diff --git a/src/aws/cis-1.2.0/CHANGELOG.md b/src/aws/cis-1.2.0/CHANGELOG.md index 568d602e..39d31031 100644 --- a/src/aws/cis-1.2.0/CHANGELOG.md +++ b/src/aws/cis-1.2.0/CHANGELOG.md @@ -1,3 +1,29 @@ +# @cloudgraph/policy-pack-aws-cis-1.2.0 [0.11.0](https://github.com/cloudgraphdev/cloudgraph-policy-packs/compare/@cloudgraph/policy-pack-aws-cis-1.2.0@0.10.0...@cloudgraph/policy-pack-aws-cis-1.2.0@0.11.0) (2022-05-02) + + +### Bug Fixes + +* rename vpc flowLogs connection to FlowLog ([c31e985](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/c31e985b4a2623fb01f8a29a4c5897becb2e4905)) +* Updated policy field for S3 schema ([dc3d6c8](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/dc3d6c8b4b7e22ba58c1394d0b64e866ab3de519)) + + +### Features + +* Included 6.x rules for aws nist 800-53 ([b51f652](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/b51f6522e7721928ea8dc30d009ac5530f6e86eb)) + +# @cloudgraph/policy-pack-aws-cis-1.2.0 [0.11.0-beta.1](https://github.com/cloudgraphdev/cloudgraph-policy-packs/compare/@cloudgraph/policy-pack-aws-cis-1.2.0@0.10.0...@cloudgraph/policy-pack-aws-cis-1.2.0@0.11.0-beta.1) (2022-05-02) + + +### Bug Fixes + +* rename vpc flowLogs connection to FlowLog ([c31e985](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/c31e985b4a2623fb01f8a29a4c5897becb2e4905)) +* Updated policy field for S3 schema ([dc3d6c8](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/dc3d6c8b4b7e22ba58c1394d0b64e866ab3de519)) + + +### Features + +* Included 6.x rules for aws nist 800-53 ([b51f652](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/b51f6522e7721928ea8dc30d009ac5530f6e86eb)) + # @cloudgraph/policy-pack-aws-cis-1.2.0 [0.11.0-alpha.1](https://github.com/cloudgraphdev/cloudgraph-policy-packs/compare/@cloudgraph/policy-pack-aws-cis-1.2.0@0.10.1-alpha.1...@cloudgraph/policy-pack-aws-cis-1.2.0@0.11.0-alpha.1) (2022-04-27) diff --git a/src/aws/cis-1.2.0/package.json b/src/aws/cis-1.2.0/package.json index 7e735008..f33e6a83 100644 --- a/src/aws/cis-1.2.0/package.json +++ b/src/aws/cis-1.2.0/package.json @@ -1,7 +1,7 @@ { "name": "@cloudgraph/policy-pack-aws-cis-1.2.0", "description": "Policy pack implementing CIS Amazon Web Services Foundations 1.2.0 Benchmark", - "version": "0.11.0-alpha.1", + "version": "0.11.0", "author": "AutoCloud", "license": "MPL-2.0", "main": "dist/index.js", @@ -57,7 +57,7 @@ "build": "yarn prepack", "clean": "rm -rf dist", "lint": "eslint", - "prepack": "yarn clean && tsc -b", + "prepack": "rm -rf dist && tsc -b", "publish": "yarn npm publish", "test": "NODE_ENV=test jest" } diff --git a/src/aws/cis-1.4.0/.npmignore b/src/aws/cis-1.4.0/.npmignore new file mode 100644 index 00000000..f3dc48f6 --- /dev/null +++ b/src/aws/cis-1.4.0/.npmignore @@ -0,0 +1,8 @@ +rules/ +tests/ +*.bak +.* +jest.config.js +tsconfig.json +**/*.ts +!dist/index.d.ts diff --git a/src/aws/cis-1.4.0/.releaserc.yml b/src/aws/cis-1.4.0/.releaserc.yml new file mode 100644 index 00000000..70788a7a --- /dev/null +++ b/src/aws/cis-1.4.0/.releaserc.yml @@ -0,0 +1,35 @@ +--- +branches: + - name: main + - name: beta + prerelease: true + - name: alpha + prerelease: true +plugins: + - "@semantic-release/commit-analyzer" + - "@semantic-release/release-notes-generator" + - - "@semantic-release/changelog" + - changelogFile: CHANGELOG.md + - - "@semantic-release/git" + - assets: + - CHANGELOG.md + - package.json + - - "@semantic-release/npm" + - npmPublish: false + - "@semantic-release/gitlab" +verifyConditions: + - "@semantic-release/changelog" + - "@semantic-release/gitlab" +prepare: + - "@semantic-release/changelog" + - "@semantic-release/npm" + - - "@semantic-release/git" + - message: "chore(publish): ${nextRelease.version} \n\n${nextRelease.notes}" +publish: + - "@semantic-release/gitlab" +release: + noCi: true +success: false +fail: false +repositoryUrl: https://gitlab.com/auto-cloud/cloudgraph/policy-packs.git +tagFormat: "${version}" diff --git a/src/aws/cis-1.4.0/README.md b/src/aws/cis-1.4.0/README.md new file mode 100644 index 00000000..82c37ceb --- /dev/null +++ b/src/aws/cis-1.4.0/README.md @@ -0,0 +1,68 @@ +# CIS Amazon Web Services Foundations 1.4.0 + +Policy Pack based on the [AWS Foundations 1.4.0](https://docs.aws.amazon.com/audit-manager/latest/userguide/CIS-1-4.html) benchmark provided by the [Center for Internet Security (CIS)](https://www.cisecurity.org/benchmark/amazon_web_services/) + +## First Steps + +1. Install [Cloud Graph CLI](https://docs.cloudgraph.dev/quick-start). +2. Set up the [AWS Provider](https://www.npmjs.com/package/@cloudgraph/cg-provider-aws) for CG with the `cg init aws` command. +3. Add Policy Pack for CIS Amazon Web Services Foundations benchmark using `cg policy add aws-cis-1.4.0` command. +4. Execute the ruleset using the scan command `cg scan aws`. +5. Query the findings using the different options: + + 5a. Querying findings by provider: + + ```graphql + query { + queryawsFindings { + CISFindings { + id + resourceId + result + } + } + } + ``` + + 5b. Querying findings by specific benchmark: + + ```graphql + query { + queryawsCISFindings { + id + resourceId + result + } + } + ``` + + 5c. Querying findings by resource: + + ```graphql + query { + queryawsIamUser { + id + arn + accountId + CISFindings { + id + resourceId + result + } + } + } + ``` + +| Rule | Description | +| ------------ | --------------------------------------------------------------------------------------------------------------------------- | +| AWS CIS 3.1 | Ensure CloudTrail is enabled in all regions | +| AWS CIS 3.2 | Ensure CloudTrail log file validation is enabled | +| AWS CIS 3.3 | Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible | +| AWS CIS 3.4 | Ensure CloudTrail trails are integrated with CloudWatch Logs | +| AWS CIS 3.5 | Ensure AWS Config is enabled in all regions | +| AWS CIS 3.6 | Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket | +| AWS CIS 3.7 | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | +| AWS CIS 3.8 | Ensure rotation for customer created CMKs is enabled | +| AWS CIS 3.9 | Ensure VPC flow logging is enabled in all VPCs | +| AWS CIS 3.10 | Ensure that Object-level logging for write events is enabled for S3 bucket | +| AWS CIS 3.11 | Ensure that Object-level logging for read events is enabled for S3 bucket | diff --git a/src/aws/cis-1.4.0/index.ts b/src/aws/cis-1.4.0/index.ts new file mode 100644 index 00000000..b16d307f --- /dev/null +++ b/src/aws/cis-1.4.0/index.ts @@ -0,0 +1,8 @@ +import PolicyPacksRules from './rules' + +export default { + provider: 'aws', + entity: 'CIS', + rules: PolicyPacksRules, + extraFields: ['arn', 'accountId'], +} diff --git a/src/aws/cis-1.4.0/jest.config.js b/src/aws/cis-1.4.0/jest.config.js new file mode 100644 index 00000000..42987aab --- /dev/null +++ b/src/aws/cis-1.4.0/jest.config.js @@ -0,0 +1,7 @@ +/** @type {import('@ts-jest/dist/types').InitialOptionsTsJest} */ +module.exports = { + preset: 'ts-jest', + testEnvironment: 'node', + testMatch: ['/tests/**/*.test.ts'], + testPathIgnorePatterns: ['/lib/', '/node_modules/'], +} diff --git a/src/aws/cis-1.4.0/package.json b/src/aws/cis-1.4.0/package.json new file mode 100644 index 00000000..840fd879 --- /dev/null +++ b/src/aws/cis-1.4.0/package.json @@ -0,0 +1,64 @@ +{ + "name": "@cloudgraph/policy-pack-aws-cis-1.4.0", + "description": "Policy pack implementing CIS Amazon Web Services Foundations 1.4.0 Benchmark", + "version": "0.0.1", + "author": "AutoCloud", + "license": "MPL-2.0", + "main": "dist/index.js", + "types": "dist/index.d.ts", + "repository": { + "type": "git", + "url": "https://github.com/cloudgraphdev/cloudgraph-policy-packs.git", + "directory": "src/aws/cis-1.4.0" + }, + "bugs": { + "url": "https://github.com/cloudgraphdev/cloudgraph-policy-packs/issues" + }, + "publishConfig": { + "access": "public" + }, + "directories": { + "test": "tests" + }, + "devDependencies": { + "@autocloud/eslint-config": "^0.1.0", + "@cloudgraph/sdk": "^0.18.1", + "@types/jest": "^27.0.3", + "@types/node": "^15.12.4", + "@types/pino": "^6.3.11", + "@typescript-eslint/eslint-plugin": "^4.28.5", + "@typescript-eslint/parser": "^4.28.5", + "cpx": "^1.5.0", + "cuid": "^2.1.8", + "eslint": "^7.25.0", + "eslint-config-airbnb-base": "14.2.1", + "eslint-config-prettier": "^6.11.0", + "eslint-plugin-import": "^2.22.1", + "eslint-plugin-prettier": "^3.4.0", + "jest": "^27.0.6", + "prettier": "^2.4.1", + "shx": "^0.3.3", + "ts-jest": "^27.0.4", + "tslib": "^1", + "typescript": "^4.3.5" + }, + "engines": { + "node": ">=14.0.0" + }, + "homepage": "https://www.cloudgraph.dev/", + "keywords": [ + "cloudgraph" + ], + "prettier": { + "semi": false, + "singleQuote": true + }, + "scripts": { + "build": "yarn prepublish", + "lint": "eslint", + "prepack": "rm -rf dist && tsc -b", + "prepublish": "rm -rf dist && tsc", + "publish": "yarn npm publish", + "test": "NODE_ENV=test jest" + } +} diff --git a/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.1.ts b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.1.ts new file mode 100644 index 00000000..60caf81a --- /dev/null +++ b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.1.ts @@ -0,0 +1,118 @@ +// AWS CIS 1.2.0 Rule equivalent 2.1 +export default { + id: 'aws-cis-1.4.0-3.1', + title: 'AWS CIS 3.1 Ensure CloudTrail is enabled in all regions', + description: `AWS CloudTrail is a web service that records AWS API calls for your account and delivers + log files to you. The recorded information includes the identity of the API caller, the time of + the API call, the source IP address of the API caller, the request parameters, and the + response elements returned by the AWS service. CloudTrail provides a history of AWS API + calls for an account, including API calls made via the Management Console, SDKs, command + line tools, and higher-level AWS services (such as CloudFormation).`, + audit: `Perform the following to determine if CloudTrail is enabled for all regions: + Via the management Console + + 1. Sign in to the AWS Management Console and open the CloudTrail console at https://console.aws.amazon.com/cloudtrail + 2. Click on *Trails* on the left navigation pane + + - You will be presented with a list of trails across all regions + + 3. Ensure at least one Trail has *All* specified in the *Region* column + 4. Click on a trail via the link in the *Name* column + 5. Ensure *Logging* is set to *ON* + 6. Ensure *Apply trail to all regions* is set to *Yes* + 7. In section *Management Events* ensure *Read/Write Events* set to *ALL* + + Via CLI + + aws cloudtrail describe-trails + + Ensure *IsMultiRegionTrail* is set to *true* + + aws cloudtrail get-trail-status --name + + Ensure *IsLogging* is set to *true* + + aws cloudtrail get-event-selectors --trail-name + + Ensure there is at least one Event Selector for a Trail with *IncludeManagementEvents* set to *true* and *ReadWriteType* set to *All*`, + rationale: `The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing. Additionally, + + - ensuring that a multi-regions trail exists will ensure that unexpected activity occurring in otherwise unused regions is detected + - ensuring that a multi-regions trail exists will ensure that Global Service Logging is enabled for a trail by default to capture recording of events generated on AWS global services + - for a multi-regions trail, ensuring that management events configured for all type of Read/Writes ensures recording of management operations that are performed on all resources in an AWS account`, + remediation: `Perform the following to enable global (Multi-region) CloudTrail logging: + Via the management Console + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/cloudtrail + 2. Click on *Trails* on the left navigation pane + 3. Click *Get Started Now*, if presented + + + - Click *Add new trail* + - Enter a trail name in the *Trail* name box + - Set the *Apply trail to all regions* option to Yes + - Specify an S3 bucket name in the *S3 bucket* box + - Click *Create* + + 4. If 1 or more trails already exist, select the target trail to enable for global logging + 5. Click the edit icon (pencil) next to *Apply trail to all regions* , Click *Yes* and Click *Save*. + 6. Click the edit icon (pencil) next to *Management Events* click All for setting Read/Write Events and Click *Save*. + + Via CLI + + aws cloudtrail create-trail --name --bucket-name --is-multi-region-trail + aws cloudtrail update-trail --name --is-multi-region-trail + + Note: Creating CloudTrail via CLI without providing any overriding options configures *Management Events* to set *All* type of *Read/Writes* by default.`, + references: [ + 'CCE-78913-1', + 'https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-management-events', + 'https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html?icmpid=docs_cloudtrail_console#logging-management-events', + 'https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-services.html#cloud-trail-supported-services-data-events', + ], + gql: `{ + queryawsAccount { + id + __typename + cloudtrail { + isMultiRegionTrail + status { + isLogging + } + eventSelectors { + readWriteType + includeManagementEvents + } + } + } + }`, + resource: 'queryawsAccount[*]', + severity: 'medium', + conditions: { + path: '@.cloudtrail', + array_any: { + and: [ + { + path: '[*].isMultiRegionTrail', + equal: 'Yes', + }, + { + path: '[*].status.isLogging', + equal: true, + }, + { + path: '[*].eventSelectors', + array_any: { + and: [ + { path: '[*].readWriteType', equal: 'All' }, + { + path: '[*].includeManagementEvents', + equal: true, + }, + ], + }, + }, + ], + }, + }, +} diff --git a/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.10.ts b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.10.ts new file mode 100644 index 00000000..d261d744 --- /dev/null +++ b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.10.ts @@ -0,0 +1,93 @@ +// NIST 800-53 rev4 Rule equivalent 6.13 +export default { + id: 'aws-cis-1.4.0-3.10', + title: 'AWS CIS 3.10 Ensure that Object-level logging for write events is enabled for S3 bucket', + + description: 'S3 object-level API operations such as GetObject, DeleteObject, and PutObject are called data events. By default, CloudTrail trails don\'t log data events and so it is recommended to enable Object-level logging for S3 buckets.', + + audit: `**From Console:** + + 1. Login to the AWS Management Console and navigate to S3 dashboard at https://console.aws.amazon.com/s3/ + 2. In the left navigation panel, click *buckets* and then click on the S3 Bucket Name that you want to examine. + 3. Click *Properties* tab to see in detail bucket configuration. + 4. If the current status for *Object-level* logging is set to Disabled, then object-level logging of write events for the selected s3 bucket is not set. + 5. Repeat steps 2 to 4 to verify object level logging status of other S3 buckets. + + **From Command Line:** + + 1. Run *list-trails* command to list the names of all Amazon CloudTrail trails currently available in the selected AWS region: + + aws cloudtrail list-trails --region --query Trails[*].Name + + 2. The command output will be a list of the requested trail names. + 3. Run *get-event-selectors* command using the name of the trail returned at the previous step and custom query filters to determine if Data events logging feature is enabled within the selected CloudTrail trail configuration for s3bucket resources: + + aws cloudtrail get-event-selectors --region --trail-name --query EventSelectors[*].DataResources[] + + 4. The command output should be an array that contains the configuration of the AWS resource(S3 bucket) defined for the Data events selector. + 5. If the *get-event-selectors* command returns an empty array '[]', the Data events are not included into the selected AWS Cloudtrail trail logging configuration, therefore the S3 object-level API operations performed within your AWS account are not recorded. + 6. Repeat steps 1 to 5 for auditing each s3 bucket to identify other trails that are missing the capability to log Data events. + 7. Change the AWS region by updating the *--region* command parameter and perform the audit process for other regions.`, + + rationale: 'Enabling object-level logging will help you meet data compliance requirements within your organization, perform comprehensive security analysis, monitor specific patterns of user behavior in your AWS account or take immediate actions on any object-level API activity within your S3 Buckets using Amazon CloudWatch Events.', + + remediation: `**From Console:** + + 1. Login to the AWS Management Console and navigate to S3 dashboard at https://console.aws.amazon.com/s3/ + 2. In the left navigation panel, click *buckets* and then click on the S3 Bucket Name that you want to examine. + 3. Click *Properties* tab to see in detail bucket configuration. + 4. Click on the *Object-level* logging setting, enter the CloudTrail name for the recording activity. You can choose an existing Cloudtrail or create a new one by navigating to the Cloudtrail console link https://console.aws.amazon.com/cloudtrail/ + 5. Once the Cloudtrail is selected, check the *Write* event checkbox, so that *object-level* logging for Write events is enabled. + 6. Repeat steps 2 to 5 to enable object-level logging of write events for other S3 buckets. + + **From Command Line:** + + 1. To enable *object-level* data events logging for S3 buckets within your AWS account, run *put-event-selectors* command using the name of the trail that you want to reconfigure as identifier: + + aws cloudtrail put-event-selectors --region --trail-name --event-selectors '[{ "ReadWriteType": "WriteOnly", "IncludeManagementEvents":true, "DataResources": [{ "Type": "AWS::S3::Object", "Values": ["arn:aws:s3:::/"] }] }]' + + 2. The command output will be *object-level* event trail configuration. + 3. If you want to enable it for all buckets at once then change Values parameter to *["arn:aws:s3"]* in command given above. + 4. Repeat step 1 for each s3 bucket to update *object-level* logging of write events. + 5. Change the AWS region by updating the *--region* command parameter and perform the process for other regions.`, + + references: ['https://docs.aws.amazon.com/AmazonS3/latest/user-guide/enable-cloudtrail-events.html'], + gql: `{ + queryawsAccount { + id + __typename + cloudtrail { + eventSelectors { + readWriteType + dataResources { + type + } + } + } + } + }`, + resource: 'queryawsAccount[*]', + severity: 'high', + conditions: { + path: '@.cloudtrail', + array_any: { + path: '[*].eventSelectors', + array_any: { + and: [ + { + path: '[*].includeManagementEvents', + equal: true, + }, + { + path: '[*].readWriteType', + in: ['WriteOnly', 'All'], + }, + { + path: '[*].dataResources', + isEmpty: false, + }, + ], + }, + } + }, +} diff --git a/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.11.ts b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.11.ts new file mode 100644 index 00000000..1ad89e93 --- /dev/null +++ b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.11.ts @@ -0,0 +1,94 @@ +// NIST 800-53 rev4 Rule equivalent 6.12 +export default { + id: 'aws-cis-1.4.0-3.11', + title: 'AWS CIS 3.11 Ensure that Object-level logging for read events is enabled for S3 bucket', + + description: 'S3 object-level API operations such as GetObject, DeleteObject, and PutObject are called data events. By default, CloudTrail trails don\'t log data events and so it is recommended to enable Object-level logging for S3 buckets.', + + audit: `**From Console:** + + 1. Login to the AWS Management Console and navigate to S3 dashboard at https://console.aws.amazon.com/s3/ + 2. In the left navigation panel, click buckets and then click on the S3 Bucket Name that you want to examine. + 3. Click *Properties* tab to see in detail bucket configuration. + 4. If the current status for *Object-level* logging is set to *Disabled*, then object-level logging of read events for the selected s3 bucket is not set. + 5. If the current status for *Object-level* logging is set to *Enabled*, but the Read event check-box is unchecked, then object-level logging of read events for the selected s3 bucket is not set. + 6. Repeat steps 2 to 5 to verify *object-level* logging for *read* events of your other S3 buckets. + + **From Command Line:** + + 1. Run *describe-trails* command to list the names of all Amazon CloudTrail trails currently available in the selected AWS region: + + aws cloudtrail describe-trails --region --output table --query trailList[*].Name + + 2. The command output will be table of the requested trail names. + 3. Run *get-event-selectors* command using the name of the trail returned at the previous step and custom query filters to determine if Data events logging feature is enabled within the selected CloudTrail trail configuration for s3 bucket resources: + + aws cloudtrail get-event-selectors --region --trail-name --query EventSelectors[*].DataResources[] + + 4. The command output should be an array that contains the configuration of the AWS resource(S3 bucket) defined for the Data events selector. + 5. If the *get-event-selectors* command returns an empty array, the Data events are not included into the selected AWS Cloudtrail trail logging configuration, therefore the S3 object-level API operations performed within your AWS account are not recorded. + 6. Repeat steps 1 to 5 for auditing each s3 bucket to identify other trails that are missing the capability to log Data events. + 7. Change the AWS region by updating the *--region* command parameter and perform the audit process for other regions.`, + + rationale: 'Enabling object-level logging will help you meet data compliance requirements within your organization, perform comprehensive security analysis, monitor specific patterns of user behavior in your AWS account or take immediate actions on any object-level API activity using Amazon CloudWatch Events.', + + remediation: `**From Console:** + + 1. Login to the AWS Management Console and navigate to S3 dashboard at https://console.aws.amazon.com/s3/ + 2. In the left navigation panel, click buckets and then click on the S3 Bucket Name that you want to examine. + 3. Click *Properties* tab to see in detail bucket configuration. + 4. Click on the *Object-level* logging setting, enter the CloudTrail name for the recording activity. You can choose an existing Cloudtrail or create a new one by navigating to the Cloudtrail console link https://console.aws.amazon.com/cloudtrail/ + 5. Once the Cloudtrail is selected, check the Read event checkbox, so that *object-level* logging for *Read* events is enabled. + 6. Repeat steps 2 to 5 to enable *object-level* logging of read events for other S3 buckets. + + **From Command Line:** + + 1. To enable object-level data events logging for S3 buckets within your AWS account, run put-event-selectors command using the name of the trail that you want to reconfigure as identifier: + + aws cloudtrail put-event-selectors --region --trail-name --event-selectors '[{ "ReadWriteType": "ReadOnly", "IncludeManagementEvents":true, "DataResources": [{ "Type": "AWS::S3::Object", "Values": ["arn:aws:s3:::/"] }] }]' + + 2. The command output will be *object-level* event trail configuration. + 3. If you want to enable it for all buckets at ones then change Values parameter to *["arn:aws:s3"]* in command given above. + 4. Repeat step 1 for each s3 bucket to update *object-level* logging of read events. + 5. Change the AWS region by updating the *--region* command parameter and perform the process for other regions.`, + + references: ['https://docs.aws.amazon.com/AmazonS3/latest/user-guide/enable-cloudtrail-events.html'], + gql: `{ + queryawsAccount { + id + __typename + cloudtrail { + eventSelectors { + readWriteType + dataResources { + type + } + } + } + } + }`, + resource: 'queryawsAccount[*]', + severity: 'high', + conditions: { + path: '@.cloudtrail', + array_any: { + path: '[*].eventSelectors', + array_any: { + and: [ + { + path: '[*].includeManagementEvents', + equal: true, + }, + { + path: '[*].readWriteType', + in: ['ReadOnly', 'All'], + }, + { + path: '[*].dataResources', + isEmpty: false, + }, + ], + }, + } + }, +} diff --git a/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.2.ts b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.2.ts new file mode 100644 index 00000000..ab97309d --- /dev/null +++ b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.2.ts @@ -0,0 +1,65 @@ +// AWS CIS 1.2.0 Rule equivalent 2.2 +export default { + id: 'aws-cis-1.4.0-3.2', + title: 'AWS CIS 3.2 Ensure CloudTrail log file validation is enabled', + description: `CloudTrail log file validation creates a digitally signed digest file containing a hash of each + log that CloudTrail writes to S3. These digest files can be used to determine whether a log + file was changed, deleted, or unchanged after CloudTrail delivered the log. It is + recommended that file validation be enabled on all CloudTrails.`, + audit: `Perform the following on each trail to determine if log file validation is enabled: + Via the management Console + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/cloudtrail + 2. Click on *Trails* on the left navigation pane + 3. For Every Trail: + + + - Click on a trail via the link in the Name column + - Under the *S3* section, ensure *Enable log file validation* is set to *Yes* + + Via CLI + + aws cloudtrail describe-trails + + Ensure *LogFileValidationEnabled* is set to *true* for each trail`, + rationale: 'Enabling log file validation will provide additional integrity checking of CloudTrail logs.', + remediation: `Perform the following to enable log file validation on a given trail: + Via the management Console + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/cloudtrail + 2. Click on *Trails* on the left navigation pane + 3. Click on target trail + 4. Within the *S3* section click on the edit icon (pencil) + 5. Click *Advanced* + 6. Click on the *Yes* radio button in section *Enable log file validation* + 7. Click *Save* + + Via CLI + + aws cloudtrail update-trail --name --enable-log-file-validation + + Note that periodic validation of logs using these digests can be performed by running the following command: + + aws cloudtrail validate-logs --trail-arn --start-time --end-time +`, + references: [ + 'http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-enabling.html', + 'CCE- 78914 - 9', + 'CIS CSC v6.0 #6.3', + ], + gql: `{ + queryawsCloudtrail { + id + arn + accountId + __typename + logFileValidationEnabled + } + }`, + resource: 'queryawsCloudtrail[*]', + severity: 'medium', + conditions: { + path: '@.logFileValidationEnabled', + equal: 'Yes', + }, +} diff --git a/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.3.ts b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.3.ts new file mode 100644 index 00000000..22e088c6 --- /dev/null +++ b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.3.ts @@ -0,0 +1,110 @@ +// AWS CIS 1.2.0 Rule equivalent 2.3 +export default { + id: 'aws-cis-1.4.0-3.3', + title: 'AWS CIS 3.