6.0.4" - resolved "https://registry.yarnpkg.com/postcss-unique-selectors/-/postcss-unique-selectors-6.0.4.tgz#983ab308896b4bf3f2baaf2336e14e52c11a2088" + resolved "https://registry.npmjs.org/postcss-unique-selectors/-/postcss-unique-selectors-6.0.4.tgz" integrity sha512-K38OCaIrO8+PzpArzkLKB42dSARtC2tmG6PvD4b1o1Q2E9Os8jzfWFfSy/rixsHwohtsDdFtAWGjFVFUdwYaMg== dependencies: postcss-selector-parser "^6.0.16" postcss-value-parser@^4.1.0, postcss-value-parser@^4.2.0: version "4.2.0" - resolved "https://registry.yarnpkg.com/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz#723c09920836ba6d3e5af019f92bc0971c02e514" + resolved "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz" integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ== postcss-zindex@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/postcss-zindex/-/postcss-zindex-6.0.2.tgz#e498304b83a8b165755f53db40e2ea65a99b56e1" + resolved "https://registry.npmjs.org/postcss-zindex/-/postcss-zindex-6.0.2.tgz" integrity sha512-5BxW9l1evPB/4ZIc+2GobEBoKC+h8gPGCMi+jxsYvd2x0mjq7wazk6DrP71pStqxE9Foxh5TVnonbWpFZzXaYg== -postcss@^8.4.21, postcss@^8.4.24, postcss@^8.4.33, postcss@^8.5.4: +"postcss@^7.0.0 || ^8.0.1", postcss@^8, postcss@^8.0.3, postcss@^8.0.9, postcss@^8.1.0, postcss@^8.2.2, postcss@^8.4, postcss@^8.4.21, postcss@^8.4.23, postcss@^8.4.24, postcss@^8.4.31, postcss@^8.4.33, postcss@^8.4.6, postcss@^8.5.4: version "8.5.6" - resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.5.6.tgz#2825006615a619b4f62a9e7426cc120b349a8f3c" + resolved "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz" integrity sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg== dependencies: nanoid "^3.3.11" @@ -7327,12 +7363,12 @@ postcss@^8.4.21, postcss@^8.4.24, postcss@^8.4.33, postcss@^8.5.4: prettier@^3.2.5: version "3.8.1" - resolved "https://registry.yarnpkg.com/prettier/-/prettier-3.8.1.tgz#edf48977cf991558f4fcbd8a3ba6015ba2a3a173" + resolved "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz" integrity sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg== pretty-error@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/pretty-error/-/pretty-error-4.0.0.tgz#90a703f46dd7234adb46d0f84823e9d1cb8f10d6" + resolved "https://registry.npmjs.org/pretty-error/-/pretty-error-4.0.0.tgz" integrity sha512-AoJ5YMAcXKYxKhuJGdcvse+Voc6v1RgnsR3nWcYU7q4t6z0Q6T86sv5Zq8VIRbOWWFpvdGE83LtdSMNd+6Y0xw== dependencies: lodash "^4.17.20" @@ -7340,12 +7376,12 @@ pretty-error@^4.0.0: pretty-time@^1.1.0: version "1.1.0" - resolved "https://registry.yarnpkg.com/pretty-time/-/pretty-time-1.1.0.tgz#ffb7429afabb8535c346a34e41873adf3d74dd0e" + resolved "https://registry.npmjs.org/pretty-time/-/pretty-time-1.1.0.tgz" integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA== prism-react-renderer@^2.3.0, prism-react-renderer@^2.3.1: version "2.4.1" - resolved "https://registry.yarnpkg.com/prism-react-renderer/-/prism-react-renderer-2.4.1.tgz#ac63b7f78e56c8f2b5e76e823a976d5ede77e35f" + resolved "https://registry.npmjs.org/prism-react-renderer/-/prism-react-renderer-2.4.1.tgz" integrity sha512-ey8Ls/+Di31eqzUxC46h8MksNuGx/n0AAC8uKpwFau4RPDYLuE3EXTp8N8G2vX2N7UC/+IXeNUnlWBGGcAG+Ig== dependencies: "@types/prismjs" "^1.26.0" @@ -7353,17 +7389,17 @@ prism-react-renderer@^2.3.0, prism-react-renderer@^2.3.1: prismjs@^1.29.0: version "1.30.0" - resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.30.0.tgz#d9709969d9d4e16403f6f348c63553b19f0975a9" + resolved "https://registry.npmjs.org/prismjs/-/prismjs-1.30.0.tgz" integrity sha512-DEvV2ZF2r2/63V+tK8hQvrR2ZGn10srHbXviTlcv7Kpzw8jWiNTqbVgjO3IY8RxrrOUF8VPMQQFysYYYv0YZxw== process-nextick-args@~2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-2.0.1.tgz#7820d9b16120cc55ca9ae7792680ae7dba6d7fe2" + resolved "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz" integrity sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag== prompts@^2.4.2: version "2.4.2" - resolved "https://registry.yarnpkg.com/prompts/-/prompts-2.4.2.tgz#7b57e73b3a48029ad10ebd44f74b01722a4cb069" + resolved "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz" integrity sha512-NxNv/kLguCA7p3jE8oL2aEBsrJWgAakBpgmgK6lpPWV+WuOmY6r2/zbAVnP+T8bQlA0nzHXSJSJW0Hq7ylaD2Q== dependencies: kleur "^3.0.3" @@ -7371,7 +7407,7 @@ prompts@^2.4.2: prop-types@^15.6.2, prop-types@^15.7.2: version "15.8.1" - resolved "https://registry.yarnpkg.com/prop-types/-/prop-types-15.8.1.tgz#67d87bf1a694f48435cf332c24af10214a3140b5" + resolved "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz" integrity sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg== dependencies: loose-envify "^1.4.0" @@ -7380,22 +7416,22 @@ prop-types@^15.6.2, prop-types@^15.7.2: property-information@^6.0.0: version "6.5.0" - resolved "https://registry.yarnpkg.com/property-information/-/property-information-6.5.0.tgz#6212fbb52ba757e92ef4fb9d657563b933b7ffec" + resolved "https://registry.npmjs.org/property-information/-/property-information-6.5.0.tgz" integrity sha512-PgTgs/BlvHxOu8QuEN7wi5A0OmXaBcHpmCSTehcs6Uuu9IkDIEo13Hy7n898RHfrQ49vKCoGeWZSaAK01nwVig== property-information@^7.0.0: version "7.1.0" - resolved "https://registry.yarnpkg.com/property-information/-/property-information-7.1.0.tgz#b622e8646e02b580205415586b40804d3e8bfd5d" + resolved "https://registry.npmjs.org/property-information/-/property-information-7.1.0.tgz" integrity sha512-TwEZ+X+yCJmYfL7TPUOcvBZ4QfoT5YenQiJuX//0th53DE6w0xxLEtfK3iyryQFddXuvkIk51EEgrJQ0WJkOmQ== proto-list@~1.2.1: version "1.2.4" - resolved "https://registry.yarnpkg.com/proto-list/-/proto-list-1.2.4.tgz#212d5bfe1318306a420f6402b8e26ff39647a849" + resolved "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz" integrity sha512-vtK/94akxsTMhe0/cbfpR+syPuszcuwhqVjJq26CuNDgFGj682oRBXOP5MJpv2r7JtE8MsiepGIqvvOTBwn2vA== proxy-addr@~2.0.7: version "2.0.7" - resolved "https://registry.yarnpkg.com/proxy-addr/-/proxy-addr-2.0.7.tgz#f19fe69ceab311eeb94b42e70e8c2070f9ba1025" + resolved "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz" integrity sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg== dependencies: forwarded "0.2.0" @@ -7403,53 +7439,58 @@ proxy-addr@~2.0.7: punycode@^2.1.0: version "2.3.1" - resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.1.tgz#027422e2faec0b25e1549c3e1bd8309b9133b6e5" + resolved "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz" integrity sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg== pupa@^3.1.0: version "3.3.0" - resolved "https://registry.yarnpkg.com/pupa/-/pupa-3.3.0.tgz#bc4036f9e8920c08ad472bc18fb600067cb83810" + resolved "https://registry.npmjs.org/pupa/-/pupa-3.3.0.tgz" integrity sha512-LjgDO2zPtoXP2wJpDjZrGdojii1uqO0cnwKoIoUzkfS98HDmbeiGmYiXo3lXeFlq2xvne1QFQhwYXSUCLKtEuA== dependencies: escape-goat "^4.0.0" qs@6.13.0: version "6.13.0" - resolved "https://registry.yarnpkg.com/qs/-/qs-6.13.0.tgz#6ca3bd58439f7e245655798997787b0d88a51906" + resolved "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz" integrity sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg== dependencies: side-channel "^1.0.6" queue-microtask@^1.2.2: version "1.2.3" - resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243" + resolved "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz" integrity sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A== quick-lru@^5.1.1: version "5.1.1" - resolved "https://registry.yarnpkg.com/quick-lru/-/quick-lru-5.1.1.tgz#366493e6b3e42a3a6885e2e99d18f80fb7a8c932" + resolved "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz" integrity sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA== randombytes@^2.1.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/randombytes/-/randombytes-2.1.0.tgz#df6f84372f0270dc65cdf6291349ab7a473d4f2a" + resolved "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz" integrity sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ== dependencies: safe-buffer "^5.1.0" -range-parser@1.2.0: - version "1.2.0" - resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.0.tgz#f49be6b487894ddc40dcc94a322f611092e00d5e" - integrity sha512-kA5WQoNVo4t9lNx2kQNFCxKeBl5IbbSNBl1M/tLkw9WCn+hxNBAW5Qh8gdhs63CJnhjJ2zQWFoqPJP2sK1AV5A== +range-parser@^1.2.1: + version "1.2.1" + resolved "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz" + integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg== -range-parser@^1.2.1, range-parser@~1.2.1: +range-parser@~1.2.1: version "1.2.1" - resolved "https://registry.yarnpkg.com/range-parser/-/range-parser-1.2.1.tgz#3cf37023d199e1c24d1a55b84800c2f3e6468031" + resolved "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz" integrity sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg== +range-parser@1.2.0: + version "1.2.0" + resolved "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz" + integrity sha512-kA5WQoNVo4t9lNx2kQNFCxKeBl5IbbSNBl1M/tLkw9WCn+hxNBAW5Qh8gdhs63CJnhjJ2zQWFoqPJP2sK1AV5A== + raw-body@2.5.2: version "2.5.2" - resolved "https://registry.yarnpkg.com/raw-body/-/raw-body-2.5.2.tgz#99febd83b90e08975087e8f1f9419a149366b68a" + resolved "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz" integrity sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA== dependencies: bytes "3.1.2" @@ -7459,7 +7500,7 @@ raw-body@2.5.2: rc@1.2.8: version "1.2.8" - resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.8.tgz#cd924bf5200a075b83c188cd6b9e211b7fc0d3ed" + resolved "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz" integrity sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw== dependencies: deep-extend "^0.6.0" @@ -7467,21 +7508,21 @@ rc@1.2.8: minimist "^1.2.0" strip-json-comments "~2.0.1" -react-dom@^19.0.0: +react-dom@*, "react-dom@^16.6.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react-dom@^18.0.0 || ^19.0.0", react-dom@^19.0.0, "react-dom@>= 16.8.0 < 20.0.0": version "19.2.0" - resolved "https://registry.yarnpkg.com/react-dom/-/react-dom-19.2.0.tgz#00ed1e959c365e9a9d48f8918377465466ec3af8" + resolved "https://registry.npmjs.org/react-dom/-/react-dom-19.2.0.tgz" integrity sha512-UlbRu4cAiGaIewkPyiRGJk0imDN2T3JjieT6spoL2UeSf5od4n5LB/mQ4ejmxhCFT1tYe8IvaFulzynWovsEFQ== dependencies: scheduler "^0.27.0" react-fast-compare@^3.2.0: version "3.2.2" - resolved "https://registry.yarnpkg.com/react-fast-compare/-/react-fast-compare-3.2.2.tgz#929a97a532304ce9fee4bcae44234f1ce2c21d49" + resolved "https://registry.npmjs.org/react-fast-compare/-/react-fast-compare-3.2.2.tgz" integrity sha512-nsO+KSNgo1SbJqJEYRE9ERzo7YtYbou/OqjSQKxV7jcKox7+usiUVZOAC+XnDOABXggQTno0Y1CpVnuWEc1boQ== "react-helmet-async@npm:@slorber/react-helmet-async@1.3.0": version "1.3.0" - resolved "https://registry.yarnpkg.com/@slorber/react-helmet-async/-/react-helmet-async-1.3.0.tgz#11fbc6094605cf60aa04a28c17e0aab894b4ecff" + resolved "https://registry.npmjs.org/@slorber/react-helmet-async/-/react-helmet-async-1.3.0.tgz" integrity sha512-e9/OK8VhwUSc67diWI8Rb3I0YgI9/SBQtnhe9aEuK6MhZm7ntZZimXgwXnd8W96YTmSOb9M4d8LwhRZyhWr/1A== dependencies: "@babel/runtime" "^7.12.5" @@ -7492,38 +7533,38 @@ react-fast-compare@^3.2.0: react-is@^16.13.1, react-is@^16.6.0, react-is@^16.7.0: version "16.13.1" - resolved "https://registry.yarnpkg.com/react-is/-/react-is-16.13.1.tgz#789729a4dc36de2999dc156dd6c1d9c18cea56a4" + resolved "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz" integrity sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ== react-json-view-lite@^2.3.0: version "2.5.0" - resolved "https://registry.yarnpkg.com/react-json-view-lite/-/react-json-view-lite-2.5.0.tgz#c7ff011c7cc80e9900abc7aa4916c6a5c6d6c1c6" + resolved "https://registry.npmjs.org/react-json-view-lite/-/react-json-view-lite-2.5.0.tgz" integrity sha512-tk7o7QG9oYyELWHL8xiMQ8x4WzjCzbWNyig3uexmkLb54r8jO0yH3WCWx8UZS0c49eSA4QUmG5caiRJ8fAn58g== react-loadable-ssr-addon-v5-slorber@^1.0.1: version "1.0.1" - resolved "https://registry.yarnpkg.com/react-loadable-ssr-addon-v5-slorber/-/react-loadable-ssr-addon-v5-slorber-1.0.1.tgz#2cdc91e8a744ffdf9e3556caabeb6e4278689883" + resolved "https://registry.npmjs.org/react-loadable-ssr-addon-v5-slorber/-/react-loadable-ssr-addon-v5-slorber-1.0.1.tgz" integrity sha512-lq3Lyw1lGku8zUEJPDxsNm1AfYHBrO9Y1+olAYwpUJ2IGFBskM0DMKok97A6LWUpHm+o7IvQBOWu9MLenp9Z+A== dependencies: "@babel/runtime" "^7.10.3" -"react-loadable@npm:@docusaurus/react-loadable@6.0.0": +react-loadable@*, "react-loadable@npm:@docusaurus/react-loadable@6.0.0": version "6.0.0" - resolved "https://registry.yarnpkg.com/@docusaurus/react-loadable/-/react-loadable-6.0.0.tgz#de6c7f73c96542bd70786b8e522d535d69069dc4" + resolved "https://registry.npmjs.org/@docusaurus/react-loadable/-/react-loadable-6.0.0.tgz" integrity sha512-YMMxTUQV/QFSnbgrP3tjDzLHRg7vsbMn8e9HAa8o/1iXoiomo48b7sk/kkmWEuWNDPJVlKSJRB6Y2fHqdJk+SQ== dependencies: "@types/react" "*" react-router-config@^5.1.1: version "5.1.1" - resolved "https://registry.yarnpkg.com/react-router-config/-/react-router-config-5.1.1.tgz#0f4263d1a80c6b2dc7b9c1902c9526478194a988" + resolved "https://registry.npmjs.org/react-router-config/-/react-router-config-5.1.1.tgz" integrity sha512-DuanZjaD8mQp1ppHjgnnUnyOlqYXZVjnov/JzFhjLEwd3Z4dYjMSnqrEzzGThH47vpCOqPPwJM2FtthLeJ8Pbg== dependencies: "@babel/runtime" "^7.1.2" react-router-dom@^5.3.4: version "5.3.4" - resolved "https://registry.yarnpkg.com/react-router-dom/-/react-router-dom-5.3.4.tgz#2ed62ffd88cae6db134445f4a0c0ae8b91d2e5e6" + resolved "https://registry.npmjs.org/react-router-dom/-/react-router-dom-5.3.4.tgz" integrity sha512-m4EqFMHv/Ih4kpcBCONHbkT68KoAeHN4p3lAGoNryfHi0dMy0kCzEZakiKRsvg5wHZ/JLrLW8o8KomWiz/qbYQ== dependencies: "@babel/runtime" "^7.12.13" @@ -7534,9 +7575,9 @@ react-router-dom@^5.3.4: tiny-invariant "^1.0.2" tiny-warning "^1.0.0" -react-router@5.3.4, react-router@^5.3.4: +react-router@^5.3.4, react-router@>=5, react-router@5.3.4: version "5.3.4" - resolved "https://registry.yarnpkg.com/react-router/-/react-router-5.3.4.tgz#8ca252d70fcc37841e31473c7a151cf777887bb5" + resolved "https://registry.npmjs.org/react-router/-/react-router-5.3.4.tgz" integrity sha512-Ys9K+ppnJah3QuaRiLxk+jDWOR1MekYQrlytiXxC1RyfbdsZkS5pvKAzCCr031xHixZwpnsYNT5xysdFHQaYsA== dependencies: "@babel/runtime" "^7.12.13" @@ -7549,14 +7590,14 @@ react-router@5.3.4, react-router@^5.3.4: tiny-invariant "^1.0.2" tiny-warning "^1.0.0" -react@^19.0.0: +react@*, "react@^16.11.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react@^16.6.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react@^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0", "react@^18 || ^19 || ^19.0.0-rc", "react@^18.0.0 || ^19.0.0", react@^19.0.0, react@^19.2.0, "react@>= 16.8.0 < 20.0.0", react@>=15, react@>=16, react@>=16.0.0: version "19.2.0" - resolved "https://registry.yarnpkg.com/react/-/react-19.2.0.tgz#d33dd1721698f4376ae57a54098cb47fc75d93a5" + resolved "https://registry.npmjs.org/react/-/react-19.2.0.tgz" integrity sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ== readable-stream@^2.0.1: version "2.3.8" - resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-2.3.8.tgz#91125e8042bba1b9887f49345f6277027ce8be9b" + resolved "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz" integrity sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA== dependencies: core-util-is "~1.0.0" @@ -7569,7 +7610,7 @@ readable-stream@^2.0.1: readable-stream@^3.0.6: version "3.6.2" - resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-3.6.2.tgz#56a9b36ea965c00c5a93ef31eb111a0f11056967" + resolved "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz" integrity sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA== dependencies: inherits "^2.0.3" @@ -7578,14 +7619,14 @@ readable-stream@^3.0.6: readdirp@~3.6.0: version "3.6.0" - resolved "https://registry.yarnpkg.com/readdirp/-/readdirp-3.6.0.tgz#74a370bd857116e245b29cc97340cd431a02a6c7" + resolved "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz" integrity sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA== dependencies: picomatch "^2.2.1" recma-build-jsx@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/recma-build-jsx/-/recma-build-jsx-1.0.0.tgz#c02f29e047e103d2fab2054954e1761b8ea253c4" + resolved "https://registry.npmjs.org/recma-build-jsx/-/recma-build-jsx-1.0.0.tgz" integrity sha512-8GtdyqaBcDfva+GUKDr3nev3VpKAhup1+RvkMvUxURHpW7QyIvk9F5wz7Vzo06CEMSilw6uArgRqhpiUcWp8ew== dependencies: "@types/estree" "^1.0.0" @@ -7594,7 +7635,7 @@ recma-build-jsx@^1.0.0: recma-jsx@^1.0.0: version "1.0.1" - resolved "https://registry.yarnpkg.com/recma-jsx/-/recma-jsx-1.0.1.tgz#58e718f45e2102ed0bf2fa994f05b70d76801a1a" + resolved "https://registry.npmjs.org/recma-jsx/-/recma-jsx-1.0.1.tgz" integrity sha512-huSIy7VU2Z5OLv6oFLosQGGDqPqdO1iq6bWNAdhzMxSJP7RAso4fCZ1cKu8j9YHCZf3TPrq4dw3okhrylgcd7w== dependencies: acorn-jsx "^5.0.0" @@ -7605,7 +7646,7 @@ recma-jsx@^1.0.0: recma-parse@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/recma-parse/-/recma-parse-1.0.0.tgz#c351e161bb0ab47d86b92a98a9d891f9b6814b52" + resolved "https://registry.npmjs.org/recma-parse/-/recma-parse-1.0.0.tgz" integrity sha512-OYLsIGBB5Y5wjnSnQW6t3Xg7q3fQ7FWbw/vcXtORTnyaSFscOtABg+7Pnz6YZ6c27fG1/aN8CjfwoUEUIdwqWQ== dependencies: "@types/estree" "^1.0.0" @@ -7615,7 +7656,7 @@ recma-parse@^1.0.0: recma-stringify@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/recma-stringify/-/recma-stringify-1.0.0.tgz#54632030631e0c7546136ff9ef8fde8e7b44f130" + resolved "https://registry.npmjs.org/recma-stringify/-/recma-stringify-1.0.0.tgz" integrity sha512-cjwII1MdIIVloKvC9ErQ+OgAtwHBmcZ0Bg4ciz78FtbT8In39aAYbaA7zvxQ61xVMSPE8WxhLwLbhif4Js2C+g== dependencies: "@types/estree" "^1.0.0" @@ -7625,19 +7666,19 @@ recma-stringify@^1.0.0: regenerate-unicode-properties@^10.2.2: version "10.2.2" - resolved "https://registry.yarnpkg.com/regenerate-unicode-properties/-/regenerate-unicode-properties-10.2.2.tgz#aa113812ba899b630658c7623466be71e1f86f66" + resolved "https://registry.npmjs.org/regenerate-unicode-properties/-/regenerate-unicode-properties-10.2.2.tgz" integrity sha512-m03P+zhBeQd1RGnYxrGyDAPpWX/epKirLrp8e3qevZdVkKtnCrjjWczIbYc8+xd6vcTStVlqfycTx1KR4LOr0g== dependencies: regenerate "^1.4.2" regenerate@^1.4.2: version "1.4.2" - resolved "https://registry.yarnpkg.com/regenerate/-/regenerate-1.4.2.tgz#b9346d8827e8f5a32f7ba29637d398b69014848a" + resolved "https://registry.npmjs.org/regenerate/-/regenerate-1.4.2.tgz" integrity sha512-zrceR/XhGYU/d/opr2EKO7aRHUeiBI8qjtfHqADTwZd6Szfy16la6kqD0MIUs5z5hx6AaKa+PixpPrR289+I0A== regexpu-core@^6.2.0: version "6.4.0" - resolved "https://registry.yarnpkg.com/regexpu-core/-/regexpu-core-6.4.0.tgz#3580ce0c4faedef599eccb146612436b62a176e5" + resolved "https://registry.npmjs.org/regexpu-core/-/regexpu-core-6.4.0.tgz" integrity sha512-0ghuzq67LI9bLXpOX/ISfve/Mq33a4aFRzoQYhnnok1JOFpmE/A2TBGkNVenOGEeSBCjIiWcc6MVOG5HEQv0sA== dependencies: regenerate "^1.4.2" @@ -7649,33 +7690,33 @@ regexpu-core@^6.2.0: registry-auth-token@^5.0.1: version "5.1.0" - resolved "https://registry.yarnpkg.com/registry-auth-token/-/registry-auth-token-5.1.0.tgz#3c659047ecd4caebd25bc1570a3aa979ae490eca" + resolved "https://registry.npmjs.org/registry-auth-token/-/registry-auth-token-5.1.0.tgz" integrity sha512-GdekYuwLXLxMuFTwAPg5UKGLW/UXzQrZvH/Zj791BQif5T05T0RsaLfHc9q3ZOKi7n+BoprPD9mJ0O0k4xzUlw== dependencies: "@pnpm/npm-conf" "^2.1.0" registry-url@^6.0.0: version "6.0.1" - resolved "https://registry.yarnpkg.com/registry-url/-/registry-url-6.0.1.tgz#056d9343680f2f64400032b1e199faa692286c58" + resolved "https://registry.npmjs.org/registry-url/-/registry-url-6.0.1.tgz" integrity sha512-+crtS5QjFRqFCoQmvGduwYWEBng99ZvmFvF+cUJkGYF1L1BfU8C6Zp9T7f5vPAwyLkUExpvK+ANVZmGU49qi4Q== dependencies: rc "1.2.8" regjsgen@^0.8.0: version "0.8.0" - resolved "https://registry.yarnpkg.com/regjsgen/-/regjsgen-0.8.0.tgz#df23ff26e0c5b300a6470cad160a9d090c3a37ab" + resolved "https://registry.npmjs.org/regjsgen/-/regjsgen-0.8.0.tgz" integrity sha512-RvwtGe3d7LvWiDQXeQw8p5asZUmfU1G/l6WbUXeHta7Y2PEIvBTwH6E2EfmYUK8pxcxEdEmaomqyp0vZZ7C+3Q== regjsparser@^0.13.0: version "0.13.0" - resolved "https://registry.yarnpkg.com/regjsparser/-/regjsparser-0.13.0.tgz#01f8351335cf7898d43686bc74d2dd71c847ecc0" + resolved "https://registry.npmjs.org/regjsparser/-/regjsparser-0.13.0.tgz" integrity sha512-NZQZdC5wOE/H3UT28fVGL+ikOZcEzfMGk/c3iN9UGxzWHMa1op7274oyiUVrAG4B2EuFhus8SvkaYnhvW92p9Q== dependencies: jsesc "~3.1.0" rehype-raw@^7.0.0: version "7.0.0" - resolved "https://registry.yarnpkg.com/rehype-raw/-/rehype-raw-7.0.0.tgz#59d7348fd5dbef3807bbaa1d443efd2dd85ecee4" + resolved "https://registry.npmjs.org/rehype-raw/-/rehype-raw-7.0.0.tgz" integrity sha512-/aE8hCfKlQeA8LmyeyQvQF3eBiLRGNlfBJEvWH7ivp9sBqs7TNqBL5X3v157rM4IFETqDnIOO+z5M/biZbo9Ww== dependencies: "@types/hast" "^3.0.0" @@ -7684,7 +7725,7 @@ rehype-raw@^7.0.0: rehype-recma@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/rehype-recma/-/rehype-recma-1.0.0.tgz#d68ef6344d05916bd96e25400c6261775411aa76" + resolved "https://registry.npmjs.org/rehype-recma/-/rehype-recma-1.0.0.tgz" integrity sha512-lqA4rGUf1JmacCNWWZx0Wv1dHqMwxzsDWYMTowuplHF3xH0N/MmrZ/G3BDZnzAkRmxDadujCjaKM2hqYdCBOGw== dependencies: "@types/estree" "^1.0.0" @@ -7693,12 +7734,12 @@ rehype-recma@^1.0.0: relateurl@^0.2.7: version "0.2.7" - resolved "https://registry.yarnpkg.com/relateurl/-/relateurl-0.2.7.tgz#54dbf377e51440aca90a4cd274600d3ff2d888a9" + resolved "https://registry.npmjs.org/relateurl/-/relateurl-0.2.7.tgz" integrity sha512-G08Dxvm4iDN3MLM0EsP62EDV9IuhXPR6blNz6Utcp7zyV3tr4HVNINt6MpaRWbxoOHT3Q7YN2P+jaHX8vUbgog== remark-directive@^3.0.0: version "3.0.1" - resolved "https://registry.yarnpkg.com/remark-directive/-/remark-directive-3.0.1.tgz#689ba332f156cfe1118e849164cc81f157a3ef0a" + resolved "https://registry.npmjs.org/remark-directive/-/remark-directive-3.0.1.tgz" integrity sha512-gwglrEQEZcZYgVyG1tQuA+h58EZfq5CSULw7J90AFuCTyib1thgHPoqQ+h9iFvU6R+vnZ5oNFQR5QKgGpk741A== dependencies: "@types/mdast" "^4.0.0" @@ -7708,7 +7749,7 @@ remark-directive@^3.0.0: remark-emoji@^4.0.0: version "4.0.1" - resolved "https://registry.yarnpkg.com/remark-emoji/-/remark-emoji-4.0.1.tgz#671bfda668047689e26b2078c7356540da299f04" + resolved "https://registry.npmjs.org/remark-emoji/-/remark-emoji-4.0.1.tgz" integrity sha512-fHdvsTR1dHkWKev9eNyhTo4EFwbUvJ8ka9SgeWkMPYFX4WoI7ViVBms3PjlQYgw5TLvNQso3GUB/b/8t3yo+dg== dependencies: "@types/mdast" "^4.0.2" @@ -7719,7 +7760,7 @@ remark-emoji@^4.0.0: remark-frontmatter@^5.0.0: version "5.0.0" - resolved "https://registry.yarnpkg.com/remark-frontmatter/-/remark-frontmatter-5.0.0.tgz#b68d61552a421ec412c76f4f66c344627dc187a2" + resolved "https://registry.npmjs.org/remark-frontmatter/-/remark-frontmatter-5.0.0.tgz" integrity sha512-XTFYvNASMe5iPN0719nPrdItC9aU0ssC4v14mH1BCi1u0n1gAocqcujWUrByftZTbLhRtiKRyjYTSIOcr69UVQ== dependencies: "@types/mdast" "^4.0.0" @@ -7729,7 +7770,7 @@ remark-frontmatter@^5.0.0: remark-gfm@^4.0.0: version "4.0.1" - resolved "https://registry.yarnpkg.com/remark-gfm/-/remark-gfm-4.0.1.tgz#33227b2a74397670d357bf05c098eaf8513f0d6b" + resolved "https://registry.npmjs.org/remark-gfm/-/remark-gfm-4.0.1.tgz" integrity sha512-1quofZ2RQ9EWdeN34S79+KExV1764+wCUGop5CPL1WGdD0ocPpu91lzPGbwWMECpEpd42kJGQwzRfyov9j4yNg== dependencies: "@types/mdast" "^4.0.0" @@ -7741,7 +7782,7 @@ remark-gfm@^4.0.0: remark-mdx@^3.0.0: version "3.1.1" - resolved "https://registry.yarnpkg.com/remark-mdx/-/remark-mdx-3.1.1.tgz#047f97038bc7ec387aebb4b0a4fe23779999d845" + resolved "https://registry.npmjs.org/remark-mdx/-/remark-mdx-3.1.1.tgz" integrity sha512-Pjj2IYlUY3+D8x00UJsIOg5BEvfMyeI+2uLPn9VO9Wg4MEtN/VTIq2NEJQfde9PnX15KgtHyl9S0BcTnWrIuWg== dependencies: mdast-util-mdx "^3.0.0" @@ -7749,7 +7790,7 @@ remark-mdx@^3.0.0: remark-parse@^11.0.0: version "11.0.0" - resolved "https://registry.yarnpkg.com/remark-parse/-/remark-parse-11.0.0.tgz#aa60743fcb37ebf6b069204eb4da304e40db45a1" + resolved "https://registry.npmjs.org/remark-parse/-/remark-parse-11.0.0.tgz" integrity sha512-FCxlKLNGknS5ba/1lmpYijMUzX2esxW5xQqjWxw2eHFfS2MSdaHVINFmhjo+qN1WhZhNimq0dZATN9pH0IDrpA== dependencies: "@types/mdast" "^4.0.0" @@ -7759,7 +7800,7 @@ remark-parse@^11.0.0: remark-rehype@^11.0.0: version "11.1.2" - resolved "https://registry.yarnpkg.com/remark-rehype/-/remark-rehype-11.1.2.tgz#2addaadda80ca9bd9aa0da763e74d16327683b37" + resolved "https://registry.npmjs.org/remark-rehype/-/remark-rehype-11.1.2.tgz" integrity sha512-Dh7l57ianaEoIpzbp0PC9UKAdCSVklD8E5Rpw7ETfbTl3FqcOOgq5q2LVDhgGCkaBv7p24JXikPdvhhmHvKMsw== dependencies: "@types/hast" "^3.0.0" @@ -7770,7 +7811,7 @@ remark-rehype@^11.0.0: remark-stringify@^11.0.0: version "11.0.0" - resolved "https://registry.yarnpkg.com/remark-stringify/-/remark-stringify-11.0.0.tgz#4c5b01dd711c269df1aaae11743eb7e2e7636fd3" + resolved "https://registry.npmjs.org/remark-stringify/-/remark-stringify-11.0.0.tgz" integrity sha512-1OSmLd3awB/t8qdoEOMazZkNsfVTeY4fTsgzcQFdXNq8ToTN4ZGwrMnlda4K6smTFKD+GRV6O48i6Z4iKgPPpw== dependencies: "@types/mdast" "^4.0.0" @@ -7779,7 +7820,7 @@ remark-stringify@^11.0.0: renderkid@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/renderkid/-/renderkid-3.0.0.tgz#5fd823e4d6951d37358ecc9a58b1f06836b6268a" + resolved "https://registry.npmjs.org/renderkid/-/renderkid-3.0.0.tgz" integrity sha512-q/7VIQA8lmM1hF+jn+sFSPWGlMkSAeNYcPLmDQx2zzuiDfaLrOmumR8iaUKlenFgh0XRPIUeSPlH3A+AW3Z5pg== dependencies: css-select "^4.1.3" @@ -7790,42 +7831,42 @@ renderkid@^3.0.0: repeat-string@^1.0.0: version "1.6.1" - resolved "https://registry.yarnpkg.com/repeat-string/-/repeat-string-1.6.1.tgz#8dcae470e1c88abc2d600fff4a776286da75e637" + resolved "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz" integrity sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w== require-from-string@^2.0.2: version "2.0.2" - resolved "https://registry.yarnpkg.com/require-from-string/-/require-from-string-2.0.2.tgz#89a7fdd938261267318eafe14f9c32e598c36909" + resolved "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz" integrity sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw== "require-like@>= 0.1.1": version "0.1.2" - resolved "https://registry.yarnpkg.com/require-like/-/require-like-0.1.2.tgz#ad6f30c13becd797010c468afa775c0c0a6b47fa" + resolved "https://registry.npmjs.org/require-like/-/require-like-0.1.2.tgz" integrity sha512-oyrU88skkMtDdauHDuKVrgR+zuItqr6/c//FXzvmxRGMexSDc6hNvJInGW3LL46n+8b50RykrvwSUIIQH2LQ5A== requires-port@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/requires-port/-/requires-port-1.0.0.tgz#925d2601d39ac485e091cf0da5c6e694dc3dcaff" + resolved "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz" integrity sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ== resolve-alpn@^1.2.0: version "1.2.1" - resolved "https://registry.yarnpkg.com/resolve-alpn/-/resolve-alpn-1.2.1.tgz#b7adbdac3546aaaec20b45e7d8265927072726f9" + resolved "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz" integrity sha512-0a1F4l73/ZFZOakJnQ3FvkJ2+gSTQWz/r2KE5OdDY0TxPm5h4GkqkWWfM47T7HsbnOtcJVEF4epCVy6u7Q3K+g== resolve-from@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/resolve-from/-/resolve-from-4.0.0.tgz#4abcd852ad32dd7baabfe9b40e00a36db5f392e6" + resolved "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz" integrity sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g== resolve-pathname@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/resolve-pathname/-/resolve-pathname-3.0.0.tgz#99d02224d3cf263689becbb393bc560313025dcd" + resolved "https://registry.npmjs.org/resolve-pathname/-/resolve-pathname-3.0.0.tgz" integrity sha512-C7rARubxI8bXFNB/hqcp/4iUeIXJhJZvFPFPiSPRnhU5UPxzMFIl+2E6yY6c4k9giDJAhtV+enfA+G89N6Csng== resolve@^1.22.10: version "1.22.10" - resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.22.10.tgz#b663e83ffb09bbf2386944736baae803029b8b39" + resolved "https://registry.npmjs.org/resolve/-/resolve-1.22.10.tgz" integrity sha512-NPRy+/ncIMeDlTAsuqwKIiferiawhefFJtkNSW0qZJEqMEb+qBt/77B/jGeeek+F0uOeN05CDa6HXbbIgtVX4w== dependencies: is-core-module "^2.16.0" @@ -7834,31 +7875,31 @@ resolve@^1.22.10: responselike@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/responselike/-/responselike-3.0.0.tgz#20decb6c298aff0dbee1c355ca95461d42823626" + resolved "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz" integrity sha512-40yHxbNcl2+rzXvZuVkrYohathsSJlMTXKryG5y8uciHv1+xDLHQpgjG64JUO9nrEq2jGLH6IZ8BcZyw3wrweg== dependencies: lowercase-keys "^3.0.0" responselike@^4.0.2: version "4.0.2" - resolved "https://registry.yarnpkg.com/responselike/-/responselike-4.0.2.tgz#d99a1105aeca5909c1e93156a839c7f3173e26c2" + resolved "https://registry.npmjs.org/responselike/-/responselike-4.0.2.tgz" integrity sha512-cGk8IbWEAnaCpdAt1BHzJ3Ahz5ewDJa0KseTsE3qIRMJ3C698W8psM7byCeWVpd/Ha7FUYzuRVzXoKoM6nRUbA== dependencies: lowercase-keys "^3.0.0" retry@^0.13.1: version "0.13.1" - resolved "https://registry.yarnpkg.com/retry/-/retry-0.13.1.tgz#185b1587acf67919d63b357349e03537b2484658" + resolved "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz" integrity sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg== reusify@^1.0.4: version "1.1.0" - resolved "https://registry.yarnpkg.com/reusify/-/reusify-1.1.0.tgz#0fe13b9522e1473f51b558ee796e08f11f9b489f" + resolved "https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz" integrity sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw== rtlcss@^4.1.0: version "4.3.0" - resolved "https://registry.yarnpkg.com/rtlcss/-/rtlcss-4.3.0.tgz#f8efd4d5b64f640ec4af8fa25b65bacd9e07cc97" + resolved "https://registry.npmjs.org/rtlcss/-/rtlcss-4.3.0.tgz" integrity sha512-FI+pHEn7Wc4NqKXMXFM+VAYKEj/mRIcW4h24YVwVtyjI+EqGrLc2Hx/Ny0lrZ21cBWU2goLy36eqMcNj3AQJig== dependencies: escalade "^3.1.1" @@ -7868,49 +7909,49 @@ rtlcss@^4.1.0: run-applescript@^7.0.0: version "7.1.0" - resolved "https://registry.yarnpkg.com/run-applescript/-/run-applescript-7.1.0.tgz#2e9e54c4664ec3106c5b5630e249d3d6595c4911" + resolved "https://registry.npmjs.org/run-applescript/-/run-applescript-7.1.0.tgz" integrity sha512-DPe5pVFaAsinSaV6QjQ6gdiedWDcRCbUuiQfQa2wmWV7+xC9bGulGI8+TdRmoFkAPaBXk8CrAbnlY2ISniJ47Q== run-parallel@^1.1.9: version "1.2.0" - resolved "https://registry.yarnpkg.com/run-parallel/-/run-parallel-1.2.0.tgz#66d1368da7bdf921eb9d95bd1a9229e7f21a43ee" + resolved "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz" integrity sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA== dependencies: queue-microtask "^1.2.2" -safe-buffer@5.2.1, safe-buffer@>=5.1.0, safe-buffer@^5.1.0, safe-buffer@~5.2.0: +safe-buffer@^5.1.0, safe-buffer@>=5.1.0, safe-buffer@~5.2.0, safe-buffer@5.2.1: version "5.2.1" - resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.2.1.tgz#1eaf9fa9bdb1fdd4ec75f58f9cdb4e6b7827eec6" + resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz" integrity sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ== safe-buffer@~5.1.0, safe-buffer@~5.1.1: version "5.1.2" - resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.2.tgz#991ec69d296e0313747d59bdfd2b745c35f8828d" + resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz" integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g== "safer-buffer@>= 2.1.2 < 3": version "2.1.2" - resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a" + resolved "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz" integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== sax@^1.2.4: version "1.4.1" - resolved "https://registry.yarnpkg.com/sax/-/sax-1.4.1.tgz#44cc8988377f126304d3b3fc1010c733b929ef0f" + resolved "https://registry.npmjs.org/sax/-/sax-1.4.1.tgz" integrity sha512-+aWOz7yVScEGoKNd4PA10LZ8sk0A/z5+nXQG5giUO5rprX9jgYsTdov9qCchZiPIZezbZH+jRut8nPodFAX4Jg== scheduler@^0.27.0: version "0.27.0" - resolved "https://registry.yarnpkg.com/scheduler/-/scheduler-0.27.0.tgz#0c4ef82d67d1e5c1e359e8fc76d3a87f045fe5bd" + resolved "https://registry.npmjs.org/scheduler/-/scheduler-0.27.0.tgz" integrity sha512-eNv+WrVbKu1f3vbYJT/xtiF5syA5HPIMtf9IgY/nKg0sWqzAUEvqY/xm7OcZc/qafLx/iO9FgOmeSAp4v5ti/Q== schema-dts@^1.1.2: version "1.1.5" - resolved "https://registry.yarnpkg.com/schema-dts/-/schema-dts-1.1.5.tgz#9237725d305bac3469f02b292a035107595dc324" + resolved "https://registry.npmjs.org/schema-dts/-/schema-dts-1.1.5.tgz" integrity sha512-RJr9EaCmsLzBX2NDiO5Z3ux2BVosNZN5jo0gWgsyKvxKIUL5R3swNvoorulAeL9kLB0iTSX7V6aokhla2m7xbg== schema-utils@^3.0.0: version "3.3.0" - resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-3.3.0.tgz#f50a88877c3c01652a15b622ae9e9795df7a60fe" + resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz" integrity sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg== dependencies: "@types/json-schema" "^7.0.8" @@ -7919,7 +7960,7 @@ schema-utils@^3.0.0: schema-utils@^4.0.0, schema-utils@^4.0.1, schema-utils@^4.2.0, schema-utils@^4.3.0, schema-utils@^4.3.3: version "4.3.3" - resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-4.3.3.tgz#5b1850912fa31df90716963d45d9121fdfc09f46" + resolved "https://registry.npmjs.org/schema-utils/-/schema-utils-4.3.3.tgz" integrity sha512-eflK8wEtyOE6+hsaRVPxvUKYCpRgzLqDTb8krvAsRIwOGlHoSgYLgBXoubGgLd2fT41/OUYdb48v4k4WWHQurA== dependencies: "@types/json-schema" "^7.0.9" @@ -7927,9 +7968,14 @@ schema-utils@^4.0.0, schema-utils@^4.0.1, schema-utils@^4.2.0, schema-utils@^4.3 ajv-formats "^2.1.1" ajv-keywords "^5.1.0" +"search-insights@>= 1 < 3": + version "2.17.3" + resolved "https://registry.npmjs.org/search-insights/-/search-insights-2.17.3.tgz" + integrity sha512-RQPdCYTa8A68uM2jwxoY842xDhvx3E5LFL1LxvxCNMev4o5mLuokczhzjAgGwUZBAmOKZknArSxLKmXtIi2AxQ== + section-matter@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/section-matter/-/section-matter-1.0.0.tgz#e9041953506780ec01d59f292a19c7b850b84167" + resolved "https://registry.npmjs.org/section-matter/-/section-matter-1.0.0.tgz" integrity sha512-vfD3pmTzGpufjScBh50YHKzEu2lxBWhVEHsNGoEXmCmn2hKGfeNLYMzCJpe8cD7gqX7TJluOVpBkAequ6dgMmA== dependencies: extend-shallow "^2.0.1" @@ -7937,12 +7983,12 @@ section-matter@^1.0.0: select-hose@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/select-hose/-/select-hose-2.0.0.tgz#625d8658f865af43ec962bfc376a37359a4994ca" + resolved "https://registry.npmjs.org/select-hose/-/select-hose-2.0.0.tgz" integrity sha512-mEugaLK+YfkijB4fx0e6kImuJdCIt2LxCRcbEYPqRGCs4F2ogyfZU5IAZRdjCP8JPq2AtdNoC/Dux63d9Kiryg== selfsigned@^2.4.1: version "2.4.1" - resolved "https://registry.yarnpkg.com/selfsigned/-/selfsigned-2.4.1.tgz#560d90565442a3ed35b674034cec4e95dceb4ae0" + resolved "https://registry.npmjs.org/selfsigned/-/selfsigned-2.4.1.tgz" integrity sha512-th5B4L2U+eGLq1TVh7zNRGBapioSORUeymIydxgFpwww9d2qyKvtuPU2jJuHvYAwwqi2Y596QBL3eEqcPEYL8Q== dependencies: "@types/node-forge" "^1.3.0" @@ -7950,24 +7996,24 @@ selfsigned@^2.4.1: semver-diff@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/semver-diff/-/semver-diff-4.0.0.tgz#3afcf5ed6d62259f5c72d0d5d50dffbdc9680df5" + resolved "https://registry.npmjs.org/semver-diff/-/semver-diff-4.0.0.tgz" integrity sha512-0Ju4+6A8iOnpL/Thra7dZsSlOHYAHIeMxfhWQRI1/VLcT3WDBZKKtQt/QkBOsiIN9ZpuvHE6cGZ0x4glCMmfiA== dependencies: semver "^7.3.5" semver@^6.3.1: version "6.3.1" - resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" + resolved "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz" integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== semver@^7.3.5, semver@^7.3.7, semver@^7.5.4: version "7.7.3" - resolved "https://registry.yarnpkg.com/semver/-/semver-7.7.3.tgz#4b5f4143d007633a8dc671cd0a6ef9147b8bb946" + resolved "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz" integrity sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q== send@0.19.0: version "0.19.0" - resolved "https://registry.yarnpkg.com/send/-/send-0.19.0.tgz#bbc5a388c8ea6c048967049dbeac0e4a3f09d7f8" + resolved "https://registry.npmjs.org/send/-/send-0.19.0.tgz" integrity sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw== dependencies: debug "2.6.9" @@ -7986,14 +8032,14 @@ send@0.19.0: serialize-javascript@^6.0.0, serialize-javascript@^6.0.1, serialize-javascript@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.2.tgz#defa1e055c83bf6d59ea805d8da862254eb6a6c2" + resolved "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz" integrity sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g== dependencies: randombytes "^2.1.0" serve-handler@^6.1.6: version "6.1.6" - resolved "https://registry.yarnpkg.com/serve-handler/-/serve-handler-6.1.6.tgz#50803c1d3e947cd4a341d617f8209b22bd76cfa1" + resolved "https://registry.npmjs.org/serve-handler/-/serve-handler-6.1.6.tgz" integrity sha512-x5RL9Y2p5+Sh3D38Fh9i/iQ5ZK+e4xuXRd/pGbM4D13tgo/MGwbttUk8emytcr1YYzBYs+apnUngBDFYfpjPuQ== dependencies: bytes "3.0.0" @@ -8006,7 +8052,7 @@ serve-handler@^6.1.6: serve-index@^1.9.1: version "1.9.1" - resolved "https://registry.yarnpkg.com/serve-index/-/serve-index-1.9.1.tgz#d3768d69b1e7d82e5ce050fff5b453bea12a9239" + resolved "https://registry.npmjs.org/serve-index/-/serve-index-1.9.1.tgz" integrity sha512-pXHfKNP4qujrtteMrSBb0rc8HJ9Ms/GrXwcUtUtD5s4ewDJI8bT3Cz2zTVRMKtri49pLx2e0Ya8ziP5Ya2pZZw== dependencies: accepts "~1.3.4" @@ -8019,7 +8065,7 @@ serve-index@^1.9.1: serve-static@1.16.2: version "1.16.2" - resolved "https://registry.yarnpkg.com/serve-static/-/serve-static-1.16.2.tgz#b6a5343da47f6bdd2673848bf45754941e803296" + resolved "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz" integrity sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw== dependencies: encodeurl "~2.0.0" @@ -8029,7 +8075,7 @@ serve-static@1.16.2: set-function-length@^1.2.2: version "1.2.2" - resolved "https://registry.yarnpkg.com/set-function-length/-/set-function-length-1.2.2.tgz#aac72314198eaed975cf77b2c3b6b880695e5449" + resolved "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz" integrity sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg== dependencies: define-data-property "^1.1.4" @@ -8041,46 +8087,46 @@ set-function-length@^1.2.2: setprototypeof@1.1.0: version "1.1.0" - resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.1.0.tgz#d0bd85536887b6fe7c0d818cb962d9d91c54e656" + resolved "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz" integrity sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ== setprototypeof@1.2.0: version "1.2.0" - resolved "https://registry.yarnpkg.com/setprototypeof/-/setprototypeof-1.2.0.tgz#66c9a24a73f9fc28cbe66b09fed3d33dcaf1b424" + resolved "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz" integrity sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw== shallow-clone@^3.0.0: version "3.0.1" - resolved "https://registry.yarnpkg.com/shallow-clone/-/shallow-clone-3.0.1.tgz#8f2981ad92531f55035b01fb230769a40e02efa3" + resolved "https://registry.npmjs.org/shallow-clone/-/shallow-clone-3.0.1.tgz" integrity sha512-/6KqX+GVUdqPuPPd2LxDDxzX6CAbjJehAAOKlNpqqUpAqPM6HeL8f+o3a+JsyGjn2lv0WY8UsTgUJjU9Ok55NA== dependencies: kind-of "^6.0.2" shallowequal@^1.1.0: version "1.1.0" - resolved "https://registry.yarnpkg.com/shallowequal/-/shallowequal-1.1.0.tgz#188d521de95b9087404fd4dcb68b13df0ae4e7f8" + resolved "https://registry.npmjs.org/shallowequal/-/shallowequal-1.1.0.tgz" integrity sha512-y0m1JoUZSlPAjXVtPPW70aZWfIL/dSP7AFkRnniLCrK/8MDKog3TySTBmckD+RObVxH0v4Tox67+F14PdED2oQ== shebang-command@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/shebang-command/-/shebang-command-2.0.0.tgz#ccd0af4f8835fbdc265b82461aaf0c36663f34ea" + resolved "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz" integrity sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA== dependencies: shebang-regex "^3.0.0" shebang-regex@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-3.0.0.tgz#ae16f1644d873ecad843b0307b143362d4c42172" + resolved "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz" integrity sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A== shell-quote@^1.8.3: version "1.8.3" - resolved "https://registry.yarnpkg.com/shell-quote/-/shell-quote-1.8.3.tgz#55e40ef33cf5c689902353a3d8cd1a6725f08b4b" + resolved "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.3.tgz" integrity sha512-ObmnIF4hXNg1BqhnHmgbDETF8dLPCggZWBjkQfhZpbszZnYur5DUljTcCHii5LC3J5E0yeO/1LIMyH+UvHQgyw== side-channel-list@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/side-channel-list/-/side-channel-list-1.0.0.tgz#10cb5984263115d3b7a0e336591e290a830af8ad" + resolved "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz" integrity sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA== dependencies: es-errors "^1.3.0" @@ -8088,7 +8134,7 @@ side-channel-list@^1.0.0: side-channel-map@^1.0.1: version "1.0.1" - resolved "https://registry.yarnpkg.com/side-channel-map/-/side-channel-map-1.0.1.tgz#d6bb6b37902c6fef5174e5f533fab4c732a26f42" + resolved "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz" integrity sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA== dependencies: call-bound "^1.0.2" @@ -8098,7 +8144,7 @@ side-channel-map@^1.0.1: side-channel-weakmap@^1.0.2: version "1.0.2" - resolved "https://registry.yarnpkg.com/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz#11dda19d5368e40ce9ec2bdc1fb0ecbc0790ecea" + resolved "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz" integrity sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A== dependencies: call-bound "^1.0.2" @@ -8109,7 +8155,7 @@ side-channel-weakmap@^1.0.2: side-channel@^1.0.6: version "1.1.0" - resolved "https://registry.yarnpkg.com/side-channel/-/side-channel-1.1.0.tgz#c3fcff9c4da932784873335ec9765fa94ff66bc9" + resolved "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz" integrity sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw== dependencies: es-errors "^1.3.0" @@ -8120,12 +8166,12 @@ side-channel@^1.0.6: signal-exit@^3.0.2, signal-exit@^3.0.3: version "3.0.7" - resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.7.tgz#a9a1767f8af84155114eaabd73f99273c8f59ad9" + resolved "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz" integrity sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ== sirv@^2.0.3: version "2.0.4" - resolved "https://registry.yarnpkg.com/sirv/-/sirv-2.0.4.tgz#5dd9a725c578e34e449f332703eb2a74e46a29b0" + resolved "https://registry.npmjs.org/sirv/-/sirv-2.0.4.tgz" integrity sha512-94Bdh3cC2PKrbgSOUqTiGPWVZeSiXfKOVZNJniWoqrWrRkB1CJzBU3NEbiTsPcYy1lDsANA/THzS+9WBiy5nfQ== dependencies: "@polka/url" "^1.0.0-next.24" @@ -8134,12 +8180,12 @@ sirv@^2.0.3: sisteransi@^1.0.5: version "1.0.5" - resolved "https://registry.yarnpkg.com/sisteransi/-/sisteransi-1.0.5.tgz#134d681297756437cc05ca01370d3a7a571075ed" + resolved "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz" integrity sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg== sitemap@^7.1.1: version "7.1.2" - resolved "https://registry.yarnpkg.com/sitemap/-/sitemap-7.1.2.tgz#6ce1deb43f6f177c68bc59cf93632f54e3ae6b72" + resolved "https://registry.npmjs.org/sitemap/-/sitemap-7.1.2.tgz" integrity sha512-ARCqzHJ0p4gWt+j7NlU5eDlIO9+Rkr/JhPFZKKQ1l5GCus7rJH4UdrlVAh0xC/gDS/Qir2UMxqYNHtsKr2rpCw== dependencies: "@types/node" "^17.0.5" @@ -8149,24 +8195,24 @@ sitemap@^7.1.1: skin-tone@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/skin-tone/-/skin-tone-2.0.0.tgz#4e3933ab45c0d4f4f781745d64b9f4c208e41237" + resolved "https://registry.npmjs.org/skin-tone/-/skin-tone-2.0.0.tgz" integrity sha512-kUMbT1oBJCpgrnKoSr0o6wPtvRWT9W9UKvGLwfJYO2WuahZRHOpEyL1ckyMGgMWh0UdpmaoFqKKD29WTomNEGA== dependencies: unicode-emoji-modifier-base "^1.0.0" slash@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/slash/-/slash-3.0.0.tgz#6539be870c165adbd5240220dbe361f1bc4d4634" + resolved "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz" integrity sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q== slash@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/slash/-/slash-4.0.0.tgz#2422372176c4c6c5addb5e2ada885af984b396a7" + resolved "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz" integrity sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew== snake-case@^3.0.4: version "3.0.4" - resolved "https://registry.yarnpkg.com/snake-case/-/snake-case-3.0.4.tgz#4f2bbd568e9935abdfd593f34c691dadb49c452c" + resolved "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz" integrity sha512-LAOh4z89bGQvl9pFfNF8V146i7o7/CqFPbqzYgP+yYzDIDeS9HaNFtXABamRW+AQzEVODcvE79ljJ+8a9YSdMg== dependencies: dot-case "^3.0.4" @@ -8174,7 +8220,7 @@ snake-case@^3.0.4: sockjs@^0.3.24: version "0.3.24" - resolved "https://registry.yarnpkg.com/sockjs/-/sockjs-0.3.24.tgz#c9bc8995f33a111bea0395ec30aa3206bdb5ccce" + resolved "https://registry.npmjs.org/sockjs/-/sockjs-0.3.24.tgz" integrity sha512-GJgLTZ7vYb/JtPSSZ10hsOYIvEYsjbNU+zPdIHcUaWVNUEPivzxku31865sSSud0Da0W4lEeOPlmw93zLQchuQ== dependencies: faye-websocket "^0.11.3" @@ -8183,40 +8229,45 @@ sockjs@^0.3.24: sort-css-media-queries@2.2.0: version "2.2.0" - resolved "https://registry.yarnpkg.com/sort-css-media-queries/-/sort-css-media-queries-2.2.0.tgz#aa33cf4a08e0225059448b6c40eddbf9f1c8334c" + resolved "https://registry.npmjs.org/sort-css-media-queries/-/sort-css-media-queries-2.2.0.tgz" integrity sha512-0xtkGhWCC9MGt/EzgnvbbbKhqWjl1+/rncmhTh5qCpbYguXh6S/qwePfv/JQ8jePXXmqingylxoC49pCkSPIbA== source-map-js@^1.0.1, source-map-js@^1.2.1: version "1.2.1" - resolved "https://registry.yarnpkg.com/source-map-js/-/source-map-js-1.2.1.tgz#1ce5650fddd87abc099eda37dcff024c2667ae46" + resolved "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz" integrity sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA== source-map-support@~0.5.20: version "0.5.21" - resolved "https://registry.yarnpkg.com/source-map-support/-/source-map-support-0.5.21.tgz#04fe7c7f9e1ed2d662233c28cb2b35b9f63f6e4f" + resolved "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz" integrity sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w== dependencies: buffer-from "^1.0.0" source-map "^0.6.0" -source-map@^0.6.0, source-map@~0.6.0: +source-map@^0.6.0: version "0.6.1" - resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.6.1.tgz#74722af32e9614e9c287a8d0bbde48b5e2f1a263" + resolved "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz" integrity sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g== source-map@^0.7.0: version "0.7.6" - resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.7.6.tgz#a3658ab87e5b6429c8a1f3ba0083d4c61ca3ef02" + resolved "https://registry.npmjs.org/source-map/-/source-map-0.7.6.tgz" integrity sha512-i5uvt8C3ikiWeNZSVZNWcfZPItFQOsYTUAOkcUPGd8DqDy1uOUikjt5dG+uRlwyvR108Fb9DOd4GvXfT0N2/uQ== +source-map@~0.6.0: + version "0.6.1" + resolved "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz" + integrity sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g== + space-separated-tokens@^2.0.0: version "2.0.2" - resolved "https://registry.yarnpkg.com/space-separated-tokens/-/space-separated-tokens-2.0.2.tgz#1ecd9d2350a3844572c3f4a312bceb018348859f" + resolved "https://registry.npmjs.org/space-separated-tokens/-/space-separated-tokens-2.0.2.tgz" integrity sha512-PEGlAwrG8yXGXRjW32fGbg66JAlOAwbObuqVoJpv/mRgoWDQfgH1wDPvtzWyUSNAXBGSk8h755YDbbcEy3SH2Q== spdy-transport@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/spdy-transport/-/spdy-transport-3.0.0.tgz#00d4863a6400ad75df93361a1608605e5dcdcf31" + resolved "https://registry.npmjs.org/spdy-transport/-/spdy-transport-3.0.0.tgz" integrity sha512-hsLVFE5SjA6TCisWeJXFKniGGOpBgMLmerfO2aCyCU5s7nJ/rpAepqmFifv/GCbSbueEeAJJnmSQ2rKC/g8Fcw== dependencies: debug "^4.1.0" @@ -8228,7 +8279,7 @@ spdy-transport@^3.0.0: spdy@^4.0.2: version "4.0.2" - resolved "https://registry.yarnpkg.com/spdy/-/spdy-4.0.2.tgz#b74f466203a3eda452c02492b91fb9e84a27677b" + resolved "https://registry.npmjs.org/spdy/-/spdy-4.0.2.tgz" integrity sha512-r46gZQZQV+Kl9oItvl1JZZqJKGr+oEkB08A6BzkiR7593/7IbtuncXHd2YoYeTsG4157ZssMu9KYvUHLcjcDoA== dependencies: debug "^4.1.0" @@ -8239,32 +8290,55 @@ spdy@^4.0.2: sprintf-js@~1.0.2: version "1.0.3" - resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c" + resolved "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz" integrity sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g== srcset@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/srcset/-/srcset-4.0.0.tgz#336816b665b14cd013ba545b6fe62357f86e65f4" + resolved "https://registry.npmjs.org/srcset/-/srcset-4.0.0.tgz" integrity sha512-wvLeHgcVHKO8Sc/H/5lkGreJQVeYMm9rlmt8PuR1xE31rIuXhuzznUUqAt8MqLhB3MqJdFzlNAfpcWnxiFUcPw== -statuses@2.0.1: - version "2.0.1" - resolved "https://registry.yarnpkg.com/statuses/-/statuses-2.0.1.tgz#55cb000ccf1d48728bd23c685a063998cf1a1b63" - integrity sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ== - "statuses@>= 1.4.0 < 2": version "1.5.0" - resolved "https://registry.yarnpkg.com/statuses/-/statuses-1.5.0.tgz#161c7dac177659fd9811f43771fa99381478628c" + resolved "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz" integrity sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA== +statuses@2.0.1: + version "2.0.1" + resolved "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz" + integrity sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ== + std-env@^3.7.0: version "3.10.0" - resolved "https://registry.yarnpkg.com/std-env/-/std-env-3.10.0.tgz#d810b27e3a073047b2b5e40034881f5ea6f9c83b" + resolved "https://registry.npmjs.org/std-env/-/std-env-3.10.0.tgz" integrity sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg== -string-width@^4.1.0, string-width@^4.2.0: +string_decoder@^1.1.1: + version "1.3.0" + resolved "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz" + integrity sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA== + dependencies: + safe-buffer "~5.2.0" + +string_decoder@~1.1.1: + version "1.1.1" + resolved "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz" + integrity sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg== + dependencies: + safe-buffer "~5.1.0" + +string-width@^4.1.0: + version "4.2.3" + resolved "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz" + integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== + dependencies: + emoji-regex "^8.0.0" + is-fullwidth-code-point "^3.0.0" + strip-ansi "^6.0.1" + +string-width@^4.2.0: version "4.2.3" - resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" + resolved "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz" integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== dependencies: emoji-regex "^8.0.0" @@ -8273,30 +8347,16 @@ string-width@^4.1.0, string-width@^4.2.0: string-width@^5.0.1, string-width@^5.1.2: version "5.1.2" - resolved "https://registry.yarnpkg.com/string-width/-/string-width-5.1.2.tgz#14f8daec6d81e7221d2a357e668cab73bdbca794" + resolved "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz" integrity sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA== dependencies: eastasianwidth "^0.2.0" emoji-regex "^9.2.2" strip-ansi "^7.0.1" -string_decoder@^1.1.1: - version "1.3.0" - resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.3.0.tgz#42f114594a46cf1a8e30b0a84f56c78c3edac21e" - integrity sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA== - dependencies: - safe-buffer "~5.2.0" - -string_decoder@~1.1.1: - version "1.1.1" - resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.1.1.tgz#9cf1611ba62685d7030ae9e4ba34149c3af03fc8" - integrity sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg== - dependencies: - safe-buffer "~5.1.0" - stringify-entities@^4.0.0: version "4.0.4" - resolved "https://registry.yarnpkg.com/stringify-entities/-/stringify-entities-4.0.4.tgz#b3b79ef5f277cc4ac73caeb0236c5ba939b3a4f3" + resolved "https://registry.npmjs.org/stringify-entities/-/stringify-entities-4.0.4.tgz" integrity sha512-IwfBptatlO+QCJUo19AqvrPNqlVMpW9YEL2LIVY+Rpv2qsjCGxaDLNRgeGsQWJhfItebuJhsGSLjaBbNSQ+ieg== dependencies: character-entities-html4 "^2.0.0" @@ -8304,7 +8364,7 @@ stringify-entities@^4.0.0: stringify-object@^3.3.0: version "3.3.0" - resolved "https://registry.yarnpkg.com/stringify-object/-/stringify-object-3.3.0.tgz#703065aefca19300d3ce88af4f5b3956d7556629" + resolved "https://registry.npmjs.org/stringify-object/-/stringify-object-3.3.0.tgz" integrity sha512-rHqiFh1elqCQ9WPLIC8I0Q/g/wj5J1eMkyoiD6eoQApWHP0FtlK7rqnhmabL5VUY9JQCcqwwvlOaSuutekgyrw== dependencies: get-own-enumerable-property-symbols "^3.0.0" @@ -8313,55 +8373,55 @@ stringify-object@^3.3.0: strip-ansi@^6.0.0, strip-ansi@^6.0.1: version "6.0.1" - resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" + resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz" integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== dependencies: ansi-regex "^5.0.1" strip-ansi@^7.0.1: version "7.1.2" - resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-7.1.2.tgz#132875abde678c7ea8d691533f2e7e22bb744dba" + resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz" integrity sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA== dependencies: ansi-regex "^6.0.1" strip-bom-string@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/strip-bom-string/-/strip-bom-string-1.0.0.tgz#e5211e9224369fbb81d633a2f00044dc8cedad92" + resolved "https://registry.npmjs.org/strip-bom-string/-/strip-bom-string-1.0.0.tgz" integrity sha512-uCC2VHvQRYu+lMh4My/sFNmF2klFymLX1wHJeXnbEJERpV/ZsVuonzerjfrGpIGF7LBVa1O7i9kjiWvJiFck8g== strip-final-newline@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/strip-final-newline/-/strip-final-newline-2.0.0.tgz#89b852fb2fcbe936f6f4b3187afb0a12c1ab58ad" + resolved "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz" integrity sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA== strip-json-comments@^3.1.1: version "3.1.1" - resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.1.tgz#31f1281b3832630434831c310c01cccda8cbe006" + resolved "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz" integrity sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig== strip-json-comments@~2.0.1: version "2.0.1" - resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a" + resolved "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz" integrity sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ== style-to-js@^1.0.0: version "1.1.18" - resolved "https://registry.yarnpkg.com/style-to-js/-/style-to-js-1.1.18.tgz#3e6c13bd4c4db079bd2c2c94571cce5c758bc2ff" + resolved "https://registry.npmjs.org/style-to-js/-/style-to-js-1.1.18.tgz" integrity sha512-JFPn62D4kJaPTnhFUI244MThx+FEGbi+9dw1b9yBBQ+1CZpV7QAT8kUtJ7b7EUNdHajjF/0x8fT+16oLJoojLg== dependencies: style-to-object "1.0.11" style-to-object@1.0.11: version "1.0.11" - resolved "https://registry.yarnpkg.com/style-to-object/-/style-to-object-1.0.11.tgz#cf252c4051758b7acb18a5efb296f91fb79bb9c4" + resolved "https://registry.npmjs.org/style-to-object/-/style-to-object-1.0.11.tgz" integrity sha512-5A560JmXr7wDyGLK12Nq/EYS38VkGlglVzkis1JEdbGWSnbQIEhZzTJhzURXN5/8WwwFCs/f/VVcmkTppbXLow== dependencies: inline-style-parser "0.2.4" stylehacks@^6.1.1: version "6.1.1" - resolved "https://registry.yarnpkg.com/stylehacks/-/stylehacks-6.1.1.tgz#543f91c10d17d00a440430362d419f79c25545a6" + resolved "https://registry.npmjs.org/stylehacks/-/stylehacks-6.1.1.tgz" integrity sha512-gSTTEQ670cJNoaeIp9KX6lZmm8LJ3jPB5yJmX8Zq/wQxOsAFXV3qjWzHas3YYk1qesuVIyYWWUpZ0vSE/dTSGg== dependencies: browserslist "^4.23.0" @@ -8369,31 +8429,31 @@ stylehacks@^6.1.1: supports-color@^7.1.0: version "7.2.0" - resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-7.2.0.tgz#1b7dcdcb32b8138801b3e478ba6a51caa89648da" + resolved "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz" integrity sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw== dependencies: has-flag "^4.0.0" supports-color@^8.0.0: version "8.1.1" - resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-8.1.1.tgz#cd6fc17e28500cff56c1b86c0a7fd4a54a73005c" + resolved "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz" integrity sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q== dependencies: has-flag "^4.0.0" supports-preserve-symlinks-flag@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz#6eda4bd344a3c94aea376d4cc31bc77311039e09" + resolved "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz" integrity sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w== svg-parser@^2.0.4: version "2.0.4" - resolved "https://registry.yarnpkg.com/svg-parser/-/svg-parser-2.0.4.tgz#fdc2e29e13951736140b76cb122c8ee6630eb6b5" + resolved "https://registry.npmjs.org/svg-parser/-/svg-parser-2.0.4.tgz" integrity sha512-e4hG1hRwoOdRb37cIMSgzNsxyzKfayW6VOflrwvR+/bzrkyxY/31WkbgnQpgtrNp1SdpJvpUAGTa/ZoiPNDuRQ== svgo@^3.0.2, svgo@^3.2.0: version "3.3.2" - resolved "https://registry.yarnpkg.com/svgo/-/svgo-3.3.2.tgz#ad58002652dffbb5986fc9716afe52d869ecbda8" + resolved "https://registry.npmjs.org/svgo/-/svgo-3.3.2.tgz" integrity sha512-OoohrmuUlBs8B8o6MB2Aevn+pRIH9zDALSR+6hhqVfa6fRwG/Qw9VUMSMW9VNg2CFc/MTIfabtdOVl9ODIJjpw== dependencies: "@trysound/sax" "0.2.0" @@ -8406,7 +8466,7 @@ svgo@^3.0.2, svgo@^3.2.0: swr@^2.2.5: version "2.3.6" - resolved "https://registry.yarnpkg.com/swr/-/swr-2.3.6.tgz#5fee0ee8a0762a16871ee371075cb09422b64f50" + resolved "https://registry.npmjs.org/swr/-/swr-2.3.6.tgz" integrity sha512-wfHRmHWk/isGNMwlLGlZX5Gzz/uTgo0o2IRuTMcf4CPuPFJZlq0rDaKUx+ozB5nBOReNV1kiOyzMfj+MBMikLw== dependencies: dequal "^2.0.3" @@ -8414,12 +8474,12 @@ swr@^2.2.5: tapable@^2.0.0, tapable@^2.2.0, tapable@^2.2.1, tapable@^2.3.0: version "2.3.0" - resolved "https://registry.yarnpkg.com/tapable/-/tapable-2.3.0.tgz#7e3ea6d5ca31ba8e078b560f0d83ce9a14aa8be6" + resolved "https://registry.npmjs.org/tapable/-/tapable-2.3.0.tgz" integrity sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg== terser-webpack-plugin@^5.3.11, terser-webpack-plugin@^5.3.9: version "5.3.14" - resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-5.3.14.tgz#9031d48e57ab27567f02ace85c7d690db66c3e06" + resolved "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.14.tgz" integrity sha512-vkZjpUjb6OMS7dhV+tILUW6BhpDR7P2L/aQSAv+Uwk+m8KATX9EccViHTJR2qDtACKPIYndLGCyl3FMo+r2LMw== dependencies: "@jridgewell/trace-mapping" "^0.3.25" @@ -8430,7 +8490,7 @@ terser-webpack-plugin@^5.3.11, terser-webpack-plugin@^5.3.9: terser@^5.10.0, terser@^5.15.1, terser@^5.31.1: version "5.44.0" - resolved "https://registry.yarnpkg.com/terser/-/terser-5.44.0.tgz#ebefb8e5b8579d93111bfdfc39d2cf63879f4a82" + resolved "https://registry.npmjs.org/terser/-/terser-5.44.0.tgz" integrity sha512-nIVck8DK+GM/0Frwd+nIhZ84pR/BX7rmXMfYwyg+Sri5oGVE99/E3KvXqpC2xHFxyqXyGHTKBSioxxplrO4I4w== dependencies: "@jridgewell/source-map" "^0.3.3" @@ -8440,99 +8500,94 @@ terser@^5.10.0, terser@^5.15.1, terser@^5.31.1: thingies@^2.5.0: version "2.5.0" - resolved "https://registry.yarnpkg.com/thingies/-/thingies-2.5.0.tgz#5f7b882c933b85989f8466b528a6247a6881e04f" + resolved "https://registry.npmjs.org/thingies/-/thingies-2.5.0.tgz" integrity sha512-s+2Bwztg6PhWUD7XMfeYm5qliDdSiZm7M7n8KjTkIsm3l/2lgVRc2/Gx/v+ZX8lT4FMA+i8aQvhcWylldc+ZNw== throttleit@2.1.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/throttleit/-/throttleit-2.1.0.tgz#a7e4aa0bf4845a5bd10daa39ea0c783f631a07b4" + resolved "https://registry.npmjs.org/throttleit/-/throttleit-2.1.0.tgz" integrity sha512-nt6AMGKW1p/70DF/hGBdJB57B8Tspmbp5gfJ8ilhLnt7kkr2ye7hzD6NVG8GGErk2HWF34igrL2CXmNIkzKqKw== thunky@^1.0.2: version "1.1.0" - resolved "https://registry.yarnpkg.com/thunky/-/thunky-1.1.0.tgz#5abaf714a9405db0504732bbccd2cedd9ef9537d" + resolved "https://registry.npmjs.org/thunky/-/thunky-1.1.0.tgz" integrity sha512-eHY7nBftgThBqOyHGVN+l8gF0BucP09fMo0oO/Lb0w1OF80dJv+lDVpXG60WMQvkcxAkNybKsrEIE3ZtKGmPrA== tiny-invariant@^1.0.2: version "1.3.3" - resolved "https://registry.yarnpkg.com/tiny-invariant/-/tiny-invariant-1.3.3.tgz#46680b7a873a0d5d10005995eb90a70d74d60127" + resolved "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.3.3.tgz" integrity sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg== tiny-warning@^1.0.0: version "1.0.3" - resolved "https://registry.yarnpkg.com/tiny-warning/-/tiny-warning-1.0.3.tgz#94a30db453df4c643d0fd566060d60a875d84754" + resolved "https://registry.npmjs.org/tiny-warning/-/tiny-warning-1.0.3.tgz" integrity sha512-lBN9zLN/oAf68o3zNXYrdCt1kP8WsiGW8Oo2ka41b2IM5JL/S1CTyX1rW0mb/zSuJun0ZUrDxx4sqvYS2FWzPA== tinypool@^1.0.2: version "1.1.1" - resolved "https://registry.yarnpkg.com/tinypool/-/tinypool-1.1.1.tgz#059f2d042bd37567fbc017d3d426bdd2a2612591" + resolved "https://registry.npmjs.org/tinypool/-/tinypool-1.1.1.tgz" integrity sha512-Zba82s87IFq9A9XmjiX5uZA/ARWDrB03OHlq+Vw1fSdt0I+4/Kutwy8BP4Y/y/aORMo61FQ0vIb5j44vSo5Pkg== to-regex-range@^5.0.1: version "5.0.1" - resolved "https://registry.yarnpkg.com/to-regex-range/-/to-regex-range-5.0.1.tgz#1648c44aae7c8d988a326018ed72f5b4dd0392e4" + resolved "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz" integrity sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ== dependencies: is-number "^7.0.0" toidentifier@1.0.1: version "1.0.1" - resolved "https://registry.yarnpkg.com/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35" + resolved "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz" integrity sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA== totalist@^3.0.0: version "3.0.1" - resolved "https://registry.yarnpkg.com/totalist/-/totalist-3.0.1.tgz#ba3a3d600c915b1a97872348f79c127475f6acf8" + resolved "https://registry.npmjs.org/totalist/-/totalist-3.0.1.tgz" integrity sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ== tree-dump@^1.0.3, tree-dump@^1.1.0: version "1.1.0" - resolved "https://registry.yarnpkg.com/tree-dump/-/tree-dump-1.1.0.tgz#ab29129169dc46004414f5a9d4a3c6e89f13e8a4" + resolved "https://registry.npmjs.org/tree-dump/-/tree-dump-1.1.0.tgz" integrity sha512-rMuvhU4MCDbcbnleZTFezWsaZXRFemSqAM+7jPnzUl1fo9w3YEKOxAeui0fz3OI4EU4hf23iyA7uQRVko+UaBA== trim-lines@^3.0.0: version "3.0.1" - resolved "https://registry.yarnpkg.com/trim-lines/-/trim-lines-3.0.1.tgz#d802e332a07df861c48802c04321017b1bd87338" + resolved "https://registry.npmjs.org/trim-lines/-/trim-lines-3.0.1.tgz" integrity sha512-kRj8B+YHZCc9kQYdWfJB2/oUl9rA99qbowYYBtr4ui4mZyAQ2JpvVBd/6U2YloATfqBhBTSMhTpgBHtU0Mf3Rg== -trim@^1.0.0: - version "1.0.1" - resolved "https://registry.yarnpkg.com/trim/-/trim-1.0.1.tgz#68e78f6178ccab9687a610752f4f5e5a7022ee8c" - integrity sha512-3JVP2YVqITUisXblCDq/Bi4P9457G/sdEamInkyvCsjbTcXLXIiG7XCb4kGMFWh6JGXesS3TKxOPtrncN/xe8w== - trough@^2.0.0: version "2.2.0" - resolved "https://registry.yarnpkg.com/trough/-/trough-2.2.0.tgz#94a60bd6bd375c152c1df911a4b11d5b0256f50f" + resolved "https://registry.npmjs.org/trough/-/trough-2.2.0.tgz" integrity sha512-tmMpK00BjZiUyVyvrBK7knerNgmgvcV/KLVyuma/SC+TQN167GrMRciANTz09+k3zW8L8t60jWO1GpfkZdjTaw== -tslib@^2.0.0, tslib@^2.0.3, tslib@^2.6.0: +tslib@^2, tslib@^2.0.0, tslib@^2.0.3, tslib@^2.6.0, tslib@2: version "2.8.1" - resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.8.1.tgz#612efe4ed235d567e8aba5f2a5fab70280ade83f" + resolved "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz" integrity sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w== type-fest@^0.21.3: version "0.21.3" - resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.21.3.tgz#d260a24b0198436e133fa26a524a6d65fa3b2e37" + resolved "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz" integrity sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w== type-fest@^1.0.1: version "1.4.0" - resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-1.4.0.tgz#e9fb813fe3bf1744ec359d55d1affefa76f14be1" + resolved "https://registry.npmjs.org/type-fest/-/type-fest-1.4.0.tgz" integrity sha512-yGSza74xk0UG8k+pLh5oeoYirvIiWo5t0/o3zHHAO2tRDiZcxWP7fywNlXhqb6/r6sWvwi+RsyQMWhVLe4BVuA== type-fest@^2.13.0, type-fest@^2.5.0: version "2.19.0" - resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-2.19.0.tgz#88068015bb33036a598b952e55e9311a60fd3a9b" + resolved "https://registry.npmjs.org/type-fest/-/type-fest-2.19.0.tgz" integrity sha512-RAH822pAdBgcNMAfWnCBU3CFZcfZ/i1eZjwFU/dsLKumyuuP3niueg2UAukXYF0E2AAoc82ZSSf9J0WQBinzHA== type-fest@^4.26.1: version "4.41.0" - resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-4.41.0.tgz#6ae1c8e5731273c2bf1f58ad39cbae2c91a46c58" + resolved "https://registry.npmjs.org/type-fest/-/type-fest-4.41.0.tgz" integrity sha512-TeTSQ6H5YHvpqVwBRcnLDCBnDOHWYu7IvGbHT6N8AOymcr9PJGjc1GTtiWZTYg0NCgYwvnYWEkVChQAr9bjfwA== type-is@~1.6.18: version "1.6.18" - resolved "https://registry.yarnpkg.com/type-is/-/type-is-1.6.18.tgz#4e552cd05df09467dcbc4ef739de89f2cf37c131" + resolved "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz" integrity sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g== dependencies: media-typer "0.3.0" @@ -8540,29 +8595,29 @@ type-is@~1.6.18: typedarray-to-buffer@^3.1.5: version "3.1.5" - resolved "https://registry.yarnpkg.com/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz#a97ee7a9ff42691b9f783ff1bc5112fe3fca9080" + resolved "https://registry.npmjs.org/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz" integrity sha512-zdu8XMNEDepKKR+XYOXAVPtWui0ly0NtohUscw+UmaHiAWT8hrV1rr//H6V+0DvJ3OQ19S979M0laLfX8rm82Q== dependencies: is-typedarray "^1.0.0" undici-types@~7.14.0: version "7.14.0" - resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-7.14.0.tgz#4c037b32ca4d7d62fae042174604341588bc0840" + resolved "https://registry.npmjs.org/undici-types/-/undici-types-7.14.0.tgz" integrity sha512-QQiYxHuyZ9gQUIrmPo3IA+hUl4KYk8uSA7cHrcKd/l3p1OTpZcM0Tbp9x7FAtXdAYhlasd60ncPpgu6ihG6TOA== unicode-canonical-property-names-ecmascript@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-2.0.1.tgz#cb3173fe47ca743e228216e4a3ddc4c84d628cc2" + resolved "https://registry.npmjs.org/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-2.0.1.tgz" integrity sha512-dA8WbNeb2a6oQzAQ55YlT5vQAWGV9WXOsi3SskE3bcCdM0P4SDd+24zS/OCacdRq5BkdsRj9q3Pg6YyQoxIGqg== unicode-emoji-modifier-base@^1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/unicode-emoji-modifier-base/-/unicode-emoji-modifier-base-1.0.0.tgz#dbbd5b54ba30f287e2a8d5a249da6c0cef369459" + resolved "https://registry.npmjs.org/unicode-emoji-modifier-base/-/unicode-emoji-modifier-base-1.0.0.tgz" integrity sha512-yLSH4py7oFH3oG/9K+XWrz1pSi3dfUrWEnInbxMfArOfc1+33BlGPQtLsOYwvdMy11AwUBetYuaRxSPqgkq+8g== unicode-match-property-ecmascript@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/unicode-match-property-ecmascript/-/unicode-match-property-ecmascript-2.0.0.tgz#54fd16e0ecb167cf04cf1f756bdcc92eba7976c3" + resolved "https://registry.npmjs.org/unicode-match-property-ecmascript/-/unicode-match-property-ecmascript-2.0.0.tgz" integrity sha512-5kaZCrbp5mmbz5ulBkDkbY0SsPOjKqVS35VpL9ulMPfSl0J0Xsm+9Evphv9CoIZFwre7aJoa94AY6seMKGVN5Q== dependencies: unicode-canonical-property-names-ecmascript "^2.0.0" @@ -8570,17 +8625,17 @@ unicode-match-property-ecmascript@^2.0.0: unicode-match-property-value-ecmascript@^2.2.1: version "2.2.1" - resolved "https://registry.yarnpkg.com/unicode-match-property-value-ecmascript/-/unicode-match-property-value-ecmascript-2.2.1.tgz#65a7adfad8574c219890e219285ce4c64ed67eaa" + resolved "https://registry.npmjs.org/unicode-match-property-value-ecmascript/-/unicode-match-property-value-ecmascript-2.2.1.tgz" integrity sha512-JQ84qTuMg4nVkx8ga4A16a1epI9H6uTXAknqxkGF/aFfRLw1xC/Bp24HNLaZhHSkWd3+84t8iXnp1J0kYcZHhg== unicode-property-aliases-ecmascript@^2.0.0: version "2.2.0" - resolved "https://registry.yarnpkg.com/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-2.2.0.tgz#301d4f8a43d2b75c97adfad87c9dd5350c9475d1" + resolved "https://registry.npmjs.org/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-2.2.0.tgz" integrity sha512-hpbDzxUY9BFwX+UeBnxv3Sh1q7HFxj48DTmXchNgRa46lO8uj3/1iEn3MiNUYTg1g9ctIqXCCERn8gYZhHC5lQ== unified@^11.0.0, unified@^11.0.3, unified@^11.0.4: version "11.0.5" - resolved "https://registry.yarnpkg.com/unified/-/unified-11.0.5.tgz#f66677610a5c0a9ee90cab2b8d4d66037026d9e1" + resolved "https://registry.npmjs.org/unified/-/unified-11.0.5.tgz" integrity sha512-xKvGhPWw3k84Qjh8bI3ZeJjqnyadK+GEFtazSfZv/rKeTkTjOJho6mFqh2SM96iIcZokxiOpg78GazTSg8+KHA== dependencies: "@types/unist" "^3.0.0" @@ -8593,42 +8648,42 @@ unified@^11.0.0, unified@^11.0.3, unified@^11.0.4: unique-string@^3.0.0: version "3.0.0" - resolved "https://registry.yarnpkg.com/unique-string/-/unique-string-3.0.0.tgz#84a1c377aff5fd7a8bc6b55d8244b2bd90d75b9a" + resolved "https://registry.npmjs.org/unique-string/-/unique-string-3.0.0.tgz" integrity sha512-VGXBUVwxKMBUznyffQweQABPRRW1vHZAbadFZud4pLFAqRGvv/96vafgjWFqzourzr8YonlQiPgH0YCJfawoGQ== dependencies: crypto-random-string "^4.0.0" unist-util-is@^6.0.0: version "6.0.1" - resolved "https://registry.yarnpkg.com/unist-util-is/-/unist-util-is-6.0.1.tgz#d0a3f86f2dd0db7acd7d8c2478080b5c67f9c6a9" + resolved "https://registry.npmjs.org/unist-util-is/-/unist-util-is-6.0.1.tgz" integrity sha512-LsiILbtBETkDz8I9p1dQ0uyRUWuaQzd/cuEeS1hoRSyW5E5XGmTzlwY1OrNzzakGowI9Dr/I8HVaw4hTtnxy8g== dependencies: "@types/unist" "^3.0.0" unist-util-position-from-estree@^2.0.0: version "2.0.0" - resolved "https://registry.yarnpkg.com/unist-util-position-from-estree/-/unist-util-position-from-estree-2.0.0.tgz#d94da4df596529d1faa3de506202f0c9a23f2200" + resolved "https://registry.npmjs.org/unist-util-position-from-estree/-/unist-util-position-from-estree-2.0.0.tgz" integrity sha512-KaFVRjoqLyF6YXCbVLNad/eS4+OfPQQn2yOd7zF/h5T/CSL2v8NpN6a5TPvtbXthAGw5nG+PuTtq+DdIZr+cRQ== dependencies: "@types/unist" "^3.0.0" unist-util-position@^5.0.0: version "5.0.0" - resolved "https://registry.yarnpkg.com/unist-util-position/-/unist-util-position-5.0.0.tgz#678f20ab5ca1207a97d7ea8a388373c9cf896be4" + resolved "https://registry.npmjs.org/unist-util-position/-/unist-util-position-5.0.0.tgz" integrity sha512-fucsC7HjXvkB5R3kTCO7kUjRdrS0BJt3M/FPxmHMBOm8JQi2BsHAHFsy27E0EolP8rp0NzXsJ+jNPyDWvOJZPA== dependencies: "@types/unist" "^3.0.0" unist-util-stringify-position@^4.0.0: version "4.0.0" - resolved "https://registry.yarnpkg.com/unist-util-stringify-position/-/unist-util-stringify-position-4.0.0.tgz#449c6e21a880e0855bf5aabadeb3a740314abac2" + resolved "https://registry.npmjs.org/unist-util-stringify-position/-/unist-util-stringify-position-4.0.0.tgz" integrity sha512-0ASV06AAoKCDkS2+xw5RXJywruurpbC4JZSm7nr7MOt1ojAzvyyaO+UxZf18j8FCF6kmzCZKcAgN/yu2gm2XgQ== dependencies: "@types/unist" "^3.0.0" unist-util-visit-parents@^6.0.0: version "6.0.2" - resolved "https://registry.yarnpkg.com/unist-util-visit-parents/-/unist-util-visit-parents-6.0.2.tgz#777df7fb98652ce16b4b7cd999d0a1a40efa3a02" + resolved "https://registry.npmjs.org/unist-util-visit-parents/-/unist-util-visit-parents-6.0.2.tgz" integrity sha512-goh1s1TBrqSqukSc8wrjwWhL0hiJxgA8m4kFxGlQ+8FYQ3C/m11FcTs4YYem7V664AhHVvgoQLk890Ssdsr2IQ== dependencies: "@types/unist" "^3.0.0" @@ -8636,7 +8691,7 @@ unist-util-visit-parents@^6.0.0: unist-util-visit@^5.0.0: version "5.0.0" - resolved "https://registry.yarnpkg.com/unist-util-visit/-/unist-util-visit-5.0.0.tgz#a7de1f31f72ffd3519ea71814cccf5fd6a9217d6" + resolved "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-5.0.0.tgz" integrity sha512-MR04uvD+07cwl/yhVuVWAtw+3GOR/knlL55Nd/wAdblk27GCVt3lqpTivy/tkJcZoNPzTwS1Y+KMojlLDhoTzg== dependencies: "@types/unist" "^3.0.0" @@ -8645,17 +8700,17 @@ unist-util-visit@^5.0.0: universalify@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/universalify/-/universalify-2.0.1.tgz#168efc2180964e6386d061e094df61afe239b18d" + resolved "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz" integrity sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw== -unpipe@1.0.0, unpipe@~1.0.0: +unpipe@~1.0.0, unpipe@1.0.0: version "1.0.0" - resolved "https://registry.yarnpkg.com/unpipe/-/unpipe-1.0.0.tgz#b2bf4ee8514aae6165b4817829d21b2ef49904ec" + resolved "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz" integrity sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ== update-browserslist-db@^1.1.3: version "1.1.3" - resolved "https://registry.yarnpkg.com/update-browserslist-db/-/update-browserslist-db-1.1.3.tgz#348377dd245216f9e7060ff50b15a1b740b75420" + resolved "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.3.tgz" integrity sha512-UxhIZQ+QInVdunkDAaiazvvT/+fXL5Osr0JZlJulepYu6Jd7qJtDZjlur0emRlT71EN3ScPoE7gvsuIKKNavKw== dependencies: escalade "^3.2.0" @@ -8663,7 +8718,7 @@ update-browserslist-db@^1.1.3: update-notifier@^6.0.2: version "6.0.2" - resolved "https://registry.yarnpkg.com/update-notifier/-/update-notifier-6.0.2.tgz#a6990253dfe6d5a02bd04fbb6a61543f55026b60" + resolved "https://registry.npmjs.org/update-notifier/-/update-notifier-6.0.2.tgz" integrity sha512-EDxhTEVPZZRLWYcJ4ZXjGFN0oP7qYvbXWzEgRm/Yql4dHX5wDbvh89YHP6PK1lzZJYrMtXUuZZz8XGK+U6U1og== dependencies: boxen "^7.0.0" @@ -8683,14 +8738,14 @@ update-notifier@^6.0.2: uri-js@^4.2.2: version "4.4.1" - resolved "https://registry.yarnpkg.com/uri-js/-/uri-js-4.4.1.tgz#9b1a52595225859e55f669d928f88c6c57f2a77e" + resolved "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz" integrity sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg== dependencies: punycode "^2.1.0" url-loader@^4.1.1: version "4.1.1" - resolved "https://registry.yarnpkg.com/url-loader/-/url-loader-4.1.1.tgz#28505e905cae158cf07c92ca622d7f237e70a4e2" + resolved "https://registry.npmjs.org/url-loader/-/url-loader-4.1.1.tgz" integrity sha512-3BTV812+AVHHOJQO8O5MkWgZ5aosP7GnROJwvzLS9hWDj00lZ6Z0wNak423Lp9PBZN05N+Jk/N5Si8jRAlGyWA== dependencies: loader-utils "^2.0.0" @@ -8699,47 +8754,47 @@ url-loader@^4.1.1: use-sync-external-store@^1.4.0: version "1.6.0" - resolved "https://registry.yarnpkg.com/use-sync-external-store/-/use-sync-external-store-1.6.0.tgz#b174bfa65cb2b526732d9f2ac0a408027876f32d" + resolved "https://registry.npmjs.org/use-sync-external-store/-/use-sync-external-store-1.6.0.tgz" integrity sha512-Pp6GSwGP/NrPIrxVFAIkOQeyw8lFenOHijQWkUTrDvrF4ALqylP2C/KCkeS9dpUM3KvYRQhna5vt7IL95+ZQ9w== util-deprecate@^1.0.1, util-deprecate@^1.0.2, util-deprecate@~1.0.1: version "1.0.2" - resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" + resolved "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz" integrity sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw== utila@~0.4: version "0.4.0" - resolved "https://registry.yarnpkg.com/utila/-/utila-0.4.0.tgz#8a16a05d445657a3aea5eecc5b12a4fa5379772c" + resolved "https://registry.npmjs.org/utila/-/utila-0.4.0.tgz" integrity sha512-Z0DbgELS9/L/75wZbro8xAnT50pBVFQZ+hUEueGDU5FN51YSCYM+jdxsfCiHjwNP/4LCDD0i/graKpeBnOXKRA== utility-types@^3.10.0: version "3.11.0" - resolved "https://registry.yarnpkg.com/utility-types/-/utility-types-3.11.0.tgz#607c40edb4f258915e901ea7995607fdf319424c" + resolved "https://registry.npmjs.org/utility-types/-/utility-types-3.11.0.tgz" integrity sha512-6Z7Ma2aVEWisaL6TvBCy7P8rm2LQoPv6dJ7ecIaIixHcwfbJ0x7mWdbcwlIM5IGQxPZSFYeqRCqlOOeKoJYMkw== utils-merge@1.0.1: version "1.0.1" - resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.1.tgz#9f95710f50a267947b2ccc124741c1028427e713" + resolved "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz" integrity sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA== uuid@^8.3.2: version "8.3.2" - resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2" + resolved "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz" integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg== value-equal@^1.0.1: version "1.0.1" - resolved "https://registry.yarnpkg.com/value-equal/-/value-equal-1.0.1.tgz#1e0b794c734c5c0cade179c437d356d931a34d6c" + resolved "https://registry.npmjs.org/value-equal/-/value-equal-1.0.1.tgz" integrity sha512-NOJ6JZCAWr0zlxZt+xqCHNTEKOsrks2HQd4MqhP1qy4z1SkbEP467eNx6TgDKXMvUOb+OENfJCZwM+16n7fRfw== vary@~1.1.2: version "1.1.2" - resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc" + resolved "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz" integrity sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg== vfile-location@^5.0.0: version "5.0.3" - resolved "https://registry.yarnpkg.com/vfile-location/-/vfile-location-5.0.3.tgz#cb9eacd20f2b6426d19451e0eafa3d0a846225c3" + resolved "https://registry.npmjs.org/vfile-location/-/vfile-location-5.0.3.tgz" integrity sha512-5yXvWDEgqeiYiBe1lbxYF7UMAIm/IcopxMHrMQDq3nvKcjPKIhZklUKL+AE7J7uApI4kwe2snsK+eI6UTj9EHg== dependencies: "@types/unist" "^3.0.0" @@ -8747,7 +8802,7 @@ vfile-location@^5.0.0: vfile-message@^4.0.0: version "4.0.3" - resolved "https://registry.yarnpkg.com/vfile-message/-/vfile-message-4.0.3.tgz#87b44dddd7b70f0641c2e3ed0864ba73e2ea8df4" + resolved "https://registry.npmjs.org/vfile-message/-/vfile-message-4.0.3.tgz" integrity sha512-QTHzsGd1EhbZs4AsQ20JX1rC3cOlt/IWJruk893DfLRr57lcnOeMaWG4K0JrRta4mIJZKth2Au3mM3u03/JWKw== dependencies: "@types/unist" "^3.0.0" @@ -8755,7 +8810,7 @@ vfile-message@^4.0.0: vfile@^6.0.0, vfile@^6.0.1: version "6.0.3" - resolved "https://registry.yarnpkg.com/vfile/-/vfile-6.0.3.tgz#3652ab1c496531852bf55a6bac57af981ebc38ab" + resolved "https://registry.npmjs.org/vfile/-/vfile-6.0.3.tgz" integrity sha512-KzIbH/9tXat2u30jf+smMwFCsno4wHVdNmzFyL+T/L3UGqqk6JKfVqOFOZEpZSHADH1k40ab6NUIXZq422ov3Q== dependencies: "@types/unist" "^3.0.0" @@ -8763,7 +8818,7 @@ vfile@^6.0.0, vfile@^6.0.1: watchpack@^2.4.4: version "2.4.4" - resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-2.4.4.tgz#473bda72f0850453da6425081ea46fc0d7602947" + resolved "https://registry.npmjs.org/watchpack/-/watchpack-2.4.4.tgz" integrity sha512-c5EGNOiyxxV5qmTtAB7rbiXxi1ooX1pQKMLX/MIabJjRA0SJBQOjKF+KSVfHkr9U1cADPon0mRiVe/riyaiDUA== dependencies: glob-to-regexp "^0.4.1" @@ -8771,19 +8826,19 @@ watchpack@^2.4.4: wbuf@^1.1.0, wbuf@^1.7.3: version "1.7.3" - resolved "https://registry.yarnpkg.com/wbuf/-/wbuf-1.7.3.tgz#c1d8d149316d3ea852848895cb6a0bfe887b87df" + resolved "https://registry.npmjs.org/wbuf/-/wbuf-1.7.3.tgz" integrity sha512-O84QOnr0icsbFGLS0O3bI5FswxzRr8/gHwWkDlQFskhSPryQXvrTMxjxGP4+iWYoauLoBvfDpkrOauZ+0iZpDA== dependencies: minimalistic-assert "^1.0.0" web-namespaces@^2.0.0: version "2.0.1" - resolved "https://registry.yarnpkg.com/web-namespaces/-/web-namespaces-2.0.1.tgz#1010ff7c650eccb2592cebeeaf9a1b253fd40692" + resolved "https://registry.npmjs.org/web-namespaces/-/web-namespaces-2.0.1.tgz" integrity sha512-bKr1DkiNa2krS7qxNtdrtHAmzuYGFQLiQ13TsorsdT6ULTkPLKuu5+GsFpDlg6JFjUTwX2DyhMPG2be8uPrqsQ== webpack-bundle-analyzer@^4.10.2: version "4.10.2" - resolved "https://registry.yarnpkg.com/webpack-bundle-analyzer/-/webpack-bundle-analyzer-4.10.2.tgz#633af2862c213730be3dbdf40456db171b60d5bd" + resolved "https://registry.npmjs.org/webpack-bundle-analyzer/-/webpack-bundle-analyzer-4.10.2.tgz" integrity sha512-vJptkMm9pk5si4Bv922ZbKLV8UTT4zib4FPgXMhgzUny0bfDDkLXAVQs3ly3fS4/TN9ROFtb0NFrm04UXFE/Vw== dependencies: "@discoveryjs/json-ext" "0.5.7" @@ -8801,7 +8856,7 @@ webpack-bundle-analyzer@^4.10.2: webpack-dev-middleware@^7.4.2: version "7.4.5" - resolved "https://registry.yarnpkg.com/webpack-dev-middleware/-/webpack-dev-middleware-7.4.5.tgz#d4e8720aa29cb03bc158084a94edb4594e3b7ac0" + resolved "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-7.4.5.tgz" integrity sha512-uxQ6YqGdE4hgDKNf7hUiPXOdtkXvBJXrfEGYSx7P7LC8hnUYGK70X6xQXUvXeNyBDDcsiQXpG2m3G9vxowaEuA== dependencies: colorette "^2.0.10" @@ -8813,7 +8868,7 @@ webpack-dev-middleware@^7.4.2: webpack-dev-server@^5.2.2: version "5.2.2" - resolved "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-5.2.2.tgz#96a143d50c58fef0c79107e61df911728d7ceb39" + resolved "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-5.2.2.tgz" integrity sha512-QcQ72gh8a+7JO63TAx/6XZf/CWhgMzu5m0QirvPfGvptOusAxG12w2+aua1Jkjr7hzaWDnJ2n6JFeexMHI+Zjg== dependencies: "@types/bonjour" "^3.5.13" @@ -8847,7 +8902,7 @@ webpack-dev-server@^5.2.2: webpack-merge@^5.9.0: version "5.10.0" - resolved "https://registry.yarnpkg.com/webpack-merge/-/webpack-merge-5.10.0.tgz#a3ad5d773241e9c682803abf628d4cd62b8a4177" + resolved "https://registry.npmjs.org/webpack-merge/-/webpack-merge-5.10.0.tgz" integrity sha512-+4zXKdx7UnO+1jaN4l2lHVD+mFvnlZQP/6ljaJVb4SZiwIKeUnrT5l0gkT8z+n4hKpC+jpOv6O9R+gLtag7pSA== dependencies: clone-deep "^4.0.1" @@ -8856,7 +8911,7 @@ webpack-merge@^5.9.0: webpack-merge@^6.0.1: version "6.0.1" - resolved "https://registry.yarnpkg.com/webpack-merge/-/webpack-merge-6.0.1.tgz#50c776868e080574725abc5869bd6e4ef0a16c6a" + resolved "https://registry.npmjs.org/webpack-merge/-/webpack-merge-6.0.1.tgz" integrity sha512-hXXvrjtx2PLYx4qruKl+kyRSLc52V+cCvMxRjmKwoA+CBbbF5GfIBtR6kCvl0fYGqTUPKB+1ktVmTHqMOzgCBg== dependencies: clone-deep "^4.0.1" @@ -8865,12 +8920,12 @@ webpack-merge@^6.0.1: webpack-sources@^3.3.3: version "3.3.3" - resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-3.3.3.tgz#d4bf7f9909675d7a070ff14d0ef2a4f3c982c723" + resolved "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.3.3.tgz" integrity sha512-yd1RBzSGanHkitROoPFd6qsrxt+oFhg/129YzheDGqeustzX0vTZJZsSsQjVQC4yzBQ56K55XU8gaNCtIzOnTg== -webpack@^5.88.1, webpack@^5.95.0: +"webpack@^4.0.0 || ^5.0.0", webpack@^5.0.0, webpack@^5.1.0, webpack@^5.20.0, webpack@^5.88.1, webpack@^5.95.0, "webpack@>=4.41.1 || 5.x", webpack@>=5, "webpack@3 || 4 || 5": version "5.102.1" - resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.102.1.tgz#1003a3024741a96ba99c37431938bf61aad3d988" + resolved "https://registry.npmjs.org/webpack/-/webpack-5.102.1.tgz" integrity sha512-7h/weGm9d/ywQ6qzJ+Xy+r9n/3qgp/thalBbpOi5i223dPXKi04IBtqPN9nTd+jBc7QKfvDbaBnFipYp4sJAUQ== dependencies: "@types/eslint-scope" "^3.7.7" @@ -8901,7 +8956,7 @@ webpack@^5.88.1, webpack@^5.95.0: webpackbar@^6.0.1: version "6.0.1" - resolved "https://registry.yarnpkg.com/webpackbar/-/webpackbar-6.0.1.tgz#5ef57d3bf7ced8b19025477bc7496ea9d502076b" + resolved "https://registry.npmjs.org/webpackbar/-/webpackbar-6.0.1.tgz" integrity sha512-TnErZpmuKdwWBdMoexjio3KKX6ZtoKHRVvLIU0A47R0VVBDtx3ZyOJDktgYixhoJokZTYTt1Z37OkO9pnGJa9Q== dependencies: ansi-escapes "^4.3.2" @@ -8913,9 +8968,9 @@ webpackbar@^6.0.1: std-env "^3.7.0" wrap-ansi "^7.0.0" -websocket-driver@>=0.5.1, websocket-driver@^0.7.4: +websocket-driver@^0.7.4, websocket-driver@>=0.5.1: version "0.7.4" - resolved "https://registry.yarnpkg.com/websocket-driver/-/websocket-driver-0.7.4.tgz#89ad5295bbf64b480abcba31e4953aca706f5760" + resolved "https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz" integrity sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg== dependencies: http-parser-js ">=0.5.1" @@ -8924,31 +8979,31 @@ websocket-driver@>=0.5.1, websocket-driver@^0.7.4: websocket-extensions@>=0.1.1: version "0.1.4" - resolved "https://registry.yarnpkg.com/websocket-extensions/-/websocket-extensions-0.1.4.tgz#7f8473bc839dfd87608adb95d7eb075211578a42" + resolved "https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.4.tgz" integrity sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg== which@^2.0.1: version "2.0.2" - resolved "https://registry.yarnpkg.com/which/-/which-2.0.2.tgz#7c6a8dd0a636a0327e10b59c9286eee93f3f51b1" + resolved "https://registry.npmjs.org/which/-/which-2.0.2.tgz" integrity sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA== dependencies: isexe "^2.0.0" widest-line@^4.0.1: version "4.0.1" - resolved "https://registry.yarnpkg.com/widest-line/-/widest-line-4.0.1.tgz#a0fc673aaba1ea6f0a0d35b3c2795c9a9cc2ebf2" + resolved "https://registry.npmjs.org/widest-line/-/widest-line-4.0.1.tgz" integrity sha512-o0cyEG0e8GPzT4iGHphIOh0cJOV8fivsXxddQasHPHfoZf1ZexrfeA21w2NaEN1RHE+fXlfISmOE8R9N3u3Qig== dependencies: string-width "^5.0.1" wildcard@^2.0.0, wildcard@^2.0.1: version "2.0.1" - resolved "https://registry.yarnpkg.com/wildcard/-/wildcard-2.0.1.tgz#5ab10d02487198954836b6349f74fff961e10f67" + resolved "https://registry.npmjs.org/wildcard/-/wildcard-2.0.1.tgz" integrity sha512-CC1bOL87PIWSBhDcTrdeLo6eGT7mCFtrg0uIJtqJUFyK+eJnzl8A1niH56uu7KMa5XFrtiV+AQuHO3n7DsHnLQ== wrap-ansi@^7.0.0: version "7.0.0" - resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" + resolved "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz" integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== dependencies: ansi-styles "^4.0.0" @@ -8957,7 +9012,7 @@ wrap-ansi@^7.0.0: wrap-ansi@^8.0.1, wrap-ansi@^8.1.0: version "8.1.0" - resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-8.1.0.tgz#56dc22368ee570face1b49819975d9b9a5ead214" + resolved "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz" integrity sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ== dependencies: ansi-styles "^6.1.0" @@ -8966,7 +9021,7 @@ wrap-ansi@^8.0.1, wrap-ansi@^8.1.0: write-file-atomic@^3.0.3: version "3.0.3" - resolved "https://registry.yarnpkg.com/write-file-atomic/-/write-file-atomic-3.0.3.tgz#56bd5c5a5c70481cd19c571bd39ab965a5de56e8" + resolved "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-3.0.3.tgz" integrity sha512-AvHcyZ5JnSfq3ioSyjrBkH9yW4m7Ayk8/9My/DD9onKeu/94fwrMocemO2QAJFAlnnDN+ZDS+ZjAR5ua1/PV/Q== dependencies: imurmurhash "^0.1.4" @@ -8976,41 +9031,41 @@ write-file-atomic@^3.0.3: ws@^7.3.1: version "7.5.10" - resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.10.tgz#58b5c20dc281633f6c19113f39b349bd8bd558d9" + resolved "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz" integrity sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ== ws@^8.18.0: version "8.18.3" - resolved "https://registry.yarnpkg.com/ws/-/ws-8.18.3.tgz#b56b88abffde62791c639170400c93dcb0c95472" + resolved "https://registry.npmjs.org/ws/-/ws-8.18.3.tgz" integrity sha512-PEIGCY5tSlUt50cqyMXfCzX+oOPqN0vuGqWzbcJ2xvnkzkq46oOpz7dQaTDBdfICb4N14+GARUDw2XV2N4tvzg== wsl-utils@^0.1.0: version "0.1.0" - resolved "https://registry.yarnpkg.com/wsl-utils/-/wsl-utils-0.1.0.tgz#8783d4df671d4d50365be2ee4c71917a0557baab" + resolved "https://registry.npmjs.org/wsl-utils/-/wsl-utils-0.1.0.tgz" integrity sha512-h3Fbisa2nKGPxCpm89Hk33lBLsnaGBvctQopaBSOW/uIs6FTe1ATyAnKFJrzVs9vpGdsTe73WF3V4lIsk4Gacw== dependencies: is-wsl "^3.1.0" xdg-basedir@^5.0.1, xdg-basedir@^5.1.0: version "5.1.0" - resolved "https://registry.yarnpkg.com/xdg-basedir/-/xdg-basedir-5.1.0.tgz#1efba19425e73be1bc6f2a6ceb52a3d2c884c0c9" + resolved "https://registry.npmjs.org/xdg-basedir/-/xdg-basedir-5.1.0.tgz" integrity sha512-GCPAHLvrIH13+c0SuacwvRYj2SxJXQ4kaVTT5xgL3kPrz56XxkF21IGhjSE1+W0aw7gpBWRGXLCPnPby6lSpmQ== xml-js@^1.6.11: version "1.6.11" - resolved "https://registry.yarnpkg.com/xml-js/-/xml-js-1.6.11.tgz#927d2f6947f7f1c19a316dd8eea3614e8b18f8e9" + resolved "https://registry.npmjs.org/xml-js/-/xml-js-1.6.11.tgz" integrity sha512-7rVi2KMfwfWFl+GpPg6m80IVMWXLRjO+PxTq7V2CDhoGak0wzYzFgUY2m4XJ47OGdXd8eLE8EmwfAmdjw7lC1g== dependencies: sax "^1.2.4" yallist@^3.0.2: version "3.1.1" - resolved "https://registry.yarnpkg.com/yallist/-/yallist-3.1.1.tgz#dbb7daf9bfd8bac9ab45ebf602b8cbad0d5d08fd" + resolved "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz" integrity sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g== yaml@^2.8.1: version "2.8.4" - resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.8.4.tgz#4b5f411dd25f9544914d8673d4da7f29248e5e2e" + resolved "https://registry.npmjs.org/yaml/-/yaml-2.8.4.tgz" integrity sha512-ml/JPOj9fOQK8RNnWojA67GbZ0ApXAUlN2UQclwv2eVgTgn7O9gg9o7paZWKMp4g0H3nTLtS9LVzhkpOFIKzog== yarn@^1.22.22: @@ -9020,15 +9075,15 @@ yarn@^1.22.22: yocto-queue@^1.0.0: version "1.2.1" - resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-1.2.1.tgz#36d7c4739f775b3cbc28e6136e21aa057adec418" + resolved "https://registry.npmjs.org/yocto-queue/-/yocto-queue-1.2.1.tgz" integrity sha512-AyeEbWOu/TAXdxlV9wmGcR0+yh2j3vYPGOECcIj2S7MkrLyC7ne+oye2BKTItt0ii2PHk4cDy+95+LshzbXnGg== -zod@^4.1.8: +"zod@^3.25.76 || ^4.1.8", zod@^4.1.8: version "4.1.12" - resolved "https://registry.yarnpkg.com/zod/-/zod-4.1.12.tgz#64f1ea53d00eab91853195653b5af9eee68970f0" + resolved "https://registry.npmjs.org/zod/-/zod-4.1.12.tgz" integrity sha512-JInaHOamG8pt5+Ey8kGmdcAcg3OL9reK8ltczgHTAwNhMys/6ThXHityHxVV2p3fkw/c+MAvBHFVYHFZDmjMCQ== zwitch@^2.0.0: version "2.0.4" - resolved "https://registry.yarnpkg.com/zwitch/-/zwitch-2.0.4.tgz#c827d4b0acb76fc3e685a4c6ec2902d51070e9d7" + resolved "https://registry.npmjs.org/zwitch/-/zwitch-2.0.4.tgz" integrity sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A== From 4add9bfbb5026f074ad7d97680647b97c65a586a Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 17:09:52 -0700 Subject: [PATCH 06/20] =?UTF-8?q?docs:=20Phase=204=20=E2=80=94=20MagicMod?= =?UTF-8?q?=20removal,=20expanded=20What=20Pixee=20Fixes,=20BYOM=20cleanup?= =?UTF-8?q?,=20language=20headers?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Remove all "MagicMod"/"MagicMods" references → "AI-powered fix(es)" throughout - Expand What Pixee Fixes: add Open Redirect, Code Injection, Prototype Pollution, Template Injection, SSTI, Insecure File Upload, Missing Security Headers, CORS Misconfiguration, Race Conditions, Input Validation, Integer Overflow; add Secrets Detection section; add Custom Rules section - Strip remaining tool-specific finding type callouts from scanner pages - BYOM: remove Use Case column, replace model families table with indicative bullet list, abstract named routing tiers → generic hierarchical routing description - Language overview: rename Notes column → "Common Frameworks (examples)" Co-Authored-By: Claude Sonnet 4.5 --- docs/configuration/ai-settings.md | 12 ++-- docs/configuration/repositories.md | 2 +- docs/enterprise/byom.md | 67 ++++++++----------- docs/integrations/scanners/appscan.md | 2 +- docs/integrations/scanners/checkmarx.md | 13 +--- docs/integrations/scanners/codeql.md | 2 +- docs/integrations/scanners/contrast.md | 2 +- docs/integrations/scanners/polaris.md | 2 +- docs/integrations/scanners/semgrep.md | 2 +- docs/integrations/scanners/snyk-code.md | 2 +- docs/integrations/scanners/sonarqube.md | 51 +------------- docs/integrations/scanners/veracode.md | 2 +- docs/languages/languages-overview.md | 8 +-- docs/open-source/codemodder.md | 4 +- docs/open-source/oss-overview.md | 2 +- docs/platform/architecture.md | 4 +- docs/platform/remediation.md | 10 +-- docs/platform/scanner-integration.md | 4 +- docs/platform/security.md | 4 +- .../what-is-agentic-security-engineering.md | 2 +- docs/platform/what-pixee-fixes.md | 27 +++++++- 21 files changed, 89 insertions(+), 135 deletions(-) diff --git a/docs/configuration/ai-settings.md b/docs/configuration/ai-settings.md index 8a369045..063317e7 100644 --- a/docs/configuration/ai-settings.md +++ b/docs/configuration/ai-settings.md @@ -17,9 +17,9 @@ Pixee's AI settings let you control how aggressively the triage engine classifie AI settings govern two behaviors: 1. **Triage Automation behavior.** How aggressively Pixee classifies findings as true positives, false positives, or won't-fix. Higher sensitivity catches more issues but may surface more borderline findings. -2. **Remediation Automation behavior.** Which finding types receive AI-generated fixes (MagicMods) versus deterministic code transformations (codemods), and the quality threshold fixes must meet before being presented as PRs. +2. **Remediation Automation behavior.** Which finding types receive AI-generated fixes versus deterministic code transformations (codemods), and the quality threshold fixes must meet before being presented as PRs. -These settings tune behavior. They do not bypass validation. Every fix Pixee generates -- whether from a deterministic codemod or an AI-powered MagicMod -- passes through the same multi-layer evaluation pipeline before reaching your PR queue. +These settings tune behavior. They do not bypass validation. Every fix Pixee generates -- whether from a deterministic codemod or an AI-powered fix -- passes through the same multi-layer evaluation pipeline before reaching your PR queue. ## Security Gates vs. Guardrails @@ -58,7 +58,7 @@ Remediation settings control how Pixee generates fixes. | Setting | What It Controls | | ----------------- | ----------------------------------------------------------------------------- | | Fix categories | Which CWE categories receive automated fixes | -| Fix mode | Whether a category uses deterministic codemods, AI-powered MagicMods, or both | +| Fix mode | Whether a category uses deterministic codemods, AI-powered fixes, or both | | Quality threshold | Minimum evaluation score a fix must meet before being presented as a PR | ### The hybrid model @@ -66,16 +66,16 @@ Remediation settings control how Pixee generates fixes. Pixee uses a hybrid approach to fix generation: - **Deterministic codemods** apply well-known, deterministic code transformations. No LLM involved. These are the same open-source transformations available through [Codemodder](/open-source/codemodder). -- **AI-powered MagicMods** handle complex scenarios where deterministic patterns are insufficient. These use LLM-powered analysis to understand context and generate fixes. +- **AI-powered fixes** handle complex scenarios where deterministic patterns are insufficient. These use LLM-powered analysis to understand context and generate fixes. -By default, both modes are active. You can disable MagicMods entirely and run only deterministic codemods, or restrict MagicMods to specific CWE categories. +By default, both modes are active. You can disable AI-powered fixes entirely and run only deterministic codemods, or restrict AI-powered fixes to specific CWE categories. ### Gradual automation The recommended approach is progressive expansion: 1. **Start conservative.** Enable deterministic codemods only. Review merge rates and fix quality. -2. **Expand by category.** Enable MagicMods for specific CWE categories where your team sees high fix quality. +2. **Expand by category.** Enable AI-powered fixes for specific CWE categories where your team sees high fix quality. 3. **Broaden over time.** As confidence builds (tracked via merge rate and quality scores in [Reporting](/configuration/operations)), expand the scope of AI-powered fixes. The [Phased Rollout Guide](/enterprise/phased-rollout) covers this progression in detail. diff --git a/docs/configuration/repositories.md b/docs/configuration/repositories.md index 1cb0d14b..8b1267de 100644 --- a/docs/configuration/repositories.md +++ b/docs/configuration/repositories.md @@ -26,7 +26,7 @@ For organizations with dozens or hundreds of repositories, Pixee supports bulk a 1. Pixee scans the repository for connected scanner findings (SARIF imports, native scanner integrations). 2. Triage Automation classifies findings as true positives, false positives, or won't-fix. -3. Remediation Automation generates fixes for actionable findings using deterministic codemods plus AI-powered MagicMods. +3. Remediation Automation generates fixes for actionable findings using deterministic codemods plus AI-powered fixes. 4. PRs appear in your normal SCM workflow for review and merge. ### Platform-specific notes diff --git a/docs/enterprise/byom.md b/docs/enterprise/byom.md index 1ebfbeed..8c60e7f1 100644 --- a/docs/enterprise/byom.md +++ b/docs/enterprise/byom.md @@ -8,38 +8,37 @@ description: Configure Pixee with your preferred LLM provider. Supports OpenAI, sidebar_position: 8 --- -Pixee lets you choose your LLM provider instead of locking you into a single vendor. You own the API keys, pick the vendor, control the bill, and decide which model handles which task through seven named LLM routing tiers. This is the opposite of a black-box AI product. +Pixee lets you choose your LLM provider instead of locking you into a single vendor. You own the API keys, pick the vendor, and control the bill. This is the opposite of a black-box AI product. ## Supported Providers -| Provider | Description | Hosted Model Families | Use Case | -|---|---|---|---| -| **OpenAI** | Direct OpenAI API | GPT-4 family | General purpose; developer-friendly API | -| **Anthropic** | Direct Anthropic API with Anthropic-optimized prompts | Claude 3 / Claude 3.5+ family | Teams preferring Anthropic models directly | -| **Azure AI Foundry** | Azure-hosted models in customer's Azure tenant | GPT-4 family (OpenAI via Azure), Claude family (Anthropic via Azure) | Azure-centric enterprises with existing Azure agreements | -| **AWS Bedrock** | AWS-hosted model marketplace in customer's AWS account | Claude family (Anthropic), Llama family (Meta), Mistral family, Amazon Nova | AWS-centric enterprises; broad model choice with AWS IAM controls | -| **Google Cloud Vertex AI** | Google Cloud-hosted model platform | Gemini family; third-party models available on Vertex | GCP-centric enterprises; Google Cloud IAM integration | -| **Oracle Cloud OCI Generative AI** | Oracle Cloud-hosted generative AI service | [NEEDS VERIFICATION: specific model families available on OCI Gen AI] | Organizations standardized on Oracle Cloud | -| **Any OpenAI-compatible endpoint** | Self-hosted, private, or custom API gateway that implements the OpenAI API interface | Any model served behind an OpenAI-compatible interface | Air-gapped deployments, self-hosted models, enterprise API gateways | +| Provider | Description | +|---|---| +| **OpenAI** | Direct OpenAI API | +| **Anthropic** | Direct Anthropic API with Anthropic-optimized prompts | +| **Azure AI Foundry** | Azure-hosted models in customer's Azure tenant (OpenAI and Anthropic models available) | +| **AWS Bedrock** | AWS-hosted model marketplace in customer's AWS account | +| **Google Cloud Vertex AI** | Google Cloud-hosted model platform | +| **Oracle Cloud OCI Generative AI** | Oracle Cloud-hosted generative AI service | +| **Any OpenAI-compatible endpoint** | Self-hosted, private, or custom API gateway — covers air-gapped deployments, self-hosted models, and enterprise API gateways | **Custom endpoint support** allows routing through enterprise API gateways. Custom header name/value pairs handle gateway authentication, so Pixee fits into your existing API management infrastructure. -**Provider-family-aware prompting** is a design decision worth understanding: when configured for Anthropic, Pixee uses Anthropic-optimized triage prompts — not a lowest-common-denominator approach that treats all providers identically. This matters for triage accuracy and fix quality. Most single-model AI products cannot do this because they are built around a single provider. +**Provider-aware prompting:** Pixee optimizes prompts for each provider rather than using a one-size-fits-all approach. This matters for triage accuracy and fix quality. -## Model Families +## Supported Model Families -Pixee supports the following model families across provider platforms. Model versions evolve rapidly — Pixee tracks the current generation of each family rather than locking to specific version strings. +Each provider platform gives access to a broad and evolving set of model families. The list below is indicative — model availability expands continuously across platforms. -| Model Family | Provider Platforms | Typical Use in Pixee | -|---|---|---| -| **GPT-4 family** | OpenAI, Azure AI Foundry | General-purpose triage and fix generation | -| **Claude 3 / Claude 3.5+ family** | Anthropic, AWS Bedrock, Azure AI Foundry | Triage reasoning, complex dataflow analysis, fix generation | -| **Gemini family** | Google Cloud Vertex AI | Triage and generation for GCP-standardized environments | -| **Meta Llama family** | AWS Bedrock, self-hosted | Cost-efficient classification tiers | -| **Mistral family** | AWS Bedrock, Azure AI Foundry, self-hosted | Fast classification and generation | -| **Amazon Nova family** | AWS Bedrock | AWS-native cost-efficient generation | +- **OpenAI models** — available via OpenAI and Azure AI Foundry +- **Anthropic Claude models** — available via Anthropic, AWS Bedrock, and Azure AI Foundry +- **Google Gemini models** — available via Google Cloud Vertex AI +- **Meta Llama models** — available via AWS Bedrock and self-hosted endpoints +- **Mistral models** — available via AWS Bedrock, Azure AI Foundry, and self-hosted endpoints +- **Amazon Nova models** — available via AWS Bedrock +- **Any model behind an OpenAI-compatible API** — self-hosted or custom -[NEEDS VERIFICATION: confirm which model families are tested and supported in current Pixee releases. The table above reflects provider platform support; actual tested model coverage may be a subset.] +Model versions evolve rapidly. Pixee provides a current recommendation for each customer based on benchmarks across quality, speed, and cost. See [Model Recommendations](#model-recommendations) below. ## Model Recommendations @@ -49,33 +48,21 @@ Based on your available cloud platforms and constraints, Pixee provides a recomm ## Hierarchical Model Routing -Seven named tiers let enterprises control which model handles which workflow stage. Each tier is independently configurable for model selection, endpoint, and effort level. - -| Tier | Purpose | What You Control | -|---|---|---| -| **Default** | General-purpose calls | Model selection, endpoint | -| **Reasoning** | Deep triage decisions requiring careful analysis | Higher-capability model for complex classifications | -| **Fast** | Quick classification of straightforward findings | Lower-latency model for speed | -| **Web Search** | External research augmentation | Model with web access capability | -| **SCA** | Software composition analysis | Model tuned for dependency analysis | -| **Deep Research** | In-depth vulnerability investigation | Research-capable model | -| **Codegen** | Fix generation | Generation strategy selection | - -### Why This Matters +Pixee uses hierarchical routing to assign the right model capability to each task type — triage classification, deep reasoning, fix generation, and dependency analysis each have different requirements. You can assign different models to different task categories, letting you optimize for cost, latency, and quality independently. -**Cost optimization.** Route simple classifications to cheaper, faster models. Reserve expensive, high-capability models for complex triage decisions that justify the cost. Your LLM bill reflects the actual complexity of each task, not a one-size-fits-all model choice. +**Cost optimization.** Route straightforward classifications to faster, cheaper models. Reserve high-capability models for complex decisions that justify the cost. -**Quality optimization.** Complex multi-file vulnerabilities get a reasoning-capable model. Straightforward SQL injection patterns get a fast model. The right model for the right task. +**Quality optimization.** Each task type gets a model matched to its requirements — not a single model handling everything. -**Latency control.** Speed-sensitive workflows (fast classification, initial triage) use low-latency models. Quality-sensitive workflows (deep triage, fix generation) use higher-capability models regardless of latency. +**Latency control.** Speed-sensitive tasks use low-latency models. Quality-sensitive tasks use higher-capability models regardless of latency. -Most competitors in the AI-assisted AppSec space use a single model for all tasks. Hierarchical routing lets enterprises tune the cost-quality-latency surface per workflow stage. +Contact your account team for guidance on model-to-task assignment for your deployment. ## Configuration **During installation:** Select your LLM provider through the admin console (embedded cluster) or Helm values (BYO Kubernetes). Provide the API key and endpoint URL. -**Per-tier model configuration:** After initial setup, assign specific models to each of the seven tiers based on your cost, quality, and latency requirements. +**Per-task model configuration:** After initial setup, assign specific models to each task category based on your cost, quality, and latency requirements. **Preflight checks:** Every provider configuration is validated at install time. Preflight checks catch LLM misconfiguration immediately -- not when your first analysis runs and fails. This is a small detail that saves hours of debugging. diff --git a/docs/integrations/scanners/appscan.md b/docs/integrations/scanners/appscan.md index 4482d390..a73204d4 100644 --- a/docs/integrations/scanners/appscan.md +++ b/docs/integrations/scanners/appscan.md @@ -40,7 +40,7 @@ AppScan-specific severity levels are extracted and mapped appropriately, ensurin True positive findings receive automated code fixes delivered as pull requests. AppScan has dedicated tool-specific codemods in the remediation engine, meaning fixes are generated with awareness of the specific finding types and patterns AppScan reports. -Fixes use deterministic codemods and AI-powered MagicMods. +Fixes use deterministic codemods and AI-powered fixes. For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). diff --git a/docs/integrations/scanners/checkmarx.md b/docs/integrations/scanners/checkmarx.md index 850079d8..aa865adc 100644 --- a/docs/integrations/scanners/checkmarx.md +++ b/docs/integrations/scanners/checkmarx.md @@ -43,18 +43,7 @@ The result: Pixee's triage accuracy does not degrade when the scanner provides m True positive findings receive automated code fixes delivered as pull requests. -Pixee includes three Checkmarx-specific remediation codemods built for the most common Checkmarx finding categories: - -| Codemod | What It Fixes | Language | -| ---------------------- | ----------------------------------------- | ---------- | -| SQL parameterization | SQL injection via parameterized queries | .NET | -| SQL parameterization | SQL injection via parameterized queries | JavaScript | -| NoSQL parameterization | NoSQL injection via parameterized queries | JavaScript | - -Beyond these dedicated codemods, Pixee's general-purpose codemod library and AI-powered MagicMods address additional vulnerability types identified by Checkmarx. - -- Fixes match your team's code conventions -- Developers review and merge Pixee PRs through their standard workflow +Pixee includes Checkmarx-specific remediation codemods alongside its general-purpose codemod library and AI-powered fixes. Fixes match your team's code conventions. Developers review and merge Pixee PRs through their standard workflow. For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). diff --git a/docs/integrations/scanners/codeql.md b/docs/integrations/scanners/codeql.md index 977db3bc..e8b90b11 100644 --- a/docs/integrations/scanners/codeql.md +++ b/docs/integrations/scanners/codeql.md @@ -44,7 +44,7 @@ Each finding receives a classification with confidence score and audit-ready rea True positive findings receive automated code fixes delivered as pull requests. -Pixee generates fixes using a combination of deterministic codemods and AI-powered MagicMods for complex, codebase-specific scenarios. Every fix goes through multi-layer validation before reaching a developer's review queue. +Pixee generates fixes using a combination of deterministic codemods and AI-powered fixes for complex, codebase-specific scenarios. Every fix goes through multi-layer validation before reaching a developer's review queue. - Pre-configured handlers cover common CodeQL rules - Fixes match your team's code conventions -- naming patterns, preferred libraries, existing security utilities diff --git a/docs/integrations/scanners/contrast.md b/docs/integrations/scanners/contrast.md index 67034b01..d2626a85 100644 --- a/docs/integrations/scanners/contrast.md +++ b/docs/integrations/scanners/contrast.md @@ -44,7 +44,7 @@ The result: security teams can act on Contrast findings with the same confidence ### Remediation -True-positive findings receive automated code fixes delivered as pull requests, generated by Pixee's deterministic codemods and AI-powered MagicMods. Fixes match the team's code conventions and existing security utilities. +True-positive findings receive automated code fixes delivered as pull requests, generated by Pixee's deterministic codemods and AI-powered fixes. Fixes match the team's code conventions and existing security utilities. Developers review and merge Pixee PRs through the standard development workflow. diff --git a/docs/integrations/scanners/polaris.md b/docs/integrations/scanners/polaris.md index 7589b789..f43624e0 100644 --- a/docs/integrations/scanners/polaris.md +++ b/docs/integrations/scanners/polaris.md @@ -30,7 +30,7 @@ The Coverity engine is known for thorough, conservative analysis. This thoroughn ### Remediation -Polaris provides findings and remediation guidance but does not generate automated code fixes or pull requests. Pixee closes this gap. True positive findings are automatically fixed using deterministic codemods and AI-powered MagicMods. Fixes are delivered as pull requests matching the team's code conventions. +Polaris provides findings and remediation guidance but does not generate automated code fixes or pull requests. Pixee closes this gap. True positive findings are automatically fixed using deterministic codemods and AI-powered fixes. Fixes are delivered as pull requests matching the team's code conventions. For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). diff --git a/docs/integrations/scanners/semgrep.md b/docs/integrations/scanners/semgrep.md index c0483751..4ad01322 100644 --- a/docs/integrations/scanners/semgrep.md +++ b/docs/integrations/scanners/semgrep.md @@ -45,7 +45,7 @@ Each finding receives a classification with reasoning trail suitable for audit d True positive findings receive automated code fixes delivered as pull requests. -Pixee generates fixes using deterministic codemods and AI-powered MagicMods. The deterministic codemods handle standard security patterns with zero LLM dependency. MagicMods address complex, codebase-specific scenarios where the fix requires understanding your application's architecture and conventions. +Pixee generates fixes using deterministic codemods and AI-powered fixes. The deterministic codemods handle standard security patterns with zero LLM dependency. AI-powered fixes address complex, codebase-specific scenarios where the fix requires understanding your application's architecture and conventions. - Fixes match your team's code conventions -- Pixee generates fixes that use your existing libraries and follow your patterns - Semgrep identifies what is wrong; Pixee delivers the fix as a PR diff --git a/docs/integrations/scanners/snyk-code.md b/docs/integrations/scanners/snyk-code.md index fc93f887..a96ccbd2 100644 --- a/docs/integrations/scanners/snyk-code.md +++ b/docs/integrations/scanners/snyk-code.md @@ -40,7 +40,7 @@ Snyk Code already produces lower false positive rates than traditional SAST tool Snyk's "DeepCode AI Fix" provides remediation suggestions within the Snyk UI. Pixee delivers a different outcome: complete, context-aware fixes as pull requests that developers review and merge through their standard code review workflow. -Fixes are generated using deterministic codemods and AI-powered MagicMods for complex scenarios. Every fix matches the team's code conventions -- naming patterns, preferred libraries, and existing security utilities. +Fixes are generated using deterministic codemods and AI-powered fixes for complex scenarios. Every fix matches the team's code conventions -- naming patterns, preferred libraries, and existing security utilities. For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). diff --git a/docs/integrations/scanners/sonarqube.md b/docs/integrations/scanners/sonarqube.md index 33aa6bb4..eef65d5f 100644 --- a/docs/integrations/scanners/sonarqube.md +++ b/docs/integrations/scanners/sonarqube.md @@ -36,7 +36,7 @@ For teams managing SonarQube's high-volume output, where security findings mix w ### Remediation -SonarQube shows what is wrong but does not generate fixes. Pixee fills this gap by delivering remediation as pull requests. True positive findings from SonarQube are automatically fixed using deterministic codemods and AI-powered MagicMods for complex scenarios. Dedicated prompt builders in the remediation engine handle SonarQube-specific finding formats. +SonarQube shows what is wrong but does not generate fixes. Pixee fills this gap by delivering remediation as pull requests. True positive findings from SonarQube are automatically fixed using deterministic codemods and AI-powered fixes for complex scenarios. Dedicated prompt builders in the remediation engine handle SonarQube-specific finding formats. Fixes match your team's code conventions. @@ -44,18 +44,7 @@ For the full list of vulnerability types Pixee triages and fixes, see [What Pixe ## Supported Languages -Pixee remediates SonarQube findings for these languages: - -| Language | Deterministic Codemods | AI-Powered Fixes | SonarQube Rules Covered | -| --------------------- | ---------------------- | ---------------- | ---------------------------------------------- | -| Java | Yes (51+) | Yes | Injection, XSS, crypto, auth, hotspots | -| Python | Yes (60+) | Yes | Injection, XSS, hardcoded secrets, hotspots | -| JavaScript/TypeScript | Expanding | Yes | XSS, injection, auth patterns | -| .NET | Expanding | Yes | Injection, crypto, configuration | -| PHP | Expanding | Yes | Injection, XSS | -| Go | — | — | Not currently supported for SonarQube findings | - -If your primary SonarQube backlog is in Go, Pixee cannot remediate those findings today. Go support for SonarQube findings is on the roadmap. +Pixee remediates SonarQube findings across Java, Python, JavaScript/TypeScript, .NET, and PHP. Java and Python have the deepest deterministic codemod coverage; other languages rely on AI-powered fixes. For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). ## Setup @@ -71,42 +60,6 @@ Connect SonarQube by providing your instance URL and a user token with Browse an If your SonarQube instance has thousands of findings, Pixee does not open thousands of PRs simultaneously. Findings are prioritized by severity (Critical and High first), and PR creation is controlled by your configured batch settings. See [Operations](/configuration/operations) for PR volume controls. -## SonarQube Finding Examples - -### Example 1: SQL Injection (java:S3649) - -**SonarQube finding:** `Change this code to not construct SQL queries directly from user-controlled data.` - -**Before (vulnerable):** - -```java -String query = "SELECT * FROM users WHERE id = " + request.getParameter("id"); -ResultSet rs = statement.executeQuery(query); -``` - -**Pixee fix (deterministic codemod):** - -```java -String query = "SELECT * FROM users WHERE id = ?"; -PreparedStatement ps = connection.prepareStatement(query); -ps.setString(1, request.getParameter("id")); -ResultSet rs = ps.executeQuery(); -``` - -### Example 2: Hardcoded Credentials (java:S2068) - -**SonarQube finding:** `Remove this hard-coded password.` - -**Before:** `private static final String DB_PASSWORD = "admin123";` - -**Pixee fix (AI-powered):** Moves the credential to an environment variable reference and adds documentation for the required configuration change. - -### Example 3: Security Hotspot — CSRF (java:S4502) - -**SonarQube hotspot:** `Make sure disabling Spring Security's CSRF protection is safe here.` - -**Pixee triage result:** `FALSE_POSITIVE — This endpoint is a REST API consumed by a mobile client using Bearer token authentication. CSRF protection is not applicable to token-authenticated APIs. The Spring Security configuration correctly disables CSRF for the /api/** path only.` - ## Common False Positive Patterns Pixee Eliminates - **Security hotspots that are actually safe:** Pixee's triage engine investigates the actual code context and determines whether the flagged pattern is exploitable -- automating the manual review SonarQube requires diff --git a/docs/integrations/scanners/veracode.md b/docs/integrations/scanners/veracode.md index 4deb4c4e..ff58b2d9 100644 --- a/docs/integrations/scanners/veracode.md +++ b/docs/integrations/scanners/veracode.md @@ -36,7 +36,7 @@ Each classified finding includes an audit-ready justification trail explaining t ### Remediation -True positive findings receive automated code fixes delivered as pull requests. Pixee generates fixes using deterministic codemods and AI-powered MagicMods for complex, codebase-specific scenarios. +True positive findings receive automated code fixes delivered as pull requests. Pixee generates fixes using deterministic codemods and AI-powered fixes for complex, codebase-specific scenarios. Veracode's own "Veracode Fix" provides AI-assisted remediation suggestions, but it does not deliver merged pull requests at scale. Pixee closes that gap: findings move from classification to fix to developer review in one pipeline. Developers review and merge Pixee PRs through their standard workflow. diff --git a/docs/languages/languages-overview.md b/docs/languages/languages-overview.md index 88ba8982..20c6c2b6 100644 --- a/docs/languages/languages-overview.md +++ b/docs/languages/languages-overview.md @@ -12,18 +12,18 @@ Pixee supports a broad and growing set of languages and IaC formats. Coverage ex ## Programming Languages -| Language | Notes | +| Language | Common Frameworks (examples) | |---|---| | **Java** | Spring Boot, Jakarta EE, Micronaut | | **Python** | Django, Flask, FastAPI | -| **JavaScript / TypeScript / Node.js** | Express, React, Node.js server-side | +| **JavaScript / TypeScript / Node.js** | Express, React, Next.js, Nest.js | | **C# / .NET** | ASP.NET Core, Blazor | | **Go** | Standard library, Gin, Echo | | **Ruby** | Rails, Sinatra | | **PHP** | Laravel, Symfony | -| **Kotlin** | JVM ecosystem, Spring Boot | +| **Kotlin** | Spring Boot, Android | | **Rust** | | -| **Scala** | JVM ecosystem | +| **Scala** | Play, Akka | | **Swift** | iOS/macOS | | **Objective-C** | iOS/macOS | diff --git a/docs/open-source/codemodder.md b/docs/open-source/codemodder.md index 635a5d15..acef33c4 100644 --- a/docs/open-source/codemodder.md +++ b/docs/open-source/codemodder.md @@ -119,12 +119,12 @@ codemodder /path/to/project --path-exclude tests/ vendor/ --output results.json Codemodder powers the deterministic remediation layer of the Pixee platform. The platform extends Codemodder with: -- **MagicMods** -- AI-powered fixes for patterns that deterministic rules cannot reach (custom framework wrappers, multi-file dataflows, context-dependent sanitization) +- **AI-powered fixes** for patterns that deterministic rules cannot reach (custom framework wrappers, multi-file dataflows, context-dependent sanitization) - **Triage Automation** -- false positive reduction before fixes are generated - **Scanner integration** -- natively integrated scanners plus universal SARIF support - **PR workflow** -- fixes delivered as pull requests through GitHub, GitLab, Azure DevOps, or Bitbucket -Codemodder handles the known, well-understood vulnerability patterns. MagicMods extend coverage to the long tail. Both produce fixes that pass through the same quality evaluation before reaching a developer. +Codemodder handles the known, well-understood vulnerability patterns. AI-powered fixes extend coverage to the long tail. Both produce fixes that pass through the same quality evaluation before reaching a developer. ## Next Steps diff --git a/docs/open-source/oss-overview.md b/docs/open-source/oss-overview.md index a6a83c9b..c001f6ad 100644 --- a/docs/open-source/oss-overview.md +++ b/docs/open-source/oss-overview.md @@ -40,7 +40,7 @@ The open source engines and the commercial Pixee platform serve different needs. **The Pixee platform** builds on the open source engines and adds: -- **AI-powered MagicMods** for vulnerability patterns that deterministic rules cannot reach (custom frameworks, multi-file dataflows, context-dependent sanitization) +- **AI-powered fixes** for vulnerability patterns that deterministic rules cannot reach (custom frameworks, multi-file dataflows, context-dependent sanitization) - **Triage Automation** with false positive reduction via exploitability analysis - **12 native scanner integrations** that ingest findings from Semgrep, CodeQL, Sonar, Snyk, and others - **Pull request delivery** so developers review fixes through their existing code review process diff --git a/docs/platform/architecture.md b/docs/platform/architecture.md index 50304335..812c505a 100644 --- a/docs/platform/architecture.md +++ b/docs/platform/architecture.md @@ -58,11 +58,11 @@ For full triage details, see [Triage](/platform/triage). ## Remediation Engine -The remediation engine uses a hybrid-intelligence model: deterministic codemods handle known vulnerability patterns, and AI-powered MagicMods handle everything else. +The remediation engine uses a hybrid-intelligence model: deterministic codemods handle known vulnerability patterns, and AI-powered fixes handle everything else. **Deterministic codemods:** Pre-built, rule-based transformations for known OWASP/SANS security patterns. Same input, same output, every time. Zero LLM involvement. Zero hallucination risk. Open-source engines (codemodder-java, codemodder-python) are publicly inspectable. See [Remediation](/platform/remediation) for the full codemod library. -**AI-powered MagicMods:** Handle custom frameworks, multi-file dataflow vulnerabilities, and novel patterns where deterministic rules cannot reach. Scanner-aware dispatchers for 8+ tools ensure the AI receives the right context for each scanner's output format. +**AI-powered fixes:** Handle custom frameworks, multi-file dataflow vulnerabilities, and novel patterns where deterministic rules cannot reach. Scanner-aware dispatchers for 8+ tools ensure the AI receives the right context for each scanner's output format. **Multi-agent fix planning:** Complex fixes that span dependency manifests, source files, and configuration changes are planned before execution. Specialized agents handle version decisions, source file identification, and manifest updates independently. Plans are evaluated for quality before code changes begin. diff --git a/docs/platform/remediation.md b/docs/platform/remediation.md index 03e23124..fbab0375 100644 --- a/docs/platform/remediation.md +++ b/docs/platform/remediation.md @@ -4,11 +4,11 @@ slug: /platform/remediation track: both content_type: guide seo_title: "Automated Vulnerability Remediation | 76% Merge Rate" -description: How Pixee generates security fixes using deterministic codemods and AI-powered MagicMods with independent quality evaluation. +description: How Pixee generates security fixes using deterministic codemods and AI-powered fixes with independent quality evaluation. sidebar_position: 4 --- -Pixee generates validated security fixes and delivers them as pull requests. The hybrid-intelligence engine routes each vulnerability to the best fix method: deterministic codemods handle known patterns with zero AI variance, while AI-powered MagicMods handle novel and complex scenarios. Every fix passes independent quality evaluation before reaching a developer. Across production deployments, 76% of Pixee-generated fixes are merged by development teams after human review. +Pixee generates validated security fixes and delivers them as pull requests. The hybrid-intelligence engine routes each vulnerability to the best fix method: deterministic codemods handle known patterns with zero AI variance, while AI-powered fixes handle novel and complex scenarios. Every fix passes independent quality evaluation before reaching a developer. Across production deployments, 76% of Pixee-generated fixes are merged by development teams after human review. Remediation is co-equal with [triage](/platform/triage). Triage determines what is real; remediation fixes what is real. @@ -19,13 +19,13 @@ Pixee uses two fundamentally different fix engines, routed automatically based o | Engine | How It Works | When It Fires | Risk Profile | |---|---|---|---| | **Deterministic codemods** | Pre-built, rule-based transformations encoding OWASP/SANS patterns | Known patterns: SQL injection parameterization, SSRF prevention, insecure deserialization, weak cryptography, insecure temp files, SSL/TLS upgrades | Zero hallucination risk. Same input, same output, every time. | -| **AI-powered MagicMods** | Constrained AI generation with dataflow-bounded context and per-rule knowledge base guidance | Custom frameworks, multi-file dataflow vulnerabilities, novel patterns, context-dependent sanitization | AI-generated, independently evaluated before reaching a PR. | +| **AI-powered fixes** | Constrained AI generation with dataflow-bounded context and per-rule knowledge base guidance | Custom frameworks, multi-file dataflow vulnerabilities, novel patterns, context-dependent sanitization | AI-generated, independently evaluated before reaching a PR. | -Routing is automatic. The system checks whether a deterministic codemod exists for the vulnerability type. If yes, the codemod fires — sub-second, zero LLM cost. If no deterministic rule handles it, a MagicMod generates a fix using scanner-aware context. +Routing is automatic. The system checks whether a deterministic codemod exists for the vulnerability type. If yes, the codemod fires — sub-second, zero LLM cost. If no deterministic rule handles it, an AI-powered fix is generated using scanner-aware context. **Open-source engines.** The deterministic codemod engines (codemodder-java with 51 core codemods, codemodder-python with 60+ core codemods) are publicly inspectable. Customers and auditors can read the transformation rules before trusting them. -**Scanner-aware dispatchers.** MagicMod includes scanner-aware dispatchers for each natively integrated scanner. Each dispatcher understands the scanner's output format and rule semantics, so the AI receives the right context for each finding. +**Scanner-aware dispatchers.** The AI fix engine includes scanner-aware dispatchers for each natively integrated scanner. Each dispatcher understands the scanner's output format and rule semantics, so the AI receives the right context for each finding. ## Context Gathering diff --git a/docs/platform/scanner-integration.md b/docs/platform/scanner-integration.md index cf07d3ca..1d2d9142 100644 --- a/docs/platform/scanner-integration.md +++ b/docs/platform/scanner-integration.md @@ -45,7 +45,7 @@ Both tiers feed into the same downstream [triage](/platform/triage) and [remedia | Scanner | Status | Integration Method | |---|---|---| | **Veracode** | GA | SARIF pipeline with tool-specific identification | -| **Snyk Code** | GA | SARIF pipeline with MagicMod dispatcher support | +| **Snyk Code** | GA | SARIF pipeline with AI fix dispatcher support | | **SonarQube / SonarCloud** | GA | SARIF pipeline with dedicated prompt builders | | **HCL AppScan** | GA | SARIF ingestion pipeline | | **Polaris (Synopsys)** | GA | SARIF ingestion pipeline | @@ -53,7 +53,7 @@ Both tiers feed into the same downstream [triage](/platform/triage) and [remedia | **Contrast** | GA | SARIF ingestion pipeline | | **GitLab SAST** | GA | SARIF pipeline with dedicated namespace | | **GitLab SCA** | GA | SARIF pipeline | -| **Trivy** | GA | SARIF pipeline with MagicMod dispatcher support | +| **Trivy** | GA | SARIF pipeline with AI fix dispatcher support | | **DefectDojo** | GA | SARIF pipeline (aggregates findings from multiple scanners) | All named scanner integrations are GA. See individual scanner integration pages under [Integrations](/integrations/overview) for per-tool setup guides. diff --git a/docs/platform/security.md b/docs/platform/security.md index 88fa5aa7..f4fb1b64 100644 --- a/docs/platform/security.md +++ b/docs/platform/security.md @@ -24,7 +24,7 @@ Pixee's trust model rests on three governing principles: This distinction is the most important concept on this page. -| Dimension | Deterministic Codemods | AI-Generated MagicMods | +| Dimension | Deterministic Codemods | AI-Generated Fixes | |---|---|---| | **Input/output predictability** | Identical output every time | Output varies based on context; constrained by dataflow-bounded input | | **Scope** | Known vulnerability patterns (SQL injection, XSS, SSRF, deserialization, etc.) | Novel, custom, and multi-file patterns | @@ -34,7 +34,7 @@ This distinction is the most important concept on this page. **Deterministic codemods** handle known vulnerability patterns — SQL injection parameterization, SSRF prevention, insecure deserialization, weak cryptography, and more. These are pre-built, rule-based transformations with zero LLM involvement. The open-source engines (codemodder-java, codemodder-python) are publicly inspectable — your security team or auditors can review the transformation rules before deployment. -**AI-powered MagicMods** fire only when deterministic rules cannot reach — custom framework wrappers, multi-file dataflow vulnerabilities, novel patterns. Every MagicMod fix passes through the full independent evaluation pipeline. +**AI-powered fixes** fire only when deterministic rules cannot reach — custom framework wrappers, multi-file dataflow vulnerabilities, novel patterns. Every AI-powered fix passes through the full independent evaluation pipeline. Routing between modes is automatic — no manual configuration. diff --git a/docs/platform/what-is-agentic-security-engineering.md b/docs/platform/what-is-agentic-security-engineering.md index d8d9bba5..bcd3f248 100644 --- a/docs/platform/what-is-agentic-security-engineering.md +++ b/docs/platform/what-is-agentic-security-engineering.md @@ -36,7 +36,7 @@ Up to 98% false positive reduction. See [Triage](/platform/triage) for the full For confirmed vulnerabilities, the platform generates context-aware code fixes: - **Deterministic codemods:** Pre-built, rule-based transformations for known vulnerability patterns. Same input, same output, every time. Zero LLM involvement. Zero hallucination risk. -- **AI-powered MagicMods:** For novel or complex patterns where deterministic rules cannot reach, constrained AI generates fixes that are independently evaluated for Safety, Effectiveness, and Cleanliness before any developer sees them. +- **AI-powered fixes:** For novel or complex patterns where deterministic rules cannot reach, constrained AI generates fixes that are independently evaluated for Safety, Effectiveness, and Cleanliness before any developer sees them. - **Pull request delivery:** Every fix ships as a standard PR in GitHub, GitLab, Azure DevOps, or Bitbucket. Never a direct commit. 76% merge rate on production deployments. See [Remediation](/platform/remediation) and [Security & Trust](/platform/security) for details. diff --git a/docs/platform/what-pixee-fixes.md b/docs/platform/what-pixee-fixes.md index e695f013..99e2559d 100644 --- a/docs/platform/what-pixee-fixes.md +++ b/docs/platform/what-pixee-fixes.md @@ -39,12 +39,37 @@ This page is the canonical reference for what Pixee can triage and fix. It cover | **Dependency Vulnerabilities (SCA)** | CVEs in direct and transitive open-source dependencies | Yes | Deterministic (version bumps + source refactoring) | | **Container / Dockerfile Misconfigurations** | Running as root, insecure base image patterns, exposed secrets in layers | Yes | Both | | **Infrastructure as Code (IaC) Misconfigurations** | Terraform / CloudFormation / Kubernetes / Helm security misconfigurations, overly permissive IAM, unencrypted storage | Yes | Both | +| **Open Redirect (CWE-601)** | Redirects to attacker-controlled URLs via unvalidated redirect parameters | Yes | Triage + Fix | +| **Code Injection / Eval Injection (CWE-94)** | Dynamic code execution from untrusted input via eval, exec, or similar constructs | Yes | Triage + Fix | +| **Prototype Pollution** | JavaScript object prototype manipulation via untrusted key assignment | Yes | Triage + Fix | +| **Template Injection (SSTI)** | Server-side template injection via user input rendered in template engines | Yes | Triage + Fix | +| **Insecure File Upload (CWE-434)** | Unrestricted file type or content upload without validation | Yes | Triage + Fix | +| **Missing Security Headers** | CSP, HSTS, X-Frame-Options, and other protective headers absent from responses | Yes | Triage + Fix | +| **CORS Misconfiguration** | Overly permissive cross-origin resource sharing allowing untrusted origins | Yes | Triage + Fix | +| **Race Conditions / TOCTOU (CWE-362)** | Time-of-check to time-of-use vulnerabilities in file and resource access | Yes | Triage | +| **Improper Input Validation (CWE-20)** | Missing or insufficient validation of input data before processing | Yes | Triage + Fix | +| **Integer Overflow / Underflow (CWE-190)** | Arithmetic boundary condition errors leading to unexpected behavior | Yes | Triage + Fix | + +## Secrets Detection + +Pixee triages and remediates secrets found in source code across all supported scanners. + +| Category | Examples | Supported | +|---|---|---| +| **API Keys & Tokens** | Hardcoded API keys, OAuth tokens, service account keys | Triage + Fix | +| **Credentials in Code** | Hardcoded passwords, database connection strings | Triage + Fix | +| **Cloud Provider Secrets** | AWS access keys, GCP service account JSON, Azure credentials | Triage + Fix | +| **Private Keys & Certificates** | RSA/EC private keys, TLS certificates committed to repos | Triage + Fix | + +## Custom Rules + +Pixee's triage engine handles custom scanner rules — including custom Semgrep rules, custom CodeQL queries, and internal rule sets — through its adaptive analysis tier. Custom rules don't require Pixee configuration; the engine generates triage logic for novel rule types automatically. ## Fix Modes Explained **Deterministic** — A pre-built codemod applies a rule-based transformation. Same input always produces the same output. Zero LLM involvement. Fastest fix path and most predictable output. -**AI (MagicMod)** — An AI-powered fix is generated for patterns where deterministic rules do not reach — custom framework wrappers, multi-file dataflows, context-dependent sanitization, or novel vulnerability patterns. Every AI-generated fix passes through an independent quality evaluation before delivery. +**AI** — An AI-powered fix is generated for patterns where deterministic rules do not reach — custom framework wrappers, multi-file dataflows, context-dependent sanitization, or novel vulnerability patterns. Every AI-generated fix passes through an independent quality evaluation before delivery. **Both** — A deterministic codemod handles well-understood patterns (standard libraries, known frameworks), while AI handles custom or complex variants. Routing is automatic. From 72cade6f3c660aebf755243b25f85adff9826f3e Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 17:49:23 -0700 Subject: [PATCH 07/20] =?UTF-8?q?docs:=20IP=20protection=20=E2=80=94=20abs?= =?UTF-8?q?tract=20internal=20architecture=20details?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Remove adaptive analyzer caching mechanism details → outcome-focused language - Remove four-tier dataflow quality classification names (Strong Multi-File etc.) - Remove tech stack disclosure (Java/Quarkus, Python/FastAPI, React/TypeScript) - Abstract scanner-aware dispatcher specifics → generic normalization description - Remove fix evaluation failure mode examples (keep rubric names) - Remove SCA verification cache details - Remove all specific codemod counts (51+, 60+, 120+) → "library of deterministic codemods" Co-Authored-By: Claude Sonnet 4.5 --- docs/faq/faq.md | 2 +- docs/open-source/codemodder.md | 6 +++--- docs/open-source/oss-overview.md | 12 +++++------ docs/platform/architecture.md | 20 +++++++++---------- docs/platform/remediation.md | 15 ++++---------- docs/platform/sca.md | 10 +++------- docs/platform/scanner-integration.md | 10 +++++----- docs/platform/triage.md | 15 ++++---------- .../what-is-agentic-security-engineering.md | 12 +++++------ 9 files changed, 42 insertions(+), 60 deletions(-) diff --git a/docs/faq/faq.md b/docs/faq/faq.md index 51f46cc7..ee938d7b 100644 --- a/docs/faq/faq.md +++ b/docs/faq/faq.md @@ -18,7 +18,7 @@ Automated vulnerability remediation programmatically fixes security findings wit ### How does automated vulnerability triage work? -Pixee's triage engine routes each finding through three progressive tiers: deterministic analyzers for known patterns (sub-second, zero cost), AI agents for ambiguous cases (dynamic codebase investigation), and adaptive analyzer generation for novel rule types. Every verdict includes a structured justification — the specific code paths, security controls, or context that drove the decision. Up to 98% false positive reduction. See [Triage](/platform/triage) for the full architecture. +Pixee's triage engine routes each finding through three progressive tiers: deterministic analyzers for known patterns (sub-second, zero cost), AI agents for ambiguous cases (dynamic codebase investigation), and automatic handling for novel and custom rule types — including proprietary scanners and custom rulesets — without manual configuration. Every verdict includes a structured justification — the specific code paths, security controls, or context that drove the decision. Up to 98% false positive reduction. See [Triage](/platform/triage) for the full architecture. ### What is a codemod? diff --git a/docs/open-source/codemodder.md b/docs/open-source/codemodder.md index acef33c4..af2c68db 100644 --- a/docs/open-source/codemodder.md +++ b/docs/open-source/codemodder.md @@ -10,7 +10,7 @@ sidebar_position: 2 # Codemodder Framework -Codemodder is an open source framework created by Pixee for building language-specific, security-focused code transformations called codemods. Each codemod encodes a specific security remediation pattern -- SQL injection parameterization, insecure deserialization hardening, cryptography upgrades -- as a deterministic, testable rule. Codemodder currently supports Java via [codemodder-java](https://github.com/pixee/codemodder-java) (51+ codemods) and Python via [codemodder-python](https://github.com/pixee/codemodder-python) (60+ codemods), with every codemod publicly inspectable on GitHub. +Codemodder is an open source framework created by Pixee for building language-specific, security-focused code transformations called codemods. Each codemod encodes a specific security remediation pattern -- SQL injection parameterization, insecure deserialization hardening, cryptography upgrades -- as a deterministic, testable rule. Codemodder currently supports Java via [codemodder-java](https://github.com/pixee/codemodder-java) and Python via [codemodder-python](https://github.com/pixee/codemodder-python), with every codemod publicly inspectable on GitHub. ## What Codemods Are @@ -49,7 +49,7 @@ The transformation pipeline follows a consistent flow from scanner finding to st ## codemodder-java -The Java engine provides 51+ core codemods using ParseAndGo-based AST transformations. +The Java engine provides a library of deterministic codemods using ParseAndGo-based AST transformations. **Fix categories covered:** @@ -78,7 +78,7 @@ cd codemodder-java ## codemodder-python -The Python engine provides 60+ core codemods with three distinct transformer strategies. +The Python engine provides a library of deterministic codemods with three distinct transformer strategies. **Transformer strategies:** diff --git a/docs/open-source/oss-overview.md b/docs/open-source/oss-overview.md index c001f6ad..829d3036 100644 --- a/docs/open-source/oss-overview.md +++ b/docs/open-source/oss-overview.md @@ -10,7 +10,7 @@ sidebar_position: 1 # Open Source Overview -Pixee maintains several open source projects that form the foundation of its deterministic remediation engine. The [Codemodder](/open-source/codemodder) framework provides language-specific engines for building security-focused code transformations. [codemodder-java](https://github.com/pixee/codemodder-java) (51+ codemods) and [codemodder-python](https://github.com/pixee/codemodder-python) (60+ codemods) are publicly inspectable on GitHub. These open source engines let customers and auditors review fix rules before trusting automated remediation in their codebase. +Pixee maintains several open source projects that form the foundation of its deterministic remediation engine. The [Codemodder](/open-source/codemodder) framework provides language-specific engines for building security-focused code transformations. [codemodder-java](https://github.com/pixee/codemodder-java) and [codemodder-python](https://github.com/pixee/codemodder-python) are publicly inspectable on GitHub. These open source engines let customers and auditors review fix rules before trusting automated remediation in their codebase. ## Why Open Source Matters for Security Remediation @@ -24,11 +24,11 @@ Automated code changes demand trust. When a tool modifies your source files, you ## Pixee Open Source Projects -| Project | Language | Codemods | Description | -| ---------------------------------------------------------------- | -------------- | -------- | ------------------------------------------------------------------------------- | -| [codemodder-java](https://github.com/pixee/codemodder-java) | Java | 51+ core | Java codemod engine with AST transformations via ParseAndGo | -| [codemodder-python](https://github.com/pixee/codemodder-python) | Python | 60+ core | Python codemod engine with LibCST, regex, and XML transformers | -| [Codemodder framework](https://github.com/pixee/codemodder-spec) | Multi-language | N/A | Core specification and framework for building language-specific codemod engines | +| Project | Language | Description | +| ---------------------------------------------------------------- | -------------- | ------------------------------------------------------------------------------- | +| [codemodder-java](https://github.com/pixee/codemodder-java) | Java | Java codemod engine with AST transformations via ParseAndGo | +| [codemodder-python](https://github.com/pixee/codemodder-python) | Python | Python codemod engine with LibCST, regex, and XML transformers | +| [Codemodder framework](https://github.com/pixee/codemodder-spec) | Multi-language | Core specification and framework for building language-specific codemod engines | All projects are licensed under Apache 2.0. diff --git a/docs/platform/architecture.md b/docs/platform/architecture.md index 812c505a..b1c158a0 100644 --- a/docs/platform/architecture.md +++ b/docs/platform/architecture.md @@ -8,7 +8,7 @@ description: Three-component architecture with progressive triage, hybrid remedi sidebar_position: 2 --- -Pixee's Agentic Security Engineering Platform uses a three-component architecture -- a Java/Quarkus backend, a Python/FastAPI analysis service, and a React/TypeScript frontend -- to process vulnerability findings from any scanner through unified triage and remediation pipelines. Findings arrive via webhook or API, pass through a progressive triage engine, and exit as validated pull requests. The system handles everything from sub-second deterministic triage to multi-agent AI fix planning without requiring you to replace any existing tools. +Pixee's Agentic Security Engineering Platform uses a three-component architecture — a backend platform, an analysis service, and a user interface — to process vulnerability findings from any scanner through unified triage and remediation pipelines. Findings arrive via webhook or API, pass through a progressive triage engine, and exit as validated pull requests. The system handles everything from sub-second deterministic triage to multi-agent AI fix planning without requiring you to replace any existing tools. This page walks through the end-to-end processing flow, from scanner finding to merged fix. @@ -46,9 +46,9 @@ The triage engine classifies every finding through a three-tier progressive arch | ---------------------- | ----------------------------------------- | ------------------------- | ----------- | ---------------------------------------------------------------------- | | **Tier 1: Structured** | 15+ deterministic analyzers | Sub-second | Zero | Known patterns (SQL injection, XSS, command injection, path traversal) | | **Tier 2: Agentic** | AI agents dynamically search the codebase | Seconds | Per-finding | Ambiguous findings, novel frameworks, custom security controls | -| **Tier 3: Adaptive** | Generates custom analyzers on the fly | Minutes (first encounter) | Per-finding | Novel rule types, proprietary scanners, custom rulesets | +| **Tier 3: Adaptive** | Handles novel rule types automatically, expanding coverage as new rule types are encountered | Minutes (first encounter) | Per-finding | Novel rule types, proprietary scanners, custom rulesets | -**Progressive fallback:** The system attempts Tier 1 first. If the deterministic analyzer cannot reach a high-confidence verdict, the finding escalates to Tier 2. If the agentic investigation cannot resolve it, Tier 3 generates a custom analyzer and caches it for future reuse. Most findings resolve at Tier 1. +**Progressive fallback:** The system attempts Tier 1 first. If the deterministic analyzer cannot reach a high-confidence verdict, the finding escalates to Tier 2. If the agentic investigation cannot resolve it, Tier 3 handles it automatically and coverage expands for future findings of the same type. Most findings resolve at Tier 1. A shared context-aware intelligence layer enriches every tier with codebase signals: dataflow quality, production versus test classification, security control detection, and intentionally-vulnerable project filtering. Every verdict includes a typed status, adjusted severity, justification with code snippets, and a confidence score. @@ -62,7 +62,7 @@ The remediation engine uses a hybrid-intelligence model: deterministic codemods **Deterministic codemods:** Pre-built, rule-based transformations for known OWASP/SANS security patterns. Same input, same output, every time. Zero LLM involvement. Zero hallucination risk. Open-source engines (codemodder-java, codemodder-python) are publicly inspectable. See [Remediation](/platform/remediation) for the full codemod library. -**AI-powered fixes:** Handle custom frameworks, multi-file dataflow vulnerabilities, and novel patterns where deterministic rules cannot reach. Scanner-aware dispatchers for 8+ tools ensure the AI receives the right context for each scanner's output format. +**AI-powered fixes:** Handle custom frameworks, multi-file dataflow vulnerabilities, and novel patterns where deterministic rules cannot reach. Pixee extracts maximum metadata from each scanner's native output format, normalizing findings so the AI receives the right context regardless of source scanner. **Multi-agent fix planning:** Complex fixes that span dependency manifests, source files, and configuration changes are planned before execution. Specialized agents handle version decisions, source file identification, and manifest updates independently. Plans are evaluated for quality before code changes begin. @@ -107,11 +107,11 @@ For air-gapped deployments, a customer-hosted LLM is required. No code leaves th ## Three-Component Stack -| Component | Technology | Responsibility | -| -------------------- | ------------------ | -------------------------------------------------------------------------------------------- | -| **Backend Platform** | Java / Quarkus | Platform orchestration, scan ingestion, PR authoring, API layer, webhook processing | -| **Analysis Service** | Python / FastAPI | Triage analysis, remediation generation, fix evaluation, SCA processing, code transformation | -| **User Platform** | React / TypeScript | Dashboard, findings management, configuration, reporting | +| Component | Responsibility | +| -------------------- | -------------------------------------------------------------------------------------------- | +| **Backend Platform** | Platform orchestration, scan ingestion, PR authoring, API layer, webhook processing | +| **Analysis Service** | Triage analysis, remediation generation, fix evaluation, SCA processing, code transformation | +| **User Interface** | Dashboard, findings management, configuration, reporting | -The Analysis Service handles the computationally intensive work -- triage decisions, fix generation, and quality evaluation. The Backend Platform manages the integration surface: scanner webhooks, SCM platform APIs, and PR lifecycle. The User Platform provides visibility into triage outcomes, remediation activity, and configuration. +The Analysis Service handles the computationally intensive work -- triage decisions, fix generation, and quality evaluation. The Backend Platform manages the integration surface: scanner webhooks, SCM platform APIs, and PR lifecycle. The User Interface provides visibility into triage outcomes, remediation activity, and configuration. diff --git a/docs/platform/remediation.md b/docs/platform/remediation.md index fbab0375..3cdcbd19 100644 --- a/docs/platform/remediation.md +++ b/docs/platform/remediation.md @@ -23,20 +23,13 @@ Pixee uses two fundamentally different fix engines, routed automatically based o Routing is automatic. The system checks whether a deterministic codemod exists for the vulnerability type. If yes, the codemod fires — sub-second, zero LLM cost. If no deterministic rule handles it, an AI-powered fix is generated using scanner-aware context. -**Open-source engines.** The deterministic codemod engines (codemodder-java with 51 core codemods, codemodder-python with 60+ core codemods) are publicly inspectable. Customers and auditors can read the transformation rules before trusting them. +**Open-source engines.** The deterministic codemod engines (codemodder-java, codemodder-python) are publicly inspectable. Customers and auditors can read the transformation rules before trusting them. -**Scanner-aware dispatchers.** The AI fix engine includes scanner-aware dispatchers for each natively integrated scanner. Each dispatcher understands the scanner's output format and rule semantics, so the AI receives the right context for each finding. +**Native scanner support.