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible', + description: + 'CloudTrail logs a record of every API call made in your AWS account. These logs file are stored in an S3 bucket. It is recommended that the bucket policy, or access control list (ACL), applied to the S3 bucket that CloudTrail logs to prevents public access to the CloudTrail logs.', + audit: `Perform the following to determine if any public access is granted to an S3 bucket via an ACL or S3 bucket policy: Via the Management Console + + 1. Go to the Amazon CloudTrail console at https://console.aws.amazon.com/cloudtrail/home + 2. In the API activity history pane on the left, click Trails + 3. In the Trails pane, note the bucket names in the S3 bucket column + 4. Go to Amazon S3 console at https://console.aws.amazon.com/s3/home + 5. For each bucket noted in step 3, right-click on the bucket and click Properties + 6. In the Properties pane, click the Permissions tab. + 7. The tab shows a list of grants, one row per grant, in the bucket ACL. Each row identifies the grantee and the permissions granted. + 8. Ensure no rows exists that have the Grantee set to Everyone or the Grantee set to Any Authenticated User. + 9. If the Edit bucket policy button is present, click it to review the bucket policy. + 10. Ensure the policy does not contain a Statement having an Effect set to Allow and a Principal set to "*" or {"AWS" : "*"} + + Via CLI: + + 1. Get the name of the S3 bucket that CloudTrail is logging to: + + aws cloudtrail describe-trails --query 'trailList[*].S3BucketName' + + 2. Ensure the AllUsers principal is not granted privileges to that : + + aws s3api get-bucket-acl --bucket --query 'Grants[?Grantee.URI== http://acs.amazonaws.com/groups/global/AllUsers ]' + + 3. Ensure the AuthenticatedUsers principal is not granted privileges to that : + + aws s3api get-bucket-acl --bucket --query 'Grants[?Grantee.URI== http://acs.amazonaws.com/groups/global/Authenticated Users ]' + + 4. Get the S3 Bucket Policy + + aws s3api get-bucket-policy --bucket + + 5. Ensure the policy does not contain a Statement having an Effect set to Allow and a Principal set to "*" or {"AWS" : "*"} + + **Note:** Principal set to "*" or {"AWS" : "*"} allows anonymous access.`, + rationale: + 'Allowing public access to CloudTrail log content may aid an adversary in identifying weaknesses in the affected account`s use or configuration.', + remediation: `Perform the following to remove any public access that has been granted to the bucket via an ACL or S3 bucket policy: + + 1. Go to Amazon S3 console at https://console.aws.amazon.com/s3/home + 2. Right-click on the bucket and click Properties + 3. In the Properties pane, click the Permissions tab. + 4. The tab shows a list of grants, one row per grant, in the bucket ACL. Each row identifies the grantee and the permissions granted. + 5. Select the row that grants permission to Everyone or Any Authenticated User + 6. Uncheck all the permissions granted to Everyone or Any Authenticated User (click x to delete the row). + 7. Click Save to save the ACL. + 8. If the Edit bucket policy button is present, click it. + 9. Remove any Statement having an Effect set to Allow and a Principal set to "*" or {"AWS" : "*"}.`, + references: [ + 'CCE-78915-6', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html', + ], + gql: `{ + queryawsCloudtrail { + id + arn + accountId + __typename + s3 { + policy { + statement { + effect + principal { + key + value + } + } + } + } + } + }`, + resource: 'queryawsCloudtrail[*]', + severity: 'medium', + conditions: { + not: { + path: '@.s3', + array_any: { + path: '[*].policy.statement', + array_any: { + and: [ + { + path: '[*].effect', + equal: 'Allow', + }, + { + path: '[*].principal', + array_any: { + and: [ + { + path: '[*].key', + in: ['', 'AWS'], + }, + { + path: '[*].value', + contains: '*', + }, + ], + }, + }, + ], + }, + }, + }, + }, +} diff --git a/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.4.ts b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.4.ts new file mode 100644 index 00000000..63172c03 --- /dev/null +++ b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.4.ts @@ -0,0 +1,93 @@ +// AWS CIS 1.2.0 Rule equivalent 2.4 +export default { + id: 'aws-cis-1.4.0-3.4', + title: + 'AWS CIS 3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs', + description: `AWS CloudTrail is a web service that records AWS API calls made in a given AWS account. + The recorded information includes the identity of the API caller, the time of the API call, the + source IP address of the API caller, the request parameters, and the response elements + returned by the AWS service. CloudTrail uses Amazon S3 for log file storage and delivery, + so log files are stored durably. In addition to capturing CloudTrail logs within a specified S3 + bucket for long term analysis, realtime analysis can be performed by configuring CloudTrail + to send logs to CloudWatch Logs. For a trail that is enabled in all regions in an account, + CloudTrail sends log files from all those regions to a CloudWatch Logs log group. It is + recommended that CloudTrail logs be sent to CloudWatch Logs. + + Note: The intent of this recommendation is to ensure AWS account activity is being + captured, monitored, and appropriately alarmed on. CloudWatch Logs is a native way to + accomplish this using AWS services but does not preclude the use of an alternate solution.`, + audit: `Perform the following to ensure CloudTrail is configured as prescribed: + Via the AWS management Console + + 1. Sign in to the AWS Management Console and open the CloudTrail console at https://console.aws.amazon.com/cloudtrail/ + 2. Under *All Buckets* , click on the target bucket you wish to evaluate + 3. Click *Properties* on the top right of the console + 4. Click *Trails* in the left menu + 5. Ensure a *CloudWatch Logs* log group is configured and has a recent (~one day old) *Last log file delivered* timestamp. + + Via CLI + 1. Run the following command to get a listing of existing trails: + + aws cloudtrail describe-trails + + 2. Ensure *CloudWatchLogsLogGroupArn* is not empty and note the value of the Name property. + 3. Using the noted value of the *Name* property, run the following command: + + aws cloudtrail get-trail-status --name + + 4. Ensure the *LatestcloudwatchLogdDeliveryTime* property is set to a recent (~one day old) timestamp.`, + rationale: 'Sending CloudTrail logs to CloudWatch Logs will facilitate real-time and historic activity logging based on user, API, resource, and IP address, and provides the opportunity to establish alarms and notifications for anomalous or sensitivity account activity.', + remediation: `Perform the following to establish the prescribed state: + Via the AWS management Console + + 1. Sign in to the AWS Management Console and open the CloudTrail console at https://console.aws.amazon.com/cloudtrail/ + 2. Under All Buckets, click on the target bucket you wish to evaluate + 3. Click Properties on the top right of the console + 4. Click *Trails* in the left menu + 5. Click on each trail where no *CloudWatch Logs* are defined + 6. Go to the *CloudWatch Logs* section and click on *Configure* + 7. Define a new or select an existing log group + 8. Click on *Continue* + 9. Configure IAM Role which will deliver CloudTrail events to CloudWatch Logs + o Create/Select an *IAM Role* and *Policy Name* + o Click *Allow* to continue + + Via CLI + + aws cloudtrail update-trail --name --cloudwatch-logs-log-group- + arn --cloudwatch-logs-role-arn `, + references: [ + 'https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html', + 'https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html', + 'https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html', + ], + gql: `{ + queryawsCloudtrail { + id + arn + accountId + __typename + cloudWatchLogsLogGroupArn + status { + latestCloudWatchLogsDeliveryTime + } + } + }`, + resource: 'queryawsCloudtrail[*]', + severity: 'medium', + conditions: { + and: [ + { + path: '@.cloudWatchLogsLogGroupArn', + notEqual: null, + }, + { + value: { + daysAgo: {}, + path: '@.status.latestCloudWatchLogsDeliveryTime', + }, + lessThanInclusive: 1, + }, + ], + }, +} diff --git a/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.5.ts b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.5.ts new file mode 100644 index 00000000..b07c120c --- /dev/null +++ b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.5.ts @@ -0,0 +1,121 @@ +// AWS CIS 1.2.0 Rule equivalent 2.5 +export default { + id: 'aws-cis-1.4.0-3.5', + title: 'AWS CIS 3.5 Ensure AWS Config is enabled in all regions', + description: + 'AWS Config is a web service that performs configuration management of supported AWS resources within your account and delivers log files to you. The recorded information includes the configuration item (AWS resource), relationships between configuration items (AWS resources), any configuration changes between resources. It is recommended to enable AWS Config be enabled in all regions.', + + audit: `Process to evaluate AWS Config configuration per region + **Via AWS Management Console:** + + 1. Sign in to the AWS Management Console and open the AWS Config console at https://console.aws.amazon.com/config/. + 2. On the top right of the console select target Region. + 3. If presented with Setup AWS Config - follow remediation procedure: + 4. On the Resource inventory page, Click on edit (the gear icon). The Set Up AWS Config page appears. + 5. Ensure 1 or both check-boxes under "All Resources" is checked. + - Include global resources related to IAM resources - which needs to be enabled in 1 region only + 6. Ensure the correct S3 bucket has been defined. + 7. Ensure the correct SNS topic has been defined. + 8. Repeat steps 2 to 7 for each region. + + **Via AWS Command Line Interface:** + + 1. Run this command to show all AWS Config recorders and their properties: + + aws configservice describe-configuration-recorders + + 2. Evaluate the output to ensure that there's at least one recorder for which recordingGroup object includes "allSupported": true AND "includeGlobalResourceTypes": true + + Note: There is one more parameter "ResourceTypes" in recordingGroup object. We don't need to check the same as whenever we set "allSupported": true, AWS enforces resource types to be empty ("ResourceTypes":[]) Sample Output: + + { + "ConfigurationRecorders": [ + { + "recordingGroup": { + "allSupported": true, + "resourceTypes": [], + "includeGlobalResourceTypes": true + }, + "roleARN": "arn:aws:iam:::role/service-role/", + "name": "default" + } + ] + } + + 3. Run this command to show the status for all AWS Config recorders: + + aws configservice describe-configuration-recorder-status + + 4. In the output, find recorders with name key matching the recorders that met criteria in step 2. Ensure that at least one of them includes "recording": true and "lastStatus": "SUCCESS"`, + + rationale: + 'The AWS configuration item history captured by AWS Config enables security analysis, resource change tracking, and compliance auditing.', + + remediation: `To implement AWS Config configuration: + **Via AWS Management Console:** + + 1. Select the region you want to focus on in the top right of the console + 2. Click Services + 3. Click Config + 4. Define which resources you want to record in the selected region + 5. Choose to include global resources (IAM resources) + 6. Specify an S3 bucket in the same account or in another managed AWS account + 7. Create an SNS Topic from the same AWS account or another managed AWS account + + **Via AWS Command Line Interface:** + + 1. Ensure there is an appropriate S3 bucket, SNS topic, and IAM role per the [AWS Config Service prerequisites](https://docs.aws.amazon.com/config/latest/developerguide/gs-cli-prereq.html). + 2. Run this command to set up the configuration recorder + + aws configservice subscribe --s3-bucket my-config-bucket --sns-topic arn:aws:sns:us-east-1:012345678912:my-config-notice --iam-role arn:aws:iam::012345678912:role/myConfigRole + + 3. Run this command to start the configuration recorder: + + start-configuration-recorder --configuration-recorder-name `, + + references: [ + 'CCE-78917-2', + 'http://docs.aws.amazon.com/cli/latest/reference/configservice/describe-configuration-recorder-status.html', + ], + gql: `{ + queryawsAccount { + id + __typename + configurationRecorders { + recordingGroup { + allSupported + includeGlobalResourceTypes + } + status { + recording + lastStatus + } + } + } + }`, + resource: 'queryawsAccount[*]', + severity: 'medium', + conditions: { + path: '@.configurationRecorders', + array_any: { + and: [ + { + path: '[*].recordingGroup.allSupported', + equal: true, + }, + { + path: '[*].recordingGroup.includeGlobalResourceTypes', + equal: true, + }, + { + path: '[*].status.recording', + equal: true, + }, + { + path: '[*].status.lastStatus', + equal: 'SUCCESS', + }, + ], + }, + }, +} diff --git a/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.6.ts b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.6.ts new file mode 100644 index 00000000..b9f8334a --- /dev/null +++ b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.6.ts @@ -0,0 +1,77 @@ +// AWS CIS 1.2.0 Rule equivalent 2.6 +export default { + id: 'aws-cis-1.4.0-3.6', + title: + 'AWS CIS 3.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket', + description: `S3 Bucket Access Logging generates a log that contains access records for each request + made to your S3 bucket. An access log record contains details about the request, such as the + request type, the resources specified in the request worked, and the time and date the + request was processed. It is recommended that bucket access logging be enabled on the + CloudTrail S3 bucket.`, + audit: `Perform the following ensure the CloudTrail S3 bucket has access logging is enabled: + Via the management Console + + 1. Go to the Amazon CloudTrail console at https://console.aws.amazon.com/cloudtrail/home + 2. In the API activity history pane on the left, click Trails + 3. In the Trails pane, note the bucket names in the S3 bucket column + 4. Sign in to the AWS Management Console and open the S3 console at https://console.aws.amazon.com/s3. + 5. Under *All Buckets* click on a target S3 bucket + 6. Click on *Properties* in the top right of the console + 7. Under *Bucket: * click on *Logging* + 8. Ensure *Enabled* is checked. + + Via CLI + + 1. Get the name of the S3 bucket that CloudTrail is logging to: + + aws cloudtrail describe-trails --query 'trailList[*].S3BucketName' + + 2. Ensure Bucket Logging is enabled: + + aws s3api get-bucket-logging --bucket + + Ensure command does not return empty output. + Sample Output for a bucket with logging enabled: + + + { + "LoggingEnabled": { + "TargetPrefix": "", + "TargetBucket": "" + } + }`, + rationale: 'By enabling S3 bucket logging on target S3 buckets, it is possible to capture all events which may affect objects within target buckets. Configuring logs to be placed in a separate bucket allows access to log information which can be useful in security and incident response workflows.', + remediation: `Perform the following to enable S3 bucket logging: + Via the Management Console + + 1. Sign in to the AWS Management Console and open the S3 console at https://console.aws.amazon.com/s3 + 2. Under *All Buckets* click on the target S3 bucket + 3. Click on *Properties* in the top right of the console + 4. Under *Bucket: * click on *Logging* + 5. Configure bucket logging + 1. Click on *Enabled* checkbox + 2. Select Target Bucket from list + 3. Enter a Target Prefix + 6. Click *Save*`, + references: ['CCE- 78918 - 0', 'https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html'], + gql: `{ + queryawsCloudtrail { + id + arn + accountId + __typename + s3 { + logging + } + } + }`, + resource: 'queryawsCloudtrail[*]', + severity: 'high', + conditions: { + path: '@.s3', + array_any: { + path: '[*].logging', + equal: 'Enabled', + }, + }, +} diff --git a/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.7.ts b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.7.ts new file mode 100644 index 00000000..6eb8b638 --- /dev/null +++ b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.7.ts @@ -0,0 +1,72 @@ +// AWS CIS 1.2.0 Rule equivalent 2.7 +export default { + id: 'aws-cis-1.4.0-3.7', + title: + 'AWS CIS 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs', + description: `AWS CloudTrail is a web service that records AWS API calls for an account and makes those + logs available to users and resources in accordance with IAM policies. AWS Key + Management Service (KMS) is a managed service that helps create and control the + encryption keys used to encrypt account data, and uses Hardware Security Modules + (HSMs) to protect the security of encryption keys. CloudTrail logs can be configured to + leverage server side encryption (SSE) and KMS customer created master keys (CMK) to + further protect CloudTrail logs. It is recommended that CloudTrail be configured to use + SSE-KMS.`, + audit: `Perform the following to determine if CloudTrail is configured to use SSE-KMS: + Via the Management Console + + 1. Sign in to the AWS Management Console and open the CloudTrail console at https://console.aws.amazon.com/cloudtrail + 2. In the left navigation pane, choose *Trails*. + 3. Select a Trail + 4. Under the *S3* section, ensure *Encrypt log files* is set to *Yes* and a KMS key ID is specified in the *KSM Key Id* field. + + Via CLI + + 1. Run the following command: + + aws cloudtrail describe-trails + + 2. For each trail listed, SSE-KMS is enabled if the trail has a *KmsKeyId* property defined.`, + rationale: 'Configuring CloudTrail to use SSE-KMS provides additional confidentiality controls on log data as a given user must have S3 read permission on the corresponding log bucket and must be granted decrypt permission by the CMK policy.', + remediation: `Perform the following to configure CloudTrail to use SSE-KMS: + Via the Management Console + + 1. Sign in to the AWS Management Console and open the CloudTrail console at https://console.aws.amazon.com/cloudtrail + 2. In the left navigation pane, choose *Trails*. + 3. Click on a Trail + 4. Under the *S3* section click on the edit button (pencil icon) + 5. Click *Advanced* + 6. Select an existing CMK from the *KMS key Id* drop-down menu + + - Note: Ensure the CMK is located in the same region as the S3 bucket + - Note: You will need to apply a KMS Key policy on the selected CMK in order for CloudTrail as a service to encrypt and decrypt log files using the CMK provided. Steps are provided [here](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-kms-key-policy-for-cloudtrail.html) for editing the selected CMK Key policy. + + 7. Click *Save* + 8. You will see a notification message stating that you need to have decrypt + permissions on the specified KMS key to decrypt log files. + 9. Click *Yes* + + Via CLI + + aws cloudtrail update-trail --name --kms-id + aws kms put-key-policy --key-id --policy `, + references: [ + 'https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html', + 'https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html', + 'CCE-78919-8', + ], + gql: `{ + queryawsCloudtrail { + id + arn + accountId + __typename + kmsKeyId + } + }`, + resource: 'queryawsCloudtrail[*]', + severity: 'medium', + conditions: { + path: '@.kmsKeyId', + notEqual: null, + }, +} diff --git a/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.8.ts b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.8.ts new file mode 100644 index 00000000..cd992b3d --- /dev/null +++ b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.8.ts @@ -0,0 +1,90 @@ +// this rule is also in PCI kms check 1 and AWS CIS 1.2.0 Rule 2.8 +export default { + id: 'aws-cis-1.4.0-3.8', + title: + 'AWS CIS 3.8 Ensure rotation for customer created CMKs is enabled', + description: `AWS Key Management Service (KMS) allows customers to rotate the backing key which is + key material stored within the KMS which is tied to the key ID of the Customer Created + customer master key (CMK). It is the backing key that is used to perform cryptographic + operations such as encryption and decryption. Automated key rotation currently retains all + prior backing keys so that decryption of encrypted data can take place transparently. It is + recommended that CMK key rotation be enabled.`, + audit: `Via the Management Console: + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam. + 2. In the left navigation pane, choose E*ncryption Keys*. + 3. Select a customer created master key (CMK) + 4. Under the *Key Policy* section, move down to *Key Rotation*. + 5. Ensure the *Rotate this key every year* checkbox is checked. + + Via CLI + + 1. Run the following command to get a list of all keys and their associated *KeyIds* + + aws kms list-keys + + 2. For each key, note the KeyId and run the following command + + aws kms get-key-rotation-status --key-id + + 3. Ensure *KeyRotationEnabled* is set to *true*`, + rationale: 'Rotating encryption keys helps reduce the potential impact of a compromised key as data encrypted with a new key cannot be accessed with a previous key that may have been exposed.', + remediation: `Via the Management Console: + + 1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam. + 2. In the left navigation pane, choose *Encryption Keys*. + 3. Select a customer created master key (CMK) + 4. Under the *Key Policy* section, move down to *Key Rotation*. + 5. Check the *Rotate this key every year* checkbox. + + Via CLI + + 1. Run the following command to enable key rotation: + + aws kms enable-key-rotation --key-id `, + references: [ + 'https://aws.amazon.com/kms/pricing/', + 'http://csrc.nist.gov/publications/nistpubs/800-57/sp800-](http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf', + 'CCE- 78920 - 6', + ], + gql: `{ + queryawsKms { + id + arn + accountId + __typename + keyManager + keyRotationEnabled + } + }`, + resource: 'queryawsKms[*]', + severity: 'medium', + conditions: { + or: [ + { + and: [ + { + path: '@.keyManager', + equal: 'AWS', + }, + { + path: '@.keyRotationEnabled', + equal: true, + }, + ], + }, + { + and: [ + { + path: '@.keyManager', + equal: 'CUSTOMER', + }, + { + path: '@.keyRotationEnabled', + equal: true, + }, + ], + }, + ], + }, +} diff --git a/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.9.ts b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.9.ts new file mode 100644 index 00000000..febbbac5 --- /dev/null +++ b/src/aws/cis-1.4.0/rules/aws-cis-1.4.0-3.9.ts @@ -0,0 +1,55 @@ +// AWS CIS 1.2.0 Rule equivalent 2.9 +export default { + id: 'aws-cis-1.4.0-3.9', + title: 'AWS CIS 3.9 Ensure VPC flow logging is enabled in all VPCs', + description: `VPC Flow Logs is a feature that enables you to capture information about the IP traffic + going to and from network interfaces in your VPC. After you've created a flow log, you can + view and retrieve its data in Amazon CloudWatch Logs. It is recommended that VPC Flow + Logs be enabled for packet "Rejects" for VPCs.`, + audit: `Perform the following to determine if VPC Flow logs is enabled: + Via the Management Console: + + 1. Sign into the management console + 2. Select *Services* then *VPC* + 3. In the left navigation pane, select *Your VPCs* + 4. Select a VPC + 5. In the right pane, select the *Flow Logs* tab. + 6. Ensure a Log Flow exists that has *Active* in the *Status* column.`, + rationale: 'VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.', + remediation: `Perform the following to determine if VPC Flow logs is enabled: + Via the Management Console: + + 1. Sign into the management console + 2. Select *Services* then *VPC* + 3. In the left navigation pane, select *Your VPCs* + 4. Select a VPC + 5. In the right pane, select the *Flow Logs* tab. + 6. If no Flow Log exists, click *Create Flow Log* + 7. For Filter, select *Reject* + 8. Enter in a *Role* and *Destination Log Group* + 9. Click *Create Log Flow* + 10. Click on *CloudWatch Logs Group* + + **Note:** Setting the filter to "Reject" will dramatically reduce the logging data accumulation for this recommendation and provide sufficient information for the purposes of breach detection, research, and remediation. However, during periods of least privilege security group engineering, setting this filter to "All" can be very helpful in discovering existing traffic flows required for the proper operation of an already running environment.