** Pixee extracts maximum metadata from each scanner's native output format, normalizing findings for consistent downstream processing regardless of source scanner. Native integrations benefit from richer metadata than generic SARIF ingestion. ## Context Gathering -Fix quality is bounded by what the system can see. Context gathering controls this boundary using the same four-tier dataflow quality classification that drives triage accuracy. - -| Tier | Description | Gathering Strategy | -|---|---|---| -| **Strong Multi-File** | High-confidence taint propagation across multiple files | Traces full cross-file dataflow; includes all files in the taint path | -| **Strong Single-File** | High-confidence dataflow within a single file | Full file context with highlighted vulnerable region | -| **Weak** | Partial or low-confidence dataflow information | Targeted excerpts around the flagged location | -| **Single-Location** | Only the flagged line, no dataflow available | Surrounding context with heuristic file matching | +Fix quality is bounded by what the system can see. Context gathering adapts based on the quality and completeness of dataflow evidence available for each finding. Pixee evaluates whether the full taint path from source to sink is traceable and adjusts context accordingly — tracing full cross-file dataflow when available, and using targeted excerpts when evidence is limited. Key capabilities: follows SARIF-based taint propagation across files, highlights the vulnerable region with inline markers, adapts between whole-file and targeted excerpts based on file size, and merges consecutive vulnerable regions to reduce token cost. @@ -94,6 +87,6 @@ Standard `git revert` applies if any merged change needs to be undone. There is | **Universal SARIF** | Any SARIF-producing scanner (50+ validated) | | **Platforms** | GitHub, GitLab, Azure DevOps, Bitbucket | -Deterministic codemod coverage is deepest for Java (51+ codemods) and Python (60+ codemods). JavaScript/TypeScript, .NET, Go, and PHP have expanding codemod libraries supplemented by AI-powered generation for patterns not yet covered by deterministic rules. +Deterministic codemod coverage is deepest for Java and Python. JavaScript/TypeScript, .NET, Go, and PHP have expanding codemod libraries supplemented by AI-powered generation for patterns not yet covered by deterministic rules. SCA findings flow through the same remediation pipeline as SAST findings — see [SCA](/platform/sca) for dependency-specific details. diff --git a/docs/platform/sca.md b/docs/platform/sca.md index 0c0d7b5e..0c8fb613 100644 --- a/docs/platform/sca.md +++ b/docs/platform/sca.md @@ -30,7 +30,7 @@ Pixee answers "Can this CVE actually be triggered in this codebase?" — not jus | **1. External research** | A CVE research agent gathers CVE details, changelogs, patches, and release notes to identify the specific conditions required for exploitation | | **2. Internal analysis** | The triage agent examines how the library is actually used in your code — which functions are called, what input reaches them, what security controls exist | | **3. Evidence-based classification** | Every "Not Exploitable" verdict includes the conditions the CVE requires, analysis of each condition against your code, code snippets demonstrating why conditions are or are not met, and a defensible conclusion | -| **4. Cache acceleration** | Verified CVE+dependency combinations are cached. The same analysis is not repeated across repositories sharing common dependencies | +| **4. Efficient reanalysis** | Previously evaluated CVE+dependency combinations are not reanalyzed unnecessarily, keeping SCA processing efficient across repositories sharing common dependencies | **Concrete example:** A scanner flags a Spring WebFlux static resource authorization bypass (CVSS 6.9). The CVE requires three conditions: WebFlux controllers, Spring static resource handling, and a non-permitAll security rule. Pixee's analysis finds no WebFlux controllers, no Spring static resource APIs, and no non-permitAll protection rules. Two of three conditions are unmet. Classification: Not Exploitable, with the evidence. @@ -42,13 +42,9 @@ Pixee answers "Can this CVE actually be triggered in this codebase?" — not jus | **Basic reachability** | "The vulnerable function is reachable from your code" | Exploitation preconditions, input validation, configuration states | | **Exploitability verification** (Pixee) | "This CVE requires conditions X, Y, Z. Your code meets/does not meet each one. Here is the evidence." | — | -## Verification Cache +## Efficient Reanalysis -Verified CVE+dependency combinations are cached for reuse across repositories. Organizations with many repositories sharing common dependencies verify once, not N times. - -- Significantly reduces cost for repeated CVE analysis -- Cache remains valid until CVE data or dependency context changes -- Particularly valuable for large enterprises where dozens of repositories import the same libraries +Pixee avoids redundant reanalysis of previously evaluated dependency/vulnerability combinations, keeping SCA processing efficient at scale. Organizations with many repositories sharing common dependencies benefit automatically — repeated CVE analysis across repositories is avoided without requiring manual coordination. ## Transitive Dependency Handling diff --git a/docs/platform/scanner-integration.md b/docs/platform/scanner-integration.md index 1d2d9142..0a81d5ed 100644 --- a/docs/platform/scanner-integration.md +++ b/docs/platform/scanner-integration.md @@ -37,7 +37,7 @@ Both tiers feed into the same downstream [triage](/platform/triage) and [remedia ### Checkmarx - Compensates for Checkmarx's sparse SARIF output (minimal rule descriptions, no codeFlows) -- Uses a rule-ID-only prompting strategy that routes findings to the adaptive triage pipeline, which re-derives context directly from the codebase +- Uses compensatory strategies that re-derive triage context directly from the codebase when scanner metadata is sparse - Includes Checkmarx-specific remediation codemods (SQL parameterization for .NET and JavaScript, NoSQL parameterization for JavaScript) ## Standard Scanner Integrations @@ -45,15 +45,15 @@ Both tiers feed into the same downstream [triage](/platform/triage) and [remedia | Scanner | Status | Integration Method | |---|---|---| | **Veracode** | GA | SARIF pipeline with tool-specific identification | -| **Snyk Code** | GA | SARIF pipeline with AI fix dispatcher support | -| **SonarQube / SonarCloud** | GA | SARIF pipeline with dedicated prompt builders | +| **Snyk Code** | GA | SARIF pipeline with native metadata extraction | +| **SonarQube / SonarCloud** | GA | SARIF pipeline with native metadata extraction | | **HCL AppScan** | GA | SARIF ingestion pipeline | | **Polaris (Synopsys)** | GA | SARIF ingestion pipeline | | **Fortify** | GA | SARIF ingestion pipeline | | **Contrast** | GA | SARIF ingestion pipeline | | **GitLab SAST** | GA | SARIF pipeline with dedicated namespace | | **GitLab SCA** | GA | SARIF pipeline | -| **Trivy** | GA | SARIF pipeline with AI fix dispatcher support | +| **Trivy** | GA | SARIF pipeline with native metadata extraction | | **DefectDojo** | GA | SARIF pipeline (aggregates findings from multiple scanners) | All named scanner integrations are GA. See individual scanner integration pages under [Integrations](/integrations/overview) for per-tool setup guides. @@ -81,7 +81,7 @@ Triage accuracy scales with the richness of metadata each scanner includes in it | **Rule descriptions** | Semgrep (fullDescription.text), CodeQL (help.markdown) | Enriches triage context with rule semantics | | **Severity ratings** | Most scanners | Input to context-aware severity adjustment | | **Language tags** | Most scanners | Routes to language-specific codemods and analysis strategies | -| **Rule ID only** (minimal metadata) | Checkmarx, some internal tools | Triggers adaptive triage that re-derives context from the codebase | +| **Rule ID only** (minimal metadata) | Checkmarx, some internal tools | Triggers compensatory strategies that re-derive context from the codebase | Rich-metadata scanners get deep extraction. Sparse-metadata scanners get compensatory strategies. No scanner is left behind. diff --git a/docs/platform/triage.md b/docs/platform/triage.md index 287ff4d9..55f69f74 100644 --- a/docs/platform/triage.md +++ b/docs/platform/triage.md @@ -20,19 +20,19 @@ Pixee routes every finding through a tiered system that applies the cheapest suf |---|---|---|---|---|---| | **Tier 1: Structured** | 15+ deterministic analyzers | Sub-second | Zero | Reproducible — same input, same output | Known vulnerability classes (SQL injection, XSS, command injection, path traversal, 12+ more) | | **Tier 2: Agentic** | AI agents dynamically search the codebase | Seconds | Per-finding | Readable investigation trail with every search and reasoning step | Ambiguous findings, novel frameworks, custom security controls | -| **Tier 3: Adaptive** | Generates custom analyzers on the fly, caches for reuse | Minutes (first encounter), near-Tier-2 speed after caching | Per-finding (first encounter only) | Generated analyzer is inspectable | Novel rule types, proprietary scanners, custom rulesets | +| **Tier 3: Adaptive** | Handles novel rule types automatically, expanding coverage as new rule types are encountered | Minutes (first encounter), faster on subsequent encounters | Per-finding (first encounter only) | Generated analyzer is inspectable | Novel rule types, proprietary scanners, custom rulesets | **End-to-end flow:** 1. A finding arrives from any SARIF-producing scanner. 2. Tier 1 checks whether a deterministic analyzer exists for this vulnerability class. If yes and confidence is sufficient, triage completes at sub-second speed. 3. If Tier 1 cannot decide, the finding routes to Tier 2. An AI agent investigates the codebase — searching for security controls, tracing dataflow, and building an evidence chain. -4. If Tier 2 cannot resolve the finding (typically because the rule type is novel), Tier 3 generates a custom analyzer, runs it, and caches it for future use. +4. If Tier 2 cannot resolve the finding (typically because the rule type is novel), Tier 3 handles it automatically and coverage expands for future findings of the same type. 5. Regardless of which tier resolved it, every finding exits with the same structured verdict. **Cost efficiency:** Most findings resolve at Tier 1, where there is no LLM cost. Only genuinely complex findings incur AI inference cost. -**Self-extending coverage:** Every novel rule type Tier 3 encounters becomes a cached analyzer. Coverage grows automatically as you connect new scanners. +**Expanding coverage:** Pixee handles novel and custom rule types automatically — including proprietary scanners, custom Semgrep rules, and internal CodeQL queries — without manual configuration. Coverage expands as new rule types are encountered. ## Context-Aware Intelligence @@ -40,14 +40,7 @@ A shared intelligence layer enriches all three tiers with codebase context. Reac **Context signals evaluated on every finding:** -**Dataflow quality.** Classified on a four-tier scale: strong multi-file, strong single-file, weak, and single-location. Higher dataflow quality increases confidence in true positive verdicts. Weak evidence can downgrade findings that basic reachability would flag as critical. - -| Tier | Description | Confidence Impact | -|---|---|---| -| **Strong Multi-File** | High-confidence taint propagation across multiple files | Highest confidence | -| **Strong Single-File** | High-confidence dataflow within a single file | High confidence | -| **Weak** | Partial or low-confidence dataflow | Reduced confidence; may downgrade findings | -| **Single-Location** | Only the flagged line, no dataflow available | Lowest confidence | +**Dataflow quality.** Pixee evaluates the quality and completeness of dataflow evidence available for each finding. Findings with stronger dataflow evidence — where the full taint path from source to sink is traceable — receive higher-confidence verdicts. Findings with limited dataflow evidence are handled conservatively. **Production vs. test classification.** A SQL injection in a production API endpoint is critical. The same pattern in a test fixture is not. Pixee classifies code context and adjusts severity accordingly, so dashboards reflect real exploit risk rather than raw rule counts. diff --git a/docs/platform/what-is-agentic-security-engineering.md b/docs/platform/what-is-agentic-security-engineering.md index bcd3f248..38a9cbef 100644 --- a/docs/platform/what-is-agentic-security-engineering.md +++ b/docs/platform/what-is-agentic-security-engineering.md @@ -51,7 +51,7 @@ The term "agentic" distinguishes this approach from both rule-based automation a **Multi-agent orchestration.** Specialized agents handle distinct tasks independently: triage analysis, fix planning, dependency resolution, and fix quality evaluation. The agent that generates a fix is not the agent that evaluates it — preventing self-grading. -**Hybrid intelligence architecture.** The system routes each task to the cheapest sufficient method. Known patterns get deterministic rules (sub-second, zero cost). Complex patterns get AI investigation. Novel patterns generate new analyzers that are cached for future reuse. Routing is automatic. +**Hybrid intelligence architecture.** The system routes each task to the cheapest sufficient method. Known patterns get deterministic rules (sub-second, zero cost). Complex patterns get AI investigation. Novel and custom rule types — including proprietary scanners and custom rulesets — are handled automatically, with coverage expanding as new rule types are encountered. Routing is automatic. ## End-to-End Processing Flow @@ -67,10 +67,10 @@ SAST and SCA findings both flow through this same pipeline. ## Technical Stack -| Component | Technology | Responsibility | -|---|---|---| -| **Backend Platform** | Java / Quarkus | Platform orchestration, scan ingestion, PR authoring, API layer, webhook processing | -| **Analysis Service** | Python / FastAPI | Triage analysis, remediation generation, fix evaluation, SCA processing, code transformation | -| **User Platform** | React / TypeScript | Dashboard, findings management, configuration, reporting | +| Component | Responsibility | +|---|---| +| **Backend Platform** | Platform orchestration, scan ingestion, PR authoring, API layer, webhook processing | +| **Analysis Service** | Triage analysis, remediation generation, fix evaluation, SCA processing, code transformation | +| **User Interface** | Dashboard, findings management, configuration, reporting | See [Platform Architecture](/platform/architecture) for the full technical stack and LLM orchestration details. From eeb44b50a0820ee26068575d36dabe390cd24a7b Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 17:55:34 -0700 Subject: [PATCH 08/20] =?UTF-8?q?docs:=20clean=20up=20What=20Pixee=20Fixes?= =?UTF-8?q?=20=E2=80=94=20normalize=20Fix=20Mode=20column=20to=20Both,=20s?= =?UTF-8?q?implify=20Secrets,=20drop=20Notes=20on=20Coverage?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/platform/what-pixee-fixes.md | 82 ++++++++++++++----------------- 1 file changed, 38 insertions(+), 44 deletions(-) diff --git a/docs/platform/what-pixee-fixes.md b/docs/platform/what-pixee-fixes.md index 99e2559d..d8ed7dc0 100644 --- a/docs/platform/what-pixee-fixes.md +++ b/docs/platform/what-pixee-fixes.md @@ -8,58 +8,58 @@ description: Canonical reference for all vulnerability types, finding categories sidebar_position: 3 --- -This page is the canonical reference for what Pixee can triage and fix. It covers all vulnerability types and finding categories across SAST, SCA, and IaC findings, and shows the fix mode (Deterministic, AI, or Both) for each category. +This page is the canonical reference for what Pixee can triage and fix. It covers all vulnerability types and finding categories across SAST, SCA, and IaC findings. ## Vulnerability Coverage Table | Vulnerability Category | Examples | Triage | Fix Mode | |---|---|---|---| -| **Injection — SQL** | SQL injection via string concatenation, unparameterized queries | Yes | Deterministic / Both | -| **Injection — Command** | OS command injection, shell metacharacters in exec calls | Yes | Deterministic / Both | -| **Injection — LDAP** | LDAP injection via unsanitized directory search filters | Yes | AI | -| **Injection — XPath** | XPath injection via user-controlled node selection | Yes | AI | -| **Injection — NoSQL** | NoSQL injection in MongoDB, Redis, and similar query patterns | Yes | AI | -| **Injection — Expression Language** | EL/OGNL injection via template or framework evaluation | Yes | AI | -| **Cross-Site Scripting (XSS) — Reflected** | Reflected XSS via unencoded user input in HTTP responses | Yes | Deterministic / Both | +| **Injection — SQL** | SQL injection via string concatenation, unparameterized queries | Yes | Both | +| **Injection — Command** | OS command injection, shell metacharacters in exec calls | Yes | Both | +| **Injection — LDAP** | LDAP injection via unsanitized directory search filters | Yes | Both | +| **Injection — XPath** | XPath injection via user-controlled node selection | Yes | Both | +| **Injection — NoSQL** | NoSQL injection in MongoDB, Redis, and similar query patterns | Yes | Both | +| **Injection — Expression Language** | EL/OGNL injection via template or framework evaluation | Yes | Both | +| **Cross-Site Scripting (XSS) — Reflected** | Reflected XSS via unencoded user input in HTTP responses | Yes | Both | | **Cross-Site Scripting (XSS) — Stored** | Stored XSS persisted in database and rendered to other users | Yes | Both | | **Cross-Site Scripting (XSS) — DOM-Based** | DOM XSS via document.write, innerHTML, eval with user data | Yes | Both | -| **Path Traversal** | Directory traversal via `../` sequences, file inclusion flaws | Yes | Deterministic / Both | -| **Server-Side Request Forgery (SSRF)** | SSRF via unvalidated URL parameters to internal or cloud metadata endpoints | Yes | Deterministic / Both | -| **Insecure Deserialization** | Unsafe Java ObjectInputStream, Python pickle, .NET BinaryFormatter | Yes | Both | -| **Weak Cryptography** | MD5, SHA-1 for security-sensitive operations; ECB mode; short key lengths | Yes | Deterministic / Both | -| **Insecure Randomness** | `java.util.Random`, `Math.random()`, `random.random()` for security tokens | Yes | Deterministic / Both | -| **Hardcoded Secrets** | Hardcoded API keys, passwords, tokens in source code | Yes | AI | +| **Path Traversal** | Directory traversal via `../` sequences, file inclusion flaws | Yes | Both | +| **Server-Side Request Forgery (SSRF)** | SSRF via unvalidated URL parameters to internal or cloud metadata endpoints | Yes | Both | +| **Insecure Deserialization** | Unsafe deserialization of untrusted data | Yes | Both | +| **Weak Cryptography** | MD5, SHA-1 for security-sensitive operations; ECB mode; short key lengths | Yes | Both | +| **Insecure Randomness** | Insecure random number generators used for security-sensitive tokens | Yes | Both | +| **Hardcoded Secrets** | Hardcoded API keys, passwords, tokens in source code | Yes | Both | | **Authentication / Session Weaknesses** | Broken authentication, session fixation, missing session invalidation, insecure cookie flags | Yes | Both | -| **Insecure Direct Object Reference (IDOR)** | Missing authorization checks on resource identifiers | Yes | AI | -| **XML / XXE Vulnerabilities** | XML External Entity injection, DTD processing, XXE via SSRF | Yes | Deterministic / Both | -| **Insecure Temp Files** | Predictable temp file creation, race conditions on tempfile usage | Yes | Deterministic / Both | -| **Logging Sensitive Data** | PII, credentials, tokens written to logs | Yes | AI | +| **Insecure Direct Object Reference (IDOR)** | Missing authorization checks on resource identifiers | Yes | Both | +| **XML / XXE Vulnerabilities** | XML External Entity injection, DTD processing, XXE via SSRF | Yes | Both | +| **Insecure Temp Files** | Predictable temp file creation, race conditions on tempfile usage | Yes | Both | +| **Logging Sensitive Data** | PII, credentials, tokens written to logs | Yes | Both | | **Security Misconfigurations** | Missing security headers, insecure defaults, disabled CSRF protection | Yes | Both | -| **SSL/TLS Weaknesses** | Disabled hostname verification, accepting all certificates, weak protocols | Yes | Deterministic / Both | -| **Dependency Vulnerabilities (SCA)** | CVEs in direct and transitive open-source dependencies | Yes | Deterministic (version bumps + source refactoring) | +| **SSL/TLS Weaknesses** | Disabled hostname verification, accepting all certificates, weak protocols | Yes | Both | +| **Dependency Vulnerabilities (SCA)** | CVEs in direct and transitive open-source dependencies | Yes | Both | | **Container / Dockerfile Misconfigurations** | Running as root, insecure base image patterns, exposed secrets in layers | Yes | Both | | **Infrastructure as Code (IaC) Misconfigurations** | Terraform / CloudFormation / Kubernetes / Helm security misconfigurations, overly permissive IAM, unencrypted storage | Yes | Both | -| **Open Redirect (CWE-601)** | Redirects to attacker-controlled URLs via unvalidated redirect parameters | Yes | Triage + Fix | -| **Code Injection / Eval Injection (CWE-94)** | Dynamic code execution from untrusted input via eval, exec, or similar constructs | Yes | Triage + Fix | -| **Prototype Pollution** | JavaScript object prototype manipulation via untrusted key assignment | Yes | Triage + Fix | -| **Template Injection (SSTI)** | Server-side template injection via user input rendered in template engines | Yes | Triage + Fix | -| **Insecure File Upload (CWE-434)** | Unrestricted file type or content upload without validation | Yes | Triage + Fix | -| **Missing Security Headers** | CSP, HSTS, X-Frame-Options, and other protective headers absent from responses | Yes | Triage + Fix | -| **CORS Misconfiguration** | Overly permissive cross-origin resource sharing allowing untrusted origins | Yes | Triage + Fix | -| **Race Conditions / TOCTOU (CWE-362)** | Time-of-check to time-of-use vulnerabilities in file and resource access | Yes | Triage | -| **Improper Input Validation (CWE-20)** | Missing or insufficient validation of input data before processing | Yes | Triage + Fix | -| **Integer Overflow / Underflow (CWE-190)** | Arithmetic boundary condition errors leading to unexpected behavior | Yes | Triage + Fix | +| **Open Redirect** | Redirects to attacker-controlled URLs via unvalidated redirect parameters | Yes | Both | +| **Code Injection / Eval Injection** | Dynamic code execution from untrusted input | Yes | Both | +| **Prototype Pollution** | JavaScript object prototype manipulation via untrusted key assignment | Yes | Both | +| **Template Injection (SSTI)** | Server-side template injection via user input rendered in template engines | Yes | Both | +| **Insecure File Upload** | Unrestricted file type or content upload without validation | Yes | Both | +| **Missing Security Headers** | CSP, HSTS, X-Frame-Options, and other protective headers absent from responses | Yes | Both | +| **CORS Misconfiguration** | Overly permissive cross-origin resource sharing allowing untrusted origins | Yes | Both | +| **Race Conditions / TOCTOU** | Time-of-check to time-of-use vulnerabilities in file and resource access | Yes | Triage | +| **Improper Input Validation** | Missing or insufficient validation of input data before processing | Yes | Both | +| **Integer Overflow / Underflow** | Arithmetic boundary condition errors leading to unexpected behavior | Yes | Both | ## Secrets Detection -Pixee triages and remediates secrets found in source code across all supported scanners. +Pixee primarily triages secrets findings — detecting hardcoded credentials, API keys, tokens, and cloud provider secrets in source code. Automated fixes are available for common patterns where a safe remediation is unambiguous. -| Category | Examples | Supported | -|---|---|---| -| **API Keys & Tokens** | Hardcoded API keys, OAuth tokens, service account keys | Triage + Fix | -| **Credentials in Code** | Hardcoded passwords, database connection strings | Triage + Fix | -| **Cloud Provider Secrets** | AWS access keys, GCP service account JSON, Azure credentials | Triage + Fix | -| **Private Keys & Certificates** | RSA/EC private keys, TLS certificates committed to repos | Triage + Fix | +| Category | Examples | +|---|---| +| **API Keys & Tokens** | Hardcoded API keys, OAuth tokens, service account keys | +| **Credentials in Code** | Hardcoded passwords, database connection strings | +| **Cloud Provider Secrets** | AWS access keys, GCP service account JSON, Azure credentials | +| **Private Keys & Certificates** | RSA/EC private keys, TLS certificates committed to repos | ## Custom Rules @@ -73,10 +73,4 @@ Pixee's triage engine handles custom scanner rules — including custom Semgrep **Both** — A deterministic codemod handles well-understood patterns (standard libraries, known frameworks), while AI handles custom or complex variants. Routing is automatic. -## Notes on Coverage - -Fix mode depends on the language and scanner context. Not every vulnerability type has a deterministic codemod for every language. Java and Python have the deepest deterministic codemod libraries. Go and PHP rely more heavily on AI-powered fixes. - -For per-language coverage depth, see [Language Support](/languages/overview) for the full coverage matrix across all supported languages and IaC formats. - -For per-scanner handling details, see the scanner integration pages under [Integrations](/integrations/overview). +Fix mode and coverage depth vary by language and scanner. For supported languages and IaC formats, see [Language Support](/languages/overview). For per-scanner setup, see [Integrations](/integrations/overview). From e242d39d6e9dbe53b058f3223dbd3b64c84598c4 Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 18:00:06 -0700 Subject: [PATCH 09/20] =?UTF-8?q?docs:=20restore=20original=20Fix=20Mode?= =?UTF-8?q?=20values=20=E2=80=94=20only=20convert=20'Triage=20+=20Fix'=20r?= =?UTF-8?q?ows=20to=20Both?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/platform/what-pixee-fixes.md | 36 +++++++++++++++---------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/docs/platform/what-pixee-fixes.md b/docs/platform/what-pixee-fixes.md index d8ed7dc0..0590b5ee 100644 --- a/docs/platform/what-pixee-fixes.md +++ b/docs/platform/what-pixee-fixes.md @@ -14,29 +14,29 @@ This page is the canonical reference for what Pixee can triage and fix. It cover | Vulnerability Category | Examples | Triage | Fix Mode | |---|---|---|---| -| **Injection — SQL** | SQL injection via string concatenation, unparameterized queries | Yes | Both | -| **Injection — Command** | OS command injection, shell metacharacters in exec calls | Yes | Both | -| **Injection — LDAP** | LDAP injection via unsanitized directory search filters | Yes | Both | -| **Injection — XPath** | XPath injection via user-controlled node selection | Yes | Both | -| **Injection — NoSQL** | NoSQL injection in MongoDB, Redis, and similar query patterns | Yes | Both | -| **Injection — Expression Language** | EL/OGNL injection via template or framework evaluation | Yes | Both | -| **Cross-Site Scripting (XSS) — Reflected** | Reflected XSS via unencoded user input in HTTP responses | Yes | Both | +| **Injection — SQL** | SQL injection via string concatenation, unparameterized queries | Yes | Deterministic / Both | +| **Injection — Command** | OS command injection, shell metacharacters in exec calls | Yes | Deterministic / Both | +| **Injection — LDAP** | LDAP injection via unsanitized directory search filters | Yes | AI | +| **Injection — XPath** | XPath injection via user-controlled node selection | Yes | AI | +| **Injection — NoSQL** | NoSQL injection in MongoDB, Redis, and similar query patterns | Yes | AI | +| **Injection — Expression Language** | EL/OGNL injection via template or framework evaluation | Yes | AI | +| **Cross-Site Scripting (XSS) — Reflected** | Reflected XSS via unencoded user input in HTTP responses | Yes | Deterministic / Both | | **Cross-Site Scripting (XSS) — Stored** | Stored XSS persisted in database and rendered to other users | Yes | Both | | **Cross-Site Scripting (XSS) — DOM-Based** | DOM XSS via document.write, innerHTML, eval with user data | Yes | Both | -| **Path Traversal** | Directory traversal via `../` sequences, file inclusion flaws | Yes | Both | -| **Server-Side Request Forgery (SSRF)** | SSRF via unvalidated URL parameters to internal or cloud metadata endpoints | Yes | Both | +| **Path Traversal** | Directory traversal via `../` sequences, file inclusion flaws | Yes | Deterministic / Both | +| **Server-Side Request Forgery (SSRF)** | SSRF via unvalidated URL parameters to internal or cloud metadata endpoints | Yes | Deterministic / Both | | **Insecure Deserialization** | Unsafe deserialization of untrusted data | Yes | Both | -| **Weak Cryptography** | MD5, SHA-1 for security-sensitive operations; ECB mode; short key lengths | Yes | Both | -| **Insecure Randomness** | Insecure random number generators used for security-sensitive tokens | Yes | Both | -| **Hardcoded Secrets** | Hardcoded API keys, passwords, tokens in source code | Yes | Both | +| **Weak Cryptography** | MD5, SHA-1 for security-sensitive operations; ECB mode; short key lengths | Yes | Deterministic / Both | +| **Insecure Randomness** | Insecure random number generators used for security-sensitive tokens | Yes | Deterministic / Both | +| **Hardcoded Secrets** | Hardcoded API keys, passwords, tokens in source code | Yes | AI | | **Authentication / Session Weaknesses** | Broken authentication, session fixation, missing session invalidation, insecure cookie flags | Yes | Both | -| **Insecure Direct Object Reference (IDOR)** | Missing authorization checks on resource identifiers | Yes | Both | -| **XML / XXE Vulnerabilities** | XML External Entity injection, DTD processing, XXE via SSRF | Yes | Both | -| **Insecure Temp Files** | Predictable temp file creation, race conditions on tempfile usage | Yes | Both | -| **Logging Sensitive Data** | PII, credentials, tokens written to logs | Yes | Both | +| **Insecure Direct Object Reference (IDOR)** | Missing authorization checks on resource identifiers | Yes | AI | +| **XML / XXE Vulnerabilities** | XML External Entity injection, DTD processing, XXE via SSRF | Yes | Deterministic / Both | +| **Insecure Temp Files** | Predictable temp file creation, race conditions on tempfile usage | Yes | Deterministic / Both | +| **Logging Sensitive Data** | PII, credentials, tokens written to logs | Yes | AI | | **Security Misconfigurations** | Missing security headers, insecure defaults, disabled CSRF protection | Yes | Both | -| **SSL/TLS Weaknesses** | Disabled hostname verification, accepting all certificates, weak protocols | Yes | Both | -| **Dependency Vulnerabilities (SCA)** | CVEs in direct and transitive open-source dependencies | Yes | Both | +| **SSL/TLS Weaknesses** | Disabled hostname verification, accepting all certificates, weak protocols | Yes | Deterministic / Both | +| **Dependency Vulnerabilities (SCA)** | CVEs in direct and transitive open-source dependencies | Yes | Deterministic / Both | | **Container / Dockerfile Misconfigurations** | Running as root, insecure base image patterns, exposed secrets in layers | Yes | Both | | **Infrastructure as Code (IaC) Misconfigurations** | Terraform / CloudFormation / Kubernetes / Helm security misconfigurations, overly permissive IAM, unencrypted storage | Yes | Both | | **Open Redirect** | Redirects to attacker-controlled URLs via unvalidated redirect parameters | Yes | Both | From 187f7cd16243988751a88adbaa1daeb492f40f51 Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 18:01:37 -0700 Subject: [PATCH 10/20] =?UTF-8?q?docs:=20complete=20language=20page=20?= =?UTF-8?q?=E2=80=94=20add=20package=20managers=20column,=20populate=20IaC?= =?UTF-8?q?=20notes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/languages/languages-overview.md | 40 ++++++++++++++-------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/docs/languages/languages-overview.md b/docs/languages/languages-overview.md index 20c6c2b6..393e6e5d 100644 --- a/docs/languages/languages-overview.md +++ b/docs/languages/languages-overview.md @@ -12,30 +12,30 @@ Pixee supports a broad and growing set of languages and IaC formats. Coverage ex ## Programming Languages -| Language | Common Frameworks (examples) | -|---|---| -| **Java** | Spring Boot, Jakarta EE, Micronaut | -| **Python** | Django, Flask, FastAPI | -| **JavaScript / TypeScript / Node.js** | Express, React, Next.js, Nest.js | -| **C# / .NET** | ASP.NET Core, Blazor | -| **Go** | Standard library, Gin, Echo | -| **Ruby** | Rails, Sinatra | -| **PHP** | Laravel, Symfony | -| **Kotlin** | Spring Boot, Android | -| **Rust** | | -| **Scala** | Play, Akka | -| **Swift** | iOS/macOS | -| **Objective-C** | iOS/macOS | +| Language | Common Frameworks (examples) | Common Package Managers (examples) | +|---|---|---| +| **Java** | Spring Boot, Jakarta EE, Micronaut | Maven, Gradle | +| **Python** | Django, Flask, FastAPI | pip, Poetry, Pipenv, conda, setuptools | +| **JavaScript / TypeScript / Node.js** | Express, React, Next.js, Nest.js | npm, yarn, pnpm | +| **C# / .NET** | ASP.NET Core, Blazor | NuGet | +| **Go** | Standard library, Gin, Echo | Go modules | +| **Ruby** | Rails, Sinatra | Bundler (Gemfile) | +| **PHP** | Laravel, Symfony | Composer | +| **Kotlin** | Spring Boot, Android | Maven, Gradle | +| **Rust** | | Cargo | +| **Scala** | Play, Akka | sbt, Maven | +| **Swift** | iOS/macOS | Swift Package Manager | +| **Objective-C** | iOS/macOS | CocoaPods, Carthage | ## Infrastructure as Code | Format | Notes | |---|---| -| **Terraform / HCL** | | -| **Dockerfile / Containerfile** | | -| **Kubernetes / Helm** | | -| **CloudFormation** | | -| **Ansible** | | -| **Docker Compose** | | +| **Terraform / HCL** | Security misconfigurations, IAM policies, storage encryption, network exposure | +| **Dockerfile / Containerfile** | Running as root, insecure base images, exposed secrets in build layers | +| **Kubernetes / Helm** | Pod security contexts, RBAC misconfigurations, exposed secrets, network policies | +| **CloudFormation** | AWS resource misconfigurations, IAM, S3, security groups | +| **Ansible** | Playbook security patterns | +| **Docker Compose** | Service configuration security | For what Pixee triages and fixes across these languages and formats, see [What Pixee Fixes](/platform/what-pixee-fixes). For questions about a specific language or framework not listed here, [contact the team](https://pixee.ai/demo). From 7060dc2f9580f3232311879915641a6c11e07d23 Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 18:03:45 -0700 Subject: [PATCH 11/20] docs: add Groovy, Shell/Bash, PowerShell to language support; soften closing line --- docs/languages/languages-overview.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/languages/languages-overview.md b/docs/languages/languages-overview.md index 393e6e5d..abb340ec 100644 --- a/docs/languages/languages-overview.md +++ b/docs/languages/languages-overview.md @@ -26,6 +26,9 @@ Pixee supports a broad and growing set of languages and IaC formats. Coverage ex | **Scala** | Play, Akka | sbt, Maven | | **Swift** | iOS/macOS | Swift Package Manager | | **Objective-C** | iOS/macOS | CocoaPods, Carthage | +| **Groovy** | Gradle, Spring, Jenkins | Maven, Gradle | +| **Shell / Bash** | | — | +| **PowerShell** | | — | ## Infrastructure as Code @@ -38,4 +41,4 @@ Pixee supports a broad and growing set of languages and IaC formats. Coverage ex | **Ansible** | Playbook security patterns | | **Docker Compose** | Service configuration security | -For what Pixee triages and fixes across these languages and formats, see [What Pixee Fixes](/platform/what-pixee-fixes). For questions about a specific language or framework not listed here, [contact the team](https://pixee.ai/demo). +For what Pixee triages and fixes across these languages and formats, see [What Pixee Fixes](/platform/what-pixee-fixes). Pixee's architecture is designed to work across languages — if yours isn't listed, [contact the team](https://pixee.ai/demo). From 7fa4b5e58d0f8716572890ed3bbe608bfdafecbc Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 18:12:22 -0700 Subject: [PATCH 12/20] docs: resolve all NEEDS VERIFICATION placeholders in context-memory.md - Remove scope-of-learning placeholder (TMI; repo-level detail not needed) - Finalize observing improvement: "improved triage outcomes and higher merge rates" - Document three override paths: individual triage result feedback, PIXEE.yaml, Organization Preferences UI - Confirm override propagation description is accurate; remove placeholder - Add Organization Preferences as the org-level mechanism for enterprise context configuration Co-Authored-By: Claude Sonnet 4.6 --- docs/platform/context-memory.md | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/docs/platform/context-memory.md b/docs/platform/context-memory.md index 39eb54ae..281918d7 100644 --- a/docs/platform/context-memory.md +++ b/docs/platform/context-memory.md @@ -49,22 +49,20 @@ Pixee improves from the signals your team sends when it interacts with Pixee-gen | PR closed / declined | Fix was not accepted — negative signal for this finding type or fix approach | | Triage override | Team disagreed with Pixee's classification — updates classification logic for similar findings | -**Scope of learning:** [NEEDS VERIFICATION: whether feedback signals apply at per-repo scope, org-level scope, or both. Current understanding is that signals apply at the repository level and may aggregate to org level over time.] - -**Observing improvement:** Teams that have been using Pixee for several weeks typically see reduced false positive rates and higher merge rates as the system calibrates to their codebase and review preferences. [NEEDS VERIFICATION: specific time windows and observable metrics for feedback loop effects.] +**Observing improvement:** Teams that have been using Pixee for several weeks typically see improved triage outcomes and higher merge rates as the system calibrates to their codebase and review preferences. ## Triage Overrides When Pixee classifies a finding as a true positive but your team disagrees — or vice versa — you can override the triage verdict. Overrides are the strongest feedback signal available. -**How to override:** [NEEDS VERIFICATION: specific UI mechanics for submitting a triage override — whether this is done via PR comment, dashboard action, or PIXEE.yaml configuration.] +**How to override:** Overrides can be submitted in three ways: by providing feedback directly on an individual triage result, via natural language preferences in PIXEE.yaml, or through Organization Preferences in the UI. **What happens when you override:** - The specific finding's verdict is updated immediately. - The override is recorded with the rationale (if provided). - Future findings matching the same pattern in the same codebase context receive adjusted classification. -**Influence on future classifications:** Triage overrides influence how Pixee classifies similar findings going forward. The more specific the context (same rule ID, same file pattern, same framework), the more targeted the adjustment. [NEEDS VERIFICATION: the exact scope and mechanism by which overrides propagate to future similar findings.] +**Influence on future classifications:** Triage overrides influence how Pixee classifies similar findings going forward. The more specific the context (same rule ID, same file pattern, same framework), the more targeted the adjustment. ## Enterprise Context @@ -73,8 +71,7 @@ For organizations with specific policies — approved libraries, banned patterns **Mechanisms for providing enterprise context:** - **PIXEE.yaml** — per-repository configuration for fix scope and behavior preferences. +- **Organization Preferences** — org-level configuration in the UI for specifying approved libraries, banned patterns, and internal framework conventions that apply across all repositories. - **Codebase reading** — Pixee automatically detects internal libraries and frameworks by analyzing imports, dependency manifests, and usage patterns. If your organization uses an internal HTTP client wrapper, Pixee detects it and uses it in fixes. -[NEEDS VERIFICATION: whether there is a dedicated enterprise-level configuration mechanism beyond PIXEE.yaml for specifying approved libraries, banned patterns, or internal framework conventions at the organization level. Contact your Pixee account team for current enterprise context configuration options.] - For organizations managing hundreds of repositories, the [Phased Rollout Guide](/enterprise/phased-rollout) covers organization-wide deployment strategy that accounts for repository-level variation in conventions and risk tolerance. From 4dad38a801e31a093af0ebea8f909341e34db52c Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 18:18:38 -0700 Subject: [PATCH 13/20] =?UTF-8?q?docs:=20cleanup=20pass=20=E2=80=94=20remo?= =?UTF-8?q?ve=20stale=20counts,=20consolidate=20open-source,=20trim=20dupl?= =?UTF-8?q?ication?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Delete REFACTOR_AUDIT.md (was rendering in published site) - Strip embedded FAQ section from trivy.md; fold container image note into body - Replace stale "12 native integrations" count with "growing list" in 4 files - Merge oss-overview.md + contributing.md into codemodder.md; delete absorbed pages - Update redirects: /open-pixee, /open-source/overview, /open-source/contributing → /open-source/codemodder - Trim sarif-universal.md field tables; link to api/sarif as authoritative field reference - Fix custom-codemods.md contributing link to point to new anchor Co-Authored-By: Claude Sonnet 4.6 --- docs/REFACTOR_AUDIT.md | 333 --------------------------- docs/api/sarif.md | 2 +- docs/configuration/ai-settings.md | 2 +- docs/enterprise/compliance.md | 2 +- docs/integrations/sarif-universal.md | 27 +-- docs/integrations/scanners/trivy.md | 16 +- docs/open-source/codemodder.md | 80 ++++--- docs/open-source/contributing.md | 127 ---------- docs/open-source/custom-codemods.md | 2 +- docs/open-source/oss-overview.md | 88 ------- docusaurus.config.js | 4 +- 11 files changed, 64 insertions(+), 619 deletions(-) delete mode 100644 docs/REFACTOR_AUDIT.md delete mode 100644 docs/open-source/contributing.md delete mode 100644 docs/open-source/oss-overview.md diff --git a/docs/REFACTOR_AUDIT.md b/docs/REFACTOR_AUDIT.md deleted file mode 100644 index 1ec3c00b..00000000 --- a/docs/REFACTOR_AUDIT.md +++ /dev/null @@ -1,333 +0,0 @@ -# Pixee Docs Refactor Audit - -## Stats - -- **Current page count:** 75 .md files (excluding `migration/`) -- **Estimated total word count:** ~86,000 words -- **Pages with embedded FAQ sections:** 72 of 75 pages contain a `## Frequently Asked Questions` or `## FAQ` section appended at the end - -### Pages WITH embedded FAQ sections (72 of 75) - -Every page except the three standalone FAQ pages (`faq/faq-general.md`, `faq/faq-enterprise.md`, `faq/faq-troubleshooting.md`) has an embedded FAQ section. This includes: - -**getting-started/ (7 pages):** getting-started.md, github.md, gitlab.md, azure-devops.md, bitbucket.md, ci-cd.md, cli.md, first-fix.md - -**how-it-works/ (6 pages):** triage-engine.md, fix-generation.md, fix-safety.md, sca-pipeline.md, scanner-integration.md, context-intelligence.md - -**platform/ (6 pages):** what-is-agentic-security-engineering.md, architecture.md, triage.md, remediation.md, sca.md, security.md - -**configuration/ (6 pages):** config-overview.md, pixee-yaml.md, repositories.md, operations-config.md, users.md, ai-settings.md - -**enterprise/ (11 pages):** enterprise-overview.md, deployment.md, embedded-cluster.md, helm.md, air-gap.md, compliance.md, security-architecture.md, byom.md, observability.md, phased-rollout.md, troubleshooting.md - -**integrations/ (19 pages):** integrations-overview.md, sarif-universal.md, all 11 scanner pages, all 4 SCM pages - -**languages/ (7 pages):** languages-overview.md, java.md, python.md, javascript.md, dotnet.md, go.md, php.md - -**open-source/ (4 pages):** oss-overview.md, codemodder.md, custom-codemods.md, contributing.md - -**api/ (4 pages):** api-overview.md, sarif.md, webhooks.md, changelog.md - ---- - -## IA Evaluation - -### What Works - -1. **Integrations pages are properly scoped.** Each of the 13 scanner pages and 4 SCM pages covers a distinct integration. These are genuinely separate entities and the per-page structure is correct. - -2. **Configuration section is well-organized.** The three-level hierarchy (PIXEE.yaml → org settings → AI settings) is clearly communicated and each page has a distinct subject. - -3. **Enterprise section covers real sub-topics.** Deployment, air-gap, BYOM, observability, compliance, security-architecture, phased-rollout, and troubleshooting each address distinct subjects that justify separate pages at Tier 2 depth. - -4. **Language pages are correctly scoped.** One page per language with framework coverage, fix types, and examples. The languages-overview coverage matrix is a useful landing page. - -5. **Getting-started SCM setup pages are appropriately differentiated.** GitHub, GitLab, ADO, and Bitbucket each have platform-specific credential requirements, permission scopes, and terminology (PR vs MR) that justify separate pages. - -6. **The changelog.md is the only page with actual changelog content and no duplication problem.** It contains real versioned entries and is appropriately a reference page. - -### What Doesn't Work - -1. **The `how-it-works/` and `platform/` sections cover nearly identical ground, split arbitrarily by stated audience.** The `track` field distinguishes them (leader vs both), but the content overlap is severe enough that readers arriving at one section must also read the other to get the full picture. - -2. **72 of 75 pages end with an embedded FAQ section.** These sections overwhelmingly restate content already covered earlier in the same page. They add length without adding value and create duplication relative to the three dedicated FAQ pages. - -3. **The three dedicated FAQ pages (`faq/`) are thin and mostly redirect to other pages** rather than actually answering questions. `faq-enterprise.md` is almost entirely stub answers saying "See [page X]." This renders the section nearly useless. - -4. **Scanner count is inconsistent across the docs.** The integrations overview and several pages claim 13 named scanners (correct per the matrix: CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy + DefectDojo as aggregator). But ~26 other pages still say "12 native integrations." The changelog shows Arnica SAST was added in v5.4.11 and Datadog SAST in v5.4.15, and neither is fully reflected in the scanner pages. This is a live inconsistency. - -5. **The learning loop is almost entirely undocumented.** Marketing claims Pixee "learns from merge/reject/comment feedback over time." The only mention in the entire docs is one sentence in `platform/triage.md`: "When Pixee classifies a finding as FALSE_POSITIVE but your team disagrees, the override is recorded and used to improve future classifications for your codebase." No page explains how this learning actually works, at what scope (repo, org, global), on what cadence, or with what effect. - -6. **Dashboard and reporting capabilities are scattered.** `configuration/operations-config.md` has a Reporting section. `enterprise/enterprise-overview.md` has a Measuring Success section. `platform/architecture.md` mentions the React frontend but barely explains what it shows. There is no dedicated dashboard or reporting page despite the dashboard being a primary interface for security leads. - -7. **The `getting-started/` section has a structural gap.** `getting-started.md` (root) explains the platform well. The four SCM setup pages are good. But `ci-cd.md` and `cli.md` are more advanced topics that belong in a different section or clearly labeled as advanced/optional. They inflate the perceived complexity of "getting started." - -### Section Overlap: how-it-works vs platform - -#### Findings - -The two sections cover the same four core topics with significant content redundancy: - -| Topic | platform/ page | how-it-works/ page | Overlap assessment | -|---|---|---|---| -| Triage | `platform/triage.md` (1,444 words) | `how-it-works/triage-engine.md` (1,906 words) | ~70% content overlap. Both explain three-tier architecture, tier-by-tier breakdown, structured verdicts, context signals, scanner-agnostic coverage. `how-it-works` adds a tier comparison table and "Triage and Remediation: Closing the Loop" section. `platform/triage` adds the scanner list and a slightly different intro framing. | -| Fix generation | `platform/remediation.md` (1,201 words) | `how-it-works/fix-generation.md` (1,719 words) | ~65% overlap. Both cover deterministic vs AI, fix evaluation rubric, multi-agent planning, PR delivery. `how-it-works` adds context gathering detail and 4-tier dataflow classification. | -| SCA | `platform/sca.md` (1,137 words) | `how-it-works/sca-pipeline.md` (1,240 words) | ~60% overlap. Both cover exploitability verification, transitive dependencies, atomic PRs, multi-manifest support. `how-it-works` adds verification cache and cross-tool intelligence sections. | -| Fix safety/trust | `platform/security.md` (1,883 words) | `how-it-works/fix-safety.md` (1,586 words) | ~55% overlap. Both cover deterministic vs AI safety, independent evaluation, PR-only workflow, 76% merge rate. `platform/security` adds data handling, deployment models, and "Responsible AI Council" framing. | - -Additionally, `how-it-works/scanner-integration.md` and `how-it-works/context-intelligence.md` have no direct `platform/` counterpart, but `platform/architecture.md` summarizes both. - -The stated rationale (platform/ is for leaders, how-it-works/ is for engineers) does not hold in practice. The content in each pair is too similar to serve genuinely different audiences without significant rewriting. - -#### Proposed Resolution - -**PROPOSED:** Consolidate into a single section. Eliminate `platform/` as a separate section. Rewrite each topic as one authoritative page at Tier 2 depth (thorough, depth-friendly). The business/leadership framing that currently lives in `platform/` can be integrated into the opening paragraphs and callout boxes rather than requiring separate pages. - -Specific merges: -- Merge `platform/triage.md` + `how-it-works/triage-engine.md` → single `how-it-works/triage.md` -- Merge `platform/remediation.md` + `how-it-works/fix-generation.md` → single `how-it-works/fix-generation.md` -- Merge `platform/sca.md` + `how-it-works/sca-pipeline.md` → single `how-it-works/sca.md` -- Merge `platform/security.md` + `how-it-works/fix-safety.md` → single `how-it-works/fix-safety.md` -- Keep `platform/architecture.md` as an overview/landing page for the section (rename section to `how-it-works/`) -- Keep `platform/what-is-agentic-security-engineering.md` — move it to become the section landing page or merge into the main overview - -### Other Structural Issues - -1. **`faq/` section is structurally incoherent.** Three files exist: general, enterprise, troubleshooting. But `faq-enterprise.md` consists almost entirely of answers that say "See [page X]." It is a stub masquerading as content. `faq-troubleshooting.md` has genuinely useful step-by-step troubleshooting content. `faq-general.md` is substantive but repeats content from `how-it-works/` and `platform/`. **PROPOSED:** Remove `faq-enterprise.md` (all its questions are answered on the linked pages). Promote `faq-troubleshooting.md` content into a dedicated Troubleshooting section. Keep `faq-general.md` as a navigation/discovery page only, ruthlessly cutting answers that duplicate canonical pages. - -2. **`open-source/` section has four pages but the last three are thin.** `codemodder.md` and `oss-overview.md` cover similar ground. `contributing.md` is too short to be a standalone page. `custom-codemods.md` is a tutorial that should either live in a tutorials section or be merged with `codemodder.md`. **PROPOSED:** Merge `oss-overview.md` + `codemodder.md` → one reference page. Merge `custom-codemods.md` as a tutorial subsection. Fold `contributing.md` content into the merged page as a short section. - -3. **`api/` section is incomplete.** `api-overview.md` has authentication details and placeholder endpoint descriptions. `api/sarif.md` largely duplicates `integrations/sarif-universal.md`. `changelog.md` is the only page with real content. The API docs lack actual endpoint reference (request/response schemas). This section promises Tier 3 reference content but delivers Tier 2 overviews. - -4. **`getting-started/ci-cd.md` is misplaced.** It is a configuration/integration guide, not a getting-started page. New users do not need CI/CD pipeline examples to evaluate Pixee. **PROPOSED:** Move `ci-cd.md` to `integrations/` or `configuration/`. - -5. **`getting-started/cli.md` is misplaced.** The CLI is an advanced operational tool, not part of the initial setup path. The getting-started root explicitly states "No CLI required for the standard workflow." **PROPOSED:** Move `cli.md` to the `api/` section or create a dedicated `tools/` section. - ---- - -## Proposed IA Changes - -All items below are PROPOSED. None are implemented. - -| # | Proposal | Rationale | -|---|---|---| -| 1 | Consolidate `platform/triage.md` + `how-it-works/triage-engine.md` into one page | ~70% content overlap; same topic, same depth, different words | -| 2 | Consolidate `platform/remediation.md` + `how-it-works/fix-generation.md` into one page | ~65% content overlap | -| 3 | Consolidate `platform/sca.md` + `how-it-works/sca-pipeline.md` into one page | ~60% content overlap | -| 4 | Consolidate `platform/security.md` + `how-it-works/fix-safety.md` into one page | ~55% content overlap; trust framing can be a section, not a whole parallel page | -| 5 | Remove `faq/faq-enterprise.md` | Every answer is a redirect stub. All content exists on linked pages. | -| 6 | Move `faq-troubleshooting.md` content to a dedicated Troubleshooting section or integrate with `enterprise/troubleshooting.md` | Troubleshooting content is genuinely useful but misplaced in FAQ structure | -| 7 | Move `getting-started/ci-cd.md` to `integrations/` | CI/CD integration is not a getting-started topic | -| 8 | Move `getting-started/cli.md` to `api/` or `tools/` | CLI is an advanced operational tool, explicitly not required for standard workflow | -| 9 | Merge `open-source/oss-overview.md` + `open-source/codemodder.md` | Two pages covering same ground (what codemods are, the framework, the repos) | -| 10 | Remove embedded FAQ sections from all 72 pages | 72 pages have appended FAQ sections that restate the page content. Convert at most 2-3 per page into callout boxes where the Q&A adds genuinely new framing not in the body text. | -| 11 | Add a dedicated Learning Loop page | Core differentiator (Pixee improves from feedback) is essentially undocumented | -| 12 | Add a dedicated Dashboard & Reporting page | Reporting metrics are scattered across 4+ pages with no canonical home | -| 13 | Fix scanner count inconsistency across all pages (12 vs 13 vs current actual) | Changelog shows Arnica and Datadog SAST added; integrations overview shows 13 + DefectDojo; most pages still say 12 | -| 14 | Reconcile `api/sarif.md` with `integrations/sarif-universal.md` | Same SARIF format reference material in two places; one should link to the other | - ---- - -## Per-Section Tier Assignments - -| Section | Pages | Tier | Notes | -|---|---|---|---| -| `getting-started/getting-started.md` | 1 | Tier 1 | Landing page; currently well-scoped but has padding in the FAQ section | -| `getting-started/` SCM setup (github, gitlab, azure-devops, bitbucket) | 4 | Tier 1 | Setup pages; currently about right in length but each has an embedded FAQ that restates the setup steps | -| `getting-started/first-fix.md` | 1 | Tier 1 | Good candidate for aggressive tightening; currently repeats PR anatomy twice | -| `getting-started/ci-cd.md` | 1 | Tier 2 | Misplaced — should move to integrations/; content depth is appropriate for Tier 2 | -| `getting-started/cli.md` | 1 | Tier 2 | Misplaced — should move to api/ or tools/; content depth is appropriate for Tier 2 | -| `how-it-works/triage-engine.md` | 1 | Tier 2 | Appropriate depth; consolidation target | -| `how-it-works/fix-generation.md` | 1 | Tier 2 | Appropriate depth; consolidation target | -| `how-it-works/fix-safety.md` | 1 | Tier 2 | Appropriate depth; consolidation target | -| `how-it-works/sca-pipeline.md` | 1 | Tier 2 | Appropriate depth; consolidation target | -| `how-it-works/scanner-integration.md` | 1 | Tier 2 | Good standalone page with real technical detail | -| `how-it-works/context-intelligence.md` | 1 | Tier 2 | Solid but partially duplicated by triage-engine.md's "Context-Aware Intelligence" section | -| `platform/` (all 6 pages) | 6 | Tier 2 | Section should be eliminated/merged into how-it-works; content is appropriate Tier 2 depth but redundant | -| `configuration/pixee-yaml.md` | 1 | Tier 3 | Full schema reference; appropriate | -| `configuration/operations-config.md` | 1 | Tier 2 | Mixed content (scheduling, notifications, reporting) — may need splitting | -| `configuration/` (remaining) | 4 | Tier 2 | Appropriate depth | -| `enterprise/deployment.md` | 1 | Tier 2 | Good depth; some overlap with embedded-cluster.md and helm.md | -| `enterprise/embedded-cluster.md` | 1 | Tier 2 | Appropriate | -| `enterprise/helm.md` | 1 | Tier 2 | Appropriate | -| `enterprise/air-gap.md` | 1 | Tier 2 | Appropriate | -| `enterprise/security-architecture.md` | 1 | Tier 2 | Appropriate; partially overlaps platform/security.md | -| `enterprise/compliance.md` | 1 | Tier 2-3 | Framework mapping table is Tier 3; surrounding prose is Tier 2 | -| `enterprise/byom.md` | 1 | Tier 2 | Appropriate | -| `enterprise/observability.md` | 1 | Tier 2 | Appropriate | -| `enterprise/phased-rollout.md` | 1 | Tier 2 | Appropriate | -| `enterprise/troubleshooting.md` | 1 | Tier 3 | Reference troubleshooting tables; appropriate | -| `enterprise/enterprise-overview.md` | 1 | Tier 1 | Landing page; currently has too much detail (Measuring Success section should move to operations-config) | -| `integrations/integrations-overview.md` | 1 | Tier 2 | Coverage matrix is Tier 3; page is appropriate | -| `integrations/sarif-universal.md` | 1 | Tier 2-3 | SARIF field requirements lean Tier 3 | -| `integrations/scanners/` (13 pages) | 13 | Tier 2 | Each scanner page has appropriate depth for its audience | -| `integrations/scms/` (4 pages) | 4 | Tier 2 | Credential tables and permission scopes are appropriately detailed | -| `languages/languages-overview.md` | 1 | Tier 2 | Coverage matrix is Tier 3; combined makes this right | -| `languages/java.md`, `languages/python.md` | 2 | Tier 2 | Appropriate depth | -| `languages/javascript.md`, `languages/dotnet.md`, `languages/go.md`, `languages/php.md` | 4 | Tier 2 | Currently thinner than Java/Python pages; acceptable given less coverage | -| `faq/faq-general.md` | 1 | Tier 1 | Navigation/discovery; cut answers that duplicate canonical pages | -| `faq/faq-enterprise.md` | 1 | — | PROPOSED REMOVAL: all answers are redirect stubs | -| `faq/faq-troubleshooting.md` | 1 | Tier 2 | Good operational content; should be promoted to a real Troubleshooting section | -| `open-source/oss-overview.md` | 1 | Tier 1 | Landing page; overlaps too much with codemodder.md | -| `open-source/codemodder.md` | 1 | Tier 2 | Appropriate depth; consolidation target with oss-overview | -| `open-source/custom-codemods.md` | 1 | Tier 2 | Tutorial; could be merged into codemodder.md as a section | -| `open-source/contributing.md` | 1 | Tier 1 | Too short standalone; should be a section of codemodder.md | -| `api/api-overview.md` | 1 | Tier 3 | Promises reference content but is currently Tier 2 depth; needs expansion | -| `api/sarif.md` | 1 | Tier 3 | Duplicates integrations/sarif-universal.md; needs consolidation | -| `api/webhooks.md` | 1 | Tier 3 | Appropriate | -| `api/changelog.md` | 1 | Tier 3 | Appropriate; only page with no real content problem | - ---- - -## Top 10 Pages Needing Most Work - -Ranked by severity of problem and fix urgency: - -### 1. `platform/triage.md` — MERGE -**Problem:** Covers nearly identical ground as `how-it-works/triage-engine.md`. Both pages open with a full description of the three-tier architecture, walk through each tier, describe the structured verdict format, and list the same four context signals. The platform page adds a scanner list table that belongs on the triage page. The how-it-works page adds a tier comparison table and a closing "Triage and Remediation" section. Combined, there are 3,350 words covering one topic. -**Action:** Merge into a single definitive triage page. Start with the three-tier architecture overview, add the tier comparison table, include the context signals section, end with structured verdicts. Target: 1,600–1,800 words. Delete the platform version. - -### 2. `platform/remediation.md` — MERGE -**Problem:** Covers nearly identical ground as `how-it-works/fix-generation.md`. Both pages explain the deterministic/AI routing decision, the fix quality evaluation rubric (Safety/Effectiveness/Cleanliness), and multi-agent fix planning. The platform page has a language coverage table; the how-it-works page has the 4-tier dataflow context gathering table and MagicMod architecture details. Combined: 2,920 words, one topic. -**Action:** Merge into a single authoritative fix generation page. Preserve the dataflow context gathering table (it adds real value). Target: 1,800–2,000 words. - -### 3. `platform/security.md` + `how-it-works/fix-safety.md` — MERGE/REWRITE -**Problem:** Both pages are long (1,883 and 1,586 words) and cover the same three concepts: deterministic vs AI, independent evaluation, PR-only workflow. `platform/security.md` adds data handling and the Responsible AI Council framing; these are worth keeping. Combined there are 3,469 words of largely redundant content. -**Action:** Merge into one "Security & Trust" page. Keep the Responsible AI Council Q&A (it addresses a real evaluation concern). Keep the data handling section. Eliminate the repeated fix quality rubric (covered on the merged fix generation page). Target: 1,500–1,800 words. - -### 4. Embedded FAQ sections on 72 pages — STRIP GLOBALLY -**Problem:** Every content page ends with a `## Frequently Asked Questions` or `## FAQ` section that largely restates the page body. Examples: `platform/triage.md` FAQ asks "How does automated vulnerability triage reduce false positives?" — a question answered in the preceding 1,200 words. `how-it-works/fix-generation.md` FAQ asks "What is the difference between codemods and AI-generated fixes?" — answered with a full table earlier on the same page. These sections add 100–400 words to every page, inflating total word count by an estimated 15,000–20,000 words across the site. -**Action:** Strip embedded FAQ sections from all 72 pages. Where a question genuinely covers something not in the page body (rare), convert it to a callout box or inline summary. Do not route to the standalone FAQ pages; those should also be cut or consolidated. - -### 5. `faq/faq-enterprise.md` — REMOVE -**Problem:** Every answer in this page is a redirect to another page. Example: "Does Pixee support self-hosted deployment? See [Deployment Options](/enterprise/deployment) for details." This is not an FAQ — it is an index, and a worse index than the sidebar. The page adds zero content. -**Action:** Remove the page. Redirect the slug to `/enterprise/overview`. - -### 6. `how-it-works/context-intelligence.md` — MERGE OR DEMOTE -**Problem:** This page covers four topics (dataflow quality, production vs test, security control detection, intentionally-vulnerable project filtering) that are already summarized in `how-it-works/triage-engine.md`'s "Context-Aware Intelligence" section, which contains a table covering the same four-tier dataflow scale. The context-intelligence page adds slightly more prose but no new concepts. It then has a "How Context Feeds Remediation" section that duplicates `how-it-works/fix-generation.md`'s context gathering section. -**Action:** After the triage + fix generation merges, assess whether this page still has unique content. If the merged triage page covers the four context signals adequately, fold the unique parts of context-intelligence.md into the merged triage page and delete this page. - -### 7. `platform/what-is-agentic-security-engineering.md` — REPURPOSE OR MERGE -**Problem:** This page (the conceptual explainer for what "agentic" means) is positioned as a `platform/` page but reads like a landing page or marketing overview. After the platform/how-it-works consolidation, its role is unclear. Its "Four-Layer Security Stack" table is genuinely useful. The "What Makes It Agentic" section is good framing but exists nowhere in the consolidated architecture. -**Action:** Move this page to become the section landing page (replacing the current `platform/architecture.md` overview function) with a new slug like `/how-it-works/` or `/platform/overview`. Trim the embedded FAQ. Keep the four-layer table and the "agentic" definition section. - -### 8. `api/api-overview.md` — EXPAND -**Problem:** This page promises a REST API reference but delivers only authentication setup and a brief mention that endpoints exist. There are no actual endpoint definitions, request/response schemas, or error response examples. The `api/` section claims to be Tier 3 reference content but is currently Tier 2 at best. -**Action:** Expand the API overview to include all available endpoints with method, path, parameters, and response shape. If the full reference lives elsewhere (e.g., an OpenAPI spec), link to it prominently. Currently a user asking "how do I query my scan results via API?" gets no actionable answer from this page. - -### 9. `configuration/operations-config.md` — SPLIT OR RESTRUCTURE -**Problem:** This page covers three distinct operational areas — scheduling, notifications, and reporting — in a single 2,900-word page. The reporting section describes dashboard metrics (triage summary, fix activity, merge rate, remediation velocity) that have no other home. The scheduling section overlaps with what `configuration/config-overview.md` says about workflows. The notifications section is well-written but buries the Jira/ServiceNow webhook configuration at the end. -**Action:** Consider splitting into two pages: `operations-scheduling.md` (scheduling + notifications) and `reporting.md` (dashboard + metrics + exports + compliance exports). This would give reporting a canonical home and reduce the page's sprawl. - -### 10. Learning loop — CREATE -**Problem:** One of Pixee's three core differentiators ("Learn — improves from merge/reject/comment feedback over time") has no documentation. The only reference in the entire docs is a single sentence in `platform/triage.md`: "When Pixee classifies a finding as FALSE_POSITIVE but your team disagrees, the override is recorded and used to improve future classifications for your codebase." This cannot verify whether Pixee learns globally, per-org, per-repo, on what signal (overrides only, or also merge/reject?), at what cadence, or with measurable effect. -**Action:** Create a new page (suggested: `how-it-works/learning.md`) covering: what signals Pixee ingests (triage overrides, PR merges, PR closes, code comments), the scope of learning (org-level? global?), the cadence and mechanism, and how teams can evaluate whether learning is improving accuracy over time. This page cannot be written without consulting product/engineering to verify what actually ships. - ---- - -## Cross-Page Duplication - -### 1. Three-tier triage architecture description -**Repeated on:** `platform/triage.md`, `how-it-works/triage-engine.md`, `platform/architecture.md`, `platform/what-is-agentic-security-engineering.md`, `getting-started/getting-started.md`, `faq/faq-general.md` -**Proposed canonical location:** `how-it-works/triage.md` (post-merge). All others should summarize in 1-2 sentences and link. - -### 2. Fix quality evaluation rubric (Safety/Effectiveness/Cleanliness) -**Repeated on:** `platform/remediation.md`, `how-it-works/fix-generation.md`, `how-it-works/fix-safety.md`, `platform/security.md`, `faq/faq-general.md`, `getting-started/first-fix.md`, `getting-started/github.md`, `getting-started/gitlab.md`, `getting-started/azure-devops.md`, `getting-started/bitbucket.md` -**Proposed canonical location:** `how-it-works/fix-generation.md` (post-merge). PR description sections on SCM setup pages should say "quality scores (Safety, Effectiveness, Cleanliness)" with a link. - -### 3. "Deterministic codemods vs AI-powered MagicMods" explanation -**Repeated on:** `platform/remediation.md`, `how-it-works/fix-generation.md`, `how-it-works/fix-safety.md`, `platform/security.md`, `platform/what-is-agentic-security-engineering.md`, `configuration/ai-settings.md`, `faq/faq-general.md`, `getting-started/first-fix.md` -**Proposed canonical location:** `how-it-works/fix-generation.md`. Other pages should use: "Pixee uses deterministic codemods for known patterns and AI-powered MagicMods for novel ones — [see Fix Generation]." - -### 4. PR-only delivery as architectural constraint -**Repeated on:** `platform/remediation.md`, `how-it-works/fix-safety.md`, `platform/security.md`, `platform/architecture.md`, `platform/what-is-agentic-security-engineering.md`, `enterprise/security-architecture.md`, `faq/faq-general.md`, `getting-started/getting-started.md` -**Proposed canonical location:** `how-it-works/fix-safety.md` (post-merge with security.md). One sentence + link on all other pages. - -### 5. Deployment model comparison (Cloud SaaS / Embedded Cluster / Helm / Air-Gapped) -**Repeated on:** `enterprise/deployment.md`, `enterprise/enterprise-overview.md`, `enterprise/security-architecture.md`, `getting-started/` SCM setup pages (data-leaves-your-network section), `getting-started/ci-cd.md` -**Proposed canonical location:** `enterprise/deployment.md`. All others should show only the deployment model names and link. - -### 6. "No CLI required / no code changes to install" -**Repeated on:** `getting-started/getting-started.md`, `getting-started/github.md`, `getting-started/gitlab.md`, `getting-started/azure-devops.md`, `getting-started/bitbucket.md`, `faq/faq-general.md` -**Proposed canonical location:** `getting-started/getting-started.md`. SCM setup pages can keep one sentence of confirmation but do not need full paragraphs. - -### 7. "git revert applies; no runtime dependency on Pixee for merged code" -**Repeated on:** `platform/remediation.md`, `how-it-works/fix-safety.md`, `platform/security.md`, `platform/architecture.md`, `faq/faq-general.md` -**Proposed canonical location:** `how-it-works/fix-safety.md`. Two sentences on other pages maximum. - -### 8. 76% merge rate claim -**Repeated on:** `platform/remediation.md`, `how-it-works/fix-safety.md`, `platform/security.md`, `getting-started/getting-started.md`, and 4+ other pages -**Proposed canonical location:** `how-it-works/fix-safety.md` with the full context. Other pages should say "76% merge rate — see [Fix Safety]" without re-explaining what the number means. - -### 9. Infrastructure requirements (8 vCPU, 32 GB RAM, 100 GB SSD) -**Repeated on:** `enterprise/deployment.md`, `enterprise/embedded-cluster.md`, `enterprise/helm.md`, `enterprise/air-gap.md`, `faq/faq-enterprise.md` -**Proposed canonical location:** `enterprise/deployment.md` (already has the definitive table). Other pages should link to it, not repeat it. - -### 10. Scanner count ("12 native integrations") — currently an inconsistency -**Repeated incorrectly on:** ~26 pages saying "12" while integrations-overview.md correctly shows 13 named scanners (Arnica SAST and Datadog SAST added per changelog). The actual count, including DefectDojo as an aggregator, is 14 supported scanners, 13 named as "native." -**Proposed canonical location:** `integrations/integrations-overview.md` has the definitive matrix. All other pages should say "13 named scanner integrations" and link. Requires auditing the exact current list (Arnica, Datadog per changelog; both pages are missing from `integrations/scanners/`). - ---- - -## Content Gaps - -### 1. The Learning Loop — CRITICAL GAP -**What's missing:** How Pixee improves from feedback. This is described as a core product capability but has zero dedicated documentation. The single sentence ("overrides are recorded and used to improve future classifications") does not explain mechanism, scope, cadence, or measurability. -**Where it should live:** `how-it-works/learning.md` (new page) -**What it should cover:** Signal types (overrides, PR merges, PR closes, inline comments), scope (per-repo vs org vs global model improvement), cadence (immediate? batch? weekly?), how teams can observe improvement over time, any measurable effect on false positive rates. -**Blocker:** Requires product/engineering input to document accurately. Cannot be written from existing docs alone. - -### 2. Dashboard and Reporting Interface — SIGNIFICANT GAP -**What's missing:** The Pixee dashboard is mentioned everywhere as the primary interface for security leads, but it is never shown or described in detail. What does it look like? What views exist? How are findings organized? What filtering is available? What does the triage summary view show? -**Where it should live:** `configuration/operations-config.md` Reporting section (currently exists but only describes metrics in abstract — no screenshots, no view descriptions, no navigation guidance) -**What it should cover:** Primary dashboard views (triage summary, fix activity, repository status), filtering controls, how to read merge rate and MTTR metrics, how to export data. - -### 3. Convention-Aware Fix Generation — SIGNIFICANT GAP -**What's missing:** Marketing copy says Pixee generates "context-aware code fixes matching team conventions." The PIXEE.yaml page documents the `pr` section (labels, reviewers, draft) but this is PR metadata, not fix conventions. The `fix-generation.md` page mentions "per-project PIXEE.yaml policy" for preferred imports and framework choices but `pixee-yaml.md` has no corresponding schema fields for coding conventions, preferred imports, or framework preferences. Either the PIXEE.yaml schema is incomplete in the docs, or the convention-awareness is an AI behavior not user-configurable. -**Where it should live:** `configuration/pixee-yaml.md` and `how-it-works/fix-generation.md` -**What it should cover:** What aspects of team conventions Pixee detects automatically vs. what requires explicit configuration, what PIXEE.yaml fields (if any) control fix style. - -### 4. Triage Verdict Override Workflow — MODERATE GAP -**What's missing:** Multiple pages mention that security engineers can override triage verdicts. None explain how to do this. Where in the UI? What happens when you override? Is there a comment field? Does the override affect future findings? Is it per-finding or per-rule? -**Where it should live:** `how-it-works/triage.md` (post-merge) — add a "Overriding Triage Verdicts" section -**What it should cover:** UI/API mechanics for overrides, the scope of an override, how overrides feed into learning. - -### 5. Arnica SAST and Datadog SAST Integration Pages — MISSING -**What's missing:** The changelog (v5.4.11 and v5.4.15) shows Arnica SAST and Datadog SAST were added as native integrations. The integrations-overview.md doesn't list them. There are no scanner pages for either in `integrations/scanners/`. The platform/triage.md lists them in the scanner list but there is no integration setup page. -**Where it should live:** `integrations/scanners/arnica.md` and `integrations/scanners/datadog-sast.md` (new pages) - -### 6. Multi-Scanner Deduplication — MODERATE GAP -**What's missing:** `platform/triage.md` mentions "cross-tool deduplication -- when multiple scanners flag the same finding, the system eliminates duplicates." This is a real operational question for teams running 3-4 scanners. How does deduplication work? What defines a "duplicate"? When does Pixee merge findings vs. treat them independently? -**Where it should live:** `how-it-works/scanner-integration.md` or the merged triage page - -### 7. SCA Verification Cache Details — MINOR GAP -**What's missing:** `how-it-works/sca-pipeline.md` mentions a "verification cache" for CVE+dependency combinations. What is the TTL? Is it per-org or global? How does it interact with new CVE advisories for the same library version? -**Where it should live:** `how-it-works/sca.md` (post-merge) - -### 8. Phased Rollout Success Metrics — MODERATE GAP -**What's missing:** `enterprise/phased-rollout.md` describes phases but the Phase 1 success criteria section (seen in first 50 lines) is cut off in this audit. More importantly, there is no guidance on how to set up measurement during a rollout — specifically, how to access merge rate data, triage volume data, and developer acceptance metrics during the pilot phase before org-wide deployment. -**Where it should live:** `enterprise/phased-rollout.md` + link to the Reporting section - ---- - -## Flags for Human Review - -1. **Scanner count accuracy.** The actual current number of supported scanners needs verification. The integrations-overview claims 13 named + DefectDojo as aggregator. The changelog mentions Arnica (v5.4.11) and Datadog SAST (v5.4.15). But neither appears in `integrations/scanners/` as a page. Many older pages say "12." What is the current authoritative count, and which scanners have dedicated setup pages vs. just changelog mentions? - -2. **85% SCA noise reduction and 90% less triage time claims** on `platform/sca.md`. These are presented as product claims without qualification (unlike the 95% triage claim, which includes a detailed qualification about workload composition). Are these numbers validated? If so, they need the same qualification treatment. If not, they should be removed. - -3. **Learning loop — product reality.** Before writing any documentation about the learning loop, engineering must confirm: (a) Does Pixee actually improve triage accuracy from feedback signals in a live, deployed way? (b) What signals does it ingest? (c) Is improvement per-repo, per-org, or global? (d) Is this a shipped feature or a roadmap item? The current docs imply it exists ("overrides are recorded and used to improve") but do not validate this. - -4. **PIXEE.yaml convention fields.** The `fix-generation.md` page says "Per-project PIXEE.yaml policy. MagicMods respect project-level configuration files specifying your coding conventions, preferred imports, and framework choices." But `pixee-yaml.md` has no schema fields for preferred imports or framework choices. Either (a) these PIXEE.yaml fields exist but are undocumented, (b) the convention-awareness is automatic (detected, not configured), or (c) this is planned, not shipped. This needs engineering clarification before the docs can be corrected. - -5. **"50+ validated" SARIF scanners.** Multiple pages claim "over 50 scanner tools have been validated via the universal SARIF path." Is there a public list? If not, this claim should be qualified as "50+ scanners in Pixee's testing environment" rather than implying any scanner producing SARIF is guaranteed to work. - -6. **Air-gapped deployment license validation.** `enterprise/air-gap.md` says "License validation still requires a network path to Pixee servers — either direct or through a proxy." This is called out as "An honest clarification" in the page. Given that many air-gapped use cases are in environments where NO outbound internet is allowed (classified DoD environments, for example), this limitation may be a deal-stopper that the docs currently undersell. Flag for product decision: is there a fully offline license model, and if so, how does it work? - -7. **`platform/what-is-agentic-security-engineering.md` — audience and SEO intent.** This page is positioned as a conceptual explainer for search traffic ("What is agentic security engineering?") but currently lives deep in the `platform/` section. If this page is intended to capture search traffic from users who don't know Pixee, it should be the highest-level page in the site or live at the root. If it's for existing users, it can live in the platform section. The intent needs clarification before IA is finalized. - -8. **`api/changelog.md` has a FAQ section.** The changelog's embedded FAQ includes "How often does Pixee release updates?" (answered: ~25 releases per 6 months). This is the most recent and specific product frequency information in the docs and should inform the enterprise-overview.md's similar claim (currently consistent). However, the changelog FAQ is the only place this appears. Verify that the "25 releases in 6 months" figure is current. - -9. **`enterprise/troubleshooting.md` vs. `faq/faq-troubleshooting.md` overlap.** Both cover troubleshooting but for different audiences: enterprise-troubleshooting covers Helm/K8s/LLM issues; faq-troubleshooting covers scanner connectivity and PR issues. After consolidation, ensure the separation remains clean and cross-links are correct. - -10. **`configuration/operations-config.md` references `configuration/operations`** in the config-overview quick reference table. This slug does not match the actual slug `configuration/operations` — the file is `operations-config.md` with slug `/configuration/operations`. Verify all internal links are correct after any consolidation. diff --git a/docs/api/sarif.md b/docs/api/sarif.md index 397bfe6e..28f2f8e9 100644 --- a/docs/api/sarif.md +++ b/docs/api/sarif.md @@ -10,7 +10,7 @@ sidebar_position: 2 # SARIF Reference -SARIF (Static Analysis Results Interchange Format) is the OASIS standard that Pixee uses to ingest security findings from 12 native scanner integrations and any SARIF-producing tool. Pixee reads SARIF files to understand what vulnerabilities were found, where they are located, and what dataflow information is available -- then routes each finding to the appropriate triage and remediation engine. This page documents how Pixee consumes SARIF. +SARIF (Static Analysis Results Interchange Format) is the OASIS standard that Pixee uses to ingest security findings from its named scanner integrations and any SARIF-producing tool. Pixee reads SARIF files to understand what vulnerabilities were found, where they are located, and what dataflow information is available -- then routes each finding to the appropriate triage and remediation engine. This page documents how Pixee consumes SARIF. ## What is SARIF? diff --git a/docs/configuration/ai-settings.md b/docs/configuration/ai-settings.md index 063317e7..68e8d71c 100644 --- a/docs/configuration/ai-settings.md +++ b/docs/configuration/ai-settings.md @@ -49,7 +49,7 @@ Triage settings control how Pixee classifies scanner findings. ### Relationship to scanner quality -Triage accuracy depends on the quality of scanner input. Pixee integrates with 12 native scanner integrations and accepts any SARIF-producing scanner via universal SARIF import. Higher-quality scanner output yields higher-confidence triage results. +Triage accuracy depends on the quality of scanner input. Pixee integrates with a growing list of named scanner integrations and accepts any SARIF-producing scanner via universal SARIF import. Higher-quality scanner output yields higher-confidence triage results. ## Remediation Settings diff --git a/docs/enterprise/compliance.md b/docs/enterprise/compliance.md index 2dd1a536..dbbfcacc 100644 --- a/docs/enterprise/compliance.md +++ b/docs/enterprise/compliance.md @@ -32,7 +32,7 @@ The table below maps Pixee capabilities to specific controls in six compliance f | **HIPAA** | 164.312(a)(1) access control, 164.312(c)(1) integrity controls, 164.312(d) authentication | Self-hosted deployment keeps PHI-adjacent data in customer network. SSO integration. Audit trail for all triage and remediation actions. PR workflow preserves change integrity. | | **FedRAMP** | AC-2 (account management), AU-2 (auditable events), CM-3 (configuration change control) | Air-gapped deployment with no source code leaving the network. Comprehensive audit event logging. Configuration changes documented through PR workflow. | | **PCI-DSS** | 6.3 (secure development), 6.5 (common vulnerability remediation), 10.2 (audit trails) | Automated vulnerability remediation with full audit evidence. Triage decisions provide evidence for vulnerability management requirements. PR history for change documentation. | -| **NIST 800-53** | RA-5 (vulnerability monitoring and scanning), SA-11 (developer testing), SI-2 (flaw remediation) | Automated triage with classification evidence. Remediation with traceable fixes. Continuous monitoring via 12 native scanner integrations and triage automation. | +| **NIST 800-53** | RA-5 (vulnerability monitoring and scanning), SA-11 (developer testing), SI-2 (flaw remediation) | Automated triage with classification evidence. Remediation with traceable fixes. Continuous monitoring via native scanner integrations and triage automation. | | **ISO 27001** | A.12.6.1 (management of technical vulnerabilities), A.14.2.2 (system change control) | Vulnerability management automation with audit evidence. Change control integration through PR workflow. Exportable records for audit review. | | **OCC 2013-29** (Third-Party Risk) | Third-party risk management, vendor due diligence, ongoing monitoring | Pixee supports vendor risk assessment via documented security controls, data classification, and audit trail. Self-hosted deployment keeps all data within customer network. | | **FFIEC IT Examination Handbook** | Outsourced Technology Services examination procedures | Audit trail for vulnerability management lifecycle maps to examination procedures. Event-sourced triage decisions provide examiner-ready evidence. | diff --git a/docs/integrations/sarif-universal.md b/docs/integrations/sarif-universal.md index 3805f262..9230b4dd 100644 --- a/docs/integrations/sarif-universal.md +++ b/docs/integrations/sarif-universal.md @@ -27,30 +27,9 @@ Use a native integration when available — native integrations extract richer m ## SARIF Requirements -Pixee supports the current SARIF standard (OASIS SARIF). Your SARIF file must include: - -### Required Fields - -| Field | Path | Description | -| -------------- | ---------------------------------------- | -------------------------------------- | -| Schema version | `$schema` | Must reference a valid SARIF schema | -| Tool info | `runs[].tool.driver.name` | Scanner name | -| Results | `runs[].results[]` | Array of findings | -| Rule ID | `results[].ruleId` | Unique identifier for the finding type | -| Message | `results[].message.text` | Human-readable finding description | -| Location | `results[].locations[].physicalLocation` | File path and line number | - -### Optional But Recommended - -| Field | Path | Impact on Pixee | -| --------------- | --------------------------------- | ------------------------------------------------- | -| Rule metadata | `runs[].tool.driver.rules[]` | Enables richer triage justifications | -| Code flows | `results[].codeFlows[]` | Enables source-to-sink dataflow triage | -| Severity | `results[].level` | Informs triage prioritization | -| Help text | `runs[].tool.driver.rules[].help` | Provides vulnerability context for fix generation | -| Tags/properties | `results[].properties` | Custom metadata for organization-specific context | - -The more metadata your SARIF contains, the better Pixee's triage and remediation quality. Scanners that produce minimal SARIF (rule ID + location only) still work, but triage justifications are less detailed. +Pixee supports SARIF version 2.1.0. At minimum, each finding must include a `ruleId`, `message.text`, and a `physicalLocation` (file path and line number). Richer SARIF — particularly `codeFlows` with `threadFlows` — directly improves triage accuracy and fix quality. + +For the complete field reference, required vs. optional field breakdown, dataflow quality tiers, and validation guidance, see the [SARIF Reference](/api/sarif). ## Upload Methods diff --git a/docs/integrations/scanners/trivy.md b/docs/integrations/scanners/trivy.md index 6f2e4dd4..2371e211 100644 --- a/docs/integrations/scanners/trivy.md +++ b/docs/integrations/scanners/trivy.md @@ -29,7 +29,7 @@ Trivy produces SARIF output natively, making it highly interoperable with downst ### Triage -Trivy's breadth is its strength and its challenge. Container image scans can surface hundreds of CVEs in OS packages, most of which are not exploitable in the application's context. Pixee's triage pipeline classifies each finding by exploitability and actionability, separating real threats from noise. For code-level findings and IaC misconfigurations, the triage engine investigates the actual codebase to determine whether the finding represents a real risk. +Trivy's breadth is its strength and its challenge. Container image scans can surface hundreds of CVEs in OS packages, most of which are not exploitable in the application's context. Pixee's triage pipeline classifies each finding by exploitability and actionability, separating real threats from noise. For code-level findings and IaC misconfigurations, the triage engine investigates the actual codebase to determine whether the finding represents a real risk. For dependency vulnerabilities found in container image scans, Pixee can generate dependency update fixes where the dependency is managed in your source code. ### Remediation @@ -46,18 +46,4 @@ For the full list of vulnerability types Pixee triages and fixes, see [What Pixe **Prerequisites:** Trivy installed in your CI pipeline or locally, Pixee platform integration configured. -## FAQ - -### Does Pixee work with Trivy's container image scanning? - -Yes. Pixee ingests Trivy's SARIF output from container image scans and triages the findings by exploitability. For dependency vulnerabilities found in container images, Pixee can generate dependency update fixes where the dependency is managed in your source code. - -### How does Pixee reduce noise from Trivy scans? - -Trivy container scans often surface hundreds of CVEs in OS packages. Pixee's triage engine classifies each by exploitability — whether the vulnerable code path is actually reachable in your application — reducing the volume requiring human review. - -### Does Trivy need to output SARIF for this integration? - -Yes. Configure Trivy with `--format sarif` to produce SARIF output. Pixee also supports Trivy's native JSON format through the dedicated Trivy handler. - See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/open-source/codemodder.md b/docs/open-source/codemodder.md index af2c68db..c615944b 100644 --- a/docs/open-source/codemodder.md +++ b/docs/open-source/codemodder.md @@ -5,18 +5,30 @@ track: dev content_type: guide seo_title: Codemodder Framework -- Pixee Docs description: Codemodder open source framework for building security-focused code transformations. Supports Java and Python. -sidebar_position: 2 +sidebar_position: 1 --- # Codemodder Framework -Codemodder is an open source framework created by Pixee for building language-specific, security-focused code transformations called codemods. Each codemod encodes a specific security remediation pattern -- SQL injection parameterization, insecure deserialization hardening, cryptography upgrades -- as a deterministic, testable rule. Codemodder currently supports Java via [codemodder-java](https://github.com/pixee/codemodder-java) and Python via [codemodder-python](https://github.com/pixee/codemodder-python), with every codemod publicly inspectable on GitHub. +Codemodder is an open source framework created by Pixee for building language-specific, security-focused code transformations called codemods. Each codemod encodes a specific security remediation pattern — SQL injection parameterization, insecure deserialization hardening, cryptography upgrades — as a deterministic, testable rule. Codemodder currently supports Java via [codemodder-java](https://github.com/pixee/codemodder-java) and Python via [codemodder-python](https://github.com/pixee/codemodder-python), with every codemod publicly inspectable on GitHub. + +Automated code changes demand trust. Open source engines provide that transparency in a way that proprietary black-box tools cannot — security teams and auditors can inspect the exact transformation rules before trusting automated remediation in their codebase. + +All projects are licensed under **Apache 2.0**. + +## Projects + +| Project | Language | Description | +|---|---|---| +| [codemodder-java](https://github.com/pixee/codemodder-java) | Java | Java codemod engine with AST transformations via ParseAndGo | +| [codemodder-python](https://github.com/pixee/codemodder-python) | Python | Python codemod engine with LibCST, regex, and XML transformers | +| [Codemodder framework](https://github.com/pixee/codemodder-spec) | Multi-language | Core specification and framework for building language-specific codemod engines | ## What Codemods Are -A security codemod is a deterministic rule that transforms insecure code into secure code. "Deterministic" means same input produces the same output every time. No LLM, no variance, no hallucination. Codemods encode decades of OWASP and SANS best practices into testable, repeatable rules. +A security codemod is a deterministic rule that transforms insecure code into secure code. "Deterministic" means same input produces the same output every time — no LLM, no variance, no hallucination. Codemods encode decades of OWASP and SANS best practices into testable, repeatable rules. -For example, a codemod might detect raw SQL string concatenation and transform it into parameterized queries. The fix is the same whether you run it today, tomorrow, or a year from now. That predictability is what makes codemods suitable for automated remediation in production codebases. +For example, a codemod detects raw SQL string concatenation and transforms it into parameterized queries. The fix is the same whether you run it today or a year from now. That predictability is what makes codemods suitable for automated remediation in production codebases. ## Architecture @@ -29,22 +41,17 @@ Codemodder has three layers: - **codemodder-java** uses ParseAndGo-based AST transformations. Codemods register into a default codemod set and operate on Java abstract syntax trees. - **codemodder-python** supports three transformer strategies: LibCST for AST-level transformations, regex for pattern-based changes, and XML for configuration files. A single Python codemod can target source files, config files, or dependency manifests. -**Output format.** All engines produce a structured JSON report describing every change made — including what was modified, where, and the security rationale — designed to be straightforward to integrate into CI/CD pipelines or review workflows. +**Output format.** All engines produce a structured JSON report describing every change made — including what was modified, where, and the security rationale — designed to integrate into CI/CD pipelines or review workflows. ## How Codemods Work The transformation pipeline follows a consistent flow from scanner finding to structured output: 1. **Scanner produces a finding.** A SAST or SCA tool flags a vulnerability and emits a SARIF report identifying the file, line, and rule that triggered. - 2. **Codemodder matches a codemod rule.** The engine checks whether a registered codemod handles the finding type (e.g., CWE-89 for SQL injection maps to the SQL parameterization codemod). - 3. **The codemod analyzes the vulnerable code.** Using AST parsing (ParseAndGo for Java, LibCST for Python), regex matching, or XML parsing, the codemod identifies the exact code pattern that needs to change. - -4. **The transformation applies the security fix.** The codemod rewrites the code deterministically. For SQL injection, this means converting string concatenation to parameterized queries. For insecure deserialization, it means adding type validation or switching to a safe loader. - +4. **The transformation applies the security fix.** The codemod rewrites the code deterministically. 5. **The engine writes a structured report.** A JSON document describes what changed and why — both human-readable and machine-parseable. - 6. **Developer reviews the change.** In the Pixee platform, the fix becomes a pull request. With the standalone engine, you review the structured report and the modified files directly. ## codemodder-java @@ -82,11 +89,11 @@ The Python engine provides a library of deterministic codemods with three distin **Transformer strategies:** -| Strategy | Target | Use Case | -| -------- | ---------------------------- | ---------------------------------------------------------------------- | -| LibCST | Python source files | AST-level transformations (function calls, imports, class definitions) | -| Regex | Config and source files | Pattern-based replacements where AST parsing is unnecessary | -| XML | Dependency manifests, config | XML configuration files and dependency declarations | +| Strategy | Target | Use Case | +|---|---|---| +| LibCST | Python source files | AST-level transformations (function calls, imports, class definitions) | +| Regex | Config and source files | Pattern-based replacements where AST parsing is unnecessary | +| XML | Dependency manifests, config | XML configuration files and dependency declarations | A single codemod can combine strategies. For example, a PyYAML hardening codemod might use LibCST to change `yaml.load()` calls to `yaml.safe_load()` in source files while also updating a requirements file via regex. @@ -115,19 +122,38 @@ codemodder /path/to/project --codemod-include pixee:python/secure-random --outpu codemodder /path/to/project --path-exclude tests/ vendor/ --output results.json ``` -## Relationship to the Pixee Platform +## Open Source vs. Pixee Platform + +The open source engines and the commercial Pixee platform serve different needs. + +**Open source engines** provide deterministic codemods only. No AI, no triage, no scanner integration, no PR workflow. You run them locally or in CI/CD and get structured output describing every change. + +**The Pixee platform** builds on the open source engines and adds: + +- **AI-powered fixes** for vulnerability patterns that deterministic rules cannot reach (custom frameworks, multi-file dataflows, context-dependent sanitization) +- **Triage Automation** with false positive reduction via exploitability analysis +- **Native scanner integrations** — see [Integrations](/integrations/overview) for the full list +- **Pull request delivery** so developers review fixes through their existing code review process +- **Enterprise deployment** options including embedded cluster, Helm, and air-gapped environments + +The open source layer is the deterministic foundation. The platform adds intelligence, automation, and enterprise workflow on top. + +## Custom Codemods + +You can build custom codemods on the Codemodder framework for your organization's internal security patterns — internal framework wrappers, custom query builders, organization-specific coding standards. See the [Custom Codemods](/open-source/custom-codemods) tutorial for step-by-step instructions. + +## Contributing -Codemodder powers the deterministic remediation layer of the Pixee platform. The platform extends Codemodder with: +Contributions are welcome across all Codemodder repositories. New codemods have the highest impact — each one expands the number of vulnerability patterns the community can fix automatically. -- **AI-powered fixes** for patterns that deterministic rules cannot reach (custom framework wrappers, multi-file dataflows, context-dependent sanitization) -- **Triage Automation** -- false positive reduction before fixes are generated -- **Scanner integration** -- natively integrated scanners plus universal SARIF support -- **PR workflow** -- fixes delivered as pull requests through GitHub, GitLab, Azure DevOps, or Bitbucket +**How to contribute:** -Codemodder handles the known, well-understood vulnerability patterns. AI-powered fixes extend coverage to the long tail. Both produce fixes that pass through the same quality evaluation before reaching a developer. +1. Browse [`good first issue`](https://github.com/pixee/codemodder-java/labels/good%20first%20issue) tags in [codemodder-java](https://github.com/pixee/codemodder-java/issues) or [codemodder-python](https://github.com/pixee/codemodder-python/issues) +2. Open an issue describing your proposed codemod before writing code — this ensures alignment on approach +3. Fork, branch (`feat/codemod-name`), implement, and add before/after test fixtures +4. Run the full test suite (`./gradlew test` for Java, `pytest` for Python) and verify output against a sample repository +5. Submit a pull request referencing the issue, with sample before/after code -## Next Steps +**Quality standards:** Before/after test fixtures are required for every codemod. Codemods must be deterministic — no external API calls, no network dependencies, no randomness. One codemod per PR. -- **Build your own codemod:** The [Custom Codemods](/open-source/custom-codemods) tutorial walks through building a codemod from scratch -- **Contribute to the project:** See the [Contributing](/open-source/contributing) guide for community participation -- **Explore the full platform:** The Pixee platform adds AI-powered remediation and triage on top of Codemodder — [learn how fix generation works](/platform/remediation) +All contributions are submitted under Apache 2.0. Contributors are credited in release notes. See the CONTRIBUTING.md in each repository for the full workflow. diff --git a/docs/open-source/contributing.md b/docs/open-source/contributing.md deleted file mode 100644 index 13f6b0b4..00000000 --- a/docs/open-source/contributing.md +++ /dev/null @@ -1,127 +0,0 @@ ---- -title: Contributing to Pixee Open Source -slug: /open-source/contributing -track: dev -content_type: guide -seo_title: Contributing -- Pixee Docs -description: Contribution guide for codemodder-java, codemodder-python, and related Pixee open source projects. -sidebar_position: 4 ---- - -# Contributing to Pixee Open Source - -Pixee's core remediation engine is built on open source. You can contribute codemods (deterministic security fix rules), report bugs, improve documentation, or propose new detection patterns. Contributions go to the Codemodder repositories -- [codemodder-java](https://github.com/pixee/codemodder-java) and [codemodder-python](https://github.com/pixee/codemodder-python) -- under Apache 2.0 license. This guide covers the contribution workflow, quality standards, and community guidelines. - -## What You Can Contribute - -| Contribution Type | Repositories | Impact | -| ----------------- | ---------------------------------- | ------------------------------------------------------------- | -| **New codemods** | codemodder-java, codemodder-python | Expands automated fix coverage for a vulnerability pattern | -| **Bug fixes** | Any Pixee open source repo | Fixes issues in existing codemods or framework code | -| **Documentation** | Any Pixee open source repo | Improves README, API docs, or usage examples | -| **Test cases** | codemodder-java, codemodder-python | Adds edge case coverage to existing codemods | -| **Issue reports** | Any Pixee open source repo | Identifies bugs, suggests improvements, requests new codemods | - -New codemod contributions have the highest impact. Each new codemod directly expands the number of vulnerability patterns that Codemodder can fix automatically. If you want to build a full codemod, start with the [Custom Codemods](/open-source/custom-codemods) tutorial. - -## Contribution Workflow - -### Step 1: Find or Create an Issue - -Browse open issues in [codemodder-java](https://github.com/pixee/codemodder-java/issues) or [codemodder-python](https://github.com/pixee/codemodder-python/issues). Issues tagged **`good first issue`** are specifically scoped for new contributors. Issues tagged **`help wanted`** are ready for community pickup. - -If you want to contribute a new codemod, open an issue first describing the vulnerability pattern and your proposed fix. Discuss the approach before writing code. This saves time and ensures your contribution aligns with the project direction. - -### Step 2: Fork and Branch - -Fork the repository to your GitHub account and create a feature branch from `main`: - -```bash -git clone https://github.com/YOUR-USERNAME/codemodder-java.git -cd codemodder-java -git checkout -b feat/my-new-codemod -``` - -Follow the branch naming convention: - -- `feat/codemod-name` for new codemods -- `fix/issue-number` for bug fixes -- `docs/description` for documentation improvements - -### Step 3: Implement - -For new codemods, follow the [Codemodder](/open-source/codemodder) framework patterns. The [Custom Codemods](/open-source/custom-codemods) page has step-by-step build instructions for both Java and Python. - -For bug fixes, include a test that reproduces the bug before your fix and passes after it. - -For documentation, follow the existing style and structure in the repository. - -### Step 4: Test - -Add before/after test fixtures for new codemods and run the full test suite locally: - -```bash -# Java -./gradlew test - -# Python -pytest -``` - -Verify that your changes produce a correct structured report by running the codemod against a sample repository. - -### Step 5: Submit a Pull Request - -Push your branch and open a pull request against `main`: - -- Reference the issue number in the PR description -- Describe what the change does and why -- Include sample before/after code if submitting a new codemod -- Ensure CI checks pass - -### Step 6: Review and Merge - -Pixee maintainers review contributions for code quality, security correctness, and test coverage. Address review feedback promptly. Once approved, maintainers merge the PR. - -Security-sensitive contributions receive additional review from the Pixee security team. This is normal and ensures the fix rules meet the same quality bar as all existing codemods. - -## Quality Standards - -Every contribution must meet these standards: - -- **Before/after test fixtures are required** for every codemod. No exceptions. -- **Test coverage must include:** the primary vulnerable pattern, at least one code style variation, and at least one edge case. -- **Codemods must be deterministic.