`, + references: [ + 'CCE-79202-8', + 'https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html', + ], + gql: `{ + queryawsVpc { + id + arn + accountId + __typename + flowLog { + resourceId + } + } + }`, + resource: 'queryawsVpc[*]', + severity: 'high', + conditions: { + path: '@.flowLog', + isEmpty: false, + }, +} diff --git a/src/aws/cis-1.4.0/rules/index.ts b/src/aws/cis-1.4.0/rules/index.ts new file mode 100644 index 00000000..ad2cc88d --- /dev/null +++ b/src/aws/cis-1.4.0/rules/index.ts @@ -0,0 +1,27 @@ + +import Aws_CIS_140_31 from './aws-cis-1.4.0-3.1' +import Aws_CIS_140_32 from './aws-cis-1.4.0-3.2' +import Aws_CIS_140_33 from './aws-cis-1.4.0-3.3' +import Aws_CIS_140_34 from './aws-cis-1.4.0-3.4' +import Aws_CIS_140_35 from './aws-cis-1.4.0-3.5' +import Aws_CIS_140_36 from './aws-cis-1.4.0-3.6' +import Aws_CIS_140_37 from './aws-cis-1.4.0-3.7' +import Aws_CIS_140_38 from './aws-cis-1.4.0-3.8' +import Aws_CIS_140_39 from './aws-cis-1.4.0-3.9' +import Aws_CIS_140_310 from './aws-cis-1.4.0-3.10' +import Aws_CIS_140_311 from './aws-cis-1.4.0-3.11' + +export default [ + Aws_CIS_140_31, + Aws_CIS_140_32, + Aws_CIS_140_33, + Aws_CIS_140_34, + Aws_CIS_140_35, + Aws_CIS_140_36, + Aws_CIS_140_37, + Aws_CIS_140_38, + Aws_CIS_140_39, + Aws_CIS_140_310, + Aws_CIS_140_311, + +] diff --git a/src/aws/cis-1.4.0/tests/aws-cis-1.4.0-3.x.test.ts b/src/aws/cis-1.4.0/tests/aws-cis-1.4.0-3.x.test.ts new file mode 100644 index 00000000..2f2c6516 --- /dev/null +++ b/src/aws/cis-1.4.0/tests/aws-cis-1.4.0-3.x.test.ts @@ -0,0 +1,709 @@ +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' +import cuid from 'cuid' + +import Aws_CIS_140_31 from '../rules/aws-cis-1.4.0-3.1' +import Aws_CIS_140_32 from '../rules/aws-cis-1.4.0-3.2' +import Aws_CIS_140_33 from '../rules/aws-cis-1.4.0-3.3' +import Aws_CIS_140_34 from '../rules/aws-cis-1.4.0-3.4' +import Aws_CIS_140_35 from '../rules/aws-cis-1.4.0-3.5' +import Aws_CIS_140_36 from '../rules/aws-cis-1.4.0-3.6' +import Aws_CIS_140_37 from '../rules/aws-cis-1.4.0-3.7' +import Aws_CIS_140_38 from '../rules/aws-cis-1.4.0-3.8' +import Aws_CIS_140_39 from '../rules/aws-cis-1.4.0-3.9' +import Aws_CIS_140_310 from '../rules/aws-cis-1.4.0-3.10' +import Aws_CIS_140_311 from '../rules/aws-cis-1.4.0-3.11' + +export interface DataResource { + type: string +} + +export interface EventSelector { + readWriteType?: string + includeManagementEvents?: boolean + dataResources?: DataResource[] +} + +export interface Status { + isLogging?: boolean + latestCloudWatchLogsDeliveryTime?: string | null + recording?: boolean + lastStatus?: string +} + +export interface Cloudtrail { + isMultiRegionTrail?: string + status?: Status + eventSelectors?: EventSelector[] +} + +export interface Principal { + key?: string + value?: string[] +} + +export interface Statement { + effect?: string + principal?: Principal[] +} + +export interface Policy { + statement?: Statement[] +} + +export interface S3 { + policy?: Policy + logging?: string +} + +export interface RecordingGroup { + allSupported?: boolean + includeGlobalResourceTypes?: boolean +} + +export interface ConfigurationRecorder { + status?: Status + recordingGroup?: RecordingGroup +} + +export interface FlowLog { + resourceId?: string +} + +export interface QueryawsAccount { + id: string + cloudtrail?: Cloudtrail[] + configurationRecorders?: ConfigurationRecorder[] +} + +export interface QueryawsCloudtrail { + id: string + logFileValidationEnabled?: string + cloudWatchLogsLogGroupArn?: string | null + s3?: S3[] + status?: Status + kmsKeyId?: string | null +} + +export interface QueryawsKms { + id: string + keyManager: string + keyRotationEnabled: boolean +} + +export interface QueryawsVpc { + id: string + flowLog: FlowLog[] +} + +export interface CIS3xQueryResponse { + queryawsAccount?: QueryawsAccount[] + queryawsCloudtrail?: QueryawsCloudtrail[] + queryawsKms?: QueryawsKms[] + queryawsVpc?: QueryawsVpc[] +} + +describe('CIS Amazon Web Services Foundations: 1.4.0', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ + providerName: 'aws', + entityName: 'CIS', + }) + }) + + describe('AWS CIS 3.1 Ensure CloudTrail is enabled in all regions', () => { + const getTestRuleFixture = ( + isMultiRegionTrail: string, + isLogging: boolean, + readWriteType: string, + includeManagementEvents: boolean + ): CIS3xQueryResponse => { + return { + queryawsAccount: [ + { + id: cuid(), + cloudtrail: [ + { + isMultiRegionTrail, + status: { + isLogging, + }, + eventSelectors: [ + { + readWriteType, + includeManagementEvents, + }, + ], + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_140_31 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a trail has set IsMultiRegionTrail and isLogging as true with at least one Event Selector with IncludeManagementEvents set to true and ReadWriteType set to All', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture( + 'Yes', + true, + 'All', + true + ) + await testRule(data, Result.PASS) + }) + + test('Security Issue when a trail has set IsMultiRegionTrail is set to false', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture( + 'No', + true, + 'All', + true + ) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when a trail has set isLogging is set to false', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture( + 'Yes', + false, + 'All', + true + ) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when a trail has set multi region as true with all read-write type and include management events false', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture( + 'Yes', + true, + 'All', + false + ) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when there not are any trail', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('', true, '', true) + const account = data.queryawsAccount?.[0] as QueryawsAccount + account.cloudtrail = [] + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.2 Ensure CloudTrail log file validation is enabled', () => { + const getTestRuleFixture = ( + logFileValidationEnabled: string + ): CIS3xQueryResponse => { + return { + queryawsCloudtrail: [ + { + id: cuid(), + logFileValidationEnabled, + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_140_32 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a trail has log file validation enabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Yes') + await testRule(data, Result.PASS) + }) + test('Security Issue when a trail has log file validation disabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('No') + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.3 Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible', () => { + const getTestRuleFixture = ( + effect: string, + key: string, + value: string[] + ): CIS3xQueryResponse => { + return { + queryawsCloudtrail: [ + { + id: cuid(), + s3: [ + { + policy: { + statement: [ + { + effect, + principal: [ + { + key, + value, + }, + ], + }, + ], + }, + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_140_33 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a policy contains a statement having an Effect set to Allow and a Principal not set to "*" or {"AWS" : "*"}', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Allow', 'Service', [ + 'cloudtrail.amazonaws.com', + ]) + await testRule(data, Result.PASS) + }) + + test('Security Issue when a policy contains a statement having an Effect set to Allow and a Principal set to "*"', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Allow', '', ['*']) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when a policy contains a statement having an Effect set to Allow and a Principal set to {"AWS" : "*"}', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Allow', 'AWS', ['*']) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.4 Ensure CloudTrail trails are integrated with CloudWatch Logs', () => { + const getTestRuleFixture = ( + cloudWatchLogsLogGroupArn: string | null, + latestCloudWatchLogsDeliveryTime: string | null + ): CIS3xQueryResponse => { + return { + queryawsCloudtrail: [ + { + id: cuid(), + cloudWatchLogsLogGroupArn, + status: { + latestCloudWatchLogsDeliveryTime, + }, + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_140_34 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a trail has cloudwatch logs integrated with a delivery date no more than a day', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(cuid(), new Date().toISOString()) + await testRule(data, Result.PASS) + }) + + test('Security Issue when a trail has cloudwatch logs integrated with a delivery date more than a day', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(cuid(), '2021-11-20T16:18:21.724Z') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when a trail does not have cloudwatch logs integrated', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(null, null) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.5 Ensure AWS Config is enabled in all regions', () => { + const getTestRuleFixture = ( + allSupported: boolean, + includeGlobalResourceTypes: boolean, + recording: boolean, + lastStatus: string + ): CIS3xQueryResponse => { + return { + queryawsAccount: [ + { + id: cuid(), + configurationRecorders: [ + { + recordingGroup: { + allSupported, + includeGlobalResourceTypes, + }, + status: { + recording, + lastStatus, + }, + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_140_35 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a configuration recorder is enabled in all regions', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, true, true, 'SUCCESS') + await testRule(data, Result.PASS) + }) + + test('Security Issue when a configuration recorder has recordingGroup object includes "allSupported": false', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(false, true, true, 'SUCCESS') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when a configuration recorder has recordingGroup object includes "includeGlobalResourceTypes": false', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, false, true, 'SUCCESS') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when a configuration recorder has status object includes "lastStatus" not "SUCCESS"', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, true, true, 'FAILED') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when there not are any configurationRecorder', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, true, true, 'SUCCESS') + const account = data.queryawsAccount?.[0] as QueryawsAccount + account.configurationRecorders = [] + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket', () => { + const getTestRuleFixture = ( + logging: string + ): CIS3xQueryResponse => { + return { + queryawsCloudtrail: [ + { + id: cuid(), + s3: [ + { + logging, + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_140_36 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when a trails bucket has access logging enabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Enabled') + await testRule(data, Result.PASS) + }) + + test('Security Issue when a trails bucket has access logging disabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('Disabled') + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs', () => { + const getTestRuleFixture = ( + kmsKeyId: string | null + ): CIS3xQueryResponse => { + return { + queryawsCloudtrail: [ + { + id: cuid(), + kmsKeyId, + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_140_37 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when cloudtrail logs are encrypted using a KMS key', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(cuid()) + await testRule(data, Result.PASS) + }) + + test('Security Issue when cloudtrail logs are not encrypted', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(null) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.8 Ensure rotation for customer created CMKs is enabled', () => { + const getTestRuleFixture = ( + keyManager: string, + keyRotationEnabled: boolean + ): CIS3xQueryResponse => { + return { + queryawsKms: [ + { + id: cuid(), + keyManager, + keyRotationEnabled + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_140_38 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when rotation is enabled with AWS as a manager', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('AWS', true) + await testRule(data, Result.PASS) + }) + + test('Security Issue when rotation is disabled with customer as a manager', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('CUSTOMER', false) + await testRule(data, Result.FAIL) + }) + + test('Security Issue when rotation is disabled with AWS as a manager', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture('AWS', false) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.9 Ensure VPC flow logging is enabled in all VPCs', () => { + const getTestRuleFixture = ( + flowLog: FlowLog[], + ): CIS3xQueryResponse => { + return { + queryawsVpc: [ + { + id: cuid(), + flowLog + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_140_39 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when flow logging is enabled for each VPC', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture([{resourceId: cuid()}]) + await testRule(data, Result.PASS) + }) + + test('Security Issue when flow logging is disabled on one VPC', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture([]) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.10 Ensure that Object-level logging for write events is enabled for S3 bucket', () => { + const getTestRuleFixture = ( + includeManagementEvents: boolean, + readWriteType: string, + dataResources: DataResource[] + ): CIS3xQueryResponse => { + return { + queryawsAccount: [ + { + id: cuid(), + cloudtrail: [ + { + eventSelectors: [ + { + includeManagementEvents, + readWriteType, + dataResources, + }, + ], + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_140_310 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when S3 bucket object-level logging for write events is enabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, 'WriteOnly', [ + { type: 'AWS::S3::Object' }, + ]) + await testRule(data, Result.PASS) + }) + + test('Security Issue when S3 bucket object-level logging for write events is not enabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, 'WriteOnly', []) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS CIS 3.11 Ensure that Object-level logging for read events is enabled for S3 bucket', () => { + const getTestRuleFixture = ( + includeManagementEvents: boolean, + readWriteType: string, + dataResources: DataResource[] + ): CIS3xQueryResponse => { + return { + queryawsAccount: [ + { + id: cuid(), + cloudtrail: [ + { + eventSelectors: [ + { + includeManagementEvents, + readWriteType, + dataResources, + }, + ], + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: CIS3xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_CIS_140_311 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when S3 bucket object-level logging for read events is enabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, 'ReadOnly', [ + { type: 'AWS::S3::Object' }, + ]) + await testRule(data, Result.PASS) + }) + + test('Security Issue when S3 bucket object-level logging for read events is not enabled', async () => { + const data: CIS3xQueryResponse = getTestRuleFixture(true, 'ReadOnly', []) + await testRule(data, Result.FAIL) + }) + }) +}) diff --git a/src/aws/cis-1.4.0/tsconfig.json b/src/aws/cis-1.4.0/tsconfig.json new file mode 100644 index 00000000..5ade62cc --- /dev/null +++ b/src/aws/cis-1.4.0/tsconfig.json @@ -0,0 +1,20 @@ +{ + "compilerOptions": { + "declaration": true, + "importHelpers": true, + "module": "commonjs", + "outDir": "dist", + "rootDir": "./", + "strict": true, + "target": "es2020", + "lib": ["esnext.array", "ES2020.Promise"], + "allowSyntheticDefaultImports": true, + "esModuleInterop": true, + "skipLibCheck": true, + "forceConsistentCasingInFileNames": true + }, + "include": [ + "**/*" + ], + "exclude": ["dist", "./tests"] +} diff --git a/src/aws/nist-800-53-rev4/CHANGELOG.md b/src/aws/nist-800-53-rev4/CHANGELOG.md index e94d412e..a8283871 100644 --- a/src/aws/nist-800-53-rev4/CHANGELOG.md +++ b/src/aws/nist-800-53-rev4/CHANGELOG.md @@ -1,3 +1,61 @@ +# @cloudgraph/policy-pack-aws-nist-800-53-rev4 [1.4.0](https://github.com/cloudgraphdev/cloudgraph-policy-packs/compare/@cloudgraph/policy-pack-aws-nist-800-53-rev4@1.3.0...@cloudgraph/policy-pack-aws-nist-800-53-rev4@1.4.0) (2022-05-02) + + +### Bug Fixes + +* Added missing fields for aws benchmarks ([dfd5874](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/dfd5874e7d015ec5e6ab82fc419faf82a0b8cd4b)) +* adjusted 11.1 and 11.2 from feedback ([cecff48](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/cecff48c48c4d3f025c2c84aab3313de6f743b1f)) +* merge main back into beta for NIST 11 rules ([d515ee4](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/d515ee4ecaf49f08c3ec95633a7f460a56edf703)) +* Updated index.ts with 11.1 and 12.1 ([e3db449](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/e3db449944ddc5060109a581bae5240963b7bb3b)) +* Updated policy field for S3 schema ([dc3d6c8](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/dc3d6c8b4b7e22ba58c1394d0b64e866ab3de519)) + + +### Features + +* add aws nist rule 11.1 and 11.2 and tests ([091a8cf](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/091a8cf91b725dfeaadad36a1eeafd5e8956aa1a)) +* Included 10.x rules for aws nist 800-53 rev4 ([e3a9fce](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/e3a9fceecf99ce1ea93054566385f84c1d8400e7)) +* Included 13.x rules for aws nist 800-53 rev4 [SECURE LOGIN] ([6eaed04](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/6eaed046fa30d374a56ac4f5ca52f55bd7b8388b)) +* Included 14.1, 15.1, 15.2 rules for aws nist 800-53 rev4 ([122d448](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/122d4481863db5d6cd6bdd94ca7e3b1b625b886b)) +* Included 15.x rules for aws cis 800-53 rev4 [USER AND ROLE MANAGEMENT] ([7b42a1e](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/7b42a1e2db4b4ab4e4955315261f36c8f03f150f)) +* Included 6.x rules for aws nist 800-53 ([ab399f0](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/ab399f01ba04db767d71a49d4b74d6c0b24923ba)) +* Included 6.x rules for aws nist 800-53 ([b51f652](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/b51f6522e7721928ea8dc30d009ac5530f6e86eb)) +* Included 6.x rules for aws nist 800-53 ([03b9889](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/03b9889416e58165214b12fd772c116ce971644b)) +* Included 7.x rules for aws nist 800-53 rev4 ([4ab8b83](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/4ab8b834f08cec9558d339d0f4540b9146adfe8c)) +* Included 7.x rules for aws nist 800-53 rev4 ([bfc130c](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/bfc130c587e206cebf1784e14a1b9e43f900a47c)) +* Included 8.x rules for aws nist 800-53 ([3720e97](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/3720e976e70196277186a764becb663d9afc39b2)) +* Included 8.x rules for aws nist 800-53 rev4 ([d597677](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/d5976779f8a803cfd5c831ffb769d10065c62374)) +* Included 9.x rules for aws nist 800-53 rev4 ([9d67aa2](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/9d67aa2f203e2356152160ec0d27568cd0b80650)) +* Support rules that overlaps with AWS CIS checks [NETWORK ACCESS RULES] ([b96e357](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/b96e357099696691f61f06a2d484be7c2f6c7c22)) + +# @cloudgraph/policy-pack-aws-nist-800-53-rev4 [1.4.0-beta.1](https://github.com/cloudgraphdev/cloudgraph-policy-packs/compare/@cloudgraph/policy-pack-aws-nist-800-53-rev4@1.3.0...@cloudgraph/policy-pack-aws-nist-800-53-rev4@1.4.0-beta.1) (2022-05-02) + + +### Bug Fixes + +* Added missing fields for aws benchmarks ([dfd5874](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/dfd5874e7d015ec5e6ab82fc419faf82a0b8cd4b)) +* adjusted 11.1 and 11.2 from feedback ([cecff48](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/cecff48c48c4d3f025c2c84aab3313de6f743b1f)) +* merge main back into beta for NIST 11 rules ([d515ee4](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/d515ee4ecaf49f08c3ec95633a7f460a56edf703)) +* Updated index.ts with 11.1 and 12.1 ([e3db449](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/e3db449944ddc5060109a581bae5240963b7bb3b)) +* Updated policy field for S3 schema ([dc3d6c8](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/dc3d6c8b4b7e22ba58c1394d0b64e866ab3de519)) + + +### Features + +* add aws nist rule 11.1 and 11.2 and tests ([091a8cf](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/091a8cf91b725dfeaadad36a1eeafd5e8956aa1a)) +* Included 10.x rules for aws nist 800-53 rev4 ([e3a9fce](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/e3a9fceecf99ce1ea93054566385f84c1d8400e7)) +* Included 13.x rules for aws nist 800-53 rev4 [SECURE LOGIN] ([6eaed04](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/6eaed046fa30d374a56ac4f5ca52f55bd7b8388b)) +* Included 14.1, 15.1, 15.2 rules for aws nist 800-53 rev4 ([122d448](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/122d4481863db5d6cd6bdd94ca7e3b1b625b886b)) +* Included 15.x rules for aws cis 800-53 rev4 [USER AND ROLE MANAGEMENT] ([7b42a1e](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/7b42a1e2db4b4ab4e4955315261f36c8f03f150f)) +* Included 6.x rules for aws nist 800-53 ([ab399f0](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/ab399f01ba04db767d71a49d4b74d6c0b24923ba)) +* Included 6.x rules for aws nist 800-53 ([b51f652](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/b51f6522e7721928ea8dc30d009ac5530f6e86eb)) +* Included 6.x rules for aws nist 800-53 ([03b9889](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/03b9889416e58165214b12fd772c116ce971644b)) +* Included 7.x rules for aws nist 800-53 rev4 ([4ab8b83](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/4ab8b834f08cec9558d339d0f4540b9146adfe8c)) +* Included 7.x rules for aws nist 800-53 rev4 ([bfc130c](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/bfc130c587e206cebf1784e14a1b9e43f900a47c)) +* Included 8.x rules for aws nist 800-53 ([3720e97](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/3720e976e70196277186a764becb663d9afc39b2)) +* Included 8.x rules for aws nist 800-53 rev4 ([d597677](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/d5976779f8a803cfd5c831ffb769d10065c62374)) +* Included 9.x rules for aws nist 800-53 rev4 ([9d67aa2](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/9d67aa2f203e2356152160ec0d27568cd0b80650)) +* Support rules that overlaps with AWS CIS checks [NETWORK ACCESS RULES] ([b96e357](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/b96e357099696691f61f06a2d484be7c2f6c7c22)) + # @cloudgraph/policy-pack-aws-nist-800-53-rev4 [1.4.0-alpha.1](https://github.com/cloudgraphdev/cloudgraph-policy-packs/compare/@cloudgraph/policy-pack-aws-nist-800-53-rev4@1.3.0...@cloudgraph/policy-pack-aws-nist-800-53-rev4@1.4.0-alpha.1) (2022-04-27) diff --git a/src/aws/nist-800-53-rev4/README.md b/src/aws/nist-800-53-rev4/README.md index f2a8e78e..776677ba 100644 --- a/src/aws/nist-800-53-rev4/README.md +++ b/src/aws/nist-800-53-rev4/README.md @@ -151,6 +151,10 @@ Policy Pack based on the [800-53 Rev. 4](https://csrc.nist.gov/publications/deta | AWS NIST 8.43 | VPC security groups attached to EC2 instances should not permit ingress from ‘0.0.0.0/0’ to all ports | | AWS NIST 8.44 | VPC security groups attached to EC2 instances should not permit ingress from ‘0.0.0.0/0’ to TCP port 389 (LDAP) | | AWS NIST 8.45 | VPC security groups attached to RDS instances should not permit ingress from ‘0.0.0.0/0’ to all ports | +| AWS NIST 9.1 | ECS container definitions should not mount volumes with mount propagation set to shared | +| AWS NIST 9.2 | ECS task definitions should mount the container’s root filesystem as read-only | +| AWS NIST 9.3 | ECS task definitions should not add Linux capabilities beyond defaults and should drop ‘NET_RAW’ | +| AWS NIST 9.4 | ECS task definitions should not mount sensitive host system directories | | AWS NIST 10.1 | IAM password policies should expire passwords within 90 days | | AWS NIST 10.2 | IAM password policies should have a minimum length of 7 and include both alphabetic and numeric characters | | AWS NIST 10.3 | IAM password policies should prevent reuse of previously used passwords | @@ -165,5 +169,8 @@ Policy Pack based on the [800-53 Rev. 4](https://csrc.nist.gov/publications/deta | AWS NIST 13.2 | IAM should have hardware MFA enabled for the root account | | AWS NIST 13.3 | IAM should have MFA enabled for the root account | | AWS NIST 13.4 | IAM users should have MFA (virtual or hardware) enabled | +| AWS NIST 14.1 | CloudFront distributions should be protected by WAFs | +| AWS NIST 15.1 | ECS task definitions should not use the root user | +| AWS NIST 15.2 | IAM roles used for trust relationships should have MFA or external IDs | | AWS NIST 15.3 | IAM root user access key should not exist | | AWS NIST 15.4 | IAM root user should not be used | diff --git a/src/aws/nist-800-53-rev4/package.json b/src/aws/nist-800-53-rev4/package.json index 5f1a35c4..e5ba68f3 100644 --- a/src/aws/nist-800-53-rev4/package.json +++ b/src/aws/nist-800-53-rev4/package.json @@ -1,7 +1,7 @@ { "name": "@cloudgraph/policy-pack-aws-nist-800-53-rev4", "description": "Policy pack implementing The National Institute of Standards and Technology 800-53 Rev. 4 Benchmark for Amazon Web Services", - "version": "1.4.0-alpha.1", + "version": "1.4.0", "author": "AutoCloud", "license": "MPL-2.0", "main": "dist/index.js", @@ -57,7 +57,7 @@ "build": "yarn prepack", "clean": "rm -rf dist", "lint": "eslint", - "prepack": "yarn clean && tsc -b", + "prepack": "rm -rf dist && tsc -b", "publish": "yarn npm publish", "test": "NODE_ENV=test jest" } diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-14.1.