** Same input produces the same output every time. No external API calls, no network dependencies, no randomness in codemod execution. -- **Follow existing code style.** CI linters enforce formatting and conventions automatically. -- **One codemod or fix per PR.** Keep pull requests focused. Multiple unrelated changes in a single PR slow down review. - -## Community Guidelines - -**Code of Conduct.** All contributors are expected to engage respectfully and constructively. Review the CODE_OF_CONDUCT.md in each repository. - -**Issue etiquette.** Search existing issues before opening a new one. When reporting bugs, provide reproduction steps, the codemod involved, and the engine's output report if applicable. - -**PR etiquette.** Keep PRs focused. Respond to review feedback. If a maintainer requests changes, address them or explain your reasoning -- both are fine. - -**Communication channels:** - -- **GitHub Issues** for bugs, feature requests, and codemod proposals -- **GitHub Discussions** for questions, ideas, and general conversation - -**License.** All contributions are submitted under Apache 2.0, the same license as the project. - -## Recognition - -Contributors are credited in release notes when their changes ship. Significant contributors are listed in the project's CONTRIBUTORS file. Particularly impactful codemod contributions may be highlighted in Pixee community updates. - -## Where to Start - -If this is your first contribution to Pixee: - -1. **Browse [`good first issue`](https://github.com/pixee/codemodder-java/labels/good%20first%20issue) tags** in either repository -2. **Read the [Codemodder](/open-source/codemodder) page** to understand the framework architecture -3. **Walk through the [Custom Codemods](/open-source/custom-codemods) tutorial** to see how codemods are built and tested -4. **Pick an issue, discuss it, and submit a PR** -- the maintainers are here to help - -Every codemod contributed expands the number of vulnerabilities the community can fix automatically. Your contribution matters. - diff --git a/docs/open-source/custom-codemods.md b/docs/open-source/custom-codemods.md index 5468fb73..2d30b0ca 100644 --- a/docs/open-source/custom-codemods.md +++ b/docs/open-source/custom-codemods.md @@ -219,5 +219,5 @@ codemodder $WORKSPACE --codemod-include pixee:python/safe-yaml-load --output res **Sharing across teams.** Package custom codemods as a separate module that depends on the Codemodder framework. Teams can pull your codemod package alongside the core engine. -**Contributing upstream.** If your codemod addresses a general vulnerability pattern, consider [contributing it back](/open-source/contributing) to the open source repositories so the broader community benefits. +**Contributing upstream.** If your codemod addresses a general vulnerability pattern, consider [contributing it back](/open-source/codemodder#contributing) to the open source repositories so the broader community benefits. diff --git a/docs/open-source/oss-overview.md b/docs/open-source/oss-overview.md deleted file mode 100644 index 829d3036..00000000 --- a/docs/open-source/oss-overview.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: Open Source Overview -slug: /open-source/overview -track: dev -content_type: guide -seo_title: Open Source Overview -- Pixee Docs -description: "Pixee open source projects: codemodder-java, codemodder-python, and the Codemodder framework for security-focused code transformations." -sidebar_position: 1 ---- - -# Open Source Overview - -Pixee maintains several open source projects that form the foundation of its deterministic remediation engine. The [Codemodder](/open-source/codemodder) framework provides language-specific engines for building security-focused code transformations. [codemodder-java](https://github.com/pixee/codemodder-java) and [codemodder-python](https://github.com/pixee/codemodder-python) are publicly inspectable on GitHub. These open source engines let customers and auditors review fix rules before trusting automated remediation in their codebase. - -## Why Open Source Matters for Security Remediation - -Automated code changes demand trust. When a tool modifies your source files, you need to know exactly what it does and why. Open source engines provide that transparency in a way that proprietary black-box tools cannot. - -**Trust through transparency.** Every deterministic codemod in Pixee's open source repositories is readable. Security teams and auditors can inspect the exact transformation rules that will be applied to their code. If a codemod parameterizes SQL queries or hardens deserialization, the logic is right there in the repository. - -**Community validation.** Open source codemods benefit from review and contribution by security engineers outside Pixee. Bugs get found faster. Edge cases get covered. The fix rules improve over time because more eyes are on the code. - -**Extensibility.** Organizations can build [custom codemods](/open-source/custom-codemods) on the Codemodder framework for their own internal security patterns. The framework is designed for extension, not just consumption. - -## Pixee Open Source Projects - -| Project | Language | Description | -| ---------------------------------------------------------------- | -------------- | ------------------------------------------------------------------------------- | -| [codemodder-java](https://github.com/pixee/codemodder-java) | Java | Java codemod engine with AST transformations via ParseAndGo | -| [codemodder-python](https://github.com/pixee/codemodder-python) | Python | Python codemod engine with LibCST, regex, and XML transformers | -| [Codemodder framework](https://github.com/pixee/codemodder-spec) | Multi-language | Core specification and framework for building language-specific codemod engines | - -All projects are licensed under Apache 2.0. - -## Open Source vs. Pixee Platform - -The open source engines and the commercial Pixee platform serve different needs. Understanding the boundary helps you choose the right tool. - -**Open source engines** provide deterministic codemods only. No AI, no triage, no scanner integration, no PR workflow. You run them locally or in CI/CD against your codebase and get structured output describing every change. - -**The Pixee platform** builds on the open source engines and adds: - -- **AI-powered fixes** for vulnerability patterns that deterministic rules cannot reach (custom frameworks, multi-file dataflows, context-dependent sanitization) -- **Triage Automation** with false positive reduction via exploitability analysis -- **12 native scanner integrations** that ingest findings from Semgrep, CodeQL, Sonar, Snyk, and others -- **Pull request delivery** so developers review fixes through their existing code review process -- **Enterprise deployment** options including embedded cluster, Helm, and air-gapped environments - -The open source layer is the deterministic foundation. The platform adds intelligence, automation, and enterprise workflow on top. - -## Getting Started with Open Source - -To run the open source codemod engines locally: - -**Java:** - -```bash -# Clone the repository -git clone https://github.com/pixee/codemodder-java.git - -# Build and run against your project -./gradlew run --args="--source /path/to/your/project --output results.json" -``` - -**Python:** - -```bash -# Install from PyPI -pip install codemodder - -# Run against your project -codemodder /path/to/your/project --output results.json -``` - -The engines produce a structured JSON report describing every transformation applied, what changed, and why. - -From here: - -- Read the [Codemodder](/open-source/codemodder) page for architecture details and the full codemod catalog -- Build your own security rules with the [Custom Codemods](/open-source/custom-codemods) tutorial -- Join the community through our [Contributing](/open-source/contributing) guide - -## License - -All Pixee open source projects are released under the **Apache License 2.0**. You can use, modify, and distribute the code in both open source and commercial projects. Contributions are accepted under the same license. - ---- - diff --git a/docusaurus.config.js b/docusaurus.config.js index 9bd531a1..689ea20b 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -75,7 +75,9 @@ const config = { { from: "/installing", to: "/" }, { from: "/faqs", to: "/faq/general" }, { from: "/languages", to: "/languages/overview" }, - { from: "/open-pixee", to: "/open-source/overview" }, + { from: "/open-pixee", to: "/open-source/codemodder" }, + { from: "/open-source/overview", to: "/open-source/codemodder" }, + { from: "/open-source/contributing", to: "/open-source/codemodder" }, { from: "/running_on_public_github_repos", to: "/getting-started/source-control", From a8b2cca9bbe65e6f09ed3ea0b1104a9a9794e6ef Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 21:38:47 -0700 Subject: [PATCH 14/20] docs: add Arnica and Datadog SAST scanner pages; expand dashboard docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add integrations/scanners/arnica.md — native SAST integration page - Add integrations/scanners/datadog-sast.md — native SAST integration page - Add both to integrations overview coverage matrix - Expand Dashboard section in operations-config.md with primary views table (Overview, Findings, Pull Requests, Repositories, Reports) and Scanner filter Co-Authored-By: Claude Sonnet 4.6 --- docs/configuration/operations-config.md | 27 +++++++++++----- docs/integrations/integrations-overview.md | 2 ++ docs/integrations/scanners/arnica.md | 37 ++++++++++++++++++++++ docs/integrations/scanners/datadog-sast.md | 37 ++++++++++++++++++++++ 4 files changed, 95 insertions(+), 8 deletions(-) create mode 100644 docs/integrations/scanners/arnica.md create mode 100644 docs/integrations/scanners/datadog-sast.md diff --git a/docs/configuration/operations-config.md b/docs/configuration/operations-config.md index 7717c5b6..d7d5eee4 100644 --- a/docs/configuration/operations-config.md +++ b/docs/configuration/operations-config.md @@ -170,18 +170,29 @@ Pixee tracks every triage decision and remediation outcome, giving your team vis ### Dashboard -The Pixee dashboard provides real-time visibility into triage and remediation activity across your organization. +The Pixee dashboard provides real-time visibility into triage and remediation activity across your organization. It is the primary interface for security leads monitoring program health and for developers tracking fix status. + +**Primary views:** + +| View | What It Shows | +|---|---| +| **Overview** | Organization-wide summary: total findings triaged, true positive rate, open PRs, merged PRs, and remediation velocity. Entry point for daily monitoring. | +| **Findings** | All findings across connected repositories, filterable by status (triaged, awaiting fix, fixed), severity, scanner, language, and repository. Click any finding for the full triage verdict and evidence trail. | +| **Pull Requests** | All Pixee-generated PRs across repositories — open, merged, and closed. Shows PR status, fix type (deterministic or AI), quality scores, and time since creation. | +| **Repositories** | Per-repository status: last scan time, finding count, triage coverage, and PR activity. Shows which repositories are active and which have pending configuration. | +| **Reports** | Access to metric summaries, trend charts, and export controls. See [Exporting Data](#exporting-data) below. | **Filtering options:** -| Filter | Options | -| ---------- | -------------------------------------------------- | -| Repository | Single repo, multiple repos, or all repos | -| Time range | Last 7 days, 30 days, 90 days, custom range | -| Severity | Critical, High, Medium, Low | -| Language | Java, Python, JavaScript/TypeScript, .NET, Go, PHP | +| Filter | Options | +|---|---| +| Repository | Single repo, multiple repos, or all repos | +| Time range | Last 7 days, 30 days, 90 days, custom range | +| Severity | Critical, High, Medium, Low | +| Language | Java, Python, JavaScript/TypeScript, .NET, Go, PHP | +| Scanner | Filter by the source scanner for a finding or PR | -**Trend views** show how metrics change over time. Track merge rate improvement as your team builds confidence, watch triage volume decrease as false positives are eliminated, and monitor remediation velocity across releases. +**Trend views** show how metrics change over time — track merge rate improvement as your team builds confidence in automated fixes, watch triage volume shift as false positives are eliminated, and monitor remediation velocity across release cycles. Trend data is available for any custom time range and can be exported for compliance reporting or executive review. ### Exporting Data diff --git a/docs/integrations/integrations-overview.md b/docs/integrations/integrations-overview.md index f2d55fce..82efdb41 100644 --- a/docs/integrations/integrations-overview.md +++ b/docs/integrations/integrations-overview.md @@ -44,6 +44,8 @@ Pixee provides a growing list of named scanner integrations plus universal SARIF | [GitLab SAST](/integrations/scanners/gitlab-sast) | Native | SAST | Yes | Yes | GitLab API | | [GitLab SCA (Dependency Scanning)](/integrations/scanners/gitlab-sca) | Native | SCA | Yes | Yes | GitLab API | | [Trivy](/integrations/scanners/trivy) | Native | SAST, SCA, IaC | Yes | Yes | SARIF | +| [Arnica](/integrations/scanners/arnica) | Native | SAST | Yes | Yes | SARIF | +| [Datadog SAST](/integrations/scanners/datadog-sast) | Native | SAST | Yes | Yes | SARIF | | [DefectDojo](/integrations/scanners/defectdojo) | Aggregator | Aggregated | Yes | Yes | SARIF | | [Any SARIF-producing scanner](/integrations/sarif-universal) | Universal | Varies | Yes | Yes | SARIF | diff --git a/docs/integrations/scanners/arnica.md b/docs/integrations/scanners/arnica.md new file mode 100644 index 00000000..cc655fe8 --- /dev/null +++ b/docs/integrations/scanners/arnica.md @@ -0,0 +1,37 @@ +--- +title: Arnica Integration +slug: /integrations/scanners/arnica +track: both +content_type: guide +seo_title: Arnica Integration with Pixee +description: Pixee integration with Arnica for automated triage and remediation of SAST findings. +sidebar_position: 15 +--- + +# Arnica Integration + +Pixee integrates with Arnica to triage SAST findings and deliver remediation as pull requests. Arnica's continuous security scanning surfaces code vulnerabilities across your repositories; Pixee adds the triage layer to separate exploitable findings from noise, and the remediation layer to deliver validated fixes. + +## How Pixee Enhances Arnica + +### Triage + +Arnica findings flow through Pixee's triage pipeline, which classifies each finding as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX with code-level justification. The triage engine investigates the actual codebase — checking dataflow, security controls, and context — rather than relying on the rule match alone. + +Each classification includes a structured justification suitable for audit documentation. Security teams can review triage decisions, not just raw scanner output. + +### Remediation + +Confirmed vulnerabilities receive automated code fixes delivered as pull requests. Pixee generates fixes using deterministic codemods for known vulnerability patterns and AI-powered fixes for complex or codebase-specific cases. + +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). + +## Setup + +1. **Connect your code repository to Pixee** via the appropriate platform integration — see [Connect Source Control](/getting-started/source-control) for GitHub, GitLab, Azure DevOps, and Bitbucket. +2. **Configure Arnica to export findings in SARIF format** and deliver them to Pixee via the SARIF upload endpoint or CI/CD pipeline step. +3. **Review and merge** Pixee-generated PRs in your normal workflow. + +**Prerequisites:** Arnica configured for your repositories, Pixee connected to your SCM platform. + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. diff --git a/docs/integrations/scanners/datadog-sast.md b/docs/integrations/scanners/datadog-sast.md new file mode 100644 index 00000000..532dafe5 --- /dev/null +++ b/docs/integrations/scanners/datadog-sast.md @@ -0,0 +1,37 @@ +--- +title: Datadog SAST Integration +slug: /integrations/scanners/datadog-sast +track: both +content_type: guide +seo_title: Datadog SAST Integration with Pixee +description: Pixee integration with Datadog Static Analysis for automated triage and remediation of SAST findings. +sidebar_position: 16 +--- + +# Datadog SAST Integration + +Pixee integrates with Datadog Static Analysis to triage findings and deliver remediation as pull requests. Datadog's SAST scanning surfaces code-level security issues alongside your observability data; Pixee adds triage to separate exploitable vulnerabilities from noise and remediation to deliver validated fixes as PRs. + +## How Pixee Enhances Datadog SAST + +### Triage + +Datadog Static Analysis findings flow through Pixee's triage pipeline, which classifies each finding as TRUE_POSITIVE, FALSE_POSITIVE, or WONT_FIX with code-level justification. The triage engine investigates the actual codebase — evaluating dataflow, security controls, and surrounding context — rather than relying on the rule match alone. + +Teams running Datadog for observability and security in a unified platform can use Pixee to close the loop from finding detection to validated fix — without leaving the pull request workflow. + +### Remediation + +Confirmed vulnerabilities receive automated code fixes delivered as pull requests. Pixee generates fixes using deterministic codemods for known vulnerability patterns and AI-powered fixes for complex or codebase-specific cases. + +For the full list of vulnerability types Pixee triages and fixes, see [What Pixee Fixes](/platform/what-pixee-fixes). + +## Setup + +1. **Connect your code repository to Pixee** via the appropriate platform integration — see [Connect Source Control](/getting-started/source-control) for GitHub, GitLab, Azure DevOps, and Bitbucket. +2. **Configure Datadog Static Analysis to export SARIF output** and deliver it to Pixee via the SARIF upload endpoint or CI/CD pipeline step. +3. **Review and merge** Pixee-generated PRs in your normal workflow. + +**Prerequisites:** Datadog Static Analysis configured for your repositories, Pixee connected to your SCM platform. + +See [Integrations Overview](/integrations/overview) for the full scanner coverage matrix. From f6cece38d2758cde9c61d99733cd8bb0cf0eaf5f Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 21:40:03 -0700 Subject: [PATCH 15/20] docs: add Arnica and Datadog SAST to all explicit scanner name lists MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - faq.md: add to native scanner list - platform/architecture.md: add to native handler list - platform/remediation.md: update count 13 → 15, add names to table Co-Authored-By: Claude Sonnet 4.6 --- docs/faq/faq.md | 2 +- docs/platform/architecture.md | 2 +- docs/platform/remediation.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/faq/faq.md b/docs/faq/faq.md index ee938d7b..e35b3f55 100644 --- a/docs/faq/faq.md +++ b/docs/faq/faq.md @@ -26,7 +26,7 @@ A codemod is a deterministic code transformation rule that rewrites source code ### What scanners does Pixee work with? -Pixee integrates natively with a growing list of scanners including CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, and Trivy. Any scanner that produces SARIF output can also connect through the Universal SARIF integration — over 50 additional scanners validated. You do not need to change your detection stack. +Pixee integrates natively with a growing list of scanners including CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy, Arnica, and Datadog SAST. Any scanner that produces SARIF output can also connect through the Universal SARIF integration — over 50 additional scanners validated. You do not need to change your detection stack. ### Does Pixee replace my existing scanners? diff --git a/docs/platform/architecture.md b/docs/platform/architecture.md index b1c158a0..5492766c 100644 --- a/docs/platform/architecture.md +++ b/docs/platform/architecture.md @@ -30,7 +30,7 @@ SAST and SCA findings both flow through this same pipeline. There is no separate Findings arrive from natively integrated scanners or any SARIF-producing tool: -**Native integrations with dedicated handlers:** CodeQL (GitHub Advanced Security), SonarQube/SonarCloud, Checkmarx, Veracode, Snyk Code, Semgrep, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, and Trivy. +**Native integrations with dedicated handlers:** CodeQL (GitHub Advanced Security), SonarQube/SonarCloud, Checkmarx, Veracode, Snyk Code, Semgrep, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy, Arnica, and Datadog SAST. Each native integration has a tool-specific handler that extracts maximum metadata from the scanner's output format. CodeQL findings include codeFlows and help documentation. Semgrep findings carry full rule descriptions. Metadata-poor tools like Checkmarx use rule-ID-based strategies to compensate for sparse SARIF output. diff --git a/docs/platform/remediation.md b/docs/platform/remediation.md index 3cdcbd19..115aecc3 100644 --- a/docs/platform/remediation.md +++ b/docs/platform/remediation.md @@ -83,7 +83,7 @@ Standard `git revert` applies if any merged change needs to be undone. There is | Coverage Type | Details | |---|---| | **Languages** | Java, Python, JavaScript/TypeScript, .NET/C#, Go, Ruby, PHP, Kotlin, Rust, Scala, Swift + IaC (Terraform, Dockerfile, K8s/Helm, CloudFormation) | -| **Native scanner integrations** | 13 (CodeQL, SonarQube, Checkmarx, Veracode, Snyk Code, Semgrep, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy) | +| **Native scanner integrations** | 15 (CodeQL, SonarQube, Checkmarx, Veracode, Snyk Code, Semgrep, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy, Arnica, Datadog SAST) | | **Universal SARIF** | Any SARIF-producing scanner (50+ validated) | | **Platforms** | GitHub, GitLab, Azure DevOps, Bitbucket | From 2c6662d82ba16c5987b6555a9fc8f8ea5045bda9 Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 21:41:17 -0700 Subject: [PATCH 16/20] fix: update open-source _category_.json to point to codemodder (not deleted oss-overview) Co-Authored-By: Claude Sonnet 4.6 --- docs/open-source/_category_.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/open-source/_category_.json b/docs/open-source/_category_.json index a490c685..58b02d3d 100644 --- a/docs/open-source/_category_.json +++ b/docs/open-source/_category_.json @@ -5,6 +5,6 @@ "collapsed": false, "link": { "type": "doc", - "id": "open-source/oss-overview" + "id": "open-source/codemodder" } } From 76985d7be91bf9ad6254320cb59f28cb4dad6cd4 Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 21:44:56 -0700 Subject: [PATCH 17/20] chore: run prettier --write to fix formatting across all docs Co-Authored-By: Claude Sonnet 4.6 --- docs/api/cli.md | 1 - docs/configuration/ai-settings.md | 9 +- docs/configuration/config-overview.md | 3 +- docs/configuration/operations-config.md | 29 +++---- docs/configuration/pixee-yaml.md | 1 - docs/configuration/repositories.md | 1 - docs/configuration/users.md | 1 - docs/enterprise/byom.md | 26 +++--- docs/enterprise/compliance.md | 2 +- docs/enterprise/deployment/air-gap.md | 1 - .../deployment/deployment-overview.md | 1 - .../enterprise/deployment/embedded-cluster.md | 1 - docs/enterprise/deployment/helm.md | 15 ++-- docs/enterprise/enterprise-overview.md | 1 - docs/enterprise/observability.md | 1 - docs/enterprise/phased-rollout.md | 1 - docs/enterprise/security-architecture.md | 1 - docs/enterprise/troubleshooting.md | 10 +-- docs/getting-started/first-fix.md | 18 ++-- docs/getting-started/getting-started.md | 20 ++--- docs/getting-started/source-control.md | 60 +++++++------ docs/integrations/ci-cd.md | 7 +- docs/integrations/integrations-overview.md | 5 +- docs/integrations/sarif-universal.md | 1 - docs/integrations/scms/github.md | 1 - docs/languages/languages-overview.md | 50 +++++------ docs/open-source/codemodder.md | 18 ++-- docs/open-source/custom-codemods.md | 1 - docs/platform/architecture.md | 9 +- docs/platform/context-memory.md | 13 +-- docs/platform/remediation.md | 28 +++--- docs/platform/sca.md | 44 +++++----- docs/platform/scanner-integration.md | 52 +++++------ docs/platform/security.md | 54 ++++++------ docs/platform/triage.md | 38 ++++---- .../what-is-agentic-security-engineering.md | 34 ++++---- docs/platform/what-pixee-fixes.md | 86 +++++++++---------- 37 files changed, 314 insertions(+), 330 deletions(-) diff --git a/docs/api/cli.md b/docs/api/cli.md index f986cd44..a7a90779 100644 --- a/docs/api/cli.md +++ b/docs/api/cli.md @@ -145,4 +145,3 @@ pixee workflow create new-scan --repo "$REPO" --tool codeql ... ``` The CLI does not run analysis or generate fixes — those happen on the platform, triggered by your SCM integration. See [CI/CD Integration](/integrations/ci-cd) for the end-to-end pipeline patterns. - diff --git a/docs/configuration/ai-settings.md b/docs/configuration/ai-settings.md index 68e8d71c..f84ad543 100644 --- a/docs/configuration/ai-settings.md +++ b/docs/configuration/ai-settings.md @@ -55,11 +55,11 @@ Triage accuracy depends on the quality of scanner input. Pixee integrates with a Remediation settings control how Pixee generates fixes. -| Setting | What It Controls | -| ----------------- | ----------------------------------------------------------------------------- | -| Fix categories | Which CWE categories receive automated fixes | +| Setting | What It Controls | +| ----------------- | ------------------------------------------------------------------------- | +| Fix categories | Which CWE categories receive automated fixes | | Fix mode | Whether a category uses deterministic codemods, AI-powered fixes, or both | -| Quality threshold | Minimum evaluation score a fix must meet before being presented as a PR | +| Quality threshold | Minimum evaluation score a fix must meet before being presented as a PR | ### The hybrid model @@ -89,4 +89,3 @@ Self-hosted Pixee deployments have additional AI configuration beyond the behavi - **Data flow controls.** Control what data reaches the LLM and through which network path. See [Enterprise > Security Architecture](/enterprise/security-architecture). These infrastructure-level settings are managed through the admin console or Helm values, not through the Pixee dashboard's AI settings page. - diff --git a/docs/configuration/config-overview.md b/docs/configuration/config-overview.md index 9b135095..2966d644 100644 --- a/docs/configuration/config-overview.md +++ b/docs/configuration/config-overview.md @@ -57,7 +57,7 @@ Use this table to jump to the right page for your configuration task. | Tune AI triage sensitivity | [AI Settings](/configuration/ai-settings) | | Control which finding categories get AI-powered fixes | [AI Settings](/configuration/ai-settings) | | Configure reporting exports or dashboards | [Reporting](/configuration/operations) | -| Export data for compliance audits | [Reporting](/configuration/operations) | +| Export data for compliance audits | [Reporting](/configuration/operations) | ## Getting Started with Configuration @@ -68,4 +68,3 @@ If you just installed Pixee, the recommended approach is: 3. **Ongoing: tune organization settings.** As you scale to more repositories, use the Pixee dashboard to set organization-wide policies for scheduling, notifications, and AI behavior. Enterprise self-hosted deployments have additional configuration surfaces for infrastructure (LLM providers, authentication, observability) managed through the admin console or Helm values. See [Enterprise > Deployment Options](/enterprise/deployment) for details. - diff --git a/docs/configuration/operations-config.md b/docs/configuration/operations-config.md index d7d5eee4..64a30a99 100644 --- a/docs/configuration/operations-config.md +++ b/docs/configuration/operations-config.md @@ -174,23 +174,23 @@ The Pixee dashboard provides real-time visibility into triage and remediation ac **Primary views:** -| View | What It Shows | -|---|---| -| **Overview** | Organization-wide summary: total findings triaged, true positive rate, open PRs, merged PRs, and remediation velocity. Entry point for daily monitoring. | -| **Findings** | All findings across connected repositories, filterable by status (triaged, awaiting fix, fixed), severity, scanner, language, and repository. Click any finding for the full triage verdict and evidence trail. | -| **Pull Requests** | All Pixee-generated PRs across repositories — open, merged, and closed. Shows PR status, fix type (deterministic or AI), quality scores, and time since creation. | -| **Repositories** | Per-repository status: last scan time, finding count, triage coverage, and PR activity. Shows which repositories are active and which have pending configuration. | -| **Reports** | Access to metric summaries, trend charts, and export controls. See [Exporting Data](#exporting-data) below. | +| View | What It Shows | +| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Overview** | Organization-wide summary: total findings triaged, true positive rate, open PRs, merged PRs, and remediation velocity. Entry point for daily monitoring. | +| **Findings** | All findings across connected repositories, filterable by status (triaged, awaiting fix, fixed), severity, scanner, language, and repository. Click any finding for the full triage verdict and evidence trail. | +| **Pull Requests** | All Pixee-generated PRs across repositories — open, merged, and closed. Shows PR status, fix type (deterministic or AI), quality scores, and time since creation. | +| **Repositories** | Per-repository status: last scan time, finding count, triage coverage, and PR activity. Shows which repositories are active and which have pending configuration. | +| **Reports** | Access to metric summaries, trend charts, and export controls. See [Exporting Data](#exporting-data) below. | **Filtering options:** -| Filter | Options | -|---|---| -| Repository | Single repo, multiple repos, or all repos | -| Time range | Last 7 days, 30 days, 90 days, custom range | -| Severity | Critical, High, Medium, Low | -| Language | Java, Python, JavaScript/TypeScript, .NET, Go, PHP | -| Scanner | Filter by the source scanner for a finding or PR | +| Filter | Options | +| ---------- | -------------------------------------------------- | +| Repository | Single repo, multiple repos, or all repos | +| Time range | Last 7 days, 30 days, 90 days, custom range | +| Severity | Critical, High, Medium, Low | +| Language | Java, Python, JavaScript/TypeScript, .NET, Go, PHP | +| Scanner | Filter by the source scanner for a finding or PR | **Trend views** show how metrics change over time — track merge rate improvement as your team builds confidence in automated fixes, watch triage volume shift as false positives are eliminated, and monitor remediation velocity across release cycles. Trend data is available for any custom time range and can be exported for compliance reporting or executive review. @@ -220,4 +220,3 @@ For custom reporting, use the Pixee API to query triage and remediation data pro Self-hosted Pixee deployments include a bundled observability stack with metrics, logs, traces, and dashboards. Enterprise reporting data feeds into this stack, giving SRE teams visibility into both application-level metrics (triage volume, fix quality) and infrastructure-level metrics (analysis duration, queue depth). For full observability configuration, see [Enterprise > Observability](/enterprise/observability). - diff --git a/docs/configuration/pixee-yaml.md b/docs/configuration/pixee-yaml.md index 710f67fd..bce403d2 100644 --- a/docs/configuration/pixee-yaml.md +++ b/docs/configuration/pixee-yaml.md @@ -253,4 +253,3 @@ Check the Pixee dashboard for your repository. The configuration status indicate | Exclusions not working | Incorrect glob pattern | Test patterns locally; remember `**` matches across directories | | Codemod still running after disabling | Codemod name typo | Verify the exact codemod identifier in the Pixee dashboard | | Labels not appearing on PRs | SCM permissions | Ensure the Pixee integration has permission to apply labels | - diff --git a/docs/configuration/repositories.md b/docs/configuration/repositories.md index 8b1267de..0fa8101a 100644 --- a/docs/configuration/repositories.md +++ b/docs/configuration/repositories.md @@ -97,4 +97,3 @@ A single Pixee deployment supports repositories from multiple SCM platforms simu Cross-platform visibility means your security team sees triage results and fix activity across every connected repository, regardless of which SCM hosts it. Enterprise self-hosted deployments have the same multi-SCM support. See [Enterprise > Deployment Options](/enterprise/deployment) for infrastructure details. - diff --git a/docs/configuration/users.md b/docs/configuration/users.md index 41f16c75..17dfaf1a 100644 --- a/docs/configuration/users.md +++ b/docs/configuration/users.md @@ -69,4 +69,3 @@ SSO maps your identity provider's user accounts to Pixee roles. When a user auth Enterprise self-hosted deployments also support embedded OIDC (via Authentik running in-cluster), which federates to your upstream corporate identity provider. This means SSO works even when Pixee runs inside your infrastructure with no external IdP dependency. For full SSO configuration details on self-hosted deployments, see [Enterprise > Security Architecture](/enterprise/security-architecture). - diff --git a/docs/enterprise/byom.md b/docs/enterprise/byom.md index 8c60e7f1..884a82ce 100644 --- a/docs/enterprise/byom.md +++ b/docs/enterprise/byom.md @@ -12,14 +12,14 @@ Pixee lets you choose your LLM provider instead of locking you into a single ven ## Supported Providers -| Provider | Description | -|---|---| -| **OpenAI** | Direct OpenAI API | -| **Anthropic** | Direct Anthropic API with Anthropic-optimized prompts | -| **Azure AI Foundry** | Azure-hosted models in customer's Azure tenant (OpenAI and Anthropic models available) | -| **AWS Bedrock** | AWS-hosted model marketplace in customer's AWS account | -| **Google Cloud Vertex AI** | Google Cloud-hosted model platform | -| **Oracle Cloud OCI Generative AI** | Oracle Cloud-hosted generative AI service | +| Provider | Description | +| ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | +| **OpenAI** | Direct OpenAI API | +| **Anthropic** | Direct Anthropic API with Anthropic-optimized prompts | +| **Azure AI Foundry** | Azure-hosted models in customer's Azure tenant (OpenAI and Anthropic models available) | +| **AWS Bedrock** | AWS-hosted model marketplace in customer's AWS account | +| **Google Cloud Vertex AI** | Google Cloud-hosted model platform | +| **Oracle Cloud OCI Generative AI** | Oracle Cloud-hosted generative AI service | | **Any OpenAI-compatible endpoint** | Self-hosted, private, or custom API gateway — covers air-gapped deployments, self-hosted models, and enterprise API gateways | **Custom endpoint support** allows routing through enterprise API gateways. Custom header name/value pairs handle gateway authentication, so Pixee fits into your existing API management infrastructure. @@ -72,12 +72,12 @@ Contact your account team for guidance on model-to-task assignment for your depl Bring Your Own Model is not just a technical feature — it is a governance feature. -| Control | Detail | -|---|---| -| **Key ownership** | Customer owns all API keys. Pixee never stores or accesses customer LLM credentials. | -| **Traffic routing** | All LLM traffic routes through the customer's account. Pixee does not proxy LLM calls for self-hosted deployments. | +| Control | Detail | +| ------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | +| **Key ownership** | Customer owns all API keys. Pixee never stores or accesses customer LLM credentials. | +| **Traffic routing** | All LLM traffic routes through the customer's account. Pixee does not proxy LLM calls for self-hosted deployments. | | **Cost visibility** | LLM usage appears on the customer's standard cloud billing. No hidden costs or Pixee-side LLM charges for self-hosted deployments. | -| **Audit trail** | Every triage decision includes the LLM justification. Auditors can see what the model was asked and what it answered. | +| **Audit trail** | Every triage decision includes the LLM justification. Auditors can see what the model was asked and what it answered. | For full data flow details and credential handling, see [Security Architecture](/enterprise/security-architecture). diff --git a/docs/enterprise/compliance.md b/docs/enterprise/compliance.md index dbbfcacc..6a0d53d9 100644 --- a/docs/enterprise/compliance.md +++ b/docs/enterprise/compliance.md @@ -32,7 +32,7 @@ The table below maps Pixee capabilities to specific controls in six compliance f | **HIPAA** | 164.312(a)(1) access control, 164.312(c)(1) integrity controls, 164.312(d) authentication | Self-hosted deployment keeps PHI-adjacent data in customer network. SSO integration. Audit trail for all triage and remediation actions. PR workflow preserves change integrity. | | **FedRAMP** | AC-2 (account management), AU-2 (auditable events), CM-3 (configuration change control) | Air-gapped deployment with no source code leaving the network. Comprehensive audit event logging. Configuration changes documented through PR workflow. | | **PCI-DSS** | 6.3 (secure development), 6.5 (common vulnerability remediation), 10.2 (audit trails) | Automated vulnerability remediation with full audit evidence. Triage decisions provide evidence for vulnerability management requirements. PR history for change documentation. | -| **NIST 800-53** | RA-5 (vulnerability monitoring and scanning), SA-11 (developer testing), SI-2 (flaw remediation) | Automated triage with classification evidence. Remediation with traceable fixes. Continuous monitoring via native scanner integrations and triage automation. | +| **NIST 800-53** | RA-5 (vulnerability monitoring and scanning), SA-11 (developer testing), SI-2 (flaw remediation) | Automated triage with classification evidence. Remediation with traceable fixes. Continuous monitoring via native scanner integrations and triage automation. | | **ISO 27001** | A.12.6.1 (management of technical vulnerabilities), A.14.2.2 (system change control) | Vulnerability management automation with audit evidence. Change control integration through PR workflow. Exportable records for audit review. | | **OCC 2013-29** (Third-Party Risk) | Third-party risk management, vendor due diligence, ongoing monitoring | Pixee supports vendor risk assessment via documented security controls, data classification, and audit trail. Self-hosted deployment keeps all data within customer network. | | **FFIEC IT Examination Handbook** | Outsourced Technology Services examination procedures | Audit trail for vulnerability management lifecycle maps to examination procedures. Event-sourced triage decisions provide examiner-ready evidence. | diff --git a/docs/enterprise/deployment/air-gap.md b/docs/enterprise/deployment/air-gap.md index caf7fb7b..4016cf21 100644 --- a/docs/enterprise/deployment/air-gap.md +++ b/docs/enterprise/deployment/air-gap.md @@ -85,4 +85,3 @@ All three contexts share the same technical deployment. The difference is in the ## Installation Air-gapped installation follows the same Helm deployment process with additional configuration for container image transfer to a local registry, private LLM endpoint settings, proxy configuration, and CA certificates. Preflight checks validate LLM endpoint connectivity and license server access before the first analysis runs. For the current installation procedure and common issues, see the [deployment guide](https://app.pixee.ai/docs/deploy) and [Enterprise Troubleshooting](/enterprise/troubleshooting). - diff --git a/docs/enterprise/deployment/deployment-overview.md b/docs/enterprise/deployment/deployment-overview.md index f270bf8d..7bede35b 100644 --- a/docs/enterprise/deployment/deployment-overview.md +++ b/docs/enterprise/deployment/deployment-overview.md @@ -136,4 +136,3 @@ Use this decision tree to narrow down your model: | Large | 500+ | 32+ vCPU, 128+ GB RAM, 500+ GB SSD | Helm / BYO K8s (multi-node) | These are starting recommendations. Actual resource requirements depend on finding volume, concurrent analysis workload, and LLM inference latency. Contact Pixee solutions engineering for sizing guidance on large deployments. - diff --git a/docs/enterprise/deployment/embedded-cluster.md b/docs/enterprise/deployment/embedded-cluster.md index d2f7e191..4be55186 100644 --- a/docs/enterprise/deployment/embedded-cluster.md +++ b/docs/enterprise/deployment/embedded-cluster.md @@ -97,4 +97,3 @@ The embedded cluster is the right choice for most organizations without existing - Your platform engineering team prefers Helm-managed deployments and wants to integrate Pixee into existing cluster operations Both deployment models deliver the same triage and remediation capabilities. The choice is about infrastructure preference, not product functionality. - diff --git a/docs/enterprise/deployment/helm.md b/docs/enterprise/deployment/helm.md index e2040743..5acb3e3b 100644 --- a/docs/enterprise/deployment/helm.md +++ b/docs/enterprise/deployment/helm.md @@ -22,14 +22,14 @@ Compared to legacy on-premises AppSec products that ship as VM images, a native ## Prerequisites -| Requirement | Specification | -| -------------- | --------------------------------------- | +| Requirement | Specification | +| -------------- | ----------------------------------------------- | | **Kubernetes** | EKS, GKE, AKS, or self-managed (current stable) | -| **CPU** | 8+ vCPU | -| **RAM** | 32+ GB | -| **Storage** | 100 GB+ SSD/NVMe | -| **Helm CLI** | Current stable version | -| **Network** | Port 443 (HTTPS) | +| **CPU** | 8+ vCPU | +| **RAM** | 32+ GB | +| **Storage** | 100 GB+ SSD/NVMe | +| **Helm CLI** | Current stable version | +| **Network** | Port 443 (HTTPS) | **Namespace isolation.** Pixee runs in a dedicated namespace. The Helm chart does not require cluster-admin privileges for day-to-day operation. Installation requires namespace creation and secret management permissions. @@ -95,4 +95,3 @@ Pixee releases updates approximately every two weeks. Standard Helm upgrade work Approximately 25 releases have shipped in the last 6 months. The platform is actively maintained and improved on a rapid cadence. Review release notes before each upgrade to identify any breaking changes or new configuration options. Before upgrading, back up your current `values.yaml` file. If an upgrade introduces an issue, roll back to the previous Helm release using standard Helm rollback commands. - diff --git a/docs/enterprise/enterprise-overview.md b/docs/enterprise/enterprise-overview.md index 63b5af88..711ec115 100644 --- a/docs/enterprise/enterprise-overview.md +++ b/docs/enterprise/enterprise-overview.md @@ -72,4 +72,3 @@ See [Security & Trust](/platform/security) for production metrics on fix quality **Planning the rollout?** The [Phased Rollout Guide](/enterprise/phased-rollout) covers the single-repo-to-enterprise adoption path with decision gates at each phase. **Reviewing compliance requirements?** The [Compliance](/enterprise/compliance) page maps Pixee capabilities to SOC 2, HIPAA, FedRAMP, PCI-DSS, NIST 800-53, and ISO 27001. - diff --git a/docs/enterprise/observability.md b/docs/enterprise/observability.md index 732253db..323f31d8 100644 --- a/docs/enterprise/observability.md +++ b/docs/enterprise/observability.md @@ -66,4 +66,3 @@ Operational settings are configurable through the KOTS admin console (embedded c | **Support bundle configuration** | Log size and age limits for diagnostic bundle generation | For troubleshooting operational issues, see [Enterprise Troubleshooting](/enterprise/troubleshooting). - diff --git a/docs/enterprise/phased-rollout.md b/docs/enterprise/phased-rollout.md index 696a79eb..23cbef5a 100644 --- a/docs/enterprise/phased-rollout.md +++ b/docs/enterprise/phased-rollout.md @@ -165,4 +165,3 @@ severity: ``` Each business unit or team can use a different configuration during rollout. As confidence builds, adjust the severity threshold downward and remove directory exclusions. See [PIXEE.yaml Reference](/configuration/pixee-yaml) for the complete configuration reference. - diff --git a/docs/enterprise/security-architecture.md b/docs/enterprise/security-architecture.md index a9fea104..128a1938 100644 --- a/docs/enterprise/security-architecture.md +++ b/docs/enterprise/security-architecture.md @@ -167,4 +167,3 @@ Pixee retains the following data categories, each with distinct lifecycle contro **LLM interaction logs** (prompts and responses) are retained for audit and debugging purposes. Enterprise customers can configure the retention period to match their organization's data governance policies. **Data purge** follows standard Kubernetes PVC lifecycle. Customers control retention and deletion through their infrastructure configuration. For cloud SaaS deployments, data deletion requests are handled through standard support channels. - diff --git a/docs/enterprise/troubleshooting.md b/docs/enterprise/troubleshooting.md index 6b1d3535..85a4c0ca 100644 --- a/docs/enterprise/troubleshooting.md +++ b/docs/enterprise/troubleshooting.md @@ -26,12 +26,12 @@ For detailed setup procedures, see [Embedded Cluster](/enterprise/embedded-clust ## Scanner Connectivity -| Symptom | Likely Cause | Resolution | -| --------------------------------------- | ------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | +| Symptom | Likely Cause | Resolution | +| --------------------------------------- | ------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | | Scanner findings not appearing in Pixee | SARIF file format mismatch or upload path error | Verify the scanner output conforms to the SARIF specification and the upload endpoint is correctly configured. | -| Partial findings ingestion | Scanner output exceeds size limits or contains unsupported rule IDs | Check the scanner output for unsupported finding types. Verify the scanner is producing complete SARIF output. | -| Duplicate findings after re-scan | Deduplication key mismatch between scan runs | Verify the scanner configuration produces consistent finding identifiers across runs. | -| Findings appear but no fixes generated | Scanner findings are in an unsupported language or CWE category | Check the [Languages Overview](/languages/overview) for supported language and finding type coverage. | +| Partial findings ingestion | Scanner output exceeds size limits or contains unsupported rule IDs | Check the scanner output for unsupported finding types. Verify the scanner is producing complete SARIF output. | +| Duplicate findings after re-scan | Deduplication key mismatch between scan runs | Verify the scanner configuration produces consistent finding identifiers across runs. | +| Findings appear but no fixes generated | Scanner findings are in an unsupported language or CWE category | Check the [Languages Overview](/languages/overview) for supported language and finding type coverage. | For scanner-specific setup guides, see [Integrations Overview](/integrations/overview). For custom scanner configuration, see the [Universal SARIF](/integrations/sarif-universal) guide. diff --git a/docs/getting-started/first-fix.md b/docs/getting-started/first-fix.md index 8f1faf57..92a103f3 100644 --- a/docs/getting-started/first-fix.md +++ b/docs/getting-started/first-fix.md @@ -27,11 +27,11 @@ Your first Pixee fix arrives as a pull request in your existing code review tool Every Pixee PR includes three scores from an independent evaluation pass (a separate inference call from the fix generator): -| Score | What It Checks | -|---|---| -| **Safety** | No breaking changes, no regressions, no unintended side effects | -| **Effectiveness** | The fix correctly resolves the vulnerability | -| **Cleanliness** | Proper formatting, no extraneous changes, preserves existing code | +| Score | What It Checks | +| ----------------- | ----------------------------------------------------------------- | +| **Safety** | No breaking changes, no regressions, no unintended side effects | +| **Effectiveness** | The fix correctly resolves the vulnerability | +| **Cleanliness** | Proper formatting, no extraneous changes, preserves existing code | All three must pass before the fix reaches your PR queue. A fix cannot reach you on a high Cleanliness score if it fails Safety. @@ -44,11 +44,11 @@ Review a Pixee PR the same way you review any other code change: 3. Check CI results — your existing tests, linters, and scanners run against the fix automatically. 4. Decide: -| Action | When | -|---|---| -| **Merge** | The fix is correct, tests pass, and the change resolves the vulnerability | +| Action | When | +| ------------------- | ------------------------------------------------------------------------------------- | +| **Merge** | The fix is correct, tests pass, and the change resolves the vulnerability | | **Request changes** | The fix is directionally correct but needs modification for your codebase conventions | -| **Close** | The fix is not appropriate for your codebase or the finding is acceptable risk | +| **Close** | The fix is not appropriate for your codebase or the finding is acceptable risk | Pixee proposes. You decide. Your code review policies, CI/CD pipelines, and branch protection rules all apply. diff --git a/docs/getting-started/getting-started.md b/docs/getting-started/getting-started.md index 2e633c5a..f8e5ec23 100644 --- a/docs/getting-started/getting-started.md +++ b/docs/getting-started/getting-started.md @@ -22,21 +22,21 @@ Pixee provides two co-equal capabilities: Both capabilities work together. Triage eliminates the noise. Remediation fixes what remains. -| Capability | What It Does | Proof Point | -|---|---|---| -| Triage | Exploitability analysis across natively integrated scanners | Up to 98% false positive reduction | -| Remediation | Context-aware fixes as pull requests | 76% merge rate on production deployments | -| Delivery | Standard PRs in GitHub, GitLab, ADO, Bitbucket | Native platform integration | +| Capability | What It Does | Proof Point | +| ----------- | ----------------------------------------------------------- | ---------------------------------------- | +| Triage | Exploitability analysis across natively integrated scanners | Up to 98% false positive reduction | +| Remediation | Context-aware fixes as pull requests | 76% merge rate on production deployments | +| Delivery | Standard PRs in GitHub, GitLab, ADO, Bitbucket | Native platform integration | ## Setup Flow Setting up Pixee takes three steps: -| Step | Page | Time | -|---|---|---| -| 1. Connect your source control platform | [Connect Source Control](/getting-started/source-control) | 3-5 min | -| 2. Connect your scanners | See below — required | 5-10 min | -| 3. Review and merge your first fix | [Your First Fix](/getting-started/first-fix) | 5 min | +| Step | Page | Time | +| --------------------------------------- | --------------------------------------------------------- | -------- | +| 1. Connect your source control platform | [Connect Source Control](/getting-started/source-control) | 3-5 min | +| 2. Connect your scanners | See below — required | 5-10 min | +| 3. Review and merge your first fix | [Your First Fix](/getting-started/first-fix) | 5 min | Total time to first merged fix: under 30 minutes for most teams. diff --git a/docs/getting-started/source-control.md b/docs/getting-started/source-control.md index dc6f5957..cb2a9345 100644 --- a/docs/getting-started/source-control.md +++ b/docs/getting-started/source-control.md @@ -14,14 +14,15 @@ Choose your platform below for the connection summary, then follow the link to t ## GitHub -| Item | Detail | -|---|---| -| **Integration type** | GitHub App (installed from GitHub Marketplace) | -| **Required permissions** | Repository contents, pull requests, code scanning alerts, checks, webhooks, metadata | -| **What you need** | Admin or owner permissions on target repositories or org | -| **Scanner ingestion** | Automatic via GitHub Code Scanning (GHAS API) — no extra step if you run CodeQL, Semgrep, or other SARIF-uploading scanners | +| Item | Detail | +| ------------------------ | --------------------------------------------------------------------------------------------------------------------------- | +| **Integration type** | GitHub App (installed from GitHub Marketplace) | +| **Required permissions** | Repository contents, pull requests, code scanning alerts, checks, webhooks, metadata | +| **What you need** | Admin or owner permissions on target repositories or org | +| **Scanner ingestion** | Automatic via GitHub Code Scanning (GHAS API) — no extra step if you run CodeQL, Semgrep, or other SARIF-uploading scanners | **Quick steps:** + 1. Install the Pixee GitHub App from the GitHub Marketplace and select your organization. 2. Choose which repositories to connect (org-wide or specific repos). 3. Pixee ingests scanner findings and opens fix PRs — typically within the first hour. @@ -34,15 +35,16 @@ For public repositories without an existing scanner, see the [GitHub Setup guide ## GitLab -| Item | Detail | -|---|---| -| **Integration type** | Personal access token (service account recommended) | -| **Required scopes** | `api`, `read_user`, `read_repository`, `read_api`, `write_repository` | -| **What you need** | Maintainer or Owner role on target projects; Owner on parent group for group-level setup | -| **Instances supported** | GitLab SaaS (gitlab.com) and self-managed GitLab | -| **Scanner ingestion** | Automatic via GitLab Security Dashboard if you use GitLab SAST or other CI-integrated scanners | +| Item | Detail | +| ----------------------- | ---------------------------------------------------------------------------------------------- | +| **Integration type** | Personal access token (service account recommended) | +| **Required scopes** | `api`, `read_user`, `read_repository`, `read_api`, `write_repository` | +| **What you need** | Maintainer or Owner role on target projects; Owner on parent group for group-level setup | +| **Instances supported** | GitLab SaaS (gitlab.com) and self-managed GitLab | +| **Scanner ingestion** | Automatic via GitLab Security Dashboard if you use GitLab SAST or other CI-integrated scanners | **Quick steps:** + 1. Create a GitLab personal access token for a dedicated service account with the required scopes. 2. Connect the token in Pixee's GitLab integration settings, providing your instance URL (for self-managed). 3. Choose which projects Pixee should analyze (all, member-only, or specific). @@ -53,15 +55,16 @@ For public repositories without an existing scanner, see the [GitHub Setup guide ## Azure DevOps -| Item | Detail | -|---|---| -| **Integration type** | Personal access token + optional webhook credentials | -| **Required scopes** | Full **Code** access (not "Full access") | -| **What you need** | Project Administrator or Project Collection Administrator on target projects | -| **Instances supported** | Azure DevOps Services (dev.azure.com) and Azure DevOps Server (on-premises) | -| **Scanner ingestion** | Via Azure Pipelines scanner integrations; SARIF upload supported | +| Item | Detail | +| ----------------------- | ---------------------------------------------------------------------------- | +| **Integration type** | Personal access token + optional webhook credentials | +| **Required scopes** | Full **Code** access (not "Full access") | +| **What you need** | Project Administrator or Project Collection Administrator on target projects | +| **Instances supported** | Azure DevOps Services (dev.azure.com) and Azure DevOps Server (on-premises) | +| **Scanner ingestion** | Via Azure Pipelines scanner integrations; SARIF upload supported | **Quick steps:** + 1. Create an Azure DevOps PAT for a dedicated service account with full Code access. 2. Connect the PAT and your organization name in Pixee's Azure DevOps integration settings. 3. Choose which projects and repositories to analyze. @@ -72,16 +75,17 @@ For public repositories without an existing scanner, see the [GitHub Setup guide ## Bitbucket -| Item | Detail | -|---|---| -| **Integration type** | API token (Bitbucket Cloud) or repository access token | -| **Required scopes** | `read:user`, `read:workspace`, `read:repository`, `read:pullrequest`, `write:repository`, `write:pullrequest` | -| **What you need** | Admin on the target workspace (Cloud) or Project Admin (Server) | -| **Instances supported** | Bitbucket Cloud (bitbucket.org) and Bitbucket Data Center / Server | -| **Credentials** | Three values required: service account username, email address, and API token | -| **Scanner ingestion** | Via Bitbucket Pipelines scanner steps; SARIF upload supported | +| Item | Detail | +| ----------------------- | ------------------------------------------------------------------------------------------------------------- | +| **Integration type** | API token (Bitbucket Cloud) or repository access token | +| **Required scopes** | `read:user`, `read:workspace`, `read:repository`, `read:pullrequest`, `write:repository`, `write:pullrequest` | +| **What you need** | Admin on the target workspace (Cloud) or Project Admin (Server) | +| **Instances supported** | Bitbucket Cloud (bitbucket.org) and Bitbucket Data Center / Server | +| **Credentials** | Three values required: service account username, email address, and API token | +| **Scanner ingestion** | Via Bitbucket Pipelines scanner steps; SARIF upload supported | **Quick steps:** + 1. Create a Bitbucket Cloud API token for a dedicated service account. 2. Connect the token, username, and email address in Pixee's Bitbucket integration settings. 3. Choose which repositories in the workspace to analyze. diff --git a/docs/integrations/ci-cd.md b/docs/integrations/ci-cd.md index bedc6530..b2b80bfd 100644 --- a/docs/integrations/ci-cd.md +++ b/docs/integrations/ci-cd.md @@ -47,13 +47,13 @@ This is the question teams ask first, and the answer depends on your deployment ## Integration Comparison -| Platform | Common Pattern | Setup Time | Prerequisites | -| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | ---------------------------------------------------------------------------------- | +| Platform | Common Pattern | Setup Time | Prerequisites | +| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | ------------------------------------------------------------------------------------------------- | | **GitHub Actions** | Scanner publishes SARIF to GitHub Code Scanning; GHAS-native scanners (CodeQL) need no extra step | ~5 min | Pixee GitHub App installed ([setup guide](/getting-started/source-control#github)) | | **GitLab CI** | GitLab SAST + Dependency Scanning are ingested natively; external scanners upload SARIF to GitLab's vulnerability API | ~10 min | GitLab integration configured ([setup guide](/getting-started/source-control#gitlab)) | | **Azure Pipelines** | Scanner runs in pipeline; SARIF is uploaded via Azure DevOps Code Scanning or directly to Pixee | ~10 min | Azure DevOps integration configured ([setup guide](/getting-started/source-control#azure-devops)) | | **Bitbucket Pipelines** | Scanner runs in pipeline; SARIF is uploaded to Pixee | ~10 min | Bitbucket connector configured ([setup guide](/getting-started/source-control#bitbucket)) | -| **Jenkins / other CI** | Scanner runs anywhere; the SCM-native path still applies if your scanner publishes to GitHub Code Scanning, GitLab Security Dashboard, etc. | varies | One of the four SCM integrations configured | +| **Jenkins / other CI** | Scanner runs anywhere; the SCM-native path still applies if your scanner publishes to GitHub Code Scanning, GitLab Security Dashboard, etc. | varies | One of the four SCM integrations configured | Setup times are wall-clock time from "I have a pipeline" to "Pixee is processing scanner results." This does not include scanner setup — that is your existing infrastructure. @@ -215,4 +215,3 @@ Pixee accepts scanner results through three paths: **Fix PRs not appearing.** Check that the Pixee integration has write access to the target repository. For GitHub, the App needs `pull_requests: write`. Fix generation is asynchronous — allow a few minutes after findings are ingested. **`pixee api` returns exit code 2.** Authentication failed. Run `pixee auth status` to confirm the configured server and token, or reset both with `pixee auth login`. See [Pixee CLI](/api/cli) for credential resolution rules. - diff --git a/docs/integrations/integrations-overview.md b/docs/integrations/integrations-overview.md index 82efdb41..e6bdd339 100644 --- a/docs/integrations/integrations-overview.md +++ b/docs/integrations/integrations-overview.md @@ -18,8 +18,8 @@ One triage-and-remediation pipeline spans every scanner in your stack, regardles Pixee delivers remediation as pull requests (or merge requests) on the four major development platforms. All four support cloud and self-hosted/on-premises deployments via Pixee Enterprise Server. -| Platform | PR/MR Delivery | Authentication | Setup Guide | -| ----------------------------------------------- | --------------------- | --------------------- | -------------------------------------------- | +| Platform | PR/MR Delivery | Authentication | Setup Guide | +| ----------------------------------------------- | --------------------- | --------------------- | ----------------------------------------------------------- | | [GitHub](/integrations/scms/github) | Native pull requests | GitHub App | [Get started](/getting-started/source-control#github) | | [GitLab](/integrations/scms/gitlab) | Native merge requests | Personal access token | [Get started](/getting-started/source-control#gitlab) | | [Azure DevOps](/integrations/scms/azure-devops) | Native pull requests | PAT + webhooks | [Get started](/getting-started/source-control#azure-devops) | @@ -82,4 +82,3 @@ The result: one triage and remediation pipeline across every scanner in your sta - New commercial scanners are supported immediately if they produce SARIF - You are never locked to a specific tool list - Adding or removing a scanner from your stack does not require any Pixee configuration changes - diff --git a/docs/integrations/sarif-universal.md b/docs/integrations/sarif-universal.md index 9230b4dd..72e3eb94 100644 --- a/docs/integrations/sarif-universal.md +++ b/docs/integrations/sarif-universal.md @@ -92,4 +92,3 @@ Any scanner producing valid SARIF output works with Universal SARIF. Scanners kn - Brakeman (Ruby) - Custom scanners with SARIF export - Security platforms with SARIF aggregation (DefectDojo, GitHub Code Scanning, etc.) - diff --git a/docs/integrations/scms/github.md b/docs/integrations/scms/github.md index 648b7f53..9d67e502 100644 --- a/docs/integrations/scms/github.md +++ b/docs/integrations/scms/github.md @@ -138,4 +138,3 @@ Provide the App's credentials to your Pixee Enterprise installation: - **Verify connectivity** by checking the App's event log under **Settings → Developer settings → GitHub Apps → Advanced**. Successful deliveries to the Pixee webhook URL confirm the integration is reachable end-to-end. For deployment-model details (embedded cluster, Helm, air-gapped), see [Enterprise Deployment Options](/enterprise/deployment). - diff --git a/docs/languages/languages-overview.md b/docs/languages/languages-overview.md index abb340ec..18f636cf 100644 --- a/docs/languages/languages-overview.md +++ b/docs/languages/languages-overview.md @@ -12,33 +12,33 @@ Pixee supports a broad and growing set of languages and IaC formats. Coverage ex ## Programming Languages -| Language | Common Frameworks (examples) | Common Package Managers (examples) | -|---|---|---| -| **Java** | Spring Boot, Jakarta EE, Micronaut | Maven, Gradle | -| **Python** | Django, Flask, FastAPI | pip, Poetry, Pipenv, conda, setuptools | -| **JavaScript / TypeScript / Node.js** | Express, React, Next.js, Nest.js | npm, yarn, pnpm | -| **C# / .NET** | ASP.NET Core, Blazor | NuGet | -| **Go** | Standard library, Gin, Echo | Go modules | -| **Ruby** | Rails, Sinatra | Bundler (Gemfile) | -| **PHP** | Laravel, Symfony | Composer | -| **Kotlin** | Spring Boot, Android | Maven, Gradle | -| **Rust** | | Cargo | -| **Scala** | Play, Akka | sbt, Maven | -| **Swift** | iOS/macOS | Swift Package Manager | -| **Objective-C** | iOS/macOS | CocoaPods, Carthage | -| **Groovy** | Gradle, Spring, Jenkins | Maven, Gradle | -| **Shell / Bash** | | — | -| **PowerShell** | | — | +| Language | Common Frameworks (examples) | Common Package Managers (examples) | +| ------------------------------------- | ---------------------------------- | -------------------------------------- | +| **Java** | Spring Boot, Jakarta EE, Micronaut | Maven, Gradle | +| **Python** | Django, Flask, FastAPI | pip, Poetry, Pipenv, conda, setuptools | +| **JavaScript / TypeScript / Node.js** | Express, React, Next.js, Nest.js | npm, yarn, pnpm | +| **C# / .NET** | ASP.NET Core, Blazor | NuGet | +| **Go** | Standard library, Gin, Echo | Go modules | +| **Ruby** | Rails, Sinatra | Bundler (Gemfile) | +| **PHP** | Laravel, Symfony | Composer | +| **Kotlin** | Spring Boot, Android | Maven, Gradle | +| **Rust** | | Cargo | +| **Scala** | Play, Akka | sbt, Maven | +| **Swift** | iOS/macOS | Swift Package Manager | +| **Objective-C** | iOS/macOS | CocoaPods, Carthage | +| **Groovy** | Gradle, Spring, Jenkins | Maven, Gradle | +| **Shell / Bash** | | — | +| **PowerShell** | | — | ## Infrastructure as Code -| Format | Notes | -|---|---| -| **Terraform / HCL** | Security misconfigurations, IAM policies, storage encryption, network exposure | -| **Dockerfile / Containerfile** | Running as root, insecure base images, exposed secrets in build layers | -| **Kubernetes / Helm** | Pod security contexts, RBAC misconfigurations, exposed secrets, network policies | -| **CloudFormation** | AWS resource misconfigurations, IAM, S3, security groups | -| **Ansible** | Playbook security patterns | -| **Docker Compose** | Service configuration security | +| Format | Notes | +| ------------------------------ | -------------------------------------------------------------------------------- | +| **Terraform / HCL** | Security misconfigurations, IAM policies, storage encryption, network exposure | +| **Dockerfile / Containerfile** | Running as root, insecure base images, exposed secrets in build layers | +| **Kubernetes / Helm** | Pod security contexts, RBAC misconfigurations, exposed secrets, network policies | +| **CloudFormation** | AWS resource misconfigurations, IAM, S3, security groups | +| **Ansible** | Playbook security patterns | +| **Docker Compose** | Service configuration security | For what Pixee triages and fixes across these languages and formats, see [What Pixee Fixes](/platform/what-pixee-fixes). Pixee's architecture is designed to work across languages — if yours isn't listed, [contact the team](https://pixee.ai/demo). diff --git a/docs/open-source/codemodder.md b/docs/open-source/codemodder.md index c615944b..8aec4a4f 100644 --- a/docs/open-source/codemodder.md +++ b/docs/open-source/codemodder.md @@ -18,10 +18,10 @@ All projects are licensed under **Apache 2.0**. ## Projects -| Project | Language | Description | -|---|---|---| -| [codemodder-java](https://github.com/pixee/codemodder-java) | Java | Java codemod engine with AST transformations via ParseAndGo | -| [codemodder-python](https://github.com/pixee/codemodder-python) | Python | Python codemod engine with LibCST, regex, and XML transformers | +| Project | Language | Description | +| ---------------------------------------------------------------- | -------------- | ------------------------------------------------------------------------------- | +| [codemodder-java](https://github.com/pixee/codemodder-java) | Java | Java codemod engine with AST transformations via ParseAndGo | +| [codemodder-python](https://github.com/pixee/codemodder-python) | Python | Python codemod engine with LibCST, regex, and XML transformers | | [Codemodder framework](https://github.com/pixee/codemodder-spec) | Multi-language | Core specification and framework for building language-specific codemod engines | ## What Codemods Are @@ -89,11 +89,11 @@ The Python engine provides a library of deterministic codemods with three distin **Transformer strategies:** -| Strategy | Target | Use Case | -|---|---|---| -| LibCST | Python source files | AST-level transformations (function calls, imports, class definitions) | -| Regex | Config and source files | Pattern-based replacements where AST parsing is unnecessary | -| XML | Dependency manifests, config | XML configuration files and dependency declarations | +| Strategy | Target | Use Case | +| -------- | ---------------------------- | ---------------------------------------------------------------------- | +| LibCST | Python source files | AST-level transformations (function calls, imports, class definitions) | +| Regex | Config and source files | Pattern-based replacements where AST parsing is unnecessary | +| XML | Dependency manifests, config | XML configuration files and dependency declarations | A single codemod can combine strategies. For example, a PyYAML hardening codemod might use LibCST to change `yaml.load()` calls to `yaml.safe_load()` in source files while also updating a requirements file via regex. diff --git a/docs/open-source/custom-codemods.md b/docs/open-source/custom-codemods.md index 2d30b0ca..09a3b17e 100644 --- a/docs/open-source/custom-codemods.md +++ b/docs/open-source/custom-codemods.md @@ -220,4 +220,3 @@ codemodder $WORKSPACE --codemod-include pixee:python/safe-yaml-load --output res **Sharing across teams.** Package custom codemods as a separate module that depends on the Codemodder framework. Teams can pull your codemod package alongside the core engine. **Contributing upstream.** If your codemod addresses a general vulnerability pattern, consider [contributing it back](/open-source/codemodder#contributing) to the open source repositories so the broader community benefits. - diff --git a/docs/platform/architecture.md b/docs/platform/architecture.md index 5492766c..13f43c81 100644 --- a/docs/platform/architecture.md +++ b/docs/platform/architecture.md @@ -42,10 +42,10 @@ All findings are normalized into a common internal format before downstream proc The triage engine classifies every finding through a three-tier progressive architecture. Each tier represents a different analysis strategy, and the system routes each finding to the cheapest sufficient tier automatically. -| Tier | Strategy | Speed | LLM Cost | Best For | -| ---------------------- | ----------------------------------------- | ------------------------- | ----------- | ---------------------------------------------------------------------- | -| **Tier 1: Structured** | 15+ deterministic analyzers | Sub-second | Zero | Known patterns (SQL injection, XSS, command injection, path traversal) | -| **Tier 2: Agentic** | AI agents dynamically search the codebase | Seconds | Per-finding | Ambiguous findings, novel frameworks, custom security controls | +| Tier | Strategy | Speed | LLM Cost | Best For | +| ---------------------- | -------------------------------------------------------------------------------------------- | ------------------------- | ----------- | ---------------------------------------------------------------------- | +| **Tier 1: Structured** | 15+ deterministic analyzers | Sub-second | Zero | Known patterns (SQL injection, XSS, command injection, path traversal) | +| **Tier 2: Agentic** | AI agents dynamically search the codebase | Seconds | Per-finding | Ambiguous findings, novel frameworks, custom security controls | | **Tier 3: Adaptive** | Handles novel rule types automatically, expanding coverage as new rule types are encountered | Minutes (first encounter) | Per-finding | Novel rule types, proprietary scanners, custom rulesets | **Progressive fallback:** The system attempts Tier 1 first. If the deterministic analyzer cannot reach a high-confidence verdict, the finding escalates to Tier 2. If the agentic investigation cannot resolve it, Tier 3 handles it automatically and coverage expands for future findings of the same type. Most findings resolve at Tier 1. @@ -114,4 +114,3 @@ For air-gapped deployments, a customer-hosted LLM is required. No code leaves th | **User Interface** | Dashboard, findings management, configuration, reporting | The Analysis Service handles the computationally intensive work -- triage decisions, fix generation, and quality evaluation. The Backend Platform manages the integration surface: scanner webhooks, SCM platform APIs, and PR lifecycle. The User Interface provides visibility into triage outcomes, remediation activity, and configuration. - diff --git a/docs/platform/context-memory.md b/docs/platform/context-memory.md index 281918d7..01ef680e 100644 --- a/docs/platform/context-memory.md +++ b/docs/platform/context-memory.md @@ -42,12 +42,12 @@ Pixee improves from the signals your team sends when it interacts with Pixee-gen **Signals Pixee collects:** -| Signal | What It Means | -|---|---| -| PR merged (as-is) | Fix was correct and matched team conventions — positive signal for this fix pattern | -| PR merged (with modifications) | Fix was directionally correct but needed adjustment — Pixee notes the delta | -| PR closed / declined | Fix was not accepted — negative signal for this finding type or fix approach | -| Triage override | Team disagreed with Pixee's classification — updates classification logic for similar findings | +| Signal | What It Means | +| ------------------------------ | ---------------------------------------------------------------------------------------------- | +| PR merged (as-is) | Fix was correct and matched team conventions — positive signal for this fix pattern | +| PR merged (with modifications) | Fix was directionally correct but needed adjustment — Pixee notes the delta | +| PR closed / declined | Fix was not accepted — negative signal for this finding type or fix approach | +| Triage override | Team disagreed with Pixee's classification — updates classification logic for similar findings | **Observing improvement:** Teams that have been using Pixee for several weeks typically see improved triage outcomes and higher merge rates as the system calibrates to their codebase and review preferences. @@ -58,6 +58,7 @@ When Pixee classifies a finding as a true positive but your team disagrees — o **How to override:** Overrides can be submitted in three ways: by providing feedback directly on an individual triage result, via natural language preferences in PIXEE.yaml, or through Organization Preferences in the UI. **What happens when you override:** + - The specific finding's verdict is updated immediately. - The override is recorded with the rationale (if provided). - Future findings matching the same pattern in the same codebase context receive adjusted classification. diff --git a/docs/platform/remediation.md b/docs/platform/remediation.md index 115aecc3..3813d06b 100644 --- a/docs/platform/remediation.md +++ b/docs/platform/remediation.md @@ -16,10 +16,10 @@ Remediation is co-equal with [triage](/platform/triage). Triage determines what Pixee uses two fundamentally different fix engines, routed automatically based on vulnerability type: -| Engine | How It Works | When It Fires | Risk Profile | -|---|---|---|---| -| **Deterministic codemods** | Pre-built, rule-based transformations encoding OWASP/SANS patterns | Known patterns: SQL injection parameterization, SSRF prevention, insecure deserialization, weak cryptography, insecure temp files, SSL/TLS upgrades | Zero hallucination risk. Same input, same output, every time. | -| **AI-powered fixes** | Constrained AI generation with dataflow-bounded context and per-rule knowledge base guidance | Custom frameworks, multi-file dataflow vulnerabilities, novel patterns, context-dependent sanitization | AI-generated, independently evaluated before reaching a PR. | +| Engine | How It Works | When It Fires | Risk Profile | +| -------------------------- | -------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | +| **Deterministic codemods** | Pre-built, rule-based transformations encoding OWASP/SANS patterns | Known patterns: SQL injection parameterization, SSRF prevention, insecure deserialization, weak cryptography, insecure temp files, SSL/TLS upgrades | Zero hallucination risk. Same input, same output, every time. | +| **AI-powered fixes** | Constrained AI generation with dataflow-bounded context and per-rule knowledge base guidance | Custom frameworks, multi-file dataflow vulnerabilities, novel patterns, context-dependent sanitization | AI-generated, independently evaluated before reaching a PR. | Routing is automatic. The system checks whether a deterministic codemod exists for the vulnerability type. If yes, the codemod fires — sub-second, zero LLM cost. If no deterministic rule handles it, an AI-powered fix is generated using scanner-aware context. @@ -39,11 +39,11 @@ Every generated fix passes through an independent quality gate before a develope **Three-dimension rubric:** -| Dimension | What It Checks | Why It Matters | -|---|---|---| -| **Safety** | No breaking changes, no regressions, no unintended side effects | Prevents the fix from creating new problems | -| **Effectiveness** | Correctly resolves the security vulnerability | Prevents cosmetic changes that leave the vulnerability open | -| **Cleanliness** | Proper formatting, no extraneous changes, preserves existing code | Prevents unnecessary diff noise that frustrates reviewers | +| Dimension | What It Checks | Why It Matters | +| ----------------- | ----------------------------------------------------------------- | ----------------------------------------------------------- | +| **Safety** | No breaking changes, no regressions, no unintended side effects | Prevents the fix from creating new problems | +| **Effectiveness** | Correctly resolves the security vulnerability | Prevents cosmetic changes that leave the vulnerability open | +| **Cleanliness** | Proper formatting, no extraneous changes, preserves existing code | Prevents unnecessary diff noise that frustrates reviewers | **Architectural independence.** The evaluator runs as a separate inference call — the generator does not grade its own work. This is not self-critique from the same model. The separation prevents the "grading your own homework" failure mode. @@ -80,12 +80,12 @@ Standard `git revert` applies if any merged change needs to be undone. There is ## Language and Scanner Coverage -| Coverage Type | Details | -|---|---| -| **Languages** | Java, Python, JavaScript/TypeScript, .NET/C#, Go, Ruby, PHP, Kotlin, Rust, Scala, Swift + IaC (Terraform, Dockerfile, K8s/Helm, CloudFormation) | +| Coverage Type | Details | +| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Languages** | Java, Python, JavaScript/TypeScript, .NET/C#, Go, Ruby, PHP, Kotlin, Rust, Scala, Swift + IaC (Terraform, Dockerfile, K8s/Helm, CloudFormation) | | **Native scanner integrations** | 15 (CodeQL, SonarQube, Checkmarx, Veracode, Snyk Code, Semgrep, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, Trivy, Arnica, Datadog SAST) | -| **Universal SARIF** | Any SARIF-producing scanner (50+ validated) | -| **Platforms** | GitHub, GitLab, Azure DevOps, Bitbucket | +| **Universal SARIF** | Any SARIF-producing scanner (50+ validated) | +| **Platforms** | GitHub, GitLab, Azure DevOps, Bitbucket | Deterministic codemod coverage is deepest for Java and Python. JavaScript/TypeScript, .NET, Go, and PHP have expanding codemod libraries supplemented by AI-powered generation for patterns not yet covered by deterministic rules. diff --git a/docs/platform/sca.md b/docs/platform/sca.md index 0c8fb613..3af09c0a 100644 --- a/docs/platform/sca.md +++ b/docs/platform/sca.md @@ -25,22 +25,22 @@ Pixee answers "Can this CVE actually be triggered in this codebase?" — not jus **How it works:** -| Step | What Happens | -|---|---| -| **1. External research** | A CVE research agent gathers CVE details, changelogs, patches, and release notes to identify the specific conditions required for exploitation | -| **2. Internal analysis** | The triage agent examines how the library is actually used in your code — which functions are called, what input reaches them, what security controls exist | +| Step | What Happens | +| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| **1. External research** | A CVE research agent gathers CVE details, changelogs, patches, and release notes to identify the specific conditions required for exploitation | +| **2. Internal analysis** | The triage agent examines how the library is actually used in your code — which functions are called, what input reaches them, what security controls exist | | **3. Evidence-based classification** | Every "Not Exploitable" verdict includes the conditions the CVE requires, analysis of each condition against your code, code snippets demonstrating why conditions are or are not met, and a defensible conclusion | -| **4. Efficient reanalysis** | Previously evaluated CVE+dependency combinations are not reanalyzed unnecessarily, keeping SCA processing efficient across repositories sharing common dependencies | +| **4. Efficient reanalysis** | Previously evaluated CVE+dependency combinations are not reanalyzed unnecessarily, keeping SCA processing efficient across repositories sharing common dependencies | **Concrete example:** A scanner flags a Spring WebFlux static resource authorization bypass (CVSS 6.9). The CVE requires three conditions: WebFlux controllers, Spring static resource handling, and a non-permitAll security rule. Pixee's analysis finds no WebFlux controllers, no Spring static resource APIs, and no non-permitAll protection rules. Two of three conditions are unmet. Classification: Not Exploitable, with the evidence. **The three approaches compared:** -| Approach | What It Tells You | What It Misses | -|---|---|---| -| **Version matching** (legacy SCA) | "This dependency version has a known CVE" | Whether the vulnerable function is called, whether exploitation conditions are met, whether security controls mitigate the risk | -| **Basic reachability** | "The vulnerable function is reachable from your code" | Exploitation preconditions, input validation, configuration states | -| **Exploitability verification** (Pixee) | "This CVE requires conditions X, Y, Z. Your code meets/does not meet each one. Here is the evidence." | — | +| Approach | What It Tells You | What It Misses | +| --------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | +| **Version matching** (legacy SCA) | "This dependency version has a known CVE" | Whether the vulnerable function is called, whether exploitation conditions are met, whether security controls mitigate the risk | +| **Basic reachability** | "The vulnerable function is reachable from your code" | Exploitation preconditions, input validation, configuration states | +| **Exploitability verification** (Pixee) | "This CVE requires conditions X, Y, Z. Your code meets/does not meet each one. Here is the evidence." | — | ## Efficient Reanalysis @@ -67,12 +67,12 @@ When an SCA finding is confirmed as exploitable, Pixee generates a justified upg **Multi-manifest support:** -| Language | Supported Manifest Formats | -|---|---| -| **Python** | requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg | -| **Java** | pom.xml, build.gradle | -| **JavaScript** | package.json | -| **.NET** | .csproj, packages.config | +| Language | Supported Manifest Formats | +| -------------- | -------------------------------------------------------------- | +| **Python** | requirements.txt, pyproject.toml, Pipfile, setup.py, setup.cfg | +| **Java** | pom.xml, build.gradle | +| **JavaScript** | package.json | +| **.NET** | .csproj, packages.config | **Atomic PRs.** A single Pixee PR contains both the manifest version bump AND the downstream source-file changes the upgrade requires. When a major version upgrade changes an API, the import statements and call sites are updated in the same diff. No "upgrade succeeded, tests broken" half-states. @@ -82,9 +82,9 @@ When an SCA finding is confirmed as exploitable, Pixee generates a justified upg The SCA pipeline benefits from Pixee's unified platform architecture. SAST and SCA findings share context and inform each other: -| Intelligence Source | What It Provides | -|---|---| -| **SAST results** | Inform SCA risk scoring — a dependency vulnerability in code that also has SAST findings carries compounded risk | -| **Historical triage decisions** | Prevent re-triaging the same CVEs across repositories | -| **Secure coding guidelines** | Team preferences in natural language enrich SCA analysis | -| **GitHub PRs and Jira tickets** | Previous SCA upgrade context provides upgrade history | +| Intelligence Source | What It Provides | +| ------------------------------- | ---------------------------------------------------------------------------------------------------------------- | +| **SAST results** | Inform SCA risk scoring — a dependency vulnerability in code that also has SAST findings carries compounded risk | +| **Historical triage decisions** | Prevent re-triaging the same CVEs across repositories | +| **Secure coding guidelines** | Team preferences in natural language enrich SCA analysis | +| **GitHub PRs and Jira tickets** | Previous SCA upgrade context provides upgrade history | diff --git a/docs/platform/scanner-integration.md b/docs/platform/scanner-integration.md index 0a81d5ed..1173aaa7 100644 --- a/docs/platform/scanner-integration.md +++ b/docs/platform/scanner-integration.md @@ -42,19 +42,19 @@ Both tiers feed into the same downstream [triage](/platform/triage) and [remedia ## Standard Scanner Integrations -| Scanner | Status | Integration Method | -|---|---|---| -| **Veracode** | GA | SARIF pipeline with tool-specific identification | -| **Snyk Code** | GA | SARIF pipeline with native metadata extraction | -| **SonarQube / SonarCloud** | GA | SARIF pipeline with native metadata extraction | -| **HCL AppScan** | GA | SARIF ingestion pipeline | -| **Polaris (Synopsys)** | GA | SARIF ingestion pipeline | -| **Fortify** | GA | SARIF ingestion pipeline | -| **Contrast** | GA | SARIF ingestion pipeline | -| **GitLab SAST** | GA | SARIF pipeline with dedicated namespace | -| **GitLab SCA** | GA | SARIF pipeline | -| **Trivy** | GA | SARIF pipeline with native metadata extraction | -| **DefectDojo** | GA | SARIF pipeline (aggregates findings from multiple scanners) | +| Scanner | Status | Integration Method | +| -------------------------- | ------ | ----------------------------------------------------------- | +| **Veracode** | GA | SARIF pipeline with tool-specific identification | +| **Snyk Code** | GA | SARIF pipeline with native metadata extraction | +| **SonarQube / SonarCloud** | GA | SARIF pipeline with native metadata extraction | +| **HCL AppScan** | GA | SARIF ingestion pipeline | +| **Polaris (Synopsys)** | GA | SARIF ingestion pipeline | +| **Fortify** | GA | SARIF ingestion pipeline | +| **Contrast** | GA | SARIF ingestion pipeline | +| **GitLab SAST** | GA | SARIF pipeline with dedicated namespace | +| **GitLab SCA** | GA | SARIF pipeline | +| **Trivy** | GA | SARIF pipeline with native metadata extraction | +| **DefectDojo** | GA | SARIF pipeline (aggregates findings from multiple scanners) | All named scanner integrations are GA. See individual scanner integration pages under [Integrations](/integrations/overview) for per-tool setup guides. @@ -75,23 +75,23 @@ Over 50 scanner tools have been validated via this path. Triage accuracy scales with the richness of metadata each scanner includes in its SARIF output. -| Metadata Type | Which Scanners Provide It | How Pixee Uses It | -|---|---|---| -| **codeFlows** (dataflow paths) | CodeQL (multi-step source-to-sink) | Full dataflow context for triage | -| **Rule descriptions** | Semgrep (fullDescription.text), CodeQL (help.markdown) | Enriches triage context with rule semantics | -| **Severity ratings** | Most scanners | Input to context-aware severity adjustment | -| **Language tags** | Most scanners | Routes to language-specific codemods and analysis strategies | -| **Rule ID only** (minimal metadata) | Checkmarx, some internal tools | Triggers compensatory strategies that re-derive context from the codebase | +| Metadata Type | Which Scanners Provide It | How Pixee Uses It | +| ----------------------------------- | ------------------------------------------------------ | ------------------------------------------------------------------------- | +| **codeFlows** (dataflow paths) | CodeQL (multi-step source-to-sink) | Full dataflow context for triage | +| **Rule descriptions** | Semgrep (fullDescription.text), CodeQL (help.markdown) | Enriches triage context with rule semantics | +| **Severity ratings** | Most scanners | Input to context-aware severity adjustment | +| **Language tags** | Most scanners | Routes to language-specific codemods and analysis strategies | +| **Rule ID only** (minimal metadata) | Checkmarx, some internal tools | Triggers compensatory strategies that re-derive context from the codebase | Rich-metadata scanners get deep extraction. Sparse-metadata scanners get compensatory strategies. No scanner is left behind. ## Platform Integrations -| Platform | SARIF Ingestion | Native CodeQL/GHAS | Notes | -|---|---|---|---| -| **GitHub** | Full support | Deep integration | CodeQL findings via GHAS API or SARIF upload | -| **GitLab** | Full support | Via SARIF upload | GitLab SAST has dedicated namespace | -| **Azure DevOps** | Full support | Via SARIF upload | Standard SARIF pipeline | -| **Bitbucket** | Full support | Via SARIF upload | Standard SARIF pipeline | +| Platform | SARIF Ingestion | Native CodeQL/GHAS | Notes | +| ---------------- | --------------- | ------------------ | -------------------------------------------- | +| **GitHub** | Full support | Deep integration | CodeQL findings via GHAS API or SARIF upload | +| **GitLab** | Full support | Via SARIF upload | GitLab SAST has dedicated namespace | +| **Azure DevOps** | Full support | Via SARIF upload | Standard SARIF pipeline | +| **Bitbucket** | Full support | Via SARIF upload | Standard SARIF pipeline | All scanner integrations are available across SaaS and Enterprise deployment models. diff --git a/docs/platform/security.md b/docs/platform/security.md index f4fb1b64..12f45775 100644 --- a/docs/platform/security.md +++ b/docs/platform/security.md @@ -24,13 +24,13 @@ Pixee's trust model rests on three governing principles: This distinction is the most important concept on this page. -| Dimension | Deterministic Codemods | AI-Generated Fixes | -|---|---|---| -| **Input/output predictability** | Identical output every time | Output varies based on context; constrained by dataflow-bounded input | -| **Scope** | Known vulnerability patterns (SQL injection, XSS, SSRF, deserialization, etc.) | Novel, custom, and multi-file patterns | -| **Hallucination risk** | Zero | Mitigated by independent evaluation and retry/suppression | -| **Validation requirement** | Pre-validated by design; open-source engines inspectable | Mandatory independent evaluation gate | -| **LLM involvement** | None | Constrained generation with per-rule knowledge base guidance | +| Dimension | Deterministic Codemods | AI-Generated Fixes | +| ------------------------------- | ------------------------------------------------------------------------------ | --------------------------------------------------------------------- | +| **Input/output predictability** | Identical output every time | Output varies based on context; constrained by dataflow-bounded input | +| **Scope** | Known vulnerability patterns (SQL injection, XSS, SSRF, deserialization, etc.) | Novel, custom, and multi-file patterns | +| **Hallucination risk** | Zero | Mitigated by independent evaluation and retry/suppression | +| **Validation requirement** | Pre-validated by design; open-source engines inspectable | Mandatory independent evaluation gate | +| **LLM involvement** | None | Constrained generation with per-rule knowledge base guidance | **Deterministic codemods** handle known vulnerability patterns — SQL injection parameterization, SSRF prevention, insecure deserialization, weak cryptography, and more. These are pre-built, rule-based transformations with zero LLM involvement. The open-source engines (codemodder-java, codemodder-python) are publicly inspectable — your security team or auditors can review the transformation rules before deployment. @@ -46,11 +46,11 @@ Every AI-generated fix passes through an independent quality gate before a devel **Three-dimension rubric:** -| Dimension | What It Checks | -|---|---| -| **Safety** | No behavior changes beyond fixing the vulnerability. No breaking API changes, missing imports, or unintended side effects. | -| **Effectiveness** | Correctly addresses the security issue. The SAST scanner should stop flagging this finding after the fix is applied. | -| **Cleanliness** | Proper formatting, indentation, no extraneous changes. Preserves existing comments and code structure. | +| Dimension | What It Checks | +| ----------------- | -------------------------------------------------------------------------------------------------------------------------- | +| **Safety** | No behavior changes beyond fixing the vulnerability. No breaking API changes, missing imports, or unintended side effects. | +| **Effectiveness** | Correctly addresses the security issue. The SAST scanner should stop flagging this finding after the fix is applied. | +| **Cleanliness** | Proper formatting, indentation, no extraneous changes. Preserves existing comments and code structure. | **All three dimensions must pass.** This is not an aggregate score that lets a dangerous fix through because it scored well on formatting. @@ -81,12 +81,12 @@ Every Pixee change flows through your full approval pipeline. PR-only delivery i ## Deployment Models -| Model | What It Provides | -|---|---| -| **Cloud SaaS** | Pixee-managed infrastructure. Pixee accesses repositories via SCM integration (read-only code access, write access limited to PR creation). | -| **Embedded cluster** | Turnkey self-hosted deployment on a single Linux VM. No Kubernetes expertise required. All data stays in your network. | -| **Helm / BYO Kubernetes** | Deploys into your existing Kubernetes infrastructure (EKS, GKE, AKS, or self-managed). | -| **Air-gapped** | Fully disconnected operation with customer-hosted LLM. Zero outbound internet after installation. | +| Model | What It Provides | +| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | +| **Cloud SaaS** | Pixee-managed infrastructure. Pixee accesses repositories via SCM integration (read-only code access, write access limited to PR creation). | +| **Embedded cluster** | Turnkey self-hosted deployment on a single Linux VM. No Kubernetes expertise required. All data stays in your network. | +| **Helm / BYO Kubernetes** | Deploys into your existing Kubernetes infrastructure (EKS, GKE, AKS, or self-managed). | +| **Air-gapped** | Fully disconnected operation with customer-hosted LLM. Zero outbound internet after installation. | For air-gapped deployments, a customer-hosted LLM is required. The only outbound connection is license validation, which can be proxied. @@ -101,15 +101,15 @@ For air-gapped deployments, a customer-hosted LLM is required. The only outbound Pixee is designed for AI governance committee review. Concrete answers to common governance questions: -| Question | Answer | -|---|---| -| **What does the AI generate?** | Security fixes only — 1-5 line changes applying OWASP/SANS patterns. | -| **Who validates the output?** | An independent evaluation layer (separate inference call), then your developers via PR review, then your CI/CD and SAST re-scanning. | -| **Can it bypass human approval?** | No. PR-only delivery is an architectural constraint, not a configuration option. | -| **What data does it access?** | Only code relevant to the specific vulnerability. No entire repositories, no PII, no secrets. | -| **What if it is wrong?** | Fixes that fail quality evaluation are suppressed. Fixes that pass are reviewed by developers. Merged fixes can be reverted with standard Git operations. | -| **What is the deterministic floor?** | Common vulnerability patterns are fixed with zero AI involvement using publicly inspectable, open-source codemod engines. | -| **What controls exist on the AI itself?** | Constrained generation with security-specific context only, independent evaluation, structured retry with feedback, suppression on failure. | +| Question | Answer | +| ----------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **What does the AI generate?** | Security fixes only — 1-5 line changes applying OWASP/SANS patterns. | +| **Who validates the output?** | An independent evaluation layer (separate inference call), then your developers via PR review, then your CI/CD and SAST re-scanning. | +| **Can it bypass human approval?** | No. PR-only delivery is an architectural constraint, not a configuration option. | +| **What data does it access?** | Only code relevant to the specific vulnerability. No entire repositories, no PII, no secrets. | +| **What if it is wrong?** | Fixes that fail quality evaluation are suppressed. Fixes that pass are reviewed by developers. Merged fixes can be reverted with standard Git operations. | +| **What is the deterministic floor?** | Common vulnerability patterns are fixed with zero AI involvement using publicly inspectable, open-source codemod engines. | +| **What controls exist on the AI itself?