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-14.1.ts new file mode 100644 index 00000000..d1c0958d --- /dev/null +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-14.1.ts @@ -0,0 +1,72 @@ +// PCI DSS 3.2.1 Rule equivalent cloudfront-check-1 +export default { + id: 'aws-nist-800-53-rev4-14.1', + title: 'AWS NIST 14.1 CloudFront distributions should be protected by WAFs', + + description: 'WAF should be deployed on CloudFront distributions to protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.', + + audit: '', + + rationale: '', + + remediation: `**AWS Console** + + - Navigate to [WAF](https://console.aws.amazon.com/wafv2). + - In the navigation pane, choose Web ACLs. + - Choose the web ACL that you want to associate with a CloudFront distribution. + - On the Rules tab, under AWS resources using this web ACL, choose Add association. + - When prompted, use the Resource list to choose the CloudFront distribution that you want to associate this web ACL with. + - Choose Add. + - To associate this web ACL with an additional CloudFront distribution, repeat the last three steps. + + **AWS CLI** + + Get the ID of the web ACL to associate with the CloudFront distribution: + + aws waf list-web-acls --output table --query 'WebACLs[*].WebACLId' + + Get the ID of the CloudFront CDN distribution you want to remediate: + + aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' + + Save the distribution configuration to a file: + + aws cloudfront get-distribution-config --id > distribution-config.json + + Modify the configuration file so the WebACLId attribute is changed to the web ACL ID from the first step: + + "WebACLId": "df6bd310-6012-4870-0000-123456789012" + + Modify the configuration file to remove the following from the beginning of the file. Note the value for the “Etag” attribute before deleting because it is required for the next command. + + { + "ETag": "ETag_Value", + "DistributionConfig": + + Remove the last brace } at the very end of the configuration file. + + Update the distribution configuration from the saved configuration file: + + aws cloudfront update-distribution --id --distribution-config file://distribution-config.json --if-match + + To create a user in the container: + + RUN useradd -d /home/username -m -s /bin/bash username username + + Step 2 is to have a non-root user available in your image and you’ll need to specify it in the container definition: + + To register a new revision of the task definition with a corrected container definition: + + aws ecs register-task-definition + --family + [--task-role-arn ] + [--execution-role-arn ] + [--network-mode ] + --container-definitions + [--volumes ] + [--placement-constraints ] + [--requires-compatibilities ] + [--cpu ] + [--memory ] + [--tags ] + [--pid-mode ] + [--ipc-mode ] + [--proxy-configuration ] + [--inference-accelerators ] + [--cli-input-json | --cli-input-yaml] + [--generate-cli-skeleton ] + + Update the service to use the new task definition: + + aws ecs update-service + [--cluster ] + --service + [--desired-count ] + [--task-definition ] + [--capacity-provider-strategy ] + [--deployment-configuration ] + [--network-configuration ] + [--placement-constraints ] + [--placement-strategy ] + [--platform-version ] + [--force-new-deployment | --no-force-new-deployment] + [--health-check-grace-period-seconds ] + [--cli-input-json | --cli-input-yaml] + [--generate-cli-skeleton ]`, + + references: [ + 'https://github.com/docker/docker/issues/2918', + 'https://github.com/docker/docker/pull/4572', + 'https://github.com/docker/docker/issues/7906', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecs/register-task-definition.html', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecs/update-service.html', + 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition.html', + 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service.html', + ], + gql: `{ + queryawsEcsTaskDefinition { + id + arn + accountId + __typename + containerDefinitions { + user + } + } + }`, + resource: 'queryawsEcsTaskDefinition[*]', + severity: 'high', + conditions: { + not: { + path: '@.containerDefinitions', + array_any: { + path: '[*].user', + equal: 'root', + }, + }, + }, +} diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-15.2.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-15.2.ts new file mode 100644 index 00000000..26020020 --- /dev/null +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-15.2.ts @@ -0,0 +1,100 @@ +export default { + id: 'aws-nist-800-53-rev4-15.2', + title: 'AWS NIST 15.2 IAM roles used for trust relationships should have MFA or external IDs', + + description: `IAM roles that establish trust with other AWS accounts should use additional security measures such as MFA or external IDs. This can protect your account if the trusted account is compromised and can also prevent the “confused deputy problem.” + + NOTE: This rule only evaluates statements with the **sts:AssumeRole** action.`, + + audit: '', + + rationale: '', + + remediation: `**AWS Console** + + Enable MFA + + - Log into the AWS Management Console. + - From the top navigation, select your Account Name > My Security Credentials. + - In the top navigation, select the Trust Relationships tab. + - Expand the Multi-factor authentication (MFA) drop-down, select Active MFA. + - Open your virtual MFA application, scan the QR code. + - Enter the two codes that are generated from your virtual MFA. + - Click Assign. + + Add an External ID + + - Navigate to [IAM](https://console.aws.amazon.com/iam/). + - Select Roles and select the desired IAM role. + - In the top navigation, select the Trust Relationships tab. + - Click Edit trust relationship. + - In "Conditions", add the following: "Condition": {"StringEquals": {"sts:ExternalId": "Unique ID Assigned by Example Corp"}}. + - Click Update Trust Policy. + + **AWS CLI** + + Enable MFA + + Enable MFA via the CLI. + + create-virtual-mfa-device + + --path + + --virtual-mfa-device-name + + --outfile + + --bootstrap-method + + Add an External ID + + Add an external ID to your IAM role. + + update-assume-role-policy + + --policy-document (string)`, + + references: [ + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html', + 'https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_cliapi.html', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/update-assume-role-policy.html', + ], + gql: `{ + queryawsIamRole { + id + arn + accountId + __typename + assumeRolePolicy { + statement { + condition { + key + value + } + } + } + } + }`, + resource: 'queryawsIamRole[*]', + severity: 'high', + conditions: { + path: '@.assumeRolePolicy.statement', + array_any: { + path: '[*].condition', + array_any: { + and: [ + { + path: '[*].key', + equal: 'sts:ExternalId', + }, + { + path: '[*].value', + isEmpty: false, + }, + ], + }, + }, + }, +} diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-6.12.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-6.12.ts index da21b68e..222fdc38 100644 --- a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-6.12.ts +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-6.12.ts @@ -59,10 +59,8 @@ export default { in: ['ReadOnly', 'All'], }, { - not: { - path: '[*].dataResources', - isEmpty: true, - } + path: '[*].dataResources', + isEmpty: false, }, ], }, diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-6.13.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-6.13.ts index 6c36615f..d157c3d0 100644 --- a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-6.13.ts +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-6.13.ts @@ -59,10 +59,8 @@ export default { in: ['WriteOnly', 'All'], }, { - not: { - path: '[*].dataResources', - isEmpty: true, - } + path: '[*].dataResources', + isEmpty: false, }, ], }, diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-9.1.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-9.1.ts new file mode 100644 index 00000000..fab3a4e2 --- /dev/null +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-9.1.ts @@ -0,0 +1,97 @@ +export default { + id: 'aws-nist-800-53-rev4-9.1', + title: 'AWS NIST 9.1 ECS container definitions should not mount volumes with mount propagation set to shared', + + description: `A shared mount is replicated at all mounts and changes made at any mount point are propagated to all other mount points. Mounting a volume in shared mode does not restrict any other container from mounting and making changes to that volume. + + The bind propagation setting is not officially supported by the ECS API. However, [it is still possible to modify this setting](https://github.com/aws/containers-roadmap/issues/362) by suffixing the _**containerPath**_ property of a mount point with a bind propagation mode. We recommend against modifying this property so that the default **rprivate** mode is used. We enforce that neither the **shared** nor **rshared** modes are used. For more information about bind propagation, see [Configure bind propagation](https://docs.docker.com/storage/bind-mounts/#configure-bind-propagation) in the Docker documentation.`, + + audit: '', + + rationale: '', + + remediation: `**Console Remediation Steps** + + - Navigate to [ECS](https://console.aws.amazon.com/ecs/). + - Select the Region that contains your task definition. + - In the left pane, select Task Definitions. + - Check the task definition and click Create new revision. + - On the Create new revision of task definition page, make changes. For example, to change the existing container definitions (such as the container image, memory - limits, or port mappings), select the container, make the changes, and then choose Update. + - Select Create. + - If your task definition is used in a service, update your service with the updated task definition and deactivate the previous task definition. For more information, see [Updating a service](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service.html). + + **CLI Remediation Steps** + + Create new task definition revision: + + aws ecs register-task-definition + --family + [--task-role-arn ] + [--execution-role-arn ] + [--network-mode ] + --container-definitions + [--volumes ] + [--placement-constraints ] + [--requires-compatibilities ] + [--cpu ] + [--memory ] + [--tags ] + [--pid-mode ] + [--ipc-mode ] + [--proxy-configuration ] + [--inference-accelerators ] + [--cli-input-json | --cli-input-yaml] + [--generate-cli-skeleton ] + + Update the service to use the new task definition: + + aws ecs update-service + [--cluster ] + --service + [--desired-count ] + [--task-definition ] + [--capacity-provider-strategy ] + [--deployment-configuration ] + [--network-configuration ] + [--placement-constraints ] + [--placement-strategy ] + [--platform-version ] + [--force-new-deployment | --no-force-new-deployment] + [--health-check-grace-period-seconds ] + [--cli-input-json | --cli-input-yaml] + [--generate-cli-skeleton ]`, + + references: [ + 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service.html', + 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition.html', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecs/register-task-definition.html', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecs/update-service.html', + ], + gql: `{ + queryawsEcsTaskDefinition { + id + arn + accountId + __typename + containerDefinitions { + mountPoints { + containerPath + } + } + } + }`, + resource: 'queryawsEcsTaskDefinition[*]', + severity: 'medium', + conditions: { + not: { + path: '@.containerDefinitions', + array_any: { + path: '[*].mountPoints', + array_any: { + path: '[*].containerPath', + match: /shared/, + }, + }, + }, + }, +} diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-9.2.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-9.2.ts new file mode 100644 index 00000000..6e1f1f56 --- /dev/null +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-9.2.ts @@ -0,0 +1,102 @@ +export default { + id: 'aws-nist-800-53-rev4-9.2', + title: 'AWS NIST 9.2 ECS task definitions should mount the container’s root filesystem as read-only', + + description: `Mounting the container’s root filesystem as read-only prevents any writes to the container’s root filesystem at container runtime and enforces the principle of immutable infrastructure. This reduces security attack vectors since the container instance’s filesystem cannot be tampered with or written to unless it has explicit read-write permissions on its filesystem folder and directories. + + The **readonlyRootFilesystem** property must be set to **true** for each container definition within the task definition. For more information about the **readonlyRootFilesystem** property, see [ContainerDefinition](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html) in the ECS API reference.`, + + audit: '', + + rationale: '', + + remediation: `**Console Remediation Steps** + references: [ + 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service.html', + 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition.html', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecs/register-task-definition.html', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecs/update-service.html', +], + - Navigate to [ECS](https://console.aws.amazon.com/ecs/). + - Select the Region that contains your task definition. + - In the left pane, select Task Definitions. + - Check the task definition and click Create new revision. + - On the Create new revision of task definition page, make changes. For example, to change the existing container definitions (such as the container image, memory limits, or port mappings), select the container, make the changes, and then choose Update. + - Select Create. + - If your task definition is used in a service, update your service with the updated task definition and deactivate the previous task definition. For more information, see [Updating a service](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service.html). + + **CLI Remediation Steps** + + Create new task definition revision: + + aws ecs register-task-definition + --family + [--task-role-arn ] + [--execution-role-arn ] + [--network-mode ] + --container-definitions + [--volumes ] + [--placement-constraints ] + [--requires-compatibilities ] + [--cpu ] + [--memory ] + [--tags ] + [--pid-mode ] + [--ipc-mode ] + [--proxy-configuration ] + [--inference-accelerators ] + [--cli-input-json | --cli-input-yaml] + [--generate-cli-skeleton ] + + Update the service to use the new task definition: + + aws ecs update-service + [--cluster ] + --service + [--desired-count ] + [--task-definition ] + [--capacity-provider-strategy ] + [--deployment-configuration ] + [--network-configuration ] + [--placement-constraints ] + [--placement-strategy ] + [--platform-version ] + [--force-new-deployment | --no-force-new-deployment] + [--health-check-grace-period-seconds ] + [--cli-input-json | --cli-input-yaml] + [--generate-cli-skeleton ]`, + + references: [ + 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service.html', + 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition.html', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecs/register-task-definition.html', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecs/update-service.html', + ], + gql: `{ + queryawsEcsTaskDefinition { + id + arn + accountId + __typename + containerDefinitions { + mountPoints { + readOnly + } + } + } + }`, + resource: 'queryawsEcsTaskDefinition[*]', + severity: 'medium', + conditions: { + not: { + path: '@.containerDefinitions', + array_any: { + path: '[*].mountPoints', + array_any: { + path: '[*].readOnly', + equal: false, + }, + }, + }, + }, +} diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-9.3.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-9.3.ts new file mode 100644 index 00000000..d989d763 --- /dev/null +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-9.3.ts @@ -0,0 +1,109 @@ +export default { + id: 'aws-nist-800-53-rev4-9.3', + title: 'AWS NIST 9.3 ECS task definitions should not add Linux capabilities beyond defaults and should drop ‘NET_RAW’', + + description: `Docker containers are started with a default set of Linux capabilities. Adding capabilities allows users to grant some superuser permissions to a process without running that process as root. This rule enforces two valid states either drop ‘NET_RAW’ and do not add any other capabilities, or drop ‘ALL’ and only add back the capabilities that you need. We recommend that this rule be waived on a per-task basis. + + Linux capabilities should be modified by specifying **KernelCapabilities** for each **ContainerDefinition** within the task definition. For more information about linux capabilities in the context of ECS, see [KernelCapabilities](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_KernelCapabilities.html) in the ECS API reference.`, + + audit: '', + + rationale: '', + + remediation: `**Console Remediation Steps** + + - Navigate to [ECS](https://console.aws.amazon.com/ecs/). + - Select the Region that contains your task definition. + - In the left pane, select Task Definitions. + - Check the task definition and click Create new revision. + - On the Create new revision of task definition page, make changes. For example, to change the existing container definitions (such as the container image, memory limits, or port mappings), select the container, make the changes, and then choose Update. + - Select Create. + - If your task definition is used in a service, update your service with the updated task definition and deactivate the previous task definition. For more information, see Updating a service. + + **CLI Remediation Steps** + Create new task definition revision: + + aws ecs register-task-definition + --family + [--task-role-arn ] + [--execution-role-arn ] + [--network-mode ] + --container-definitions + [--volumes ] + [--placement-constraints ] + [--requires-compatibilities ] + [--cpu ] + [--memory ] + [--tags ] + [--pid-mode ] + [--ipc-mode ] + [--proxy-configuration ] + [--inference-accelerators ] + [--cli-input-json | --cli-input-yaml] + [--generate-cli-skeleton ] + + Update the service to use the new task definition: + + aws ecs update-service + [--cluster ] + --service + [--desired-count ] + [--task-definition ] + [--capacity-provider-strategy ] + [--deployment-configuration ] + [--network-configuration ] + [--placement-constraints ] + [--placement-strategy ] + [--platform-version ] + [--force-new-deployment | --no-force-new-deployment] + [--health-check-grace-period-seconds ] + [--cli-input-json | --cli-input-yaml] + [--generate-cli-skeleton ]`, + + references: [ + 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service.html', + 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition.html', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecs/register-task-definition.html', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecs/update-service.html', + ], + gql: `{ + queryawsEcsTaskDefinition { + id + arn + accountId + __typename + containerDefinitions { + linuxParameters { + capabilities { + drop + } + } + } + } + }`, + resource: 'queryawsEcsTaskDefinition[*]', + severity: 'high', + conditions: { + path: '@.containerDefinitions', + array_all: { + or: [ + { + path: '[*].linuxParameters.capabilities.drop', + contains: 'ALL', + }, + { + and: [ + { + path: '[*].linuxParameters.capabilities.drop', + contains: 'NET_RAW', + }, + { + path: '[*].linuxParameters.capabilities.add', + isEmpty: true + }, + ], + }, + ], + }, + }, +} diff --git a/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-9.4.ts b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-9.4.ts new file mode 100644 index 00000000..74d3f536 --- /dev/null +++ b/src/aws/nist-800-53-rev4/rules/aws-nist-800-53-rev4-9.4.ts @@ -0,0 +1,105 @@ +export default { + id: 'aws-nist-800-53-rev4-9.4', + title: 'AWS NIST 9.4 ECS task definitions should not mount sensitive host system directories', + + description: `Mounting sensitive host system directories in an ECS task definition grants privileges beyond the boundaries of a container. This creates unnecessary risk and increases the attack surface of the container. + + The following are considered sensitive host directories as defined by the CIS Docker Benchmark v1.2.0: + + - / + - /boot + - /dev + - /etc + - /lib + - /proc + - /sys + - /usr + + Host mounts are specified by defining a volume in the task definition with a **host** property. For more information about about volumes and host mounts, see [Volume](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_Volume.html) and [HostVolumeProperties](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_HostVolumeProperties.html) in the ECS API reference.`, + + audit: '', + + rationale: 'If sensitive directories are mounted in read-write mode, it could be possible to make changes to files within them. This has obvious security implications and should be avoided.', + + remediation: `**Console Remediation Steps** + + - Navigate to [ECS](https://console.aws.amazon.com/ecs/). + - Select the Region that contains your task definition. + - In the left pane, select Task Definitions. + - Check the task definition and click Create new revision. + - On the Create new revision of task definition page, make changes. For example, to change the existing container definitions (such as the container image, memory limits, or port mappings), select the container, make the changes, and then choose Update. + - Select Create. + - If your task definition is used in a service, update your service with the updated task definition and deactivate the previous task definition. For more information, see [Updating a service](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service.html). + + **CLI Remediation Steps** + + Create new task definition revision: + + aws ecs register-task-definition + --family + [--task-role-arn ] + [--execution-role-arn ] + [--network-mode ] + --container-definitions + [--volumes ] + [--placement-constraints ] + [--requires-compatibilities ] + [--cpu ] + [--memory ] + [--tags ] + [--pid-mode ] + [--ipc-mode ] + [--proxy-configuration ] + [--inference-accelerators ] + [--cli-input-json | --cli-input-yaml] + [--generate-cli-skeleton ] + + Update the service to use the new task definition: + + aws ecs update-service + [--cluster ] + --service + [--desired-count ] + [--task-definition ] + [--capacity-provider-strategy ] + [--deployment-configuration ] + [--network-configuration ] + [--placement-constraints ] + [--placement-strategy ] + [--platform-version ] + [--force-new-deployment | --no-force-new-deployment] + [--health-check-grace-period-seconds ] + [--cli-input-json | --cli-input-yaml] + [--generate-cli-skeleton ]`, + + references: [ + 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-service.html', + 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition.html', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecs/register-task-definition.html', + 'https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ecs/update-service.html', + ], + gql: `{ + queryawsEcsTaskDefinition { + id + arn + accountId + __typename + volumes { + host { + sourcePath + } + } + } + }`, + resource: 'queryawsEcsTaskDefinition[*]', + severity: 'high', + conditions: { + not: { + path: '@.volumes', + array_any: { + path: '[*].host.sourcePath', + match: /(^\/$|^\/boot$|^\/boot\/.*|^\/dev$|^\/dev\/.*|^\/etc$|^\/etc\/.*|^\/lib$|^\/lib\/.*|^\/proc$|^\/proc\/.*|^\/sys$|^\/sys\/.*|^\/usr$|^\/usr\/.*)/, + }, + } + }, +} diff --git a/src/aws/nist-800-53-rev4/rules/index.ts b/src/aws/nist-800-53-rev4/rules/index.ts index b6b236f3..72e8db32 100644 --- a/src/aws/nist-800-53-rev4/rules/index.ts +++ b/src/aws/nist-800-53-rev4/rules/index.ts @@ -91,6 +91,10 @@ import Aws_NIST_800_53_842 from './aws-nist-800-53-rev4-8.42' import Aws_NIST_800_53_843 from './aws-nist-800-53-rev4-8.43' import Aws_NIST_800_53_844 from './aws-nist-800-53-rev4-8.44' import Aws_NIST_800_53_845 from './aws-nist-800-53-rev4-8.45' +import Aws_NIST_800_53_91 from './aws-nist-800-53-rev4-9.1' +import Aws_NIST_800_53_92 from './aws-nist-800-53-rev4-9.2' +import Aws_NIST_800_53_93 from './aws-nist-800-53-rev4-9.3' +import Aws_NIST_800_53_94 from './aws-nist-800-53-rev4-9.4' import Aws_NIST_800_53_101 from './aws-nist-800-53-rev4-10.1' import Aws_NIST_800_53_102 from './aws-nist-800-53-rev4-10.2' import Aws_NIST_800_53_103 from './aws-nist-800-53-rev4-10.3' @@ -105,6 +109,9 @@ import Aws_NIST_800_53_131 from './aws-nist-800-53-rev4-13.1' import Aws_NIST_800_53_132 from './aws-nist-800-53-rev4-13.2' import Aws_NIST_800_53_133 from './aws-nist-800-53-rev4-13.3' import Aws_NIST_800_53_134 from './aws-nist-800-53-rev4-13.4' +import Aws_NIST_800_53_141 from './aws-nist-800-53-rev4-14.1' +import Aws_NIST_800_53_151 from './aws-nist-800-53-rev4-15.1' +import Aws_NIST_800_53_152 from './aws-nist-800-53-rev4-15.2' import Aws_NIST_800_53_153 from './aws-nist-800-53-rev4-15.3' import Aws_NIST_800_53_154 from './aws-nist-800-53-rev4-15.4' @@ -201,6 +208,10 @@ export default [ Aws_NIST_800_53_842, Aws_NIST_800_53_843, Aws_NIST_800_53_844, + Aws_NIST_800_53_91, + Aws_NIST_800_53_92, + Aws_NIST_800_53_93, + Aws_NIST_800_53_94, Aws_NIST_800_53_845, Aws_NIST_800_53_101, Aws_NIST_800_53_102, @@ -216,6 +227,9 @@ export default [ Aws_NIST_800_53_132, Aws_NIST_800_53_133, Aws_NIST_800_53_134, + Aws_NIST_800_53_141, + Aws_NIST_800_53_151, + Aws_NIST_800_53_152, Aws_NIST_800_53_153, Aws_NIST_800_53_154, ] diff --git a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-14.x.test.ts b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-14.x.test.ts new file mode 100644 index 00000000..61cf406e --- /dev/null +++ b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-14.x.test.ts @@ -0,0 +1,61 @@ +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' +import cuid from 'cuid' + +import Aws_NIST_800_53_141 from '../rules/aws-nist-800-53-rev4-14.1' + +export interface QueryawsCloudfront { + id: string + webAclId: string +} + +export interface NIS14xQueryResponse { + queryawsCloudfront?: QueryawsCloudfront[] +} + +describe('AWS NIST 800-53: Rev. 4', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ + providerName: 'aws', + entityName: 'NIST', + }) + }) + + describe('AWS NIST 14.1 CloudFront distributions should be protected by WAFs', () => { + const getTestRuleFixture = (webAclId: string): NIS14xQueryResponse => { + return { + queryawsCloudfront: [ + { + id: cuid(), + webAclId + }, + ], + } + } + + // Act + const testRule = async ( + data: NIS14xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_141 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when the Cloudfront distribution has a webAclId', async () => { + const data: NIS14xQueryResponse = getTestRuleFixture(cuid()) + await testRule(data, Result.PASS) + }) + + test('Security Issue when the Cloudfront distribution has no webAclId', async () => { + const data: NIS14xQueryResponse = getTestRuleFixture('') + await testRule(data, Result.FAIL) + }) + }) +}) diff --git a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-15.x.test.ts b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-15.x.test.ts index 2b70d0c4..aae0f468 100644 --- a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-15.x.test.ts +++ b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-15.x.test.ts @@ -1,17 +1,45 @@ import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' import cuid from 'cuid' +import Aws_NIST_800_53_151 from '../rules/aws-nist-800-53-rev4-15.1' +import Aws_NIST_800_53_152 from '../rules/aws-nist-800-53-rev4-15.2' import Aws_NIST_800_53_153 from '../rules/aws-nist-800-53-rev4-15.3' import Aws_NIST_800_53_154 from '../rules/aws-nist-800-53-rev4-15.4' +export interface ContainerDefinition { + user: string +} + +export interface Condition { + key: string + value: string[] +} + +export interface Statement { + condition: Condition[] +} + +export interface AssumeRolePolicy { + statement: Statement[] +} + +export interface QueryawsIamRole { + id: string + assumeRolePolicy: AssumeRolePolicy +} +export interface QueryawsEcsTaskDefinition { + id: string + containerDefinitions?: ContainerDefinition[] +} export interface QueryawsIamUser { id: string accessKeysActive?: boolean passwordLastUsed?: string passwordEnabled?: boolean } - -export interface NIST13xQueryResponse { +export interface NIST15xQueryResponse { + queryawsEcsTaskDefinition?: QueryawsEcsTaskDefinition[] + queryawsIamRole?: QueryawsIamRole[] queryawsIamUser?: QueryawsIamUser[] } @@ -24,10 +52,100 @@ describe('AWS NIST 800-53: Rev. 4', () => { }) }) + describe('AWS NIST 15.1 ECS task