** | Constrained generation with security-specific context only, independent evaluation, structured retry with feedback, suppression on failure. | ## Audit Defensibility diff --git a/docs/platform/triage.md b/docs/platform/triage.md index 55f69f74..835c4792 100644 --- a/docs/platform/triage.md +++ b/docs/platform/triage.md @@ -16,11 +16,11 @@ Triage is co-equal with [remediation](/platform/remediation). Together they clos Pixee routes every finding through a tiered system that applies the cheapest sufficient intelligence. Routing is automatic — no configuration required. -| Tier | Strategy | Speed | LLM Cost | Auditability | Coverage | -|---|---|---|---|---|---| -| **Tier 1: Structured** | 15+ deterministic analyzers | Sub-second | Zero | Reproducible — same input, same output | Known vulnerability classes (SQL injection, XSS, command injection, path traversal, 12+ more) | -| **Tier 2: Agentic** | AI agents dynamically search the codebase | Seconds | Per-finding | Readable investigation trail with every search and reasoning step | Ambiguous findings, novel frameworks, custom security controls | -| **Tier 3: Adaptive** | Handles novel rule types automatically, expanding coverage as new rule types are encountered | Minutes (first encounter), faster on subsequent encounters | Per-finding (first encounter only) | Generated analyzer is inspectable | Novel rule types, proprietary scanners, custom rulesets | +| Tier | Strategy | Speed | LLM Cost | Auditability | Coverage | +| ---------------------- | -------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ---------------------------------- | ----------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | +| **Tier 1: Structured** | 15+ deterministic analyzers | Sub-second | Zero | Reproducible — same input, same output | Known vulnerability classes (SQL injection, XSS, command injection, path traversal, 12+ more) | +| **Tier 2: Agentic** | AI agents dynamically search the codebase | Seconds | Per-finding | Readable investigation trail with every search and reasoning step | Ambiguous findings, novel frameworks, custom security controls | +| **Tier 3: Adaptive** | Handles novel rule types automatically, expanding coverage as new rule types are encountered | Minutes (first encounter), faster on subsequent encounters | Per-finding (first encounter only) | Generated analyzer is inspectable | Novel rule types, proprietary scanners, custom rulesets | **End-to-end flow:** @@ -54,23 +54,23 @@ A shared intelligence layer enriches all three tiers with codebase context. Reac Every triage verdict is a structured, machine-processable artifact. -| Status | Meaning | Recommended Action | -|---|---|---| -| **True Positive** | The finding is a real, exploitable vulnerability in this code context | Escalate for remediation — Pixee can generate a fix automatically | -| **False Positive** | The scanner fired on a pattern that is not exploitable in this context | Suppress from developer view; remove from backlog noise | -| **Won't Fix** | Technically real but not worth fixing given the context (test code, acceptable risk, compensating controls) | Deprioritize; document the rationale for auditors | -| **Suspicious** | Insufficient evidence for a definitive verdict | Route to a security engineer for manual assessment | +| Status | Meaning | Recommended Action | +| ------------------ | ----------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | +| **True Positive** | The finding is a real, exploitable vulnerability in this code context | Escalate for remediation — Pixee can generate a fix automatically | +| **False Positive** | The scanner fired on a pattern that is not exploitable in this context | Suppress from developer view; remove from backlog noise | +| **Won't Fix** | Technically real but not worth fixing given the context (test code, acceptable risk, compensating controls) | Deprioritize; document the rationale for auditors | +| **Suspicious** | Insufficient evidence for a definitive verdict | Route to a security engineer for manual assessment | **What ships with every verdict:** -| Component | What It Contains | -|---|---| -| **Typed status** | True Positive, False Positive, Won't Fix, or Suspicious — not a numeric score | -| **Adjusted severity** | Severity re-ranked based on context signals | -| **Justification prose** | Human-readable explanation of why this verdict was reached | -| **Code snippets** | The sanitizer location, dataflow path, or framework control that drove the decision | -| **Confidence score** | Quantified confidence in the verdict | -| **Investigation trail** (Tier 2/3) | Step-by-step record of agent searches, control checks, and reasoning chain | +| Component | What It Contains | +| ---------------------------------- | ----------------------------------------------------------------------------------- | +| **Typed status** | True Positive, False Positive, Won't Fix, or Suspicious — not a numeric score | +| **Adjusted severity** | Severity re-ranked based on context signals | +| **Justification prose** | Human-readable explanation of why this verdict was reached | +| **Code snippets** | The sanitizer location, dataflow path, or framework control that drove the decision | +| **Confidence score** | Quantified confidence in the verdict | +| **Investigation trail** (Tier 2/3) | Step-by-step record of agent searches, control checks, and reasoning chain | **Audit defensibility.** Compliance officers and auditors see exactly why a finding was suppressed. The justification and code snippets provide a defensible record for every triage decision. diff --git a/docs/platform/what-is-agentic-security-engineering.md b/docs/platform/what-is-agentic-security-engineering.md index 38a9cbef..65c06ad4 100644 --- a/docs/platform/what-is-agentic-security-engineering.md +++ b/docs/platform/what-is-agentic-security-engineering.md @@ -14,12 +14,12 @@ Agentic security engineering is a discipline where purpose-built AI agents auton Pixee adds triage, remediation, and delivery layers on top of your existing detection tools: -| Layer | Function | Who Provides It | -|---|---|---| -| **1. Detection** | Find vulnerabilities | Your existing scanners (SonarQube, Checkmarx, Semgrep, CodeQL, Snyk, Veracode, etc.) | -| **2. Triage** | Determine which findings are real threats | Pixee — see [Triage](/platform/triage) | -| **3. Remediation** | Generate validated code fixes | Pixee — deterministic + AI hybrid. See [Remediation](/platform/remediation) | -| **4. Delivery** | Ship fixes through existing workflow | Pixee — PRs in GitHub, GitLab, ADO, Bitbucket | +| Layer | Function | Who Provides It | +| ------------------ | ----------------------------------------- | ------------------------------------------------------------------------------------ | +| **1. Detection** | Find vulnerabilities | Your existing scanners (SonarQube, Checkmarx, Semgrep, CodeQL, Snyk, Veracode, etc.) | +| **2. Triage** | Determine which findings are real threats | Pixee — see [Triage](/platform/triage) | +| **3. Remediation** | Generate validated code fixes | Pixee — deterministic + AI hybrid. See [Remediation](/platform/remediation) | +| **4. Delivery** | Ship fixes through existing workflow | Pixee — PRs in GitHub, GitLab, ADO, Bitbucket | Pixee integrates natively with a growing list of scanners and accepts any SARIF-producing tool. No changes to your detection stack are required. @@ -55,22 +55,22 @@ The term "agentic" distinguishes this approach from both rule-based automation a ## End-to-End Processing Flow -| Stage | What Happens | Output | -|---|---|---| -| **1. Scan Ingestion** | Finding arrives via webhook or API; normalized into a common internal format | Standardized finding with maximum available metadata | -| **2. Triage** | Three-tier progressive analysis determines exploitability | Typed verdict (true positive, false positive, won't fix) with structured evidence | -| **3. Remediation** | Hybrid engine generates a validated fix for confirmed vulnerabilities | Code change that passed independent quality evaluation | -| **4. PR Delivery** | Fix shipped as a native pull request on your platform | Reviewable diff with vulnerability context, quality scores, and description | -| **5. Developer Review** | Your team reviews, tests, and merges through existing workflow | Merged fix or feedback | +| Stage | What Happens | Output | +| ----------------------- | ---------------------------------------------------------------------------- | --------------------------------------------------------------------------------- | +| **1. Scan Ingestion** | Finding arrives via webhook or API; normalized into a common internal format | Standardized finding with maximum available metadata | +| **2. Triage** | Three-tier progressive analysis determines exploitability | Typed verdict (true positive, false positive, won't fix) with structured evidence | +| **3. Remediation** | Hybrid engine generates a validated fix for confirmed vulnerabilities | Code change that passed independent quality evaluation | +| **4. PR Delivery** | Fix shipped as a native pull request on your platform | Reviewable diff with vulnerability context, quality scores, and description | +| **5. Developer Review** | Your team reviews, tests, and merges through existing workflow | Merged fix or feedback | SAST and SCA findings both flow through this same pipeline. ## Technical Stack -| Component | Responsibility | -|---|---| -| **Backend Platform** | Platform orchestration, scan ingestion, PR authoring, API layer, webhook processing | +| Component | Responsibility | +| -------------------- | -------------------------------------------------------------------------------------------- | +| **Backend Platform** | Platform orchestration, scan ingestion, PR authoring, API layer, webhook processing | | **Analysis Service** | Triage analysis, remediation generation, fix evaluation, SCA processing, code transformation | -| **User Interface** | Dashboard, findings management, configuration, reporting | +| **User Interface** | Dashboard, findings management, configuration, reporting | See [Platform Architecture](/platform/architecture) for the full technical stack and LLM orchestration details. diff --git a/docs/platform/what-pixee-fixes.md b/docs/platform/what-pixee-fixes.md index 0590b5ee..94fc65da 100644 --- a/docs/platform/what-pixee-fixes.md +++ b/docs/platform/what-pixee-fixes.md @@ -12,54 +12,54 @@ This page is the canonical reference for what Pixee can triage and fix. It cover ## Vulnerability Coverage Table -| Vulnerability Category | Examples | Triage | Fix Mode | -|---|---|---|---| -| **Injection — SQL** | SQL injection via string concatenation, unparameterized queries | Yes | Deterministic / Both | -| **Injection — Command** | OS command injection, shell metacharacters in exec calls | Yes | Deterministic / Both | -| **Injection — LDAP** | LDAP injection via unsanitized directory search filters | Yes | AI | -| **Injection — XPath** | XPath injection via user-controlled node selection | Yes | AI | -| **Injection — NoSQL** | NoSQL injection in MongoDB, Redis, and similar query patterns | Yes | AI | -| **Injection — Expression Language** | EL/OGNL injection via template or framework evaluation | Yes | AI | -| **Cross-Site Scripting (XSS) — Reflected** | Reflected XSS via unencoded user input in HTTP responses | Yes | Deterministic / Both | -| **Cross-Site Scripting (XSS) — Stored** | Stored XSS persisted in database and rendered to other users | Yes | Both | -| **Cross-Site Scripting (XSS) — DOM-Based** | DOM XSS via document.write, innerHTML, eval with user data | Yes | Both | -| **Path Traversal** | Directory traversal via `../` sequences, file inclusion flaws | Yes | Deterministic / Both | -| **Server-Side Request Forgery (SSRF)** | SSRF via unvalidated URL parameters to internal or cloud metadata endpoints | Yes | Deterministic / Both | -| **Insecure Deserialization** | Unsafe deserialization of untrusted data | Yes | Both | -| **Weak Cryptography** | MD5, SHA-1 for security-sensitive operations; ECB mode; short key lengths | Yes | Deterministic / Both | -| **Insecure Randomness** | Insecure random number generators used for security-sensitive tokens | Yes | Deterministic / Both | -| **Hardcoded Secrets** | Hardcoded API keys, passwords, tokens in source code | Yes | AI | -| **Authentication / Session Weaknesses** | Broken authentication, session fixation, missing session invalidation, insecure cookie flags | Yes | Both | -| **Insecure Direct Object Reference (IDOR)** | Missing authorization checks on resource identifiers | Yes | AI | -| **XML / XXE Vulnerabilities** | XML External Entity injection, DTD processing, XXE via SSRF | Yes | Deterministic / Both | -| **Insecure Temp Files** | Predictable temp file creation, race conditions on tempfile usage | Yes | Deterministic / Both | -| **Logging Sensitive Data** | PII, credentials, tokens written to logs | Yes | AI | -| **Security Misconfigurations** | Missing security headers, insecure defaults, disabled CSRF protection | Yes | Both | -| **SSL/TLS Weaknesses** | Disabled hostname verification, accepting all certificates, weak protocols | Yes | Deterministic / Both | -| **Dependency Vulnerabilities (SCA)** | CVEs in direct and transitive open-source dependencies | Yes | Deterministic / Both | -| **Container / Dockerfile Misconfigurations** | Running as root, insecure base image patterns, exposed secrets in layers | Yes | Both | -| **Infrastructure as Code (IaC) Misconfigurations** | Terraform / CloudFormation / Kubernetes / Helm security misconfigurations, overly permissive IAM, unencrypted storage | Yes | Both | -| **Open Redirect** | Redirects to attacker-controlled URLs via unvalidated redirect parameters | Yes | Both | -| **Code Injection / Eval Injection** | Dynamic code execution from untrusted input | Yes | Both | -| **Prototype Pollution** | JavaScript object prototype manipulation via untrusted key assignment | Yes | Both | -| **Template Injection (SSTI)** | Server-side template injection via user input rendered in template engines | Yes | Both | -| **Insecure File Upload** | Unrestricted file type or content upload without validation | Yes | Both | -| **Missing Security Headers** | CSP, HSTS, X-Frame-Options, and other protective headers absent from responses | Yes | Both | -| **CORS Misconfiguration** | Overly permissive cross-origin resource sharing allowing untrusted origins | Yes | Both | -| **Race Conditions / TOCTOU** | Time-of-check to time-of-use vulnerabilities in file and resource access | Yes | Triage | -| **Improper Input Validation** | Missing or insufficient validation of input data before processing | Yes | Both | -| **Integer Overflow / Underflow** | Arithmetic boundary condition errors leading to unexpected behavior | Yes | Both | +| Vulnerability Category | Examples | Triage | Fix Mode | +| -------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------ | -------------------- | +| **Injection — SQL** | SQL injection via string concatenation, unparameterized queries | Yes | Deterministic / Both | +| **Injection — Command** | OS command injection, shell metacharacters in exec calls | Yes | Deterministic / Both | +| **Injection — LDAP** | LDAP injection via unsanitized directory search filters | Yes | AI | +| **Injection — XPath** | XPath injection via user-controlled node selection | Yes | AI | +| **Injection — NoSQL** | NoSQL injection in MongoDB, Redis, and similar query patterns | Yes | AI | +| **Injection — Expression Language** | EL/OGNL injection via template or framework evaluation | Yes | AI | +| **Cross-Site Scripting (XSS) — Reflected** | Reflected XSS via unencoded user input in HTTP responses | Yes | Deterministic / Both | +| **Cross-Site Scripting (XSS) — Stored** | Stored XSS persisted in database and rendered to other users | Yes | Both | +| **Cross-Site Scripting (XSS) — DOM-Based** | DOM XSS via document.write, innerHTML, eval with user data | Yes | Both | +| **Path Traversal** | Directory traversal via `../` sequences, file inclusion flaws | Yes | Deterministic / Both | +| **Server-Side Request Forgery (SSRF)** | SSRF via unvalidated URL parameters to internal or cloud metadata endpoints | Yes | Deterministic / Both | +| **Insecure Deserialization** | Unsafe deserialization of untrusted data | Yes | Both | +| **Weak Cryptography** | MD5, SHA-1 for security-sensitive operations; ECB mode; short key lengths | Yes | Deterministic / Both | +| **Insecure Randomness** | Insecure random number generators used for security-sensitive tokens | Yes | Deterministic / Both | +| **Hardcoded Secrets** | Hardcoded API keys, passwords, tokens in source code | Yes | AI | +| **Authentication / Session Weaknesses** | Broken authentication, session fixation, missing session invalidation, insecure cookie flags | Yes | Both | +| **Insecure Direct Object Reference (IDOR)** | Missing authorization checks on resource identifiers | Yes | AI | +| **XML / XXE Vulnerabilities** | XML External Entity injection, DTD processing, XXE via SSRF | Yes | Deterministic / Both | +| **Insecure Temp Files** | Predictable temp file creation, race conditions on tempfile usage | Yes | Deterministic / Both | +| **Logging Sensitive Data** | PII, credentials, tokens written to logs | Yes | AI | +| **Security Misconfigurations** | Missing security headers, insecure defaults, disabled CSRF protection | Yes | Both | +| **SSL/TLS Weaknesses** | Disabled hostname verification, accepting all certificates, weak protocols | Yes | Deterministic / Both | +| **Dependency Vulnerabilities (SCA)** | CVEs in direct and transitive open-source dependencies | Yes | Deterministic / Both | +| **Container / Dockerfile Misconfigurations** | Running as root, insecure base image patterns, exposed secrets in layers | Yes | Both | +| **Infrastructure as Code (IaC) Misconfigurations** | Terraform / CloudFormation / Kubernetes / Helm security misconfigurations, overly permissive IAM, unencrypted storage | Yes | Both | +| **Open Redirect** | Redirects to attacker-controlled URLs via unvalidated redirect parameters | Yes | Both | +| **Code Injection / Eval Injection** | Dynamic code execution from untrusted input | Yes | Both | +| **Prototype Pollution** | JavaScript object prototype manipulation via untrusted key assignment | Yes | Both | +| **Template Injection (SSTI)** | Server-side template injection via user input rendered in template engines | Yes | Both | +| **Insecure File Upload** | Unrestricted file type or content upload without validation | Yes | Both | +| **Missing Security Headers** | CSP, HSTS, X-Frame-Options, and other protective headers absent from responses | Yes | Both | +| **CORS Misconfiguration** | Overly permissive cross-origin resource sharing allowing untrusted origins | Yes | Both | +| **Race Conditions / TOCTOU** | Time-of-check to time-of-use vulnerabilities in file and resource access | Yes | Triage | +| **Improper Input Validation** | Missing or insufficient validation of input data before processing | Yes | Both | +| **Integer Overflow / Underflow** | Arithmetic boundary condition errors leading to unexpected behavior | Yes | Both | ## Secrets Detection Pixee primarily triages secrets findings — detecting hardcoded credentials, API keys, tokens, and cloud provider secrets in source code. Automated fixes are available for common patterns where a safe remediation is unambiguous. -| Category | Examples | -|---|---| -| **API Keys & Tokens** | Hardcoded API keys, OAuth tokens, service account keys | -| **Credentials in Code** | Hardcoded passwords, database connection strings | -| **Cloud Provider Secrets** | AWS access keys, GCP service account JSON, Azure credentials | -| **Private Keys & Certificates** | RSA/EC private keys, TLS certificates committed to repos | +| Category | Examples | +| ------------------------------- | ------------------------------------------------------------ | +| **API Keys & Tokens** | Hardcoded API keys, OAuth tokens, service account keys | +| **Credentials in Code** | Hardcoded passwords, database connection strings | +| **Cloud Provider Secrets** | AWS access keys, GCP service account JSON, Azure credentials | +| **Private Keys & Certificates** | RSA/EC private keys, TLS certificates committed to repos | ## Custom Rules From 0a6d145d58c63f9852d38fce68d205480bfb812c Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 21:49:36 -0700 Subject: [PATCH 18/20] =?UTF-8?q?docs:=20add=20third=20scanner=20connectio?= =?UTF-8?q?n=20method=20=E2=80=94=20native=20pull=20via=20Pixee=20integrat?= =?UTF-8?q?ion?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Sonnet 4.6 --- docs/getting-started/getting-started.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/getting-started/getting-started.md b/docs/getting-started/getting-started.md index f8e5ec23..98f9ddd5 100644 --- a/docs/getting-started/getting-started.md +++ b/docs/getting-started/getting-started.md @@ -48,6 +48,7 @@ Pixee requires scanner findings to perform triage and generate fixes. Without co - For scanners that write to your SCM's code-scanning surface (GitHub Code Scanning, GitLab Security Dashboard, etc.), Pixee ingests findings automatically through the SCM integration — no additional step required. - For scanners that don't write to the SCM's code-scanning surface, upload SARIF results to the SCM's code-scanning API as a CI step. Pixee then ingests them through the SCM integration. +- For natively integrated scanners, configure the scanner connection directly in Pixee. Pixee pulls results automatically — no SARIF upload or CI step required. See [Integrations Overview](/integrations/overview) for the list of supported native integrations. Pixee integrates natively with a growing list of scanners including CodeQL, Semgrep, Checkmarx, Veracode, Snyk Code, SonarQube, AppScan, Polaris, Fortify, Contrast, GitLab SAST, GitLab SCA, and Trivy. Any SARIF-producing scanner also works. See [Scanner Integration](/platform/scanner-integration) for the full list and [CI/CD Integration](/integrations/ci-cd) for pipeline setup examples. From da2f327cd660452f8ed141f3525a8acbb895203d Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 22:11:20 -0700 Subject: [PATCH 19/20] =?UTF-8?q?docs:=20admonitions,=20readability=20impr?= =?UTF-8?q?ovements,=20and=20rename=20Cloud=20SaaS=20=E2=86=92=20Dedicated?= =?UTF-8?q?=20SaaS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Admonitions: - getting-started.md: :::warning for required scanner connection - first-fix.md: :::note wrapping the troubleshooting checklist - platform/triage.md: :::info surfacing 98% FP reduction stat - platform/remediation.md: :::info for fix evaluation gate - enterprise/byom.md: :::info for governance controls section - enterprise/air-gap.md: :::warning for license validation network requirement Triage page: - Simplify 6-column tier table to 4 columns — drops Auditability/LLM Cost as standalone columns, folds cost note into Strategy cell Dedicated SaaS rename: - Global find-and-replace of "Cloud SaaS" → "Dedicated SaaS" across all 17 occurrences - deployment-overview.md: add single-tenant callout in Dedicated SaaS Architecture section - security-architecture.md, compliance.md, platform/security.md, faq.md: updated labels Co-Authored-By: Claude Sonnet 4.6 --- docs/enterprise/byom.md | 4 +- docs/enterprise/compliance.md | 12 +++--- docs/enterprise/deployment/air-gap.md | 4 +- .../deployment/deployment-overview.md | 38 ++++++++++--------- docs/enterprise/enterprise-overview.md | 4 +- docs/enterprise/phased-rollout.md | 2 +- docs/enterprise/security-architecture.md | 18 ++++----- docs/faq/faq.md | 4 +- docs/getting-started/first-fix.md | 4 +- docs/getting-started/getting-started.md | 4 +- docs/platform/remediation.md | 4 +- docs/platform/security.md | 12 +++--- docs/platform/triage.md | 16 +++++--- 13 files changed, 71 insertions(+), 55 deletions(-) diff --git a/docs/enterprise/byom.md b/docs/enterprise/byom.md index 884a82ce..12e2509a 100644 --- a/docs/enterprise/byom.md +++ b/docs/enterprise/byom.md @@ -70,7 +70,9 @@ Contact your account team for guidance on model-to-task assignment for your depl ## Governance Controls -Bring Your Own Model is not just a technical feature — it is a governance feature. +:::info +Bring Your Own Model is not just a technical feature — it is a governance feature. You own the API keys, control which model handles your code, and see all LLM costs on your own cloud bill. +::: | Control | Detail | | ------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | diff --git a/docs/enterprise/compliance.md b/docs/enterprise/compliance.md index 6a0d53d9..29ac94f6 100644 --- a/docs/enterprise/compliance.md +++ b/docs/enterprise/compliance.md @@ -59,12 +59,12 @@ Evidence is exportable via the reporting API in CSV and JSON formats for integra Compliance-driven organizations frequently ask where data lives. The answer depends on your deployment model: -| Deployment Model | Data Residency | LLM Data Handling | -| -------------------- | -------------------------------------------- | --------------------------------------------------- | -| **Cloud SaaS** | Pixee cloud (see Pixee data handling policy) | Pixee-managed LLM providers | -| **Embedded Cluster** | Customer network | Customer's LLM provider in customer's chosen region | -| **Helm / BYO K8s** | Customer network | Customer's LLM provider in customer's chosen region | -| **Air-Gapped** | Customer network (isolated) | Customer's private LLM endpoint | +| Deployment Model | Data Residency | LLM Data Handling | +| -------------------- | ------------------------------------------------------------------------------------------------ | --------------------------------------------------- | +| **Dedicated SaaS** | Pixee cloud — dedicated, single-tenant environment per customer (see Pixee data handling policy) | Pixee-managed LLM providers | +| **Embedded Cluster** | Customer network | Customer's LLM provider in customer's chosen region | +| **Helm / BYO K8s** | Customer network | Customer's LLM provider in customer's chosen region | +| **Air-Gapped** | Customer network (isolated) | Customer's private LLM endpoint | For self-hosted deployments, source code and scanner findings stay in the customer's network. LLM inference uses the customer's chosen provider in the customer's chosen region. The only outbound connection is license validation, which can be proxied. diff --git a/docs/enterprise/deployment/air-gap.md b/docs/enterprise/deployment/air-gap.md index 4016cf21..8a491488 100644 --- a/docs/enterprise/deployment/air-gap.md +++ b/docs/enterprise/deployment/air-gap.md @@ -21,7 +21,9 @@ In Pixee's air-gapped deployment: The same Pixee platform, the same Helm chart, and the same upgrade path apply as in connected deployments. Air-gapped mode changes where LLM inference runs and how network traffic flows -- not what the product does. -**An honest clarification:** "Air-gapped" in this context means LLM inference is private and code stays internal. License validation still requires a network path to Pixee servers -- either direct or through a proxy. This is not a fully zero-internet-connectivity deployment. If your policy prohibits all outbound connections without exception, read the Known Limitations section below and discuss requirements with Pixee solutions engineering before proceeding. +:::warning[Not fully zero-internet] +"Air-gapped" in this context means LLM inference is private and code stays internal. License validation still requires a network path to Pixee servers — either direct or through a proxy. If your policy prohibits all outbound connections without exception, read [Known Limitations](#known-limitations) below and contact Pixee solutions engineering before proceeding. +::: ## Supported Private LLM Endpoints diff --git a/docs/enterprise/deployment/deployment-overview.md b/docs/enterprise/deployment/deployment-overview.md index 7bede35b..dd3ffb9f 100644 --- a/docs/enterprise/deployment/deployment-overview.md +++ b/docs/enterprise/deployment/deployment-overview.md @@ -4,20 +4,22 @@ slug: /enterprise/deployment track: leader content_type: guide seo_title: Deployment Options - SaaS, Self-Hosted, and Air-Gapped Security Automation -description: "Compare Pixee deployment models: cloud SaaS, embedded cluster, Helm/BYO Kubernetes, and air-gapped. Includes data flow tables and infrastructure requirements." +description: "Compare Pixee deployment models: Dedicated SaaS, embedded cluster, Helm/BYO Kubernetes, and air-gapped. Includes data flow tables and infrastructure requirements." sidebar_position: 1 --- -Pixee offers four deployment models: cloud SaaS, a turnkey embedded cluster for organizations without Kubernetes, a standard Helm chart for existing EKS/GKE/AKS clusters, and a fully air-gapped deployment with private LLM endpoints. Every model delivers the same triage and remediation engine. The only difference is where the infrastructure runs and how data flows through your network. +Pixee offers four deployment models: Dedicated SaaS, a turnkey embedded cluster for organizations without Kubernetes, a standard Helm chart for existing EKS/GKE/AKS clusters, and a fully air-gapped deployment with private LLM endpoints. Every model delivers the same triage and remediation engine. The only difference is where the infrastructure runs and how data flows through your network. This page provides architecture descriptions, data flow tables, and infrastructure requirements for each model. Security teams reviewing Pixee for enterprise deployment should start here. ## Deployment Model Comparison -### Cloud SaaS Architecture +### Dedicated SaaS Architecture Pixee manages all infrastructure. The customer installs a GitHub App, GitLab PAT, Azure DevOps PAT, or Bitbucket API token. Source code access flows through the SCM integration. Analysis, triage, and LLM inference run on Pixee-managed infrastructure. Fixes are delivered as pull requests back to the customer's SCM. +**Single-tenant.** Each customer is provisioned into a dedicated, isolated environment — your code, findings, triage decisions, and LLM inference requests are never co-mingled with another organization's data. + **Component layout:** Pixee platform (Pixee-managed cloud) connects to customer SCM via API. LLM inference runs on Pixee-managed providers. All processing happens outside the customer network. Results return as PRs through the SCM API. ### Embedded Cluster Architecture @@ -38,18 +40,18 @@ The same Helm chart deploys into a disconnected environment. LLM inference runs **Component layout:** Customer Kubernetes cluster in an isolated network runs the full Pixee stack. LLM inference routes to a private endpoint (Azure AI Foundry, Azure Anthropic, or OpenAI-compatible gateway) within the customer's network boundary. The only outbound connection is license validation, which can be proxied. SCM integration connects to the internal SCM instance. -| Model | Infrastructure | LLM | Data Residency | K8s Required | Best For | -| -------------------- | -------------- | --------------- | ------------------ | ---------------- | --------------------------------- | -| **Cloud SaaS** | Pixee-managed | Pixee-managed | Pixee cloud | No | Zero-infra teams | -| **Embedded Cluster** | Customer VM | Customer-chosen | Customer network | No (K3s bundled) | No-K8s orgs, regulated industries | -| **Helm / BYO K8s** | Customer K8s | Customer-chosen | Customer network | Yes | Platform-engineering teams | -| **Air-Gapped** | Customer K8s | Customer-hosted | Air-gapped network | Yes | Federal, finance, healthcare | +| Model | Infrastructure | LLM | Data Residency | K8s Required | Best For | +| -------------------- | -------------- | --------------- | --------------------------- | ---------------- | --------------------------------- | +| **Dedicated SaaS** | Pixee-managed | Pixee-managed | Pixee cloud (single-tenant) | No | Zero-infra teams | +| **Embedded Cluster** | Customer VM | Customer-chosen | Customer network | No (K3s bundled) | No-K8s orgs, regulated industries | +| **Helm / BYO K8s** | Customer K8s | Customer-chosen | Customer network | Yes | Platform-engineering teams | +| **Air-Gapped** | Customer K8s | Customer-hosted | Air-gapped network | Yes | Federal, finance, healthcare | ## Data Flow by Deployment Model This table answers the question security teams ask first: "What data leaves my network?" -| Data Type | Cloud SaaS | Embedded Cluster | Helm / BYO K8s | Air-Gapped | +| Data Type | Dedicated SaaS | Embedded Cluster | Helm / BYO K8s | Air-Gapped | | ------------------------ | ------------------- | ------------------------- | ------------------------- | ---------------------------- | | Source code snippets | Sent to Pixee cloud | Stays in customer network | Stays in customer network | Stays in customer network | | Scanner findings (SARIF) | Sent to Pixee cloud | Stays in customer network | Stays in customer network | Stays in customer network | @@ -86,13 +88,13 @@ Contact Pixee solutions engineering for guidance on multi-deployment architectur For security teams conducting network reviews, this table maps every external connection Pixee requires. -| Connection | Purpose | Cloud SaaS | Embedded Cluster | Helm / BYO K8s | Air-Gapped | -| ----------------------------- | ----------------------------- | ------------- | ------------------- | ------------------- | ---------------- | -| SCM webhooks (inbound 443) | Repository events | Pixee cloud | Customer network | Customer network | Customer network | -| LLM endpoint (outbound) | AI inference | Pixee-managed | Customer's provider | Customer's provider | Private endpoint | -| License server (outbound) | License validation | Pixee cloud | Direct or proxy | Direct or proxy | Proxy required | -| Telemetry (outbound, opt-in) | Usage metrics | Pixee cloud | Toggleable | Toggleable | Blocked | -| Container registry (outbound) | Image pulls (install/upgrade) | N/A | Required | Required | Pre-loaded | +| Connection | Purpose | Dedicated SaaS | Embedded Cluster | Helm / BYO K8s | Air-Gapped | +| ----------------------------- | ----------------------------- | -------------- | ------------------- | ------------------- | ---------------- | +| SCM webhooks (inbound 443) | Repository events | Pixee cloud | Customer network | Customer network | Customer network | +| LLM endpoint (outbound) | AI inference | Pixee-managed | Customer's provider | Customer's provider | Private endpoint | +| License server (outbound) | License validation | Pixee cloud | Direct or proxy | Direct or proxy | Proxy required | +| Telemetry (outbound, opt-in) | Usage metrics | Pixee cloud | Toggleable | Toggleable | Blocked | +| Container registry (outbound) | Image pulls (install/upgrade) | N/A | Required | Required | Pre-loaded | No other outbound connections are required. Self-hosted deployments require no inbound connections except SCM webhooks on port 443. @@ -109,7 +111,7 @@ Use this decision tree to narrow down your model: - No -- continue 3. **Do you want zero infrastructure management?** - - Yes -- Cloud SaaS + - Yes -- Dedicated SaaS - No -- embedded cluster or Helm (based on step 1) 4. **Do you have regulatory data residency requirements?** diff --git a/docs/enterprise/enterprise-overview.md b/docs/enterprise/enterprise-overview.md index 711ec115..5452a557 100644 --- a/docs/enterprise/enterprise-overview.md +++ b/docs/enterprise/enterprise-overview.md @@ -8,7 +8,7 @@ description: Pixee Enterprise deployment models, compliance controls, identity m sidebar_position: 1 --- -Pixee Enterprise deploys into your infrastructure -- cloud SaaS, turnkey embedded cluster, Helm into existing Kubernetes, or fully air-gapped with your own LLM. Every deployment model delivers the same triage and remediation engine, the same scanner integrations, and the same audit trail. This section covers deployment options, compliance, security architecture, and how to measure operational impact. +Pixee Enterprise deploys into your infrastructure -- Dedicated SaaS, turnkey embedded cluster, Helm into existing Kubernetes, or fully air-gapped with your own LLM. Every deployment model delivers the same triage and remediation engine, the same scanner integrations, and the same audit trail. This section covers deployment options, compliance, security architecture, and how to measure operational impact. ## Enterprise Capabilities @@ -29,7 +29,7 @@ A single Pixee Enterprise deployment supports multiple SCM platforms simultaneou | Model | Best For | Infra Required | Time to Deploy | | ------------------------- | ----------------------------------------------------- | ------------------------------------------ | -------------- | -| **Cloud SaaS** | Teams wanting zero infrastructure management | None | Minutes | +| **Dedicated SaaS** | Teams wanting zero infrastructure management | None | Minutes | | **Embedded Cluster** | Orgs without Kubernetes, regulated industries | Single Linux VM (8 vCPU, 32 GB RAM) | Under 1 hour | | **Helm / BYO Kubernetes** | Orgs with existing EKS/GKE/AKS clusters | Customer Kubernetes cluster | Under 1 hour | | **Air-Gapped** | Federal, financial services, healthcare (no internet) | Customer Kubernetes + private LLM endpoint | Hours | diff --git a/docs/enterprise/phased-rollout.md b/docs/enterprise/phased-rollout.md index 23cbef5a..ad9ceec4 100644 --- a/docs/enterprise/phased-rollout.md +++ b/docs/enterprise/phased-rollout.md @@ -96,7 +96,7 @@ Consistent metrics across all enrolled teams, compliance team sign-off on audit Executive sign-off requires presenting Phase 3 results with the metrics tracked in [Enterprise Overview > Measuring Success](/enterprise/overview#measuring-success): merge rate, triage reduction, MTTR, and compliance window adherence. -Make enterprise deployment model decisions at this stage -- cloud SaaS, embedded cluster, Helm, or air-gapped based on compliance requirements. See [Deployment Options](/enterprise/deployment). +Make enterprise deployment model decisions at this stage -- Dedicated SaaS, embedded cluster, Helm, or air-gapped based on compliance requirements. See [Deployment Options](/enterprise/deployment). ### Security Engineer Execution Track diff --git a/docs/enterprise/security-architecture.md b/docs/enterprise/security-architecture.md index 128a1938..1980512b 100644 --- a/docs/enterprise/security-architecture.md +++ b/docs/enterprise/security-architecture.md @@ -39,7 +39,7 @@ The following describes how data flows through a self-hosted Pixee deployment: 5. **Approved fixes** are delivered as pull requests back to the customer's SCM 6. **Triage decisions** are persisted with timestamp, classification, and LLM justification -For cloud SaaS, steps 2-4 run on Pixee-managed infrastructure. For all self-hosted models, every step runs within the customer's network. +For Dedicated SaaS, steps 2-4 run on Pixee-managed infrastructure. For all self-hosted models, every step runs within the customer's network. ### Data Classification Table @@ -57,13 +57,13 @@ This table is the single most important reference for security review. It specif ### Data Flow by Deployment Model -| Data Type | Cloud SaaS | Self-Hosted (Embedded/Helm) | Air-Gapped | -| -------------------- | ------------- | --------------------------- | ---------------------------- | -| Source code snippets | Pixee cloud | Customer network | Customer network | -| Scanner findings | Pixee cloud | Customer network | Customer network | -| LLM inference | Pixee-managed | Customer's provider | Customer's private endpoint | -| Triage records | Pixee cloud | Customer network | Customer network | -| License validation | Pixee cloud | Pixee cloud (proxyable) | Pixee cloud (proxy required) | +| Data Type | Dedicated SaaS (single-tenant) | Self-Hosted (Embedded/Helm) | Air-Gapped | +| -------------------- | ------------------------------ | --------------------------- | ---------------------------- | +| Source code snippets | Pixee cloud (dedicated) | Customer network | Customer network | +| Scanner findings | Pixee cloud (dedicated) | Customer network | Customer network | +| LLM inference | Pixee-managed | Customer's provider | Customer's private endpoint | +| Triage records | Pixee cloud (dedicated) | Customer network | Customer network | +| License validation | Pixee cloud | Pixee cloud (proxyable) | Pixee cloud (proxy required) | ## Authentication and Access Control @@ -166,4 +166,4 @@ Pixee retains the following data categories, each with distinct lifecycle contro **LLM interaction logs** (prompts and responses) are retained for audit and debugging purposes. Enterprise customers can configure the retention period to match their organization's data governance policies. -**Data purge** follows standard Kubernetes PVC lifecycle. Customers control retention and deletion through their infrastructure configuration. For cloud SaaS deployments, data deletion requests are handled through standard support channels. +**Data purge** follows standard Kubernetes PVC lifecycle. Customers control retention and deletion through their infrastructure configuration. For Dedicated SaaS deployments, data deletion requests are handled through standard support channels. diff --git a/docs/faq/faq.md b/docs/faq/faq.md index e35b3f55..5c79e39b 100644 --- a/docs/faq/faq.md +++ b/docs/faq/faq.md @@ -46,7 +46,7 @@ Copilot Autofix is limited to GitHub Advanced Security (CodeQL) findings on GitH ### How long does it take to set up Pixee? -Cloud SaaS setup: install the GitHub App, GitLab integration, Azure DevOps extension, or Bitbucket connector and Pixee begins analyzing repositories immediately — under 5 minutes. Self-hosted deployment (embedded cluster or Helm) typically completes in under one hour. Air-gapped deployment takes longer due to private LLM configuration and image transfer. +Dedicated SaaS setup: install the GitHub App, GitLab integration, Azure DevOps extension, or Bitbucket connector and Pixee begins analyzing repositories immediately — under 5 minutes. Self-hosted deployment (embedded cluster or Helm) typically completes in under one hour. Air-gapped deployment takes longer due to private LLM configuration and image transfer. ### Does Pixee require code changes to install? @@ -102,7 +102,7 @@ Yes. Pixee supports fully air-gapped deployment with a customer-hosted LLM. No c ### How does Pixee handle data residency requirements? -Self-hosted deployments keep all data in your network. Air-gapped deployments have zero outbound data transmission. For cloud SaaS, contact Pixee for data handling details. See [Security Architecture](/enterprise/security-architecture) for the full data flow table by deployment model. +Self-hosted deployments keep all data in your network. Air-gapped deployments have zero outbound data transmission. For Dedicated SaaS, each customer is provisioned into a dedicated, single-tenant environment — contact Pixee for full data handling details. See [Security Architecture](/enterprise/security-architecture) for the full data flow table by deployment model. ### What data does Pixee send to LLM providers? diff --git a/docs/getting-started/first-fix.md b/docs/getting-started/first-fix.md index 92a103f3..08f5bf1b 100644 --- a/docs/getting-started/first-fix.md +++ b/docs/getting-started/first-fix.md @@ -79,12 +79,14 @@ Standard `git revert` applies if a merged change ever needs to be undone. There ## If No Fix Arrives -If you do not see a PR within an hour of installation: +:::note +If you do not see a PR within an hour of installation, check these in order: 1. **Verify the integration is connected.** Check that Pixee has access to the repositories you selected during setup. 2. **Confirm a scanner is connected.** Pixee needs scanner findings to act on. Connect CodeQL, Semgrep, SonarQube, or any SARIF-producing scanner via [CI/CD Integration](/integrations/ci-cd). 3. **Confirm supported languages are present.** Repositories in unsupported languages will not generate fixes. 4. **Check for fixable findings.** Your repositories may have findings that Pixee cannot currently remediate. Triage classifications will still appear. + ::: ## From First Fix to Full Value diff --git a/docs/getting-started/getting-started.md b/docs/getting-started/getting-started.md index 98f9ddd5..0383714c 100644 --- a/docs/getting-started/getting-started.md +++ b/docs/getting-started/getting-started.md @@ -42,7 +42,9 @@ Total time to first merged fix: under 30 minutes for most teams. ## Connecting Scanners (Required) -Pixee requires scanner findings to perform triage and generate fixes. Without connected scanners, there is nothing for Pixee to act on. +:::warning[Scanners are required] +Pixee requires scanner findings to perform triage and generate fixes. Without at least one connected scanner, there is nothing for Pixee to act on. Installing Pixee without connecting a scanner will not produce any results. +::: **What "connecting a scanner" means:** diff --git a/docs/platform/remediation.md b/docs/platform/remediation.md index 3813d06b..b34fb2b3 100644 --- a/docs/platform/remediation.md +++ b/docs/platform/remediation.md @@ -35,7 +35,9 @@ Key capabilities: follows SARIF-based taint propagation across files, highlights ## Fix Evaluation -Every generated fix passes through an independent quality gate before a developer sees it. Bad fixes are rejected, not shipped. +:::info +Every generated fix passes through an independent quality gate before a developer sees it. **Bad fixes are rejected, not shipped** — a fix that cannot pass evaluation is suppressed entirely and never reaches a PR. +::: **Three-dimension rubric:** diff --git a/docs/platform/security.md b/docs/platform/security.md index 12f45775..fd420e63 100644 --- a/docs/platform/security.md +++ b/docs/platform/security.md @@ -81,12 +81,12 @@ Every Pixee change flows through your full approval pipeline. PR-only delivery i ## Deployment Models -| Model | What It Provides | -| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | -| **Cloud SaaS** | Pixee-managed infrastructure. Pixee accesses repositories via SCM integration (read-only code access, write access limited to PR creation). | -| **Embedded cluster** | Turnkey self-hosted deployment on a single Linux VM. No Kubernetes expertise required. All data stays in your network. | -| **Helm / BYO Kubernetes** | Deploys into your existing Kubernetes infrastructure (EKS, GKE, AKS, or self-managed). | -| **Air-gapped** | Fully disconnected operation with customer-hosted LLM. Zero outbound internet after installation. | +| Model | What It Provides | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Dedicated SaaS** | Pixee-managed infrastructure, dedicated single-tenant environment per customer. Pixee accesses repositories via SCM integration (read-only code access, write access limited to PR creation). | +| **Embedded cluster** | Turnkey self-hosted deployment on a single Linux VM. No Kubernetes expertise required. All data stays in your network. | +| **Helm / BYO Kubernetes** | Deploys into your existing Kubernetes infrastructure (EKS, GKE, AKS, or self-managed). | +| **Air-gapped** | Fully disconnected operation with customer-hosted LLM. Zero outbound internet after installation. | For air-gapped deployments, a customer-hosted LLM is required. The only outbound connection is license validation, which can be proxied. diff --git a/docs/platform/triage.md b/docs/platform/triage.md index 835c4792..591e167f 100644 --- a/docs/platform/triage.md +++ b/docs/platform/triage.md @@ -8,7 +8,11 @@ description: How Pixee's three-tier triage engine classifies every vulnerability sidebar_position: 3 --- -Pixee's triage engine classifies every vulnerability finding as true positive, false positive, or won't-fix through codebase-aware exploitability analysis. The three-tier progressive architecture handles known patterns at sub-second speed, investigates ambiguous cases via AI agents, and generates custom analyzers for novel vulnerability types. The result: up to 98% false positive reduction with structured evidence on every verdict, across findings from natively integrated scanners. +Pixee's triage engine classifies every vulnerability finding as true positive, false positive, or won't-fix through codebase-aware exploitability analysis. The three-tier progressive architecture handles known patterns at sub-second speed, investigates ambiguous cases via AI agents, and generates custom analyzers for novel vulnerability types. + +:::info[Up to 98% false positive reduction] +Every verdict includes structured, auditable evidence — specific code paths, security controls, or context signals that drove the decision. Not a score. An investigation trail. +::: Triage is co-equal with [remediation](/platform/remediation). Together they close the loop from "scanner found something" to "vulnerability is fixed." @@ -16,11 +20,11 @@ Triage is co-equal with [remediation](/platform/remediation). Together they clos Pixee routes every finding through a tiered system that applies the cheapest sufficient intelligence. Routing is automatic — no configuration required. -| Tier | Strategy | Speed | LLM Cost | Auditability | Coverage | -| ---------------------- | -------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | ---------------------------------- | ----------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | -| **Tier 1: Structured** | 15+ deterministic analyzers | Sub-second | Zero | Reproducible — same input, same output | Known vulnerability classes (SQL injection, XSS, command injection, path traversal, 12+ more) | -| **Tier 2: Agentic** | AI agents dynamically search the codebase | Seconds | Per-finding | Readable investigation trail with every search and reasoning step | Ambiguous findings, novel frameworks, custom security controls | -| **Tier 3: Adaptive** | Handles novel rule types automatically, expanding coverage as new rule types are encountered | Minutes (first encounter), faster on subsequent encounters | Per-finding (first encounter only) | Generated analyzer is inspectable | Novel rule types, proprietary scanners, custom rulesets | +| Tier | Strategy | Speed | Coverage | +| ---------------------- | --------------------------------------------------------------------------- | ------------------------- | ------------------------------------------------------------------------------ | +| **Tier 1: Structured** | 15+ deterministic analyzers — no LLM, zero cost | Sub-second | Known classes: SQL injection, XSS, command injection, path traversal, 12+ more | +| **Tier 2: Agentic** | AI agents dynamically search the codebase | Seconds | Ambiguous findings, novel frameworks, custom security controls | +| **Tier 3: Adaptive** | Auto-generates coverage for novel rule types; expands on each new encounter | Minutes (first encounter) | Proprietary scanners, custom Semgrep/CodeQL rules, internal rulesets | **End-to-end flow:** From 506fb85c82c63517e75fcef277cc0742b8a1c89c Mon Sep 17 00:00:00 2001 From: Surag Date: Fri, 8 May 2026 22:14:24 -0700 Subject: [PATCH 20/20] docs: remove supported languages bullet from prerequisites Unnecessary to call out language support in the getting started prereqs. Co-Authored-By: Claude Sonnet 4.6 --- docs/getting-started/getting-started.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/getting-started/getting-started.md b/docs/getting-started/getting-started.md index 0383714c..4e32a952 100644 --- a/docs/getting-started/getting-started.md +++ b/docs/getting-started/getting-started.md @@ -71,7 +71,6 @@ Need enterprise deployment (self-hosted, air-gapped, BYOM)? Start with [Enterpri ## Prerequisites - A GitHub, GitLab, Azure DevOps, or Bitbucket account with at least one repository -- Code in a supported language: Java, Python, JavaScript/TypeScript, .NET, Go, Ruby, PHP, Kotlin, Rust, Scala, Swift, or IaC - At least one connected scanner — this is required for triage and remediation to work No agents to install. No CLI required for the standard workflow. No configuration files needed to start.