definitions should not use the root user', () => { + const getTestRuleFixture = (user: string): NIST15xQueryResponse => { + return { + queryawsEcsTaskDefinition: [ + { + id: cuid(), + containerDefinitions: [ + { + user + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: NIST15xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_151 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when task definitions not use the root user', async () => { + const data: NIST15xQueryResponse = getTestRuleFixture('testuser') + await testRule(data, Result.PASS) + }) + + test('Security Issue when task definitions use the root user', async () => { + const data: NIST15xQueryResponse = getTestRuleFixture('root') + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS NIST 15.2 IAM roles used for trust relationships should have MFA or external IDs', () => { + const getTestRuleFixture = ( + condition: Condition[] + ): NIST15xQueryResponse => { + return { + queryawsIamRole: [ + { + id: cuid(), + assumeRolePolicy: { + statement: [ + { + condition + } + ] + } + }, + ], + } + } + + // Act + const testRule = async ( + data: NIST15xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_152 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when IAM roles used for trust relationships have external IDs', async () => { + const condition: Condition[] = [{key: 'sts:ExternalId', value: [cuid()]}] + const data: NIST15xQueryResponse = getTestRuleFixture(condition) + await testRule(data, Result.PASS) + }) + + test('Security Issue when IAM roles used for trust relationships NOT have external IDs', async () => { + const condition: Condition[] = [] + const data: NIST15xQueryResponse = getTestRuleFixture(condition) + await testRule(data, Result.FAIL) + }) + }) + describe('AWS NIST 15.3 IAM root user access key should not exist', () => { const getTestRuleFixture = ( accessKeysActive: boolean - ): NIST13xQueryResponse => { + ): NIST15xQueryResponse => { return { queryawsIamUser: [ { @@ -40,7 +158,7 @@ describe('AWS NIST 800-53: Rev. 4', () => { // Act const testRule = async ( - data: NIST13xQueryResponse, + data: NIST15xQueryResponse, expectedResult: Result ): Promise => { // Act @@ -54,12 +172,12 @@ describe('AWS NIST 800-53: Rev. 4', () => { } test('No Security Issue when there is an inbound rule with a root account that does not have any access key active', async () => { - const data: NIST13xQueryResponse = getTestRuleFixture(false) + const data: NIST15xQueryResponse = getTestRuleFixture(false) await testRule(data, Result.PASS) }) test('Security Issue when there is an inbound rule with a root account that has at least one access key active', async () => { - const data: NIST13xQueryResponse = getTestRuleFixture(true) + const data: NIST15xQueryResponse = getTestRuleFixture(true) await testRule(data, Result.FAIL) }) }) @@ -68,7 +186,7 @@ describe('AWS NIST 800-53: Rev. 4', () => { const getTestRuleFixture = ( passwordEnabled: boolean, passwordLastUsed: string, - ): NIST13xQueryResponse => { + ): NIST15xQueryResponse => { return { queryawsIamUser: [ { @@ -82,7 +200,7 @@ describe('AWS NIST 800-53: Rev. 4', () => { // Act const testRule = async ( - data: NIST13xQueryResponse, + data: NIST15xQueryResponse, expectedResult: Result ): Promise => { // Act @@ -96,12 +214,12 @@ describe('AWS NIST 800-53: Rev. 4', () => { } test('No Security Issue when there is an inbound rule with a root account that does not uses his password in the last 30 days', async () => { - const data: NIST13xQueryResponse = getTestRuleFixture(true, '2021-04-08T17:20:19.000Z') + const data: NIST15xQueryResponse = getTestRuleFixture(true, '2021-04-08T17:20:19.000Z') await testRule(data, Result.PASS) }) test('Security Issue when there is an inbound rule with a root account that uses his password in the last 30 days', async () => { - const data: NIST13xQueryResponse = getTestRuleFixture(true, new Date().toISOString()) + const data: NIST15xQueryResponse = getTestRuleFixture(true, new Date().toISOString()) await testRule(data, Result.FAIL) }) }) diff --git a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-6.x.test.ts b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-6.x.test.ts index 929625b6..ca4745a2 100644 --- a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-6.x.test.ts +++ b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-6.x.test.ts @@ -726,7 +726,7 @@ describe('AWS NIST 800-53: Rev. 4', () => { test('Security Issue when S3 bucket object-level logging for read events is not enabled', async () => { const data: NIS6xQueryResponse = getTestRuleFixture(true, 'ReadOnly', []) - await testRule(data, Result.PASS) + await testRule(data, Result.FAIL) }) }) @@ -780,7 +780,7 @@ describe('AWS NIST 800-53: Rev. 4', () => { test('Security Issue when S3 bucket object-level logging for write events is not enabled', async () => { const data: NIS6xQueryResponse = getTestRuleFixture(true, 'WriteOnly', []) - await testRule(data, Result.PASS) + await testRule(data, Result.FAIL) }) }) diff --git a/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-9.x.test.ts b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-9.x.test.ts new file mode 100644 index 00000000..793d4ae2 --- /dev/null +++ b/src/aws/nist-800-53-rev4/tests/nist-800-53-rev4-9.x.test.ts @@ -0,0 +1,292 @@ +import CloudGraph, { Rule, Result, Engine } from '@cloudgraph/sdk' +import cuid from 'cuid' + +import Aws_NIST_800_53_91 from '../rules/aws-nist-800-53-rev4-9.1' +import Aws_NIST_800_53_92 from '../rules/aws-nist-800-53-rev4-9.2' +import Aws_NIST_800_53_93 from '../rules/aws-nist-800-53-rev4-9.3' +import Aws_NIST_800_53_94 from '../rules/aws-nist-800-53-rev4-9.4' + +export interface MountPoint { + containerPath?: string + readOnly?: boolean +} + +export interface Capabilities { + add: string[] + drop: string[] +} + +export interface LinuxParameters { + capabilities: Capabilities +} + +export interface ContainerDefinition { + mountPoints?: MountPoint[] + linuxParameters?: LinuxParameters +} + +export interface Host { + sourcePath: string +} + +export interface Volume { + host: Host +} + +export interface QueryawsEcsTaskDefinition { + id: string + containerDefinitions?: ContainerDefinition[] + volumes?: Volume[] +} + +export interface NIS9xQueryResponse { + queryawsEcsTaskDefinition?: QueryawsEcsTaskDefinition[] +} + +describe('AWS NIST 800-53: Rev. 4', () => { + let rulesEngine: Engine + beforeAll(() => { + rulesEngine = new CloudGraph.RulesEngine({ + providerName: 'aws', + entityName: 'NIST', + }) + }) + + describe('AWS NIST 9.1 ECS container definitions should not mount volumes with mount propagation set to shared', () => { + const getTestRuleFixture = (containerPath: string): NIS9xQueryResponse => { + return { + queryawsEcsTaskDefinition: [ + { + id: cuid(), + containerDefinitions: [ + { + mountPoints: [ + { + containerPath, + }, + { + containerPath: '/containerPath', + }, + ], + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: NIS9xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_91 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when there is an inbound rule with mount propagation NOT set to shared', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture('/data') + await testRule(data, Result.PASS) + }) + + test('Security Issue when there is an inbound rule with mount propagation set to shared', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture('/data:shared') + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS NIST 9.2 ECS task definitions should mount the container’s root filesystem as read-only', () => { + const getTestRuleFixture = (readOnly: boolean): NIS9xQueryResponse => { + return { + queryawsEcsTaskDefinition: [ + { + id: cuid(), + containerDefinitions: [ + { + mountPoints: [ + { + readOnly, + }, + { + readOnly: true, + }, + ], + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: NIS9xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_92 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when task definitions has mount the container’s root filesystem as read-only', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture(true) + await testRule(data, Result.PASS) + }) + + test('Security Issue when there any task definitions that has NOT mount the container’s root filesystem as read-only', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture(false) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS NIST 9.3 ECS task definitions should not add Linux capabilities beyond defaults and should drop NET_RAW', () => { + const getTestRuleFixture = ( + add: string[], + drop: string[] + ): NIS9xQueryResponse => { + return { + queryawsEcsTaskDefinition: [ + { + id: cuid(), + containerDefinitions: [ + { + linuxParameters: { + capabilities: { + add, + drop, + }, + }, + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: NIS9xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_93 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when task definitions drop ‘NET_RAW’ and do not add any other capabilities', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture([], ['NET_RAW']) + await testRule(data, Result.PASS) + }) + + test('No Security Issue when task definitions drop ‘ALL’ capabilities', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture( + ['AUDIT_CONTROL'], + ['ALL'] + ) + await testRule(data, Result.PASS) + }) + + test('Security Issue when task definitions add Linux capabilities allows users to grant some superuser permission', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture( + ['AUDIT_CONTROL', 'AUDIT_WRITE'], + ['NET_RAW'] + ) + await testRule(data, Result.FAIL) + }) + }) + + describe('AWS NIST 9.4 ECS task definitions should not mount sensitive host system directories', () => { + const getTestRuleFixture = (sourcePath: string): NIS9xQueryResponse => { + return { + queryawsEcsTaskDefinition: [ + { + id: cuid(), + volumes: [ + { + host: { + sourcePath, + }, + }, + ], + }, + ], + } + } + + // Act + const testRule = async ( + data: NIS9xQueryResponse, + expectedResult: Result + ): Promise => { + // Act + const [processedRule] = await rulesEngine.processRule( + Aws_NIST_800_53_94 as Rule, + { ...data } + ) + + // Asserts + expect(processedRule.result).toBe(expectedResult) + } + + test('No Security Issue when task definitions not mount sensitive host system directories', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture('/something') + await testRule(data, Result.PASS) + }) + + test('Security Issue when task definitions mount "/" sensitive host system directory', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture('/') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when task definitions mount "/boot" sensitive host system directory', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture('/boot/something') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when task definitions mount "/dev" sensitive host system directory', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture('/dev') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when task definitions mount "/etc" sensitive host system directory', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture('/etc/something/something') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when task definitions mount "/lib" sensitive host system directory', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture('/lib') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when task definitions mount "/proc" sensitive host system directory', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture('/proc') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when task definitions mount "/sys" sensitive host system directory', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture('/sys') + await testRule(data, Result.FAIL) + }) + + test('Security Issue when task definitions mount "/usr" sensitive host system directory', async () => { + const data: NIS9xQueryResponse = getTestRuleFixture('/usr') + await testRule(data, Result.FAIL) + }) + }) +}) diff --git a/src/aws/pci-dss-3.2.1/CHANGELOG.md b/src/aws/pci-dss-3.2.1/CHANGELOG.md index e2558bfc..0009acdb 100644 --- a/src/aws/pci-dss-3.2.1/CHANGELOG.md +++ b/src/aws/pci-dss-3.2.1/CHANGELOG.md @@ -1,3 +1,23 @@ +## @cloudgraph/policy-pack-aws-pci-dss-3.2.1 [1.16.1](https://github.com/cloudgraphdev/cloudgraph-policy-packs/compare/@cloudgraph/policy-pack-aws-pci-dss-3.2.1@1.16.0...@cloudgraph/policy-pack-aws-pci-dss-3.2.1@1.16.1) (2022-05-02) + + +### Bug Fixes + +* Added missing fields for aws benchmarks ([dfd5874](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/dfd5874e7d015ec5e6ab82fc419faf82a0b8cd4b)) +* azure-cis-1.3.1-4.3.8 and pci-dss-3.2.1-lambda-check-1 rules ([5eca392](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/5eca392468b3d0457e7c16b44f367cd5f9cf2824)) +* rename vpc flowLogs connection to FlowLog ([c31e985](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/c31e985b4a2623fb01f8a29a4c5897becb2e4905)) +* Updated policy field for S3 schema ([dc3d6c8](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/dc3d6c8b4b7e22ba58c1394d0b64e866ab3de519)) + +## @cloudgraph/policy-pack-aws-pci-dss-3.2.1 [1.16.1-beta.1](https://github.com/cloudgraphdev/cloudgraph-policy-packs/compare/@cloudgraph/policy-pack-aws-pci-dss-3.2.1@1.16.0...@cloudgraph/policy-pack-aws-pci-dss-3.2.1@1.16.1-beta.1) (2022-05-02) + + +### Bug Fixes + +* Added missing fields for aws benchmarks ([dfd5874](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/dfd5874e7d015ec5e6ab82fc419faf82a0b8cd4b)) +* azure-cis-1.3.1-4.3.8 and pci-dss-3.2.1-lambda-check-1 rules ([5eca392](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/5eca392468b3d0457e7c16b44f367cd5f9cf2824)) +* rename vpc flowLogs connection to FlowLog ([c31e985](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/c31e985b4a2623fb01f8a29a4c5897becb2e4905)) +* Updated policy field for S3 schema ([dc3d6c8](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/dc3d6c8b4b7e22ba58c1394d0b64e866ab3de519)) + ## @cloudgraph/policy-pack-aws-pci-dss-3.2.1 [1.16.1-alpha.1](https://github.com/cloudgraphdev/cloudgraph-policy-packs/compare/@cloudgraph/policy-pack-aws-pci-dss-3.2.1@1.16.0...@cloudgraph/policy-pack-aws-pci-dss-3.2.1@1.16.1-alpha.1) (2022-04-27) diff --git a/src/aws/pci-dss-3.2.1/package.json b/src/aws/pci-dss-3.2.1/package.json index 2bb7213d..f8dbd9e4 100644 --- a/src/aws/pci-dss-3.2.1/package.json +++ b/src/aws/pci-dss-3.2.1/package.json @@ -1,7 +1,7 @@ { "name": "@cloudgraph/policy-pack-aws-pci-dss-3.2.1", "description": "Policy pack implementing Payment Card Industry Data Security Standard version 3.2.1 Benchmark for Amazon Web Services", - "version": "1.16.1-alpha.1", + "version": "1.16.1", "author": "AutoCloud", "license": "MPL-2.0", "main": "dist/index.js", @@ -57,7 +57,7 @@ "build": "yarn prepack", "clean": "rm -rf dist", "lint": "eslint", - "prepack": "yarn clean && tsc -b", + "prepack": "rm -rf dist && tsc -b", "publish": "yarn npm publish", "test": "NODE_ENV=test jest" } diff --git a/src/azure/cis-1.3.1/CHANGELOG.md b/src/azure/cis-1.3.1/CHANGELOG.md index e630af43..4612a527 100644 --- a/src/azure/cis-1.3.1/CHANGELOG.md +++ b/src/azure/cis-1.3.1/CHANGELOG.md @@ -1,3 +1,17 @@ +## @cloudgraph/policy-pack-azure-cis-1.3.1 [1.13.1](https://github.com/cloudgraphdev/cloudgraph-policy-packs/compare/@cloudgraph/policy-pack-azure-cis-1.3.1@1.13.0...@cloudgraph/policy-pack-azure-cis-1.3.1@1.13.1) (2022-05-02) + + +### Bug Fixes + +* azure-cis-1.3.1-4.3.8 and pci-dss-3.2.1-lambda-check-1 rules ([5eca392](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/5eca392468b3d0457e7c16b44f367cd5f9cf2824)) + +## @cloudgraph/policy-pack-azure-cis-1.3.1 [1.13.1-beta.1](https://github.com/cloudgraphdev/cloudgraph-policy-packs/compare/@cloudgraph/policy-pack-azure-cis-1.3.1@1.13.0...@cloudgraph/policy-pack-azure-cis-1.3.1@1.13.1-beta.1) (2022-05-02) + + +### Bug Fixes + +* azure-cis-1.3.1-4.3.8 and pci-dss-3.2.1-lambda-check-1 rules ([5eca392](https://github.com/cloudgraphdev/cloudgraph-policy-packs/commit/5eca392468b3d0457e7c16b44f367cd5f9cf2824)) + # @cloudgraph/policy-pack-azure-cis-1.3.1 [1.13.0](https://gitlab.com/auto-cloud/cloudgraph/policy-packs/compare/@cloudgraph/policy-pack-azure-cis-1.3.1@1.12.0...@cloudgraph/policy-pack-azure-cis-1.3.1@1.13.0) (2022-03-31) diff --git a/src/azure/cis-1.3.1/package.json b/src/azure/cis-1.3.1/package.json index 99ecc846..1693042e 100644 --- a/src/azure/cis-1.3.1/package.json +++ b/src/azure/cis-1.3.1/package.json @@ -1,7 +1,7 @@ { "name": "@cloudgraph/policy-pack-azure-cis-1.3.1", "description": "Policy pack implementing CIS Microsoft Azure Foundations 1.3.1 Benchmark", - "version": "1.13.0", + "version": "1.13.1", "author": "AutoCloud", "license": "MPL-2.0", "main": "dist/index.js", @@ -58,7 +58,7 @@ "build": "yarn prepack", "clean": "rm -rf dist", "lint": "eslint", - "prepack": "yarn clean && tsc -b", + "prepack": "rm -rf dist && tsc -b", "publish": "yarn npm publish", "test": "NODE_ENV=test jest" } diff --git a/yarn.lock b/yarn.lock index 26aa591f..c0eb4e79 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5,15 +5,6 @@ __metadata: version: 6 cacheKey: 8 -"@ampproject/remapping@npm:^2.1.0": - version: 2.1.2 - resolution: "@ampproject/remapping@npm:2.1.2" - dependencies: - "@jridgewell/trace-mapping": ^0.3.0 - checksum: e023f92cdd9723f3042cde3b4d922adfeef0e198aa73486b0b6c034ad36af5f96e5c0cc72b335b30b2eb9852d907efc92af6bfcd3f4b4d286177ee32a189cf92 - languageName: node - linkType: hard - "@autocloud/eslint-config@npm:^0.1.0": version: 0.1.0 resolution: "@autocloud/eslint-config@npm:0.1.0" @@ -49,58 +40,58 @@ __metadata: languageName: node linkType: hard -"@babel/compat-data@npm:^7.17.7": - version: 7.17.7 - resolution: "@babel/compat-data@npm:7.17.7" - checksum: bf13476676884ce9afc199747ff82f3bcd6d42a9cfb01ce91bdb762b83ea11ec619b6ec532d1a80469ab14f191f33b5d4b9f8796fa8be3bc728d42b0c5e737e3 +"@babel/compat-data@npm:^7.16.4": + version: 7.16.4 + resolution: "@babel/compat-data@npm:7.16.4" + checksum: 4949ce54eafc4b38d5623696a872acaaced1a523605708d81c2c483253941917d90dae0de40fc01e152ae56075dadd89c23014da5a632b09c001a716fa689cae languageName: node linkType: hard "@babel/core@npm:^7.1.0, @babel/core@npm:^7.12.3, @babel/core@npm:^7.7.2, @babel/core@npm:^7.8.0": - version: 7.17.9 - resolution: "@babel/core@npm:7.17.9" + version: 7.16.7 + resolution: "@babel/core@npm:7.16.7" dependencies: - "@ampproject/remapping": ^2.1.0 "@babel/code-frame": ^7.16.7 - "@babel/generator": ^7.17.9 - "@babel/helper-compilation-targets": ^7.17.7 - "@babel/helper-module-transforms": ^7.17.7 - "@babel/helpers": ^7.17.9 - "@babel/parser": ^7.17.9 + "@babel/generator": ^7.16.7 + "@babel/helper-compilation-targets": ^7.16.7 + "@babel/helper-module-transforms": ^7.16.7 + "@babel/helpers": ^7.16.7 + "@babel/parser": ^7.16.7 "@babel/template": ^7.16.7 - "@babel/traverse": ^7.17.9 - "@babel/types": ^7.17.0 + "@babel/traverse": ^7.16.7 + "@babel/types": ^7.16.7 convert-source-map: ^1.7.0 debug: ^4.1.0 gensync: ^1.0.0-beta.2 - json5: ^2.2.1 + json5: ^2.1.2 semver: ^6.3.0 - checksum: 2d301e4561a170bb584a735ec412de8fdc40b2052e12380d4a5e36781be5af1fd2a60552e7f0764b0a491a242f20105265bd2a10ff57b30c2842684f02dbb5a2 + source-map: ^0.5.0 + checksum: 3206e077e76db189726c4da19a5296eae11c6c1f5abea7013e74f18708bb91616914717ff8d8ca466cc0ba9d2d2147e9a84c3c357b9ad4cba601da14107838ed languageName: node linkType: hard -"@babel/generator@npm:^7.17.9, @babel/generator@npm:^7.7.2": - version: 7.17.9 - resolution: "@babel/generator@npm:7.17.9" +"@babel/generator@npm:^7.16.7, @babel/generator@npm:^7.7.2": + version: 7.16.7 + resolution: "@babel/generator@npm:7.16.7" dependencies: - "@babel/types": ^7.17.0 + "@babel/types": ^7.16.7 jsesc: ^2.5.1 source-map: ^0.5.0 - checksum: afbdd4afbf731ba0a17e7e2d9a2291e6461259af887f88f1178f63514a86e9c18cec462ae8f9cd6df9ba15a18296f47b0e151202bb4f834f7338ac0c07ec8dc8 + checksum: 20c6a7c5e372a66ec2900c074b2ec3634d3f615cafccbb416770f4b419251c6dc27a0a137b71407e218463fe059a3a6a5afb734f35089d94bdb66e01fe8a9e6f languageName: node linkType: hard -"@babel/helper-compilation-targets@npm:^7.17.7": - version: 7.17.7 - resolution: "@babel/helper-compilation-targets@npm:7.17.7" +"@babel/helper-compilation-targets@npm:^7.16.7": + version: 7.16.7 + resolution: "@babel/helper-compilation-targets@npm:7.16.7" dependencies: - "@babel/compat-data": ^7.17.7 + "@babel/compat-data": ^7.16.4 "@babel/helper-validator-option": ^7.16.7 browserslist: ^4.17.5 semver: ^6.3.0 peerDependencies: "@babel/core": ^7.0.0 - checksum: 24bf851539d5ec8e73779304b5d1ad5b0be09a74459ecc7d9baee9a0fa38ad016e9eaf4b5704504ae8da32f91ce0e31857bbbd9686854caeffd38f58226d3760 + checksum: 7238aaee78c011a42fb5ca92e5eff098752f7b314c2111d7bb9cdd58792fcab1b9c819b59f6a0851dc210dc09dc06b30d130a23982753e70eb3111bc65204842 languageName: node linkType: hard @@ -113,13 +104,23 @@ __metadata: languageName: node linkType: hard -"@babel/helper-function-name@npm:^7.17.9": - version: 7.17.9 - resolution: "@babel/helper-function-name@npm:7.17.9" +"@babel/helper-function-name@npm:^7.16.7": + version: 7.16.7 + resolution: "@babel/helper-function-name@npm:7.16.7" dependencies: + "@babel/helper-get-function-arity": ^7.16.7 "@babel/template": ^7.16.7 - "@babel/types": ^7.17.0 - checksum: a59b2e5af56d8f43b9b0019939a43774754beb7cb01a211809ca8031c71890999d07739e955343135ec566c4d8ff725435f1f60fb0af3bb546837c1f9f84f496 + "@babel/types": ^7.16.7 + checksum: fc77cbe7b10cfa2a262d7a37dca575c037f20419dfe0c5d9317f589599ca24beb5f5c1057748011159149eaec47fe32338c6c6412376fcded68200df470161e1 + languageName: node + linkType: hard + +"@babel/helper-get-function-arity@npm:^7.16.7": + version: 7.16.7 + resolution: "@babel/helper-get-function-arity@npm:7.16.7" + dependencies: + "@babel/types": ^7.16.7 + checksum: 25d969fb207ff2ad5f57a90d118f6c42d56a0171022e200aaa919ba7dc95ae7f92ec71cdea6c63ef3629a0dc962ab4c78e09ca2b437185ab44539193f796e0c3 languageName: node linkType: hard @@ -141,19 +142,19 @@ __metadata: languageName: node linkType: hard -"@babel/helper-module-transforms@npm:^7.17.7": - version: 7.17.7 - resolution: "@babel/helper-module-transforms@npm:7.17.7" +"@babel/helper-module-transforms@npm:^7.16.7": + version: 7.16.7 + resolution: "@babel/helper-module-transforms@npm:7.16.7" dependencies: "@babel/helper-environment-visitor": ^7.16.7 "@babel/helper-module-imports": ^7.16.7 - "@babel/helper-simple-access": ^7.17.7 + "@babel/helper-simple-access": ^7.16.7 "@babel/helper-split-export-declaration": ^7.16.7 "@babel/helper-validator-identifier": ^7.16.7 "@babel/template": ^7.16.7 - "@babel/traverse": ^7.17.3 - "@babel/types": ^7.17.0 - checksum: 0b8f023aa7ff82dc4864349d54c4557865ad8ba54d78f6d78a86b05ca40f65c2d60acb4a54c5c309e7a4356beb9a89b876e54af4b3c4801ad25f62ec3721f0ae + "@babel/traverse": ^7.16.7 + "@babel/types": ^7.16.7 + checksum: 6e930ce776c979f299cdbeaf80187f4ab086d75287b96ecc1c6896d392fcb561065f0d6219fc06fa79b4ceb4bbdc1a9847da8099aba9b077d0a9e583500fb673 languageName: node linkType: hard @@ -164,12 +165,12 @@ __metadata: languageName: node linkType: hard -"@babel/helper-simple-access@npm:^7.17.7": - version: 7.17.7 - resolution: "@babel/helper-simple-access@npm:7.17.7" +"@babel/helper-simple-access@npm:^7.16.7": + version: 7.16.7 + resolution: "@babel/helper-simple-access@npm:7.16.7" dependencies: - "@babel/types": ^7.17.0 - checksum: 58a9bfd054720024f6ff47fbb113c96061dc2bd31a5e5285756bd3c2e83918c6926900e00150d0fb175d899494fe7d69bf2a8b278c32ef6f6bea8d032e6a3831 + "@babel/types": ^7.16.7 + checksum: 8d22c46c5ec2ead0686c4d5a3d1d12b5190c59be676bfe0d9d89df62b437b51d1a3df2ccfb8a77dded2e585176ebf12986accb6d45a18cff229eef3b10344f4b languageName: node linkType: hard @@ -196,34 +197,34 @@ __metadata: languageName: node linkType: hard -"@babel/helpers@npm:^7.17.9": - version: 7.17.9 - resolution: "@babel/helpers@npm:7.17.9" +"@babel/helpers@npm:^7.16.7": + version: 7.16.7 + resolution: "@babel/helpers@npm:7.16.7" dependencies: "@babel/template": ^7.16.7 - "@babel/traverse": ^7.17.9 - "@babel/types": ^7.17.0 - checksum: 3c6db861e4c82fff2de3efb4ad12e32658c50c29920597cd0979390659b202e5849acd9542e0e2453167a52ccc30156ee4455d64d0e330f020d991d7551566f8 + "@babel/traverse": ^7.16.7 + "@babel/types": ^7.16.7 + checksum: 75504c76b66a29b91f954fcc0867dfe275a4cfba5b44df6d64405df74ea72f967fccfa63d62c31c423c5502d113290000c581e0e4858a214f0303d7ecf55c29f languageName: node linkType: hard "@babel/highlight@npm:^7.10.4, @babel/highlight@npm:^7.16.7": - version: 7.17.9 - resolution: "@babel/highlight@npm:7.17.9" + version: 7.16.7 + resolution: "@babel/highlight@npm:7.16.7" dependencies: "@babel/helper-validator-identifier": ^7.16.7 chalk: ^2.0.0 js-tokens: ^4.0.0 - checksum: 7bdf10228f2e4d18f48f114411ed584380d356e7c168d7582c14abd8df9909b2fc09e0a7cd334f47c3eb0bc17e639e0c8d9688c6afd5d09a2bdbf0ac193b11fd + checksum: f7e04e7e03b83c2cca984f4d3e180c9b018784f45d03367e94daf983861229ddc47264045f3b58dfeb0007f9c67bc2a76c4de1693bad90e5394876ef55ece5bb languageName: node linkType: hard -"@babel/parser@npm:^7.1.0, @babel/parser@npm:^7.14.7, @babel/parser@npm:^7.16.7, @babel/parser@npm:^7.17.9": - version: 7.17.9 - resolution: "@babel/parser@npm:7.17.9" +"@babel/parser@npm:^7.1.0, @babel/parser@npm:^7.14.7, @babel/parser@npm:^7.16.7": + version: 7.16.7 + resolution: "@babel/parser@npm:7.16.7" bin: parser: ./bin/babel-parser.js - checksum: ea59c985ebfae7c0299c8ea63ed34903202f51665db8d59c55b4366e20270b74d7367a2c211fdd2db20f25750df89adcc85ab6c8692061c6459a88efb79f43e6 + checksum: e664ff1edda164ab3f3c97fc1dd1a8930b0fba9981cbf873d3f25a22d16d50e2efcfaf81daeefa978bff2c4f268d34832f6817c8bc4e03594c3f43beba92fb68 languageName: node linkType: hard @@ -371,11 +372,11 @@ __metadata: linkType: hard "@babel/runtime@npm:^7.5.5": - version: 7.17.9 - resolution: "@babel/runtime@npm:7.17.9" + version: 7.16.7 + resolution: "@babel/runtime@npm:7.16.7" dependencies: regenerator-runtime: ^0.13.4 - checksum: 4d56bdb82890f386d5a57c40ef985a0ed7f0a78f789377a2d0c3e8826819e0f7f16ba0fe906d9b2241c5f7ca56630ef0653f5bb99f03771f7b87ff8af4bf5fe3 + checksum: 47912f0aaacd1cab2e2552aaf3e6eaffbcaf2d5ac9b07a89a12ac0d42029cb92c070b0d16f825e4277c4a34677c54d8ffe85e1f7c6feb57de58f700eec67ce2f languageName: node linkType: hard @@ -390,21 +391,21 @@ __metadata: languageName: node linkType: hard -"@babel/traverse@npm:^7.17.3, @babel/traverse@npm:^7.17.9, @babel/traverse@npm:^7.7.2": - version: 7.17.9 - resolution: "@babel/traverse@npm:7.17.9" +"@babel/traverse@npm:^7.16.7, @babel/traverse@npm:^7.7.2": + version: 7.16.7 + resolution: "@babel/traverse@npm:7.16.7" dependencies: "@babel/code-frame": ^7.16.7 - "@babel/generator": ^7.17.9 + "@babel/generator": ^7.16.7 "@babel/helper-environment-visitor": ^7.16.7 - "@babel/helper-function-name": ^7.17.9 + "@babel/helper-function-name": ^7.16.7 "@babel/helper-hoist-variables": ^7.16.7 "@babel/helper-split-export-declaration": ^7.16.7 - "@babel/parser": ^7.17.9 - "@babel/types": ^7.17.0 + "@babel/parser": ^7.16.7 + "@babel/types": ^7.16.7 debug: ^4.1.0 globals: ^11.1.0 - checksum: d907c71d1617589cc0cddc9837cb27bcb9b8f2117c379e13e72653745abe01da24e8c072bd0c91b9db33323ddb1086722756fbc50b487b2608733baf9dd6fd2c + checksum: 65261f7a5bf257c10a9415b6c227fb555ace359ad786645d9cf22f0e3fc8dc8e38895269f3b93cc39eccd8ed992e7bacc358b4cb7d3496fe54f91cda49220834 languageName: node linkType: hard @@ -436,9 +437,9 @@ __metadata: linkType: hard "@changesets/types@npm:^4.0.1": - version: 4.1.0 - resolution: "@changesets/types@npm:4.1.0" - checksum: 72c1f58044178ca867dd9349ecc4b7c233ce3781bb03b5b72a70c3166fbbab54a2f2cb19a81f96b4649ba004442c8734569fba238be4dd737fb4624a135c6098 + version: 4.0.2 + resolution: "@changesets/types@npm:4.0.2" + checksum: 098ed02b44ac70dbe341ca3560acdd0ae46c54edb8a1134f743d5fa56bf983b5f4ea085b8c5187314c23ac51e51e1ca6c735aaaa3ee17d79f0395b23baf042a0 languageName: node linkType: hard @@ -496,6 +497,33 @@ __metadata: languageName: unknown linkType: soft +"@cloudgraph/policy-pack-aws-cis-1.4.0@workspace:src/aws/cis-1.4.0": + version: 0.0.0-use.local + resolution: "@cloudgraph/policy-pack-aws-cis-1.4.0@workspace:src/aws/cis-1.4.0" + dependencies: + "@autocloud/eslint-config": ^0.1.0 + "@cloudgraph/sdk": ^0.18.1 + "@types/jest": ^27.0.3 + "@types/node": ^15.12.4 + "@types/pino": ^6.3.11 + "@typescript-eslint/eslint-plugin": ^4.28.5 + "@typescript-eslint/parser": ^4.28.5 + cpx: ^1.5.0 + cuid: ^2.1.8 + eslint: ^7.25.0 + eslint-config-airbnb-base: 14.2.1 + eslint-config-prettier: ^6.11.0 + eslint-plugin-import: ^2.22.1 + eslint-plugin-prettier: ^3.4.0 + jest: ^27.0.6 + prettier: ^2.4.1 + shx: ^0.3.3 + ts-jest: ^27.0.4 + tslib: ^1 + typescript: ^4.3.5 + languageName: unknown + linkType: soft + "@cloudgraph/policy-pack-aws-nist-800-53-rev4@workspace:src/aws/nist-800-53-rev4": version: 0.0.0-use.local resolution: "@cloudgraph/policy-pack-aws-nist-800-53-rev4@workspace:src/aws/nist-800-53-rev4" @@ -605,8 +633,8 @@ __metadata: linkType: soft "@cloudgraph/sdk@npm:^0.14.0": - version: 0.14.3 - resolution: "@cloudgraph/sdk@npm:0.14.3::__archiveUrl=https%3A%2F%2Fregistry.npmjs.org%2F%40cloudgraph%2Fsdk%2F-%2Fsdk-0.14.3.tgz" + version: 0.14.0 + resolution: "@cloudgraph/sdk@npm:0.14.0::__archiveUrl=https%3A%2F%2Fregistry.npmjs.org%2F%40cloudgraph%2Fsdk%2F-%2Fsdk-0.14.0.tgz" dependencies: "@graphql-tools/load-files": ^6.5.3 "@graphql-tools/merge": ^8.2.1 @@ -618,7 +646,7 @@ __metadata: lodash: ^4.17.21 node-jq: ^2.1.0 ora: ^5.4.1 - checksum: 2fad60e44410b82b2b2cd6b4de75bcb469819a0bd74774f5a521c5609f2318d7e408120b7ae4ff99e6208d452d30fb9b7bfdfd6b56abd48c87d2e58e581e5cc0 + checksum: d46f8e7542273edcf3514f6707e13e3082e26bb4255c4de7606427a1f70030974022f4632a27df7a49f33d6d3490d6d60e09b63db34cf4f824d0bcdc1359b787 languageName: node linkType: hard @@ -658,13 +686,6 @@ __metadata: languageName: node linkType: hard -"@colors/colors@npm:1.5.0": - version: 1.5.0 - resolution: "@colors/colors@npm:1.5.0" - checksum: d64d5260bed1d5012ae3fc617d38d1afc0329fec05342f4e6b838f46998855ba56e0a73833f4a80fa8378c84810da254f76a8a19c39d038260dc06dc4e007425 - languageName: node - linkType: hard - "@eslint/eslintrc@npm:^0.4.3": version: 0.4.3 resolution: "@eslint/eslintrc@npm:0.4.3" @@ -703,25 +724,25 @@ __metadata: linkType: hard "@graphql-tools/merge@npm:^8.2.1": - version: 8.2.10 - resolution: "@graphql-tools/merge@npm:8.2.10" + version: 8.2.1 + resolution: "@graphql-tools/merge@npm:8.2.1" dependencies: - "@graphql-tools/utils": 8.6.9 + "@graphql-tools/utils": ^8.5.1 tslib: ~2.3.0 peerDependencies: graphql: ^14.0.0 || ^15.0.0 || ^16.0.0 - checksum: 7059d9f68cfb9b7c04d6024f528e5638fab165e681b3307877a6bad0fc461686595d19375350875bb5f4f7572b21d10272a1e4b08a8af5b6a67950a4a950012b + checksum: b2c126fc697ad1cf0fb2c09d3766d791ba6243a318edfa24932b558628244f822b9454bd47cd98f5a7eee90caca264573695c582e10730b7a67785fea21c346c languageName: node linkType: hard -"@graphql-tools/utils@npm:8.6.9": - version: 8.6.9 - resolution: "@graphql-tools/utils@npm:8.6.9" +"@graphql-tools/utils@npm:^8.5.1": + version: 8.6.0 + resolution: "@graphql-tools/utils@npm:8.6.0" dependencies: tslib: ~2.3.0 peerDependencies: graphql: ^14.0.0 || ^15.0.0 || ^16.0.0 - checksum: 73b9569a9c2409f86a6a9005f19026cfab6d136bf884dfbff436996a47fb0561ae24d3f6bb2abcfd600197aab85d6dfc177b9a0cbaba23905ba0c7591ef12110 + checksum: ef6fef40d4568606059f77dc8839f18c75a4330096ec89a21f0965bd58c749d80087830551c618fd040fdbcdcb9be35c949b2d96c495a1f1dbfba943b124bc3b languageName: node linkType: hard @@ -786,48 +807,48 @@ __metadata: languageName: node linkType: hard -"@jest/console@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/console@npm:27.5.1" +"@jest/console@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/console@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 "@types/node": "*" chalk: ^4.0.0 - jest-message-util: ^27.5.1 - jest-util: ^27.5.1 + jest-message-util: ^27.4.6 + jest-util: ^27.4.2 slash: ^3.0.0 - checksum: 7cb20f06a34b09734c0342685ec53aa4c401fe3757c13a9c58fce76b971a322eb884f6de1068ef96f746e5398e067371b89515a07c268d4440a867c87748a706 + checksum: 603408498d2fd7fa6cfb85cc18a5823747c824be2f88be526ed4db83df65db7a9d3a93056eeaddd32ea1517d581b94862e532ccde081e0ecf9d82ac743ec6ac2 languageName: node linkType: hard -"@jest/core@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/core@npm:27.5.1" +"@jest/core@npm:^27.4.7": + version: 27.4.7 + resolution: "@jest/core@npm:27.4.7" dependencies: - "@jest/console": ^27.5.1 - "@jest/reporters": ^27.5.1 - "@jest/test-result": ^27.5.1 - "@jest/transform": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/console": ^27.4.6 + "@jest/reporters": ^27.4.6 + "@jest/test-result": ^27.4.6 + "@jest/transform": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" ansi-escapes: ^4.2.1 chalk: ^4.0.0 emittery: ^0.8.1 exit: ^0.1.2 - graceful-fs: ^4.2.9 - jest-changed-files: ^27.5.1 - jest-config: ^27.5.1 - jest-haste-map: ^27.5.1 - jest-message-util: ^27.5.1 - jest-regex-util: ^27.5.1 - jest-resolve: ^27.5.1 - jest-resolve-dependencies: ^27.5.1 - jest-runner: ^27.5.1 - jest-runtime: ^27.5.1 - jest-snapshot: ^27.5.1 - jest-util: ^27.5.1 - jest-validate: ^27.5.1 - jest-watcher: ^27.5.1 + graceful-fs: ^4.2.4 + jest-changed-files: ^27.4.2 + jest-config: ^27.4.7 + jest-haste-map: ^27.4.6 + jest-message-util: ^27.4.6 + jest-regex-util: ^27.4.0 + jest-resolve: ^27.4.6 + jest-resolve-dependencies: ^27.4.6 + jest-runner: ^27.4.6 + jest-runtime: ^27.4.6 + jest-snapshot: ^27.4.6 + jest-util: ^27.4.2 + jest-validate: ^27.4.6 + jest-watcher: ^27.4.6 micromatch: ^4.0.4 rimraf: ^3.0.0 slash: ^3.0.0 @@ -837,71 +858,71 @@ __metadata: peerDependenciesMeta: node-notifier: optional: true - checksum: 904a94ad8f1b43cd6b48de3b0226659bff3696150ff8cf7680fc2faffdc8a115203bb9ab6e817c1f79f9d6a81f67953053cbc64d8a4604f2e0c42a04c28cf126 + checksum: 24ed123ef1819fa8c6069706760efac9904ee8824b22c346259be2017d820b5e578a4d444339448a576a0158e6fec91d18fdedb201bc97d7390b105d665f3642 languageName: node linkType: hard -"@jest/environment@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/environment@npm:27.5.1" +"@jest/environment@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/environment@npm:27.4.6" dependencies: - "@jest/fake-timers": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/fake-timers": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" - jest-mock: ^27.5.1 - checksum: 2a9e18c35a015508dbec5b90b21c150230fa6c1c8cb8fabe029d46ee2ca4c40eb832fb636157da14c66590d0a4c8a2c053226b041f54a44507d6f6a89abefd66 + jest-mock: ^27.4.6 + checksum: c3aadcf6d42e55e35d8020f7cf5054c445775608e466fcfc37348359e54f2f79e0e39d029281836ae9082dc50eac81d1cf6b4fc3899adfb58afc68a7c72f8e3d languageName: node linkType: hard -"@jest/fake-timers@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/fake-timers@npm:27.5.1" +"@jest/fake-timers@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/fake-timers@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 "@sinonjs/fake-timers": ^8.0.1 "@types/node": "*" - jest-message-util: ^27.5.1 - jest-mock: ^27.5.1 - jest-util: ^27.5.1 - checksum: 02a0561ed2f4586093facd4ae500b74694f187ac24d4a00e949a39a1c5325bca8932b4fcb0388a2c5ed0656506fc1cf51fd3e32cdd48cea7497ad9c6e028aba8 + jest-message-util: ^27.4.6 + jest-mock: ^27.4.6 + jest-util: ^27.4.2 + checksum: 389f655d39f13fdd0448b554260cd41810cf824b99e9de057600869a708d34cfa74e7fdaba5fcd6e3295e7bfed08f1b3fc0735ca86f7c0b2281b25e534032876 languageName: node linkType: hard -"@jest/globals@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/globals@npm:27.5.1" +"@jest/globals@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/globals@npm:27.4.6" dependencies: - "@jest/environment": ^27.5.1 - "@jest/types": ^27.5.1 - expect: ^27.5.1 - checksum: 087f97047e9dcf555f76fe2ce54aee681e005eaa837a0c0c2d251df6b6412c892c9df54cb871b180342114389a5ff895a4e52e6e6d3d0015bf83c02a54f64c3c + "@jest/environment": ^27.4.6 + "@jest/types": ^27.4.2 + expect: ^27.4.6 + checksum: a438645771f45557b3af6e371e65c88e109d7433d3d4ee5db908177f29be6d6d12b4cfe9279ae6475bc033b5ff2a97235659a75f2718855041dd3ed805ed2edd languageName: node linkType: hard -"@jest/reporters@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/reporters@npm:27.5.1" +"@jest/reporters@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/reporters@npm:27.4.6" dependencies: "@bcoe/v8-coverage": ^0.2.3 - "@jest/console": ^27.5.1 - "@jest/test-result": ^27.5.1 - "@jest/transform": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/console": ^27.4.6 + "@jest/test-result": ^27.4.6 + "@jest/transform": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" chalk: ^4.0.0 collect-v8-coverage: ^1.0.0 exit: ^0.1.2 glob: ^7.1.2 - graceful-fs: ^4.2.9 + graceful-fs: ^4.2.4 istanbul-lib-coverage: ^3.0.0 istanbul-lib-instrument: ^5.1.0 istanbul-lib-report: ^3.0.0 istanbul-lib-source-maps: ^4.0.0 istanbul-reports: ^3.1.3 - jest-haste-map: ^27.5.1 - jest-resolve: ^27.5.1 - jest-util: ^27.5.1 - jest-worker: ^27.5.1 + jest-haste-map: ^27.4.6 + jest-resolve: ^27.4.6 + jest-util: ^27.4.2 + jest-worker: ^27.4.6 slash: ^3.0.0 source-map: ^0.6.0 string-length: ^4.0.1 @@ -912,102 +933,78 @@ __metadata: peerDependenciesMeta: node-notifier: optional: true - checksum: faba5eafb86e62b62e152cafc8812d56308f9d1e8b77f3a7dcae4a8803a20a60a0909cc43ed73363ef649bf558e4fb181c7a336d144c89f7998279d1882bb69e + checksum: 4c14b2cf6c9b624977f9ad519e9ce2f5ead4a3c9a3fa0b9c68097b7bc78b598ceb5402566417d81e16489dbd6bb6e97e58f04c22099013897dd6010c0549b169 languageName: node linkType: hard -"@jest/source-map@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/source-map@npm:27.5.1" +"@jest/source-map@npm:^27.4.0": + version: 27.4.0 + resolution: "@jest/source-map@npm:27.4.0" dependencies: callsites: ^3.0.0 - graceful-fs: ^4.2.9 + graceful-fs: ^4.2.4 source-map: ^0.6.0 - checksum: 4fb1e743b602841babf7e22bd84eca34676cb05d4eb3b604cae57fc59e406099f5ac759ac1a0d04d901237d143f0f4f234417306e823bde732a1d19982230862 + checksum: cf87ac3dd1c2d210b0637060710d64417bcd88d670cbb26af7367ded99fd7d64d431c1718054351f0236c14659bc17a8deff6ee3d9f52902299911231bbaf0c8 languageName: node linkType: hard -"@jest/test-result@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/test-result@npm:27.5.1" +"@jest/test-result@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/test-result@npm:27.4.6" dependencies: - "@jest/console": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/console": ^27.4.6 + "@jest/types": ^27.4.2 "@types/istanbul-lib-coverage": ^2.0.0 collect-v8-coverage: ^1.0.0 - checksum: 338f7c509d6a3bc6d7dd7388c8f6f548b87638e171dc1fddfedcacb4e8950583288832223ba688058cbcf874b937d22bdc0fa88f79f5fc666f77957e465c06a5 + checksum: ddfc5783f2025ba979df395ddead7f76aac91df9a8a4ab15d5b1210a58e523932bb9ea9e1e97229c09cab81fdb2611292fdc8e56e2c5b44ed452ac11db7f79f0 languageName: node linkType: hard -"@jest/test-sequencer@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/test-sequencer@npm:27.5.1" +"@jest/test-sequencer@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/test-sequencer@npm:27.4.6" dependencies: - "@jest/test-result": ^27.5.1 - graceful-fs: ^4.2.9 - jest-haste-map: ^27.5.1 - jest-runtime: ^27.5.1 - checksum: f21f9c8bb746847f7f89accfd29d6046eec1446f0b54e4694444feaa4df379791f76ef0f5a4360aafcbc73b50bc979f68b8a7620de404019d3de166be6720cb0 + "@jest/test-result": ^27.4.6 + graceful-fs: ^4.2.4 + jest-haste-map: ^27.4.6 + jest-runtime: ^27.4.6 + checksum: 8d761fd81f5cf4845a09844a8a16717fc148137f364916165ce5e1ebfc5dfd89160d4b98e7e947c97f8707500050863606d0becb8c388997efcc31cafa6f5e31 languageName: node linkType: hard -"@jest/transform@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/transform@npm:27.5.1" +"@jest/transform@npm:^27.4.6": + version: 27.4.6 + resolution: "@jest/transform@npm:27.4.6" dependencies: "@babel/core": ^7.1.0 - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 babel-plugin-istanbul: ^6.1.1 chalk: ^4.0.0 convert-source-map: ^1.4.0 fast-json-stable-stringify: ^2.0.0 - graceful-fs: ^4.2.9 - jest-haste-map: ^27.5.1 - jest-regex-util: ^27.5.1 - jest-util: ^27.5.1 + graceful-fs: ^4.2.4 + jest-haste-map: ^27.4.6 + jest-regex-util: ^27.4.0 + jest-util: ^27.4.2 micromatch: ^4.0.4 pirates: ^4.0.4 slash: ^3.0.0 source-map: ^0.6.1 write-file-atomic: ^3.0.0 - checksum: a22079121aedea0f20a03a9c026be971f7b92adbfb4d5fd1fb67be315741deac4f056936d7c72a53b24aa5a1071bc942c003925fd453bf3f6a0ae5da6384e137 + checksum: b2500fc5a7e7cad34547acdb8930797f021cda6b811ed0626564999bfd9ca856f52cc3a9b2ced5d037f3bd06a49b8b30cb7c10259318dc67bd11a564854d2ca6 languageName: node linkType: hard -"@jest/types@npm:^27.5.1": - version: 27.5.1 - resolution: "@jest/types@npm:27.5.1" +"@jest/types@npm:^27.4.2": + version: 27.4.2 + resolution: "@jest/types@npm:27.4.2" dependencies: "@types/istanbul-lib-coverage": ^2.0.0 "@types/istanbul-reports": ^3.0.0 "@types/node": "*" "@types/yargs": ^16.0.0 chalk: ^4.0.0 - checksum: d1f43cc946d87543ddd79d49547aab2399481d34025d5c5f2025d3d99c573e1d9832fa83cef25e9d9b07a8583500229d15bbb07b8e233d127d911d133e2f14b1 - languageName: node - linkType: hard - -"@jridgewell/resolve-uri@npm:^3.0.3": - version: 3.0.6 - resolution: "@jridgewell/resolve-uri@npm:3.0.6" - checksum: e57cc08d2aaea6bd55e77e7a124beb2fcca87be28c0db6c2d69b7cb2cb4e14109bbef1d57ae6250bf5f4a4ad950f094ed99c8925adaf82336b66dab0ad6906e6 - languageName: node - linkType: hard - -"@jridgewell/sourcemap-codec@npm:^1.4.10": - version: 1.4.11 - resolution: "@jridgewell/sourcemap-codec@npm:1.4.11" - checksum: 3b2afaf8400fb07a36db60e901fcce6a746cdec587310ee9035939d89878e57b2dec8173b0b8f63176f647efa352294049a53c49739098eb907ff81fec2547c8 - languageName: node - linkType: hard - -"@jridgewell/trace-mapping@npm:^0.3.0": - version: 0.3.9 - resolution: "@jridgewell/trace-mapping@npm:0.3.9" - dependencies: - "@jridgewell/resolve-uri": ^3.0.3 - "@jridgewell/sourcemap-codec": ^1.4.10 - checksum: d89597752fd88d3f3480845691a05a44bd21faac18e2185b6f436c3b0fd0c5a859fbbd9aaa92050c4052caf325ad3e10e2e1d1b64327517471b7d51babc0ddef + checksum: 1191022023e32763063cc1c8b1143fa316fb05db2f9698280a7bdbafcabd989e5fd64f8eb875b8a2e54c53f25dba45ed2eea8ced394d9e484da0fda674cd17a5 languageName: node linkType: hard @@ -1227,12 +1224,12 @@ __metadata: languageName: node linkType: hard -"@npmcli/package-json@npm:^2.0.0": - version: 2.0.0 - resolution: "@npmcli/package-json@npm:2.0.0" +"@npmcli/package-json@npm:^1.0.1": + version: 1.0.1 + resolution: "@npmcli/package-json@npm:1.0.1" dependencies: json-parse-even-better-errors: ^2.3.1 - checksum: 7a598e42d2778654ec87438ebfafbcbafbe5a5f5e89ed2ca1db6ca3f94ef14655e304aa41f77632a2a3f5c66b6bd5960bd9370e0ceb4902ea09346720364f9e4 + checksum: 08b66c8ddb1d6b678975a83006d2fe5070b3013bcb68ea9d54c0142538a614596ddfd1143183fbb8f82c5cecf477d98f3c4e473ef34df3bbf3814e97e37e18d3 languageName: node linkType: hard @@ -1276,17 +1273,17 @@ __metadata: linkType: hard "@octokit/core@npm:^3.5.1": - version: 3.6.0 - resolution: "@octokit/core@npm:3.6.0" + version: 3.5.1 + resolution: "@octokit/core@npm:3.5.1" dependencies: "@octokit/auth-token": ^2.4.4 "@octokit/graphql": ^4.5.8 - "@octokit/request": ^5.6.3 + "@octokit/request": ^5.6.0 "@octokit/request-error": ^2.0.5 "@octokit/types": ^6.0.3 before-after-hook: ^2.2.0 universal-user-agent: ^6.0.0 - checksum: f81160129037bd8555d47db60cd5381637b7e3602ad70735a7bdf8f3d250c7b7114a666bb12ef7a8746a326a5d72ed30a1b8f8a5a170007f7285c8e217bef1f0 + checksum: 67179739fc9712b201f2400f132287a2c56a18506e00900bc9d2a3f742b74f1ba69ad998e42f28f3964c0bd1d5478232c1ec7b485c97702b821fbe22b76afa90 languageName: node linkType: hard @@ -1362,17 +1359,17 @@ __metadata: languageName: node linkType: hard -"@octokit/request@npm:^5.6.0, @octokit/request@npm:^5.6.3": - version: 5.6.3 - resolution: "@octokit/request@npm:5.6.3" +"@octokit/request@npm:^5.6.0": + version: 5.6.2 + resolution: "@octokit/request@npm:5.6.2" dependencies: "@octokit/endpoint": ^6.0.1 "@octokit/request-error": ^2.1.0 "@octokit/types": ^6.16.1 is-plain-object: ^5.0.0 - node-fetch: ^2.6.7 + node-fetch: ^2.6.1 universal-user-agent: ^6.0.0 - checksum: c0b4542eb4baaf880d673c758d3e0b5c4a625a4ae30abf40df5548b35f1ff540edaac74625192b1aff42a79ac661e774da4ab7d5505f1cb4ef81239b1e8510c5 + checksum: 51ef3ad244b3d89ffd6d997fa0ed3e13a7a93b4c868ce5c53b0fcc93a654965135528e62d0720ebfeb7dfd586448a4a45d08fd75ba2e170cfa19d37834e49f1f languageName: node linkType: hard @@ -1397,7 +1394,7 @@ __metadata: languageName: node linkType: hard -"@qiwi/multi-semantic-release@npm:^6.0.2": +"@qiwi/multi-semantic-release@npm:^6.1.1": version: 6.1.1 resolution: "@qiwi/multi-semantic-release@npm:6.1.1" dependencies: @@ -1516,30 +1513,7 @@ __metadata: languageName: node linkType: hard -"@semantic-release/gitlab@npm:^8.0.1": - version: 8.1.0 - resolution: "@semantic-release/gitlab@npm:8.1.0" - dependencies: - "@semantic-release/error": ^3.0.0 - aggregate-error: ^3.0.0 - debug: ^4.0.0 - dir-glob: ^3.0.0 - escape-string-regexp: ^3.0.0 - form-data: ^4.0.0 - fs-extra: ^10.0.0 - globby: ^11.0.0 - got: ^11.0.0 - hpagent: ^0.1.2 - lodash: ^4.17.11 - parse-path: ^4.0.0 - url-join: ^4.0.0 - peerDependencies: - semantic-release: ">=18.0.0" - checksum: 5d453f737b76a362e4ff44d03ff6cac9db93a96cbe97610dfe9bfc51858f27f9888b198bf752eb59f358b4e33ec335b0fe0e0c7e08b3e5748b5affcee74d6f3e - languageName: node - linkType: hard - -"@semantic-release/npm@npm:^9.0.0": +"@semantic-release/npm@npm:^9.0.0, @semantic-release/npm@npm:^9.0.1": version: 9.0.1 resolution: "@semantic-release/npm@npm:9.0.1" dependencies: @@ -1583,9 +1557,9 @@ __metadata: linkType: hard "@semrel-extra/npm@npm:^1.2.0": - version: 1.2.2 - resolution: "@semrel-extra/npm@npm:1.2.2" - checksum: 39fd8c6af5f70fffb2584a02c71d326d0b2a2e2caf4d779c1d6b23df40625baf15b8701b893844e9545cfa689b26ef161033cd822c9a7b6bf890b3dc34d5a7b7 + version: 1.2.0 + resolution: "@semrel-extra/npm@npm:1.2.0" + checksum: ce899b2976323833695c1adba88bcc0698042a6234e0ce0742a081db23bc444215d6703d949c975beb796dad9112762b0c65d289aa6f7e0a872301fda0a9d4dd languageName: node linkType: hard @@ -1602,11 +1576,11 @@ __metadata: linkType: hard "@sideway/address@npm:^4.1.3": - version: 4.1.4 - resolution: "@sideway/address@npm:4.1.4" + version: 4.1.3 + resolution: "@sideway/address@npm:4.1.3" dependencies: "@hapi/hoek": ^9.0.0 - checksum: b9fca2a93ac2c975ba12e0a6d97853832fb1f4fb02393015e012b47fa916a75ca95102d77214b2a29a2784740df2407951af8c5dde054824c65577fd293c4cdb + checksum: 3c1faf6ef37a0b59b62ce42b59c012c00ef1fc4194ad6776c65c2f9a6dd6c1710c6f6362b3ca3fa582fdb93984f0cb64ca44f9f5e02940634805f5e561279c22 languageName: node linkType: hard @@ -1664,15 +1638,15 @@ __metadata: linkType: hard "@types/babel__core@npm:^7.0.0, @types/babel__core@npm:^7.1.14": - version: 7.1.19 - resolution: "@types/babel__core@npm:7.1.19" + version: 7.1.18 + resolution: "@types/babel__core@npm:7.1.18" dependencies: "@babel/parser": ^7.1.0 "@babel/types": ^7.0.0 "@types/babel__generator": "*" "@types/babel__template": "*" "@types/babel__traverse": "*" - checksum: 8c9fa87a1c2224cbec251683a58bebb0d74c497118034166aaa0491a4e2627998a6621fc71f8a60ffd27d9c0c52097defedf7637adc6618d0331c15adb302338 + checksum: 2e5b5d7c84f347d3789575486e58b0df5c91613abc3d27e716274aba3048518e07e1f068250ba829e2ed58532ccc88da595ce95ba2688e7bbcd7c25a3c6627ed languageName: node linkType: hard @@ -1696,11 +1670,11 @@ __metadata: linkType: hard "@types/babel__traverse@npm:*, @types/babel__traverse@npm:^7.0.4, @types/babel__traverse@npm:^7.0.6": - version: 7.17.0 - resolution: "@types/babel__traverse@npm:7.17.0" + version: 7.14.2 + resolution: "@types/babel__traverse@npm:7.14.2" dependencies: "@babel/types": ^7.3.0 - checksum: b9a4acfc260179168d840c7f17e6b8b3ab4e7ebbce47b3308dd748683136518ab8636e2dcbf8d619fece0db7e561e08def9ede29269b7210a761763a26ece66a + checksum: a797ea09c72307569e3ee08aa3900ca744ce3091114084f2dc59b67a45ee7d01df7865252790dbfa787a7915ce892cdc820c9b920f3683292765fc656b08dc63 languageName: node linkType: hard @@ -1739,26 +1713,19 @@ __metadata: linkType: hard "@types/jest@npm:^27.0.3, @types/jest@npm:^27.4.0": - version: 27.4.1 - resolution: "@types/jest@npm:27.4.1" + version: 27.4.0 + resolution: "@types/jest@npm:27.4.0" dependencies: - jest-matcher-utils: ^27.0.0 + jest-diff: ^27.0.0 pretty-format: ^27.0.0 - checksum: 5184f3eef4832d01ee8f59bed15eec45ccc8e29c724a5e6ce37bf74396b37bdf04f557000f45ba4fc38ae6075cf9cfcce3d7a75abc981023c61ceb27230a93e4 - languageName: node - linkType: hard - -"@types/json-buffer@npm:~3.0.0": - version: 3.0.0 - resolution: "@types/json-buffer@npm:3.0.0" - checksum: 6b0a371dd603f0eec9d00874574bae195382570e832560dadf2193ee0d1062b8e0694bbae9798bc758632361c227b1e3b19e3bd914043b498640470a2da38b77 + checksum: d2350267f954f9a2e4a15e5f02fbf19a77abfb9fd9e57a954de1fb0e9a0d3d5f8d3646ac7d9c42aeb4b4d828d2e70624ec149c85bb50a48634a54eed8429e1f8 languageName: node linkType: hard "@types/json-schema@npm:^7.0.7": - version: 7.0.11 - resolution: "@types/json-schema@npm:7.0.11" - checksum: 527bddfe62db9012fccd7627794bd4c71beb77601861055d87e3ee464f2217c85fca7a4b56ae677478367bbd248dbde13553312b7d4dbc702a2f2bbf60c4018d + version: 7.0.9 + resolution: "@types/json-schema@npm:7.0.9" + checksum: 259d0e25f11a21ba5c708f7ea47196bd396e379fddb79c76f9f4f62c945879dc21657904914313ec2754e443c5018ea8372362f323f30e0792897fdb2098a705 languageName: node linkType: hard @@ -1785,17 +1752,24 @@ __metadata: languageName: node linkType: hard -"@types/node@npm:*, @types/node@npm:^12.7.1, @types/node@npm:^15.12.4": +"@types/node@npm:*, @types/node@npm:^12.7.1": version: 12.20.41 resolution: "@types/node@npm:12.20.41" checksum: ff90d10f9831e86abf1f17581a70a81e5b6c3be97ec0b02972e6c3201fd19a40f6b230d4346ef7aaf023f24fef07a2131aeb68773ef3b14c3a17da8fbe05e439 languageName: node linkType: hard +"@types/node@npm:^15.12.4": + version: 15.14.9 + resolution: "@types/node@npm:15.14.9" + checksum: 49f7f0522a3af4b8389aee660e88426490cd54b86356672a1fedb49919a8797c00d090ec2dcc4a5df34edc2099d57fc2203d796c4e7fbd382f2022ccd789eee7 + languageName: node + linkType: hard + "@types/node@npm:^17.0.8": - version: 17.0.27 - resolution: "@types/node@npm:17.0.27" - checksum: 6645ca813c24dcb9893729ed6f87a9e415d6df03cb3e1ececa3a03ca845d3324c3808b4dc79c08a4b3c7d1ccd515e6d7e004db9c9123c9333e963675238e39fc + version: 17.0.8 + resolution: "@types/node@npm:17.0.8" + checksum: f4cadeb9e602027520abc88c77142697e33cf6ac98bb02f8b595a398603cbd33df1f94d01c055c9f13cde0c8eaafc5e396ca72645458d42b4318b845bc7f1d0f languageName: node linkType: hard @@ -1814,12 +1788,12 @@ __metadata: linkType: hard "@types/pino-pretty@npm:*": - version: 4.7.5 - resolution: "@types/pino-pretty@npm:4.7.5" + version: 4.7.4 + resolution: "@types/pino-pretty@npm:4.7.4" dependencies: "@types/node": "*" "@types/pino": 6.3 - checksum: 80b3e80d1d9b52f015382bbd544206228d0c35eed1a0e1443245568eee01191b5fe916e7821de2922846f267e5d0693f4796562d3bcf24266156d1abc9e2e673 + checksum: 1fc6e73de3ffc23eacb69070212e4dd838dd3a353326072aaf68bf5a4418f919c535cc4719a0c51ec6832f298f1d8da9d97376c748166c61369b77ffde858aec languageName: node linkType: hard @@ -1845,9 +1819,9 @@ __metadata: linkType: hard "@types/prettier@npm:^2.1.5": - version: 2.6.0 - resolution: "@types/prettier@npm:2.6.0" - checksum: 946f1f82ce6f31664e023a5d65931c31b7d677b454f528f67dce851d72e7fcfe713076f4251b16c3646eecf1545f5f5b909b4962966341ed9ddf5b80113b3674 + version: 2.4.2 + resolution: "@types/prettier@npm:2.4.2" + checksum: 76e230b2d11028af11fe12e09b2d5b10b03738e9abf819ae6ebb0f78cac13d39f860755ce05ac3855b608222518d956628f5d00322dc206cc6d1f2d8d1519f1e languageName: node linkType: hard @@ -1882,9 +1856,9 @@ __metadata: linkType: hard "@types/yargs-parser@npm:*": - version: 21.0.0 - resolution: "@types/yargs-parser@npm:21.0.0" - checksum: b2f4c8d12ac18a567440379909127cf2cec393daffb73f246d0a25df36ea983b93b7e9e824251f959e9f928cbc7c1aab6728d0a0ff15d6145f66cec2be67d9a2 + version: 20.2.1 + resolution: "@types/yargs-parser@npm:20.2.1" + checksum: 1d039e64494a7a61ddd278349a3dc60b19f99ff0517425696e796f794e4252452b9d62178e69755ad03f439f9dc0c8c3d7b3a1201b3a24e134bac1a09fa11eaa languageName: node linkType: hard @@ -2010,9 +1984,9 @@ __metadata: linkType: hard "abab@npm:^2.0.3, abab@npm:^2.0.5": - version: 2.0.6 - resolution: "abab@npm:2.0.6" - checksum: 6ffc1af4ff315066c62600123990d87551ceb0aafa01e6539da77b0f5987ac7019466780bf480f1787576d4385e3690c81ccc37cfda12819bf510b8ab47e5a3e + version: 2.0.5 + resolution: "abab@npm:2.0.5" + checksum: 0ec951b46d5418c2c2f923021ec193eaebdb4e802ffd5506286781b454be722a13a8430f98085cd3e204918401d9130ec6cc8f5ae19be315b3a0e857d83196e1 languageName: node linkType: hard @@ -2059,11 +2033,11 @@ __metadata: linkType: hard "acorn@npm:^8.2.4": - version: 8.7.1 - resolution: "acorn@npm:8.7.1" + version: 8.7.0 + resolution: "acorn@npm:8.7.0" bin: acorn: bin/acorn - checksum: aca0aabf98826717920ac2583fdcad0a6fbe4e583fdb6e843af2594e907455aeafe30b1e14f1757cd83ce1776773cf8296ffc3a4acf13f0bd3dfebcf1db6ae80 + checksum: e0f79409d68923fbf1aa6d4166f3eedc47955320d25c89a20cc822e6ba7c48c5963d5bc657bc242d68f7a4ac9faf96eef033e8f73656da6c640d4219935fdfd0 languageName: node linkType: hard @@ -2110,14 +2084,14 @@ __metadata: linkType: hard "ajv@npm:^8.0.1": - version: 8.11.0 - resolution: "ajv@npm:8.11.0" + version: 8.8.2 + resolution: "ajv@npm:8.8.2" dependencies: fast-deep-equal: ^3.1.1 json-schema-traverse: ^1.0.0 require-from-string: ^2.0.2 uri-js: ^4.2.2 - checksum: 5e0ff226806763be73e93dd7805b634f6f5921e3e90ca04acdf8db81eed9d8d3f0d4c5f1213047f45ebbf8047ffe0c840fa1ef2ec42c3a644899f69aa72b5bef + checksum: 90849ef03c4f4f7051d15f655120137b89e3205537d683beebd39d95f40c0ca00ea8476cd999602d2f433863e7e4bf1b81d1869d1e07f4dcf56d71b6430a605c languageName: node linkType: hard @@ -2176,6 +2150,13 @@ __metadata: languageName: node linkType: hard +"ansistyles@npm:~0.1.3": + version: 0.1.3 + resolution: "ansistyles@npm:0.1.3" + checksum: 0072507f97e46cc3cb71439f1c0935ceec5c8bca812ebb5034b9f8f6a9ee7d65cdc150c375b8d56643fc8305a08542f6df3a1cd6c80e32eba0b27c4e72da4efd + languageName: node + linkType: hard + "anymatch@npm:^1.3.0": version: 1.3.2 resolution: "anymatch@npm:1.3.2" @@ -2317,14 +2298,13 @@ __metadata: linkType: hard "array.prototype.flat@npm:^1.2.5": - version: 1.3.0 - resolution: "array.prototype.flat@npm:1.3.0" + version: 1.2.5 + resolution: "array.prototype.flat@npm:1.2.5" dependencies: call-bind: ^1.0.2 define-properties: ^1.1.3 - es-abstract: ^1.19.2 - es-shim-unscopables: ^1.0.0 - checksum: 2a652b3e8dc0bebb6117e42a5ab5738af0203a14c27341d7bb2431467bdb4b348e2c5dc555dfcda8af0a5e4075c400b85311ded73861c87290a71a17c3e0a257 + es-abstract: ^1.19.0 + checksum: 9cc6414b111abfc7717e39546e4887b1e5ec74df8f1618d83425deaa95752bf05d475d1d241253b4d88d4a01f8e1bc84845ad5b7cc2047f8db2f614512acd40e languageName: node linkType: hard @@ -2393,21 +2373,21 @@ __metadata: languageName: node linkType: hard -"babel-jest@npm:^27.5.1": - version: 27.5.1 - resolution: "babel-jest@npm:27.5.1" +"babel-jest@npm:^27.4.6": + version: 27.4.6 + resolution: "babel-jest@npm:27.4.6" dependencies: - "@jest/transform": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/transform": ^27.4.6 + "@jest/types": ^27.4.2 "@types/babel__core": ^7.1.14 babel-plugin-istanbul: ^6.1.1 - babel-preset-jest: ^27.5.1 + babel-preset-jest: ^27.4.0 chalk: ^4.0.0 - graceful-fs: ^4.2.9 + graceful-fs: ^4.2.4 slash: ^3.0.0 peerDependencies: "@babel/core": ^7.8.0 - checksum: 4e93e6e9fb996cc5f1505e924eb8e8cc7b25c294ba9629762a2715390f48af6a4c14dbb84cd9730013ac0e03267a5a9aa2fb6318c544489cda7f50f4e506def4 + checksum: fc839d5e8788170e68c8cbde9466fdf1c4fc740a947ba0728e1933ade7ad6fe744c9276d86207f093b64e9cf72a1fdd756fbc44c21034282f01832338e7a8a80 languageName: node linkType: hard @@ -2424,15 +2404,15 @@ __metadata: languageName: node linkType: hard -"babel-plugin-jest-hoist@npm:^27.5.1": - version: 27.5.1 - resolution: "babel-plugin-jest-hoist@npm:27.5.1" +"babel-plugin-jest-hoist@npm:^27.4.0": + version: 27.4.0 + resolution: "babel-plugin-jest-hoist@npm:27.4.0" dependencies: "@babel/template": ^7.3.3 "@babel/types": ^7.3.3 "@types/babel__core": ^7.0.0 "@types/babel__traverse": ^7.0.6 - checksum: 709c17727aa8fd3be755d256fb514bf945a5c2ea6017f037d80280fc44ae5fe7dfeebf63d8412df53796455c2c216119d628d8cc90b099434fd819005943d058 + checksum: 48f216f286f2fb3b1d571b4ba4ccffdb0c11a2fb1117e4c355b26c8cef09603abd96a5c1f8442866830a7da5accdd9ae4805f3e977b606a596b4a259f2ff5a67 languageName: node linkType: hard @@ -2458,15 +2438,15 @@ __metadata: languageName: node linkType: hard -"babel-preset-jest@npm:^27.5.1": - version: 27.5.1 - resolution: "babel-preset-jest@npm:27.5.1" +"babel-preset-jest@npm:^27.4.0": + version: 27.4.0 + resolution: "babel-preset-jest@npm:27.4.0" dependencies: - babel-plugin-jest-hoist: ^27.5.1 + babel-plugin-jest-hoist: ^27.4.0 babel-preset-current-node-syntax: ^1.0.0 peerDependencies: "@babel/core": ^7.0.0 - checksum: 251bcea11c18fd9672fec104eadb45b43f117ceeb326fa7345ced778d4c1feab29343cd7a87a1dcfae4997d6c851a8b386d7f7213792da6e23b74f4443a8976d + checksum: 744449cc63283116e8268c088a714d9c26d93af8d6051523b900517b665e0122239fc6a326de206657d423f4cccfaf2437ef099fcdfbfd91c4cdde6b1c55c11f languageName: node linkType: hard @@ -2649,7 +2629,7 @@ __metadata: languageName: node linkType: hard -"braces@npm:^3.0.2": +"braces@npm:^3.0.1": version: 3.0.2 resolution: "braces@npm:3.0.2" dependencies: @@ -2666,17 +2646,17 @@ __metadata: linkType: hard "browserslist@npm:^4.17.5": - version: 4.20.3 - resolution: "browserslist@npm:4.20.3" + version: 4.19.1 + resolution: "browserslist@npm:4.19.1" dependencies: - caniuse-lite: ^1.0.30001332 - electron-to-chromium: ^1.4.118 + caniuse-lite: ^1.0.30001286 + electron-to-chromium: ^1.4.17 escalade: ^3.1.1 - node-releases: ^2.0.3 + node-releases: ^2.0.1 picocolors: ^1.0.0 bin: browserslist: cli.js - checksum: 1e4b719ac2ca0fe235218a606e8b8ef16b8809e0973b924158c39fbc435a0b0fe43437ea52dd6ef5ad2efcb83fcb07431244e472270177814217f7c563651f7d + checksum: c0777fd483691638fd6801e16c9d809e1d65f6d2b06db2e806654be51045cbab1452a89841a2c5caea2cbe19d621b4f1d391cffbb24512aa33280039ab345875 languageName: node linkType: hard @@ -2746,6 +2726,13 @@ __metadata: languageName: node linkType: hard +"builtins@npm:^1.0.3": + version: 1.0.3 + resolution: "builtins@npm:1.0.3" + checksum: 47ce94f7eee0e644969da1f1a28e5f29bd2e48b25b2bbb61164c345881086e29464ccb1fb88dbc155ea26e8b1f5fc8a923b26c8c1ed0935b67b644d410674513 + languageName: node + linkType: hard + "builtins@npm:^5.0.0": version: 5.0.1 resolution: "builtins@npm:5.0.1" @@ -2867,10 +2854,10 @@ __metadata: languageName: node linkType: hard -"caniuse-lite@npm:^1.0.30001332": - version: 1.0.30001332 - resolution: "caniuse-lite@npm:1.0.30001332" - checksum: e54182ea42ab3d2ff1440f9a6480292f7ab23c00c188df7ad65586312e4da567e8bedd5cb5fb8f0ff4193dc027a54e17e0b3c0b6db5d5a3fb61c7726ff9c45b3 +"caniuse-lite@npm:^1.0.30001286": + version: 1.0.30001297 + resolution: "caniuse-lite@npm:1.0.30001297" + checksum: 4f0d298cf32c050aa1d8a7bb33ef6ff5f289e6dd6dad48b364bc2db91e03b5f0089ffa9950d6228dbd43446695cecd1990601b432a8d03c1d5b2e945cb67bade languageName: node linkType: hard @@ -3018,15 +3005,15 @@ __metadata: linkType: hard "cli-table3@npm:^0.6.1": - version: 0.6.2 - resolution: "cli-table3@npm:0.6.2" + version: 0.6.1 + resolution: "cli-table3@npm:0.6.1" dependencies: - "@colors/colors": 1.5.0 + colors: 1.4.0 string-width: ^4.2.0 dependenciesMeta: - "@colors/colors": + colors: optional: true - checksum: 2f82391698b8a2a2a5e45d2adcfea5d93e557207f90455a8d4c1aac688e9b18a204d9eb4ba1d322fa123b17d64ea3dc5e11de8b005529f3c3e7dbeb27cb4d9be + checksum: 956e175f8eb019c26465b9f1e51121c08d8978e2aab04be7f8520ea8a4e67906fcbd8516dfb77e386ae3730ef0281aa21a65613dffbfa3d62969263252bd25a9 languageName: node linkType: hard @@ -3122,6 +3109,13 @@ __metadata: languageName: node linkType: hard +"colors@npm:1.4.0": + version: 1.4.0 + resolution: "colors@npm:1.4.0" + checksum: 98aa2c2418ad87dedf25d781be69dc5fc5908e279d9d30c34d8b702e586a0474605b3a189511482b9d5ed0d20c867515d22749537f7bc546256c6014f3ebdcec + languageName: node + linkType: hard + "columnify@npm:^1.6.0": version: 1.6.0 resolution: "columnify@npm:1.6.0" @@ -3172,16 +3166,6 @@ __metadata: languageName: node linkType: hard -"compress-brotli@npm:^1.3.6": - version: 1.3.6 - resolution: "compress-brotli@npm:1.3.6" - dependencies: - "@types/json-buffer": ~3.0.0 - json-buffer: ~3.0.1 - checksum: 9db8e082a3286bd6a0da2b6b2929c62a827c5a1bee8f0d1c777cccfcef14c9e751d93ae46329f1529bfbfab9b6f241465e3a1c895be235c6e923f5017d952d00 - languageName: node - linkType: hard - "concat-map@npm:0.0.1": version: 0.0.1 resolution: "concat-map@npm:0.0.1" @@ -3301,9 +3285,9 @@ __metadata: linkType: hard "core-util-is@npm:~1.0.0": - version: 1.0.3 - resolution: "core-util-is@npm:1.0.3" - checksum: 9de8597363a8e9b9952491ebe18167e3b36e7707569eed0ebf14f8bba773611376466ae34575bca8cfe3c767890c859c74056084738f09d4e4a6f902b2ad7d99 + version: 1.0.2 + resolution: "core-util-is@npm:1.0.2" + checksum: 7a4c925b497a2c91421e25bf76d6d8190f0b2359a9200dbeed136e63b2931d6294d3b1893eda378883ed363cd950f44a12a401384c609839ea616befb7927dab languageName: node linkType: hard @@ -3619,12 +3603,11 @@ __metadata: linkType: hard "define-properties@npm:^1.1.3": - version: 1.1.4 - resolution: "define-properties@npm:1.1.4" + version: 1.1.3 + resolution: "define-properties@npm:1.1.3" dependencies: - has-property-descriptors: ^1.0.0 - object-keys: ^1.1.1 - checksum: ce0aef3f9eb193562b5cfb79b2d2c86b6a109dfc9fdcb5f45d680631a1a908c06824ddcdb72b7573b54e26ace07f0a23420aaba0d5c627b34d2c1de8ef527e2b + object-keys: ^1.0.12 + checksum: da80dba55d0cd76a5a7ab71ef6ea0ebcb7b941f803793e4e0257b384cb772038faa0c31659d244e82c4342edef841c1a1212580006a05a5068ee48223d787317 languageName: node linkType: hard @@ -3731,10 +3714,10 @@ __metadata: languageName: node linkType: hard -"diff-sequences@npm:^27.5.1": - version: 27.5.1 - resolution: "diff-sequences@npm:27.5.1" - checksum: a00db5554c9da7da225db2d2638d85f8e41124eccbd56cbaefb3b276dcbb1c1c2ad851c32defe2055a54a4806f030656cbf6638105fd6ce97bb87b90b32a33ca +"diff-sequences@npm:^27.4.0": + version: 27.4.0 + resolution: "diff-sequences@npm:27.4.0" + checksum: 66d04033e8632eeacdd029b4ecaf87d233d475e4b0cd1cee035eda99e70e1a7f803507d72f2677990ef526f28a2f6e5709af8d94dcdc0682b8884a3a646190a1 languageName: node linkType: hard @@ -3851,10 +3834,10 @@ __metadata: languageName: node linkType: hard -"electron-to-chromium@npm:^1.4.118": - version: 1.4.122 - resolution: "electron-to-chromium@npm:1.4.122" - checksum: 8af3e4ec8d7429a301bd3e2df42c5899d590dc93b750ef74aa3244c5343b01bd3048e98bd6f13073bf3d053c6931ccda6827d8f47ba8022d7ba3c74003321cae +"electron-to-chromium@npm:^1.4.17": + version: 1.4.37 + resolution: "electron-to-chromium@npm:1.4.37" + checksum: d5da221e456bdbd23d554d1362c3e544fb3d384680a8a9fe5027e855f4a16986e7ccfa2924ba8b24f40b47eadd81738db8d2cc6388b5b6386dfadee7bada2155 languageName: node linkType: hard @@ -3933,9 +3916,9 @@ __metadata: languageName: node linkType: hard -"es-abstract@npm:^1.19.1, es-abstract@npm:^1.19.2": - version: 1.19.5 - resolution: "es-abstract@npm:1.19.5" +"es-abstract@npm:^1.19.0, es-abstract@npm:^1.19.1": + version: 1.19.1 + resolution: "es-abstract@npm:1.19.1" dependencies: call-bind: ^1.0.2 es-to-primitive: ^1.2.1 @@ -3943,30 +3926,21 @@ __metadata: get-intrinsic: ^1.1.1 get-symbol-description: ^1.0.0 has: ^1.0.3 - has-symbols: ^1.0.3 + has-symbols: ^1.0.2 internal-slot: ^1.0.3 is-callable: ^1.2.4 - is-negative-zero: ^2.0.2 + is-negative-zero: ^2.0.1 is-regex: ^1.1.4 - is-shared-array-buffer: ^1.0.2 + is-shared-array-buffer: ^1.0.1 is-string: ^1.0.7 - is-weakref: ^1.0.2 - object-inspect: ^1.12.0 + is-weakref: ^1.0.1 + object-inspect: ^1.11.0 object-keys: ^1.1.1 object.assign: ^4.1.2 string.prototype.trimend: ^1.0.4 string.prototype.trimstart: ^1.0.4 unbox-primitive: ^1.0.1 - checksum: 55199b0f179a12b3b0ec9c9f2e3a27a7561686e4f88d46f9ef32c836448a336e367c14d8f792612fc83a64113896e478259e4dffbbcffb3efdd06650f6360324 - languageName: node - linkType: hard - -"es-shim-unscopables@npm:^1.0.0": - version: 1.0.0 - resolution: "es-shim-unscopables@npm:1.0.0" - dependencies: - has: ^1.0.3 - checksum: 83e95cadbb6ee44d3644dfad60dcad7929edbc42c85e66c3e99aefd68a3a5c5665f2686885cddb47dfeabfd77bd5ea5a7060f2092a955a729bbd8834f0d86fa1 + checksum: b6be8410672c5364db3fb01eb786e30c7b4bb32b4af63d381c08840f4382c4a168e7855cd338bf59d4f1a1a1138f4d748d1fd40ec65aaa071876f9e9fbfed949 languageName: node linkType: hard @@ -4084,36 +4058,36 @@ __metadata: languageName: node linkType: hard -"eslint-module-utils@npm:^2.7.3": - version: 2.7.3 - resolution: "eslint-module-utils@npm:2.7.3" +"eslint-module-utils@npm:^2.7.2": + version: 2.7.2 + resolution: "eslint-module-utils@npm:2.7.2" dependencies: debug: ^3.2.7 find-up: ^2.1.0 - checksum: 77048263f309167a1e6a1e1b896bfb5ddd1d3859b2e2abbd9c32c432aee13d610d46e6820b1ca81b37fba437cf423a404bc6649be64ace9148a3062d1886a678 + checksum: 3e6407461d12b1568556fc9a84668415693ecce92d17d7407353defcfcafec5d3d8dfa2d9eda3743b3b53ef04101d8aa69072b3d634d92e766c3dfa10505542d languageName: node linkType: hard "eslint-plugin-import@npm:^2.22.1": - version: 2.26.0 - resolution: "eslint-plugin-import@npm:2.26.0" + version: 2.25.4 + resolution: "eslint-plugin-import@npm:2.25.4" dependencies: array-includes: ^3.1.4 array.prototype.flat: ^1.2.5 debug: ^2.6.9 doctrine: ^2.1.0 eslint-import-resolver-node: ^0.3.6 - eslint-module-utils: ^2.7.3 + eslint-module-utils: ^2.7.2 has: ^1.0.3 - is-core-module: ^2.8.1 + is-core-module: ^2.8.0 is-glob: ^4.0.3 - minimatch: ^3.1.2 + minimatch: ^3.0.4 object.values: ^1.1.5 - resolve: ^1.22.0 - tsconfig-paths: ^3.14.1 + resolve: ^1.20.0 + tsconfig-paths: ^3.12.0 peerDependencies: eslint: ^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8 - checksum: 0bf77ad80339554481eafa2b1967449e1f816b94c7a6f9614ce33fb4083c4e6c050f10d241dd50b4975d47922880a34de1e42ea9d8e6fd663ebb768baa67e655 + checksum: 0af24f5c7c6ca692f42e3947127f0ae7dfe44f1e02740f7cbe988b510a9c52bab0065d7df04e2d953dcc88a4595a00cbdcf14018acf8cd75cfd47b72efcbb734 languageName: node linkType: hard @@ -4385,15 +4359,15 @@ __metadata: languageName: node linkType: hard -"expect@npm:^27.5.1": - version: 27.5.1 - resolution: "expect@npm:27.5.1" +"expect@npm:^27.4.6": + version: 27.4.6 + resolution: "expect@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 - jest-get-type: ^27.5.1 - jest-matcher-utils: ^27.5.1 - jest-message-util: ^27.5.1 - checksum: b2c66beb52de53ef1872165aace40224e722bca3c2274c54cfa74b6d617d55cf0ccdbf36783ccd64dbea501b280098ed33fd0b207d4f15bc03cd3c7a24364a6a + "@jest/types": ^27.4.2 + jest-get-type: ^27.4.0 + jest-matcher-utils: ^27.4.6 + jest-message-util: ^27.4.6 + checksum: 593eaa8ff34320f9a70f961bc25eeae932df4f48ebcc5ecc1033f1cddffd286fc42a2f312929222541cec1077de2604ff4fc6e97012afcbd36b333bfaba82f7f languageName: node linkType: hard @@ -4485,7 +4459,7 @@ __metadata: languageName: node linkType: hard -"fast-glob@npm:^3.1.1, fast-glob@npm:^3.2.11, fast-glob@npm:^3.2.7, fast-glob@npm:^3.2.9": +"fast-glob@npm:^3.1.1, fast-glob@npm:^3.2.11, fast-glob@npm:^3.2.7": version: 3.2.11 resolution: "fast-glob@npm:3.2.11" dependencies: @@ -4741,9 +4715,9 @@ __metadata: linkType: hard "flatted@npm:^3.1.0": - version: 3.2.5 - resolution: "flatted@npm:3.2.5" - checksum: 3c436e9695ccca29620b4be5671dd72e5dd0a7500e0856611b7ca9bd8169f177f408c3b9abfa78dfe1493ee2d873e2c119080a8a9bee4e1a186a9e60ca6c89f1 + version: 3.2.4 + resolution: "flatted@npm:3.2.4" + checksum: 7d33846428ab337ec81ef9b8b9103894c1c81f5f67feb32bd4ed106fbc47da60d56edb42efd36c9f1f30a010272aeccd34ec1ffacfe9dfdff19673b1d4df481b languageName: node linkType: hard @@ -4808,13 +4782,13 @@ __metadata: linkType: hard "fs-extra@npm:^10.0.0": - version: 10.1.0 - resolution: "fs-extra@npm:10.1.0" + version: 10.0.1 + resolution: "fs-extra@npm:10.0.1" dependencies: graceful-fs: ^4.2.0 jsonfile: ^6.0.1 universalify: ^2.0.0 - checksum: dc94ab37096f813cc3ca12f0f1b5ad6744dfed9ed21e953d72530d103cea193c2f81584a39e9dee1bea36de5ee66805678c0dddc048e8af1427ac19c00fffc50 + checksum: c1faaa5eb9e1c5c7c7ff09f966e93922ecb068ae1b04801cfc983ef05fcc1f66bfbb8d8d0b745c910014c7a2e7317fb6cf3bfe7390450c1157e3cc1a218f221d languageName: node linkType: hard @@ -5112,15 +5086,15 @@ __metadata: linkType: hard "globals@npm:^13.6.0, globals@npm:^13.9.0": - version: 13.13.0 - resolution: "globals@npm:13.13.0" + version: 13.12.0 + resolution: "globals@npm:13.12.0" dependencies: type-fest: ^0.20.2 - checksum: c55ea8fd3afecb72567bac41605577e19e68476993dfb0ca4c49b86075af5f0ae3f0f5502525f69010f7c5ea5db6a1c540a80a4f80ebdfb2f686d87b0f05d7e9 + checksum: 1f959abb11117916468a1afcba527eead152900cad652c8383c4e8976daea7ec55e1ee30c086f48d1b8655719f214e9d92eca083c3a43b5543bc4056e7e5fccf languageName: node linkType: hard -"globby@npm:11.0.4": +"globby@npm:11.0.4, globby@npm:^11.0.0, globby@npm:^11.0.1, globby@npm:^11.0.3": version: 11.0.4 resolution: "globby@npm:11.0.4" dependencies: @@ -5147,20 +5121,6 @@ __metadata: languageName: node linkType: hard -"globby@npm:^11.0.0, globby@npm:^11.0.1, globby@npm:^11.0.3": - version: 11.1.0 - resolution: "globby@npm:11.1.0" - dependencies: - array-union: ^2.1.0 - dir-glob: ^3.0.1 - fast-glob: ^3.2.9 - ignore: ^5.2.0 - merge2: ^1.4.1 - slash: ^3.0.0 - checksum: b4be8885e0cfa018fc783792942d53926c35c50b3aefd3fdcfb9d22c627639dc26bd2327a40a0b74b074100ce95bb7187bfeae2f236856aa3de183af7a02aea6 - languageName: node - linkType: hard - "got@npm:^7.0.0": version: 7.1.0 resolution: "got@npm:7.1.0" @@ -5208,17 +5168,17 @@ __metadata: languageName: node linkType: hard -"graceful-fs@npm:^4.1.10, graceful-fs@npm:^4.1.11, graceful-fs@npm:^4.1.2, graceful-fs@npm:^4.1.5, graceful-fs@npm:^4.1.6, graceful-fs@npm:^4.2.0, graceful-fs@npm:^4.2.10, graceful-fs@npm:^4.2.4, graceful-fs@npm:^4.2.6, graceful-fs@npm:^4.2.9": - version: 4.2.10 - resolution: "graceful-fs@npm:4.2.10" - checksum: 3f109d70ae123951905d85032ebeae3c2a5a7a997430df00ea30df0e3a6c60cf6689b109654d6fdacd28810a053348c4d14642da1d075049e6be1ba5216218da +"graceful-fs@npm:^4.1.10, graceful-fs@npm:^4.1.11, graceful-fs@npm:^4.1.2, graceful-fs@npm:^4.1.5, graceful-fs@npm:^4.1.6, graceful-fs@npm:^4.2.0, graceful-fs@npm:^4.2.4, graceful-fs@npm:^4.2.6, graceful-fs@npm:^4.2.9": + version: 4.2.9 + resolution: "graceful-fs@npm:4.2.9" + checksum: 68ea4e07ff2c041ada184f9278b830375f8e0b75154e3f080af6b70f66172fabb4108d19b3863a96b53fc068a310b9b6493d86d1291acc5f3861eb4b79d26ad6 languageName: node linkType: hard "graphql@npm:^16.2.0": - version: 16.4.0 - resolution: "graphql@npm:16.4.0" - checksum: 8cac2c466891b6c6ace2fa3807f93815dea53cbec372998c139e796a321a6882c2324cc605e5f9aa45356890239aa9e731a04d8c59ec524db82bd18fb48aafee + version: 16.2.0 + resolution: "graphql@npm:16.2.0" + checksum: 204b5c9991b82561651a28b13dbb2e0e67514171a6a8c045ca4a527b944087344a14519d0426d661b49f2305584b390591abadc82b942f7b65e64e05cb31a584 languageName: node linkType: hard @@ -5247,10 +5207,10 @@ __metadata: languageName: node linkType: hard -"has-bigints@npm:^1.0.1, has-bigints@npm:^1.0.2": - version: 1.0.2 - resolution: "has-bigints@npm:1.0.2" - checksum: 390e31e7be7e5c6fe68b81babb73dfc35d413604d7ee5f56da101417027a4b4ce6a27e46eff97ad040c835b5d228676eae99a9b5c3bc0e23c8e81a49241ff45b +"has-bigints@npm:^1.0.1": + version: 1.0.1 + resolution: "has-bigints@npm:1.0.1" + checksum: 44ab55868174470065d2e0f8f6def1c990d12b82162a8803c679699fa8a39f966e336f2a33c185092fe8aea7e8bf2e85f1c26add5f29d98f2318bd270096b183 languageName: node linkType: hard @@ -5261,15 +5221,6 @@ __metadata: languageName: node linkType: hard -"has-property-descriptors@npm:^1.0.0": - version: 1.0.0 - resolution: "has-property-descriptors@npm:1.0.0" - dependencies: - get-intrinsic: ^1.1.1 - checksum: a6d3f0a266d0294d972e354782e872e2fe1b6495b321e6ef678c9b7a06a40408a6891817350c62e752adced73a94ac903c54734fee05bf65b1905ee1368194bb - languageName: node - linkType: hard - "has-symbol-support-x@npm:^1.4.1": version: 1.4.2 resolution: "has-symbol-support-x@npm:1.4.2" @@ -5277,10 +5228,10 @@ __metadata: languageName: node linkType: hard -"has-symbols@npm:^1.0.1, has-symbols@npm:^1.0.2, has-symbols@npm:^1.0.3": - version: 1.0.3 - resolution: "has-symbols@npm:1.0.3" - checksum: a054c40c631c0d5741a8285010a0777ea0c068f99ed43e5d6eb12972da223f8af553a455132fdb0801bdcfa0e0f443c0c03a68d8555aa529b3144b446c3f2410 +"has-symbols@npm:^1.0.1, has-symbols@npm:^1.0.2": + version: 1.0.2 + resolution: "has-symbols@npm:1.0.2" + checksum: 2309c426071731be792b5be43b3da6fb4ed7cbe8a9a6bcfca1862587709f01b33d575ce8f5c264c1eaad09fca2f9a8208c0a2be156232629daa2dd0c0740976b languageName: node linkType: hard @@ -5389,13 +5340,6 @@ __metadata: languageName: node linkType: hard -"hpagent@npm:^0.1.2": - version: 0.1.2 - resolution: "hpagent@npm:0.1.2" - checksum: 1918518ab937d9fa615a47b94489e23662547bc1edf27069ee9bf40bfefb94da65eb142b6f42336b4b0752fce87f66c284d92b97340fd2a90b24aa3616b5450d - languageName: node - linkType: hard - "html-encoding-sniffer@npm:^2.0.1": version: 2.0.1 resolution: "html-encoding-sniffer@npm:2.0.1" @@ -5449,12 +5393,12 @@ __metadata: linkType: hard "https-proxy-agent@npm:^5.0.0": - version: 5.0.1 - resolution: "https-proxy-agent@npm:5.0.1" + version: 5.0.0 + resolution: "https-proxy-agent@npm:5.0.0" dependencies: agent-base: 6 debug: 4 - checksum: 571fccdf38184f05943e12d37d6ce38197becdd69e58d03f43637f7fa1269cf303a7d228aa27e5b27bbd3af8f09fd938e1c91dcfefff2df7ba77c20ed8dfc765 + checksum: 165bfb090bd26d47693597661298006841ab733d0c7383a8cb2f17373387a94c903a3ac687090aa739de05e379ab6f868bae84ab4eac288ad85c328cd1ec9e53 languageName: node linkType: hard @@ -5610,10 +5554,10 @@ __metadata: languageName: node linkType: hard -"ini@npm:^3.0.0": - version: 3.0.0 - resolution: "ini@npm:3.0.0" - checksum: e92b6b0835ac369e58c677e7faa8db6019ac667d7404887978fb86b181d658e50f1742ecbba7d81eb5ff917b3ae4d63a48e1ef3a9f8a0527bd7605fe1a9995d4 +"ini@npm:^2.0.0": + version: 2.0.0 + resolution: "ini@npm:2.0.0" + checksum: e7aadc5fb2e4aefc666d74ee2160c073995a4061556b1b5b4241ecb19ad609243b9cceafe91bae49c219519394bbd31512516cb22a3b1ca6e66d869e0447e84e languageName: node linkType: hard @@ -5640,8 +5584,8 @@ __metadata: linkType: hard "inquirer@npm:^8.1.2": - version: 8.2.2 - resolution: "inquirer@npm:8.2.2" + version: 8.2.0 + resolution: "inquirer@npm:8.2.0" dependencies: ansi-escapes: ^4.2.1 chalk: ^4.1.1 @@ -5653,11 +5597,11 @@ __metadata: mute-stream: 0.0.8 ora: ^5.4.1 run-async: ^2.4.0 - rxjs: ^7.5.5 + rxjs: ^7.2.0 string-width: ^4.1.0 strip-ansi: ^6.0.0 through: ^2.3.6 - checksum: 69a2cf32f51af0e94dd66c597fdca42b890ff521b537dbfe1fd532c19a751d54893b7896523691ec30357f6212a80a2417fec7bf34411f369bbf151bdbc95ae9 + checksum: 861d1a9324ae933b49126b3541d94e4d6a2f2a25411b3f3cc00c34bf1bdab34146362d702cf289efe6d8034900dc5905bcf2ea716092a02b6fc390e5986dd236 languageName: node linkType: hard @@ -5794,7 +5738,7 @@ __metadata: resolution: "is-core-module@npm:2.8.1" dependencies: has: ^1.0.3 - checksum: b27034318b4b462f1c8f1dfb1b32baecd651d891a4e2d1922135daeff4141dfced2b82b07aef83ef54275c4a3526aa38da859223664d0868ca24182badb784ce + checksum: 418b7bc10768a73c41c7ef497e293719604007f88934a6ffc5f7c78702791b8528102fb4c9e56d006d69361549b3d9519440214a74aefc7e0b79e5e4411d377f languageName: node linkType: hard @@ -5964,7 +5908,7 @@ __metadata: languageName: node linkType: hard -"is-negative-zero@npm:^2.0.2": +"is-negative-zero@npm:^2.0.1": version: 2.0.2 resolution: "is-negative-zero@npm:2.0.2" checksum: f3232194c47a549da60c3d509c9a09be442507616b69454716692e37ae9f37c4dea264fb208ad0c9f3efd15a796a46b79df07c7e53c6227c32170608b809149a @@ -5972,11 +5916,11 @@ __metadata: linkType: hard "is-number-object@npm:^1.0.4": - version: 1.0.7 - resolution: "is-number-object@npm:1.0.7" + version: 1.0.6 + resolution: "is-number-object@npm:1.0.6" dependencies: has-tostringtag: ^1.0.0 - checksum: d1e8d01bb0a7134c74649c4e62da0c6118a0bfc6771ea3c560914d52a627873e6920dd0fd0ebc0e12ad2ff4687eac4c308f7e80320b973b2c8a2c8f97a7524f7 + checksum: c697704e8fc2027fc41cb81d29805de4e8b6dc9c3efee93741dbf126a8ecc8443fef85adbc581415ae7e55d325e51d0a942324ae35c829131748cce39cba55f3 languageName: node linkType: hard @@ -6101,12 +6045,10 @@ __metadata: languageName: node linkType: hard -"is-shared-array-buffer@npm:^1.0.2": - version: 1.0.2 - resolution: "is-shared-array-buffer@npm:1.0.2" - dependencies: - call-bind: ^1.0.2 - checksum: 9508929cf14fdc1afc9d61d723c6e8d34f5e117f0bffda4d97e7a5d88c3a8681f633a74f8e3ad1fe92d5113f9b921dc5ca44356492079612f9a247efbce7032a +"is-shared-array-buffer@npm:^1.0.1": + version: 1.0.1 + resolution: "is-shared-array-buffer@npm:1.0.1" + checksum: 2ffb92533e64e2876e6cfe6906871d28400b6f1a53130fe652ec8007bc0e5044d05e7af8e31bdc992fbba520bd92938cfbeedd0f286be92f250c7c76191c4d90 languageName: node linkType: hard @@ -6181,7 +6123,7 @@ __metadata: languageName: node linkType: hard -"is-weakref@npm:^1.0.2": +"is-weakref@npm:^1.0.1": version: 1.0.2 resolution: "is-weakref@npm:1.0.2" dependencies: @@ -6248,15 +6190,15 @@ __metadata: linkType: hard "istanbul-lib-instrument@npm:^5.0.4, istanbul-lib-instrument@npm:^5.1.0": - version: 5.2.0 - resolution: "istanbul-lib-instrument@npm:5.2.0" + version: 5.1.0 + resolution: "istanbul-lib-instrument@npm:5.1.0" dependencies: "@babel/core": ^7.12.3 "@babel/parser": ^7.14.7 "@istanbuljs/schema": ^0.1.2 istanbul-lib-coverage: ^3.2.0 semver: ^6.3.0 - checksum: 7c242ed782b6bf7b655656576afae8b6bd23dcc020e5fdc1472cca3dfb6ddb196a478385206d0df5219b9babf46ac4f21fea5d8ea9a431848b6cca6007012353 + checksum: 8b82e733c69fe9f94d2e21f3e5760c9bedb110329aa75df4bd40df95f1cac3bf38767e43f35b125cc547ceca7376b72ce7d95cc5238b7e9088345c7b589233d3 languageName: node linkType: hard @@ -6283,12 +6225,12 @@ __metadata: linkType: hard "istanbul-reports@npm:^3.1.3": - version: 3.1.4 - resolution: "istanbul-reports@npm:3.1.4" + version: 3.1.3 + resolution: "istanbul-reports@npm:3.1.3" dependencies: html-escaper: ^2.0.0 istanbul-lib-report: ^3.0.0 - checksum: 2132983355710c522f6b26808015cab9a0ee8b9f5ae0db0d3edeff40b886dd83cb670fb123cb7b32dbe59473d7c00cdde2ba6136bc0acdb20a865fccea64dfe1 + checksum: ef6e0d9ed05ecab1974c6eb46cc2a12d8570911934192db4ed40cf1978449240ea80aae32c4dd5555b67407cdf860212d1a9e415443af69641aa57ed1da5ebbb languageName: node linkType: hard @@ -6309,58 +6251,58 @@ __metadata: languageName: node linkType: hard -"jest-changed-files@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-changed-files@npm:27.5.1" +"jest-changed-files@npm:^27.4.2": + version: 27.4.2 + resolution: "jest-changed-files@npm:27.4.2" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 execa: ^5.0.0 throat: ^6.0.1 - checksum: 95e9dc74c3ca688ef85cfeab270f43f8902721a6c8ade6ac2459459a77890c85977f537d6fb809056deaa6d9c3f075fa7d2699ff5f3bf7d3fda17c3760b79b15 + checksum: 4df8dff39882995d4852756686357e0629cf8029ea5c35dcf25f63fba4febe15b564b9222f7d18a7546fcd48d3414345bf3c363a1d13af61d8d66e662a035420 languageName: node linkType: hard -"jest-circus@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-circus@npm:27.5.1" +"jest-circus@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-circus@npm:27.4.6" dependencies: - "@jest/environment": ^27.5.1 - "@jest/test-result": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/environment": ^27.4.6 + "@jest/test-result": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" chalk: ^4.0.0 co: ^4.6.0 dedent: ^0.7.0 - expect: ^27.5.1 + expect: ^27.4.6 is-generator-fn: ^2.0.0 - jest-each: ^27.5.1 - jest-matcher-utils: ^27.5.1 - jest-message-util: ^27.5.1 - jest-runtime: ^27.5.1 - jest-snapshot: ^27.5.1 - jest-util: ^27.5.1 - pretty-format: ^27.5.1 + jest-each: ^27.4.6 + jest-matcher-utils: ^27.4.6 + jest-message-util: ^27.4.6 + jest-runtime: ^27.4.6 + jest-snapshot: ^27.4.6 + jest-util: ^27.4.2 + pretty-format: ^27.4.6 slash: ^3.0.0 stack-utils: ^2.0.3 throat: ^6.0.1 - checksum: 6192dccbccb3a6acfa361cbb97bdbabe94864ccf3d885932cfd41f19534329d40698078cf9be1489415e8234255d6ea9f9aff5396b79ad842a6fca6e6fc08fd0 + checksum: 00aae02bc4de4afa2144b073c4158a322cb37924d5583ef5caa5cb4badcc8f32474da3a01dd5672e85eda088b92d2b769986b46e36c2c88df0dd6ec0c72bd8c1 languageName: node linkType: hard -"jest-cli@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-cli@npm:27.5.1" +"jest-cli@npm:^27.4.7": + version: 27.4.7 + resolution: "jest-cli@npm:27.4.7" dependencies: - "@jest/core": ^27.5.1 - "@jest/test-result": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/core": ^27.4.7 + "@jest/test-result": ^27.4.6 + "@jest/types": ^27.4.2 chalk: ^4.0.0 exit: ^0.1.2 - graceful-fs: ^4.2.9 + graceful-fs: ^4.2.4 import-local: ^3.0.2 - jest-config: ^27.5.1 - jest-util: ^27.5.1 - jest-validate: ^27.5.1 + jest-config: ^27.4.7 + jest-util: ^27.4.2 + jest-validate: ^27.4.6 prompts: ^2.0.1 yargs: ^16.2.0 peerDependencies: @@ -6370,212 +6312,210 @@ __metadata: optional: true bin: jest: bin/jest.js - checksum: 6c0a69fb48e500241409e09ff743ed72bc6578d7769e2c994724e7ef1e5587f6c1f85dc429e93b98ae38a365222993ee70f0acc2199358992120900984f349e5 + checksum: bf301039f1c14ef3fa2b7699b7b94328faa5549e34cb1573610c894bedd036ad36e31e6af436e11b3aa85e22e409a05d1fef1624bebc2da7ed416ce969b87307 languageName: node linkType: hard -"jest-config@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-config@npm:27.5.1" +"jest-config@npm:^27.4.7": + version: 27.4.7 + resolution: "jest-config@npm:27.4.7" dependencies: "@babel/core": ^7.8.0 - "@jest/test-sequencer": ^27.5.1 - "@jest/types": ^27.5.1 - babel-jest: ^27.5.1 + "@jest/test-sequencer": ^27.4.6 + "@jest/types": ^27.4.2 + babel-jest: ^27.4.6 chalk: ^4.0.0 ci-info: ^3.2.0 deepmerge: ^4.2.2 glob: ^7.1.1 - graceful-fs: ^4.2.9 - jest-circus: ^27.5.1 - jest-environment-jsdom: ^27.5.1 - jest-environment-node: ^27.5.1 - jest-get-type: ^27.5.1 - jest-jasmine2: ^27.5.1 - jest-regex-util: ^27.5.1 - jest-resolve: ^27.5.1 - jest-runner: ^27.5.1 - jest-util: ^27.5.1 - jest-validate: ^27.5.1 + graceful-fs: ^4.2.4 + jest-circus: ^27.4.6 + jest-environment-jsdom: ^27.4.6 + jest-environment-node: ^27.4.6 + jest-get-type: ^27.4.0 + jest-jasmine2: ^27.4.6 + jest-regex-util: ^27.4.0 + jest-resolve: ^27.4.6 + jest-runner: ^27.4.6 + jest-util: ^27.4.2 + jest-validate: ^27.4.6 micromatch: ^4.0.4 - parse-json: ^5.2.0 - pretty-format: ^27.5.1 + pretty-format: ^27.4.6 slash: ^3.0.0 - strip-json-comments: ^3.1.1 peerDependencies: ts-node: ">=9.0.0" peerDependenciesMeta: ts-node: optional: true - checksum: 1188fd46c0ed78cbe3175eb9ad6712ccf74a74be33d9f0d748e147c107f0889f8b701fbff1567f31836ae18597dacdc43d6a8fc30dd34ade6c9229cc6c7cb82d + checksum: 23d5bacc483b2674d6efcd6bfc66bcde7c2b428511b50d17a22a2750d85bfc23753f9e41f504411e411e848e34ec61244bdae9da8782df4ada6e284106f71a4d languageName: node linkType: hard -"jest-diff@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-diff@npm:27.5.1" +"jest-diff@npm:^27.0.0, jest-diff@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-diff@npm:27.4.6" dependencies: chalk: ^4.0.0 - diff-sequences: ^27.5.1 - jest-get-type: ^27.5.1 - pretty-format: ^27.5.1 - checksum: 8be27c1e1ee57b2bb2bef9c0b233c19621b4c43d53a3c26e2c00a4e805eb4ea11fe1694a06a9fb0e80ffdcfdc0d2b1cb0b85920b3f5c892327ecd1e7bd96b865 + diff-sequences: ^27.4.0 + jest-get-type: ^27.4.0 + pretty-format: ^27.4.6 + checksum: cf6b7e80e3c64a7c71ab209c0325bbda175991aed985ecee7652df9d6540e4959089038e208c04ab05391c9ddf07adc72f0c8c26cc4cee6fa17f76f500e2bf43 languageName: node linkType: hard -"jest-docblock@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-docblock@npm:27.5.1" +"jest-docblock@npm:^27.4.0": + version: 27.4.0 + resolution: "jest-docblock@npm:27.4.0" dependencies: detect-newline: ^3.0.0 - checksum: c0fed6d55b229d8bffdd8d03f121dd1a3be77c88f50552d374f9e1ea3bde57bf6bea017a0add04628d98abcb1bfb48b456438eeca8a74ef0053f4dae3b95d29c + checksum: 4b7639ceb7808280562166c87c49746d9e9cc13f8315ea05a0a400d2f7b11f4491b4ad50935e5976db6509f26004fa2b187dc19eea5e09c445eed2648eb1e927 languageName: node linkType: hard -"jest-each@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-each@npm:27.5.1" +"jest-each@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-each@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 chalk: ^4.0.0 - jest-get-type: ^27.5.1 - jest-util: ^27.5.1 - pretty-format: ^27.5.1 - checksum: b5a6d8730fd938982569c9e0b42bdf3c242f97b957ed8155a6473b5f7b540970f8685524e7f53963dc1805319f4b6602abfc56605590ca19d55bd7a87e467e63 + jest-get-type: ^27.4.0 + jest-util: ^27.4.2 + pretty-format: ^27.4.6 + checksum: cce85a14a4c3a37733e75da2352e767c6eef923181e0c884eb9f86253ed417de0454da5117ebfbc1fcabdf109a305b1dbbf9b71a5712da8b6d79fde1f73a9b75 languageName: node linkType: hard -"jest-environment-jsdom@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-environment-jsdom@npm:27.5.1" +"jest-environment-jsdom@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-environment-jsdom@npm:27.4.6" dependencies: - "@jest/environment": ^27.5.1 - "@jest/fake-timers": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/environment": ^27.4.6 + "@jest/fake-timers": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" - jest-mock: ^27.5.1 - jest-util: ^27.5.1 + jest-mock: ^27.4.6 + jest-util: ^27.4.2 jsdom: ^16.6.0 - checksum: bc104aef7d7530d0740402aa84ac812138b6d1e51fe58adecce679f82b99340ddab73e5ec68fa079f33f50c9ddec9728fc9f0ddcca2ad6f0b351eed2762cc555 + checksum: bdf5f349a3e96b029fd0c442c8ba86dd7beb8d14922b6a53f0c52f9ab7b34521ef8deedfaba13ce81ca01e9074032eb8dc506d9035941348e129d0b76671d6bc languageName: node linkType: hard -"jest-environment-node@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-environment-node@npm:27.5.1" +"jest-environment-node@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-environment-node@npm:27.4.6" dependencies: - "@jest/environment": ^27.5.1 - "@jest/fake-timers": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/environment": ^27.4.6 + "@jest/fake-timers": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" - jest-mock: ^27.5.1 - jest-util: ^27.5.1 - checksum: 0f988330c4f3eec092e3fb37ea753b0c6f702e83cd8f4d770af9c2bf964a70bc45fbd34ec6fdb6d71ce98a778d9f54afd673e63f222e4667fff289e8069dba39 + jest-mock: ^27.4.6 + jest-util: ^27.4.2 + checksum: 3f146e7819f65b1dc0252573cddadc8c565a566ddf7c06c93eded51cccfc55f4765373fb2aaafeb4d8b76ec62b062e1bd4f1da6b9f57429af6789ef8bbada3cb languageName: node linkType: hard -"jest-get-type@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-get-type@npm:27.5.1" - checksum: 63064ab70195c21007d897c1157bf88ff94a790824a10f8c890392e7d17eda9c3900513cb291ca1c8d5722cad79169764e9a1279f7c8a9c4cd6e9109ff04bbc0 +"jest-get-type@npm:^27.4.0": + version: 27.4.0 + resolution: "jest-get-type@npm:27.4.0" + checksum: bb9b70e420009fdaed3026d5bccd01569f92c7500f9f544d862796d4f4efa93ced5484864b2f272c7748bfb5bfd3268d48868b169c51ab45fe5b45b9519b6e46 languageName: node linkType: hard -"jest-haste-map@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-haste-map@npm:27.5.1" +"jest-haste-map@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-haste-map@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 "@types/graceful-fs": ^4.1.2 "@types/node": "*" anymatch: ^3.0.3 fb-watchman: ^2.0.0 fsevents: ^2.3.2 - graceful-fs: ^4.2.9 - jest-regex-util: ^27.5.1 - jest-serializer: ^27.5.1 - jest-util: ^27.5.1 - jest-worker: ^27.5.1 + graceful-fs: ^4.2.4 + jest-regex-util: ^27.4.0 + jest-serializer: ^27.4.0 + jest-util: ^27.4.2 + jest-worker: ^27.4.6 micromatch: ^4.0.4 walker: ^1.0.7 dependenciesMeta: fsevents: optional: true - checksum: e092a1412829a9254b4725531ee72926de530f77fda7b0d9ea18008fb7623c16f72e772d8e93be71cac9e591b2c6843a669610887dd2c89bd9eb528856e3ab47 + checksum: 07a336e9dba9e7308f16c8b8e037dcc80eb346b0f68cbb6bd1badf97abb104da12c305b411549a5ac0bd4e634b61f9d12e0b5ac2ae8e8bea08952a5fe1a6e82e languageName: node linkType: hard -"jest-jasmine2@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-jasmine2@npm:27.5.1" +"jest-jasmine2@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-jasmine2@npm:27.4.6" dependencies: - "@jest/environment": ^27.5.1 - "@jest/source-map": ^27.5.1 - "@jest/test-result": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/environment": ^27.4.6 + "@jest/source-map": ^27.4.0 + "@jest/test-result": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" chalk: ^4.0.0 co: ^4.6.0 - expect: ^27.5.1 + expect: ^27.4.6 is-generator-fn: ^2.0.0 - jest-each: ^27.5.1 - jest-matcher-utils: ^27.5.1 - jest-message-util: ^27.5.1 - jest-runtime: ^27.5.1 - jest-snapshot: ^27.5.1 - jest-util: ^27.5.1 - pretty-format: ^27.5.1 + jest-each: ^27.4.6 + jest-matcher-utils: ^27.4.6 + jest-message-util: ^27.4.6 + jest-runtime: ^27.4.6 + jest-snapshot: ^27.4.6 + jest-util: ^27.4.2 + pretty-format: ^27.4.6 throat: ^6.0.1 - checksum: b716adf253ceb73db661936153394ab90d7f3a8ba56d6189b7cd4df8e4e2a4153b4e63ebb5d36e29ceb0f4c211d5a6f36ab7048c6abbd881c8646567e2ab8e6d + checksum: d9b05405708161b90c2e9add00ee3c62b154b0f839bc50f034ae8369921956bb16cec428e46ae3b8074a3aeded6cb02f770161d7453f1a183b1abac17dae43f7 languageName: node linkType: hard -"jest-leak-detector@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-leak-detector@npm:27.5.1" +"jest-leak-detector@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-leak-detector@npm:27.4.6" dependencies: - jest-get-type: ^27.5.1 - pretty-format: ^27.5.1 - checksum: 5c9689060960567ddaf16c570d87afa760a461885765d2c71ef4f4857bbc3af1482c34e3cce88e50beefde1bf35e33530b020480752057a7e3dbb1ca0bae359f + jest-get-type: ^27.4.0 + pretty-format: ^27.4.6 + checksum: 4259400403d51b1297b9ab05c1342345c4a93a77c99447b061192ed81b56efcbdd28a03914c9f97670d2f3498bdc368712575d6218b02e3af1656b7db507d3bf languageName: node linkType: hard -"jest-matcher-utils@npm:^27.0.0, jest-matcher-utils@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-matcher-utils@npm:27.5.1" +"jest-matcher-utils@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-matcher-utils@npm:27.4.6" dependencies: chalk: ^4.0.0 - jest-diff: ^27.5.1 - jest-get-type: ^27.5.1 - pretty-format: ^27.5.1 - checksum: bb2135fc48889ff3fe73888f6cc7168ddab9de28b51b3148f820c89fdfd2effdcad005f18be67d0b9be80eda208ad47290f62f03d0a33f848db2dd0273c8217a + jest-diff: ^27.4.6 + jest-get-type: ^27.4.0 + pretty-format: ^27.4.6 + checksum: 445a8cc9eaa7cb08653a10cfc4f109eca76a97d1b1d3a01067bd77efa9cb3a554b74c7402a4c9d5083b21e11218e1515ef538faa47fa47c282072b4825f6b307 languageName: node linkType: hard -"jest-message-util@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-message-util@npm:27.5.1" +"jest-message-util@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-message-util@npm:27.4.6" dependencies: "@babel/code-frame": ^7.12.13 - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 "@types/stack-utils": ^2.0.0 chalk: ^4.0.0 - graceful-fs: ^4.2.9 + graceful-fs: ^4.2.4 micromatch: ^4.0.4 - pretty-format: ^27.5.1 + pretty-format: ^27.4.6 slash: ^3.0.0 stack-utils: ^2.0.3 - checksum: eb6d637d1411c71646de578c49826b6da8e33dd293e501967011de9d1916d53d845afbfb52a5b661ff1c495be7c13f751c48c7f30781fd94fbd64842e8195796 + checksum: 1fdd542d091dbf7aa63a484feead97a921e3c4d6db3784fe2e6d83e9110ac06de5691fdc043da991ca1d0ce5d179ea8266c8d93b388f4bba7d80a267fdd946df languageName: node linkType: hard -"jest-mock@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-mock@npm:27.5.1" +"jest-mock@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-mock@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 "@types/node": "*" - checksum: f5b5904bb1741b4a1687a5f492535b7b1758dc26534c72a5423305f8711292e96a601dec966df81bb313269fb52d47227e29f9c2e08324d79529172f67311be0 + checksum: 34df5ec502fa0db5ef36e2b2e96a522de730e7be907c6df5d4ec8ab1292d9be71f1e269e8bcdafd020239edaf3ca6f9c464eb0b4aca6986420a1f392976fc0ab languageName: node linkType: hard @@ -6591,202 +6531,203 @@ __metadata: languageName: node linkType: hard -"jest-regex-util@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-regex-util@npm:27.5.1" - checksum: d45ca7a9543616a34f7f3079337439cf07566e677a096472baa2810e274b9808b76767c97b0a4029b8a5b82b9d256dee28ef9ad4138b2b9e5933f6fac106c418 +"jest-regex-util@npm:^27.4.0": + version: 27.4.0 + resolution: "jest-regex-util@npm:27.4.0" + checksum: 222e4aacec601fd2cfdfee74adb8d324fef672f77577a7c2220893ec1a62031a2640388fce8d0bd8be2e4537da1ab40aa74dba60ac531a23b2643b15c65014ac languageName: node linkType: hard -"jest-resolve-dependencies@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-resolve-dependencies@npm:27.5.1" +"jest-resolve-dependencies@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-resolve-dependencies@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 - jest-regex-util: ^27.5.1 - jest-snapshot: ^27.5.1 - checksum: c67af97afad1da88f5530317c732bbd1262d1225f6cd7f4e4740a5db48f90ab0bd8564738ac70d1a43934894f9aef62205c1b8f8ee89e5c7a737e6a121ee4c25 + "@jest/types": ^27.4.2 + jest-regex-util: ^27.4.0 + jest-snapshot: ^27.4.6 + checksum: c644adb74a602c8c08f90256c9a5c519434cd213a02a6f427425003f9ab026c12860527eb67cf624aa6717c410fa92aee66662d212c0ffbb73f80e2711ffb7a4 languageName: node linkType: hard -"jest-resolve@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-resolve@npm:27.5.1" +"jest-resolve@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-resolve@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 chalk: ^4.0.0 - graceful-fs: ^4.2.9 - jest-haste-map: ^27.5.1 + graceful-fs: ^4.2.4 + jest-haste-map: ^27.4.6 jest-pnp-resolver: ^1.2.2 - jest-util: ^27.5.1 - jest-validate: ^27.5.1 + jest-util: ^27.4.2 + jest-validate: ^27.4.6 resolve: ^1.20.0 resolve.exports: ^1.1.0 slash: ^3.0.0 - checksum: 735830e7265b20a348029738680bb2f6e37f80ecea86cda869a4c318ba3a45d39c7a3a873a22f7f746d86258c50ead6e7f501de043e201c095d7ba628a1c440f + checksum: 69b765660ee2dd71542953fbe5f6fc9ee3590a4829376e00d955f7566d47049ec5e300832bee1530ac85d2946e341558993ab381d3023363058ae6f9d4c10025 languageName: node linkType: hard -"jest-runner@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-runner@npm:27.5.1" +"jest-runner@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-runner@npm:27.4.6" dependencies: - "@jest/console": ^27.5.1 - "@jest/environment": ^27.5.1 - "@jest/test-result": ^27.5.1 - "@jest/transform": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/console": ^27.4.6 + "@jest/environment": ^27.4.6 + "@jest/test-result": ^27.4.6 + "@jest/transform": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" chalk: ^4.0.0 emittery: ^0.8.1 - graceful-fs: ^4.2.9 - jest-docblock: ^27.5.1 - jest-environment-jsdom: ^27.5.1 - jest-environment-node: ^27.5.1 - jest-haste-map: ^27.5.1 - jest-leak-detector: ^27.5.1 - jest-message-util: ^27.5.1 - jest-resolve: ^27.5.1 - jest-runtime: ^27.5.1 - jest-util: ^27.5.1 - jest-worker: ^27.5.1 + exit: ^0.1.2 + graceful-fs: ^4.2.4 + jest-docblock: ^27.4.0 + jest-environment-jsdom: ^27.4.6 + jest-environment-node: ^27.4.6 + jest-haste-map: ^27.4.6 + jest-leak-detector: ^27.4.6 + jest-message-util: ^27.4.6 + jest-resolve: ^27.4.6 + jest-runtime: ^27.4.6 + jest-util: ^27.4.2 + jest-worker: ^27.4.6 source-map-support: ^0.5.6 throat: ^6.0.1 - checksum: 5bbe6cf847dd322b3332ec9d6977b54f91bd5f72ff620bc1a0192f0f129deda8aa7ca74c98922187a7aa87d8e0ce4f6c50e99a7ccb2a310bf4d94be2e0c3ce8e + checksum: 4e76117e5373b6eb51c7113f848dbc92bc1e1d2f1302f9530ef9cb6c967eb364836f4a5790f65a437f47debc917bfb696bbc647831292fa8b1b4321f292e721f languageName: node linkType: hard -"jest-runtime@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-runtime@npm:27.5.1" +"jest-runtime@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-runtime@npm:27.4.6" dependencies: - "@jest/environment": ^27.5.1 - "@jest/fake-timers": ^27.5.1 - "@jest/globals": ^27.5.1 - "@jest/source-map": ^27.5.1 - "@jest/test-result": ^27.5.1 - "@jest/transform": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/environment": ^27.4.6 + "@jest/fake-timers": ^27.4.6 + "@jest/globals": ^27.4.6 + "@jest/source-map": ^27.4.0 + "@jest/test-result": ^27.4.6 + "@jest/transform": ^27.4.6 + "@jest/types": ^27.4.2 chalk: ^4.0.0 cjs-module-lexer: ^1.0.0 collect-v8-coverage: ^1.0.0 execa: ^5.0.0 glob: ^7.1.3 - graceful-fs: ^4.2.9 - jest-haste-map: ^27.5.1 - jest-message-util: ^27.5.1 - jest-mock: ^27.5.1 - jest-regex-util: ^27.5.1 - jest-resolve: ^27.5.1 - jest-snapshot: ^27.5.1 - jest-util: ^27.5.1 + graceful-fs: ^4.2.4 + jest-haste-map: ^27.4.6 + jest-message-util: ^27.4.6 + jest-mock: ^27.4.6 + jest-regex-util: ^27.4.0 + jest-resolve: ^27.4.6 + jest-snapshot: ^27.4.6 + jest-util: ^27.4.2 slash: ^3.0.0 strip-bom: ^4.0.0 - checksum: 929e3df0c53dab43f831f2af4e2996b22aa8cb2d6d483919d6b0426cbc100098fd5b777b998c6568b77f8c4d860b2e83127514292ff61416064f5ef926492386 + checksum: 64d833c7d7b1d67b53932dc9fd9332aaf43ea1777fc61c3f143515968f066438b3247e4f1a71a7f127b1bedbc7c3124bfc53cb4f026fff5b26e2feda8d35535c languageName: node linkType: hard -"jest-serializer@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-serializer@npm:27.5.1" +"jest-serializer@npm:^27.4.0": + version: 27.4.0 + resolution: "jest-serializer@npm:27.4.0" dependencies: "@types/node": "*" - graceful-fs: ^4.2.9 - checksum: 803e03a552278610edc6753c0dd9fa5bb5cd3ca47414a7b2918106efb62b79fd5e9ae785d0a21f12a299fa599fea8acc1fa6dd41283328cee43962cf7df9bb44 + graceful-fs: ^4.2.4 + checksum: 1ed5f38e88010f258bd9557d7842a89741ff15bfc578328e8ae1985933406350b817cf5e3127773e3dbc755dbe2522195378f8b98284bcc32111a723294ebbea languageName: node linkType: hard -"jest-snapshot@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-snapshot@npm:27.5.1" +"jest-snapshot@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-snapshot@npm:27.4.6" dependencies: "@babel/core": ^7.7.2 "@babel/generator": ^7.7.2 "@babel/plugin-syntax-typescript": ^7.7.2 "@babel/traverse": ^7.7.2 "@babel/types": ^7.0.0 - "@jest/transform": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/transform": ^27.4.6 + "@jest/types": ^27.4.2 "@types/babel__traverse": ^7.0.4 "@types/prettier": ^2.1.5 babel-preset-current-node-syntax: ^1.0.0 chalk: ^4.0.0 - expect: ^27.5.1 - graceful-fs: ^4.2.9 - jest-diff: ^27.5.1 - jest-get-type: ^27.5.1 - jest-haste-map: ^27.5.1 - jest-matcher-utils: ^27.5.1 - jest-message-util: ^27.5.1 - jest-util: ^27.5.1 + expect: ^27.4.6 + graceful-fs: ^4.2.4 + jest-diff: ^27.4.6 + jest-get-type: ^27.4.0 + jest-haste-map: ^27.4.6 + jest-matcher-utils: ^27.4.6 + jest-message-util: ^27.4.6 + jest-util: ^27.4.2 natural-compare: ^1.4.0 - pretty-format: ^27.5.1 + pretty-format: ^27.4.6 semver: ^7.3.2 - checksum: a5cfadf0d21cd76063925d1434bc076443ed6d87847d0e248f0b245f11db3d98ff13e45cc03b15404027dabecd712d925f47b6eae4f64986f688640a7d362514 + checksum: c7a1ae993ae7334277c61e6d645efedefce53ca212498ae766ea28efa46287559a56d2bd2edaaead8476191a45adbb1354df5367dfd223763b5a66751bfbda14 languageName: node linkType: hard -"jest-util@npm:^27.0.0, jest-util@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-util@npm:27.5.1" +"jest-util@npm:^27.0.0, jest-util@npm:^27.4.2": + version: 27.4.2 + resolution: "jest-util@npm:27.4.2" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 "@types/node": "*" chalk: ^4.0.0 ci-info: ^3.2.0 - graceful-fs: ^4.2.9 + graceful-fs: ^4.2.4 picomatch: ^2.2.3 - checksum: ac8d122f6daf7a035dcea156641fd3701aeba245417c40836a77e35b3341b9c02ddc5d904cfcd4ddbaa00ab854da76d3b911870cafdcdbaff90ea471de26c7d7 + checksum: bcf16881aff1421c5f7c2df2ef9492cf8cd92fcd0a2a99bec5ab16f7185ee19aea48eda41d9dfa7b5bf4354bdc21628f5931cd2e7281741e6d2983965efb631e languageName: node linkType: hard -"jest-validate@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-validate@npm:27.5.1" +"jest-validate@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-validate@npm:27.4.6" dependencies: - "@jest/types": ^27.5.1 + "@jest/types": ^27.4.2 camelcase: ^6.2.0 chalk: ^4.0.0 - jest-get-type: ^27.5.1 + jest-get-type: ^27.4.0 leven: ^3.1.0 - pretty-format: ^27.5.1 - checksum: 82e870f8ee7e4fb949652711b1567f05ae31c54be346b0899e8353e5c20fad7692b511905b37966945e90af8dc0383eb41a74f3ffefb16140ea4f9164d841412 + pretty-format: ^27.4.6 + checksum: d3578030eadd872b99e65dac24d9ca755f2a2483f8344d9e575ea6034c6cb5ed5bcf7a4aa4f1050ab0080d5a8d0b0efd31c911514f27820b871a636a97dc196c languageName: node linkType: hard -"jest-watcher@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-watcher@npm:27.5.1" +"jest-watcher@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-watcher@npm:27.4.6" dependencies: - "@jest/test-result": ^27.5.1 - "@jest/types": ^27.5.1 + "@jest/test-result": ^27.4.6 + "@jest/types": ^27.4.2 "@types/node": "*" ansi-escapes: ^4.2.1 chalk: ^4.0.0 - jest-util: ^27.5.1 + jest-util: ^27.4.2 string-length: ^4.0.1 - checksum: 191c4e9c278c0902ade1a8a80883ac244963ba3e6e78607a3d5f729ccca9c6e71fb3b316f87883658132641c5d818aa84202585c76752e03c539e6cbecb820bd + checksum: bb9c0a34dcc690cef6430c275e81213620bc4ba6337e42302efa51666ac06781e9f6f50c930332396e4e8cd8cc47de8fb2e8de57da0f7e35a246b0206dde1cd3 languageName: node linkType: hard -"jest-worker@npm:^27.5.1": - version: 27.5.1 - resolution: "jest-worker@npm:27.5.1" +"jest-worker@npm:^27.4.6": + version: 27.4.6 + resolution: "jest-worker@npm:27.4.6" dependencies: "@types/node": "*" merge-stream: ^2.0.0 supports-color: ^8.0.0 - checksum: 98cd68b696781caed61c983a3ee30bf880b5bd021c01d98f47b143d4362b85d0737f8523761e2713d45e18b4f9a2b98af1eaee77afade4111bb65c77d6f7c980 + checksum: 105bcdf5c66700bbfe352bc09476629ca0858cfa819fcc1a37ea76660f0168d586c6e77aee8ea91eded5a20f40f331a0a81e503b5ba19f7b566204406b239466 languageName: node linkType: hard "jest@npm:^27.0.6": - version: 27.5.1 - resolution: "jest@npm:27.5.1" + version: 27.4.7 + resolution: "jest@npm:27.4.7" dependencies: - "@jest/core": ^27.5.1 + "@jest/core": ^27.4.7 import-local: ^3.0.2 - jest-cli: ^27.5.1 + jest-cli: ^27.4.7 peerDependencies: node-notifier: ^8.0.1 || ^9.0.0 || ^10.0.0 peerDependenciesMeta: @@ -6794,20 +6735,20 @@ __metadata: optional: true bin: jest: bin/jest.js - checksum: 96f1d69042b3c6dfc695f2a4e4b0db38af6fb78582ad1a02beaa57cfcd77cbd31567d7d865c1c85709b7c3e176eefa3b2035ffecd646005f15d8ef528eccf205 + checksum: 28ce948b30c074907393f37553acac4422d0f60190776e62b3403e4c742d33dd6012e3a20748254a43e38b5b4ce52d813b13a3a5be1d43d6d12429bd08ce1a23 languageName: node linkType: hard "joi@npm:^17.4.0": - version: 17.6.0 - resolution: "joi@npm:17.6.0" + version: 17.5.0 + resolution: "joi@npm:17.5.0" dependencies: "@hapi/hoek": ^9.0.0 "@hapi/topo": ^5.0.0 "@sideway/address": ^4.1.3 "@sideway/formula": ^3.0.0 "@sideway/pinpoint": ^2.0.0 - checksum: eaf62f6c02f2edb1042f1ab04fc23a5918a2cb8f54bec84c6e1033624d8a462c10ae9518af55a3ba84f1793960450d58094eda308e7ef93c17edd4e3c8ef31d5 + checksum: 6a20d009d2fa8a72dbfd9bc739d240f678b09d3a16c05b4bfb4e2d0503e60f7d7914250f0bfc52fb79a537490739ba36a1ace00a05b8ddecaaacfcedafc5c8b9 languageName: node linkType: hard @@ -6886,13 +6827,6 @@ __metadata: languageName: node linkType: hard -"json-buffer@npm:3.0.1, json-buffer@npm:~3.0.1": - version: 3.0.1 - resolution: "json-buffer@npm:3.0.1" - checksum: 9026b03edc2847eefa2e37646c579300a1f3a4586cfb62bf857832b60c852042d0d6ae55d1afb8926163fa54c2b01d83ae24705f34990348bdac6273a29d4581 - languageName: node - linkType: hard - "json-parse-better-errors@npm:^1.0.1": version: 1.0.2 resolution: "json-parse-better-errors@npm:1.0.2" @@ -6942,12 +6876,14 @@ __metadata: languageName: node linkType: hard -"json5@npm:2.x, json5@npm:^2.2.1": - version: 2.2.1 - resolution: "json5@npm:2.2.1" +"json5@npm:2.x, json5@npm:^2.1.2": + version: 2.2.0 + resolution: "json5@npm:2.2.0" + dependencies: + minimist: ^1.2.5 bin: json5: lib/cli.js - checksum: 74b8a23b102a6f2bf2d224797ae553a75488b5adbaee9c9b6e5ab8b510a2fc6e38f876d4c77dea672d4014a44b2399e15f2051ac2b37b87f74c0c7602003543b + checksum: e88fc5274bb58fc99547baa777886b069d2dd96d9cfc4490b305fd16d711dabd5979e35a4f90873cefbeb552e216b041a304fe56702bedba76e19bc7845f208d languageName: node linkType: hard @@ -7028,16 +6964,6 @@ __metadata: languageName: node linkType: hard -"keyv@npm:^4.0.0": - version: 4.2.2 - resolution: "keyv@npm:4.2.2" - dependencies: - compress-brotli: ^1.3.6 - json-buffer: 3.0.1 - checksum: 1d03674145339cb6d7509fd7791a2ea93c0a9b7ec10e475d621f4443b8bf877c21dc391ae1002dd1bade4f44e2093f850f1da81d08c03812b4592cd5ff028db7 - languageName: node - linkType: hard - "kind-of@npm:^3.0.2, kind-of@npm:^3.0.3, kind-of@npm:^3.2.0": version: 3.2.2 resolution: "kind-of@npm:3.2.2" @@ -7526,11 +7452,11 @@ __metadata: linkType: hard "marked@npm:^4.0.10": - version: 4.0.14 - resolution: "marked@npm:4.0.14" + version: 4.0.12 + resolution: "marked@npm:4.0.12" bin: marked: bin/marked.js - checksum: 778bc2fc94c51ae4fbafe5a08bc1f3917799c4dd39e9fccd972a97df4e5bc5aa78664b7143d12d4b4969608fb90c6a2de3f19811a2f9ccf6b7f207022f2842ba + checksum: 7575117f85a8986652f3ac8b8a7b95056c4c5fce01a1fc76dc4c7960412cb4c9bd9da8133487159b6b3ff84f52b543dfe9a36f826a5f358892b5ec4b6824f192 languageName: node linkType: hard @@ -7637,28 +7563,28 @@ __metadata: linkType: hard "micromatch@npm:^4.0.0, micromatch@npm:^4.0.2, micromatch@npm:^4.0.4": - version: 4.0.5 - resolution: "micromatch@npm:4.0.5" + version: 4.0.4 + resolution: "micromatch@npm:4.0.4" dependencies: - braces: ^3.0.2 - picomatch: ^2.3.1 - checksum: 02a17b671c06e8fefeeb6ef996119c1e597c942e632a21ef589154f23898c9c6a9858526246abb14f8bca6e77734aa9dcf65476fca47cedfb80d9577d52843fc + braces: ^3.0.1 + picomatch: ^2.2.3 + checksum: ef3d1c88e79e0a68b0e94a03137676f3324ac18a908c245a9e5936f838079fcc108ac7170a5fadc265a9c2596963462e402841406bda1a4bb7b68805601d631c languageName: node linkType: hard -"mime-db@npm:1.52.0, mime-db@npm:^1.28.0": - version: 1.52.0 - resolution: "mime-db@npm:1.52.0" - checksum: 0d99a03585f8b39d68182803b12ac601d9c01abfa28ec56204fa330bc9f3d1c5e14beb049bafadb3dbdf646dfb94b87e24d4ec7b31b7279ef906a8ea9b6a513f +"mime-db@npm:1.51.0, mime-db@npm:^1.28.0": + version: 1.51.0 + resolution: "mime-db@npm:1.51.0" + checksum: 613b1ac9d6e725cc24444600b124a7f1ce6c60b1baa654f39a3e260d0995a6dffc5693190217e271af7e2a5612dae19f2a73f3e316707d797a7391165f7ef423 languageName: node linkType: hard "mime-types@npm:^2.1.12": - version: 2.1.35 - resolution: "mime-types@npm:2.1.35" + version: 2.1.34 + resolution: "mime-types@npm:2.1.34" dependencies: - mime-db: 1.52.0 - checksum: 89a5b7f1def9f3af5dad6496c5ed50191ae4331cc5389d7c521c8ad28d5fdad2d06fd81baf38fed813dc4e46bb55c8145bb0ff406330818c9cf712fb2e9b3836 + mime-db: 1.51.0 + checksum: 67013de9e9d6799bde6d669d18785b7e18bcd212e710d3e04a4727f92f67a8ad4e74aee24be28b685adb794944814bde649119b58ee3282ffdbee58f9278d9f3 languageName: node linkType: hard @@ -7699,12 +7625,12 @@ __metadata: languageName: node linkType: hard -"minimatch@npm:^3.0.2, minimatch@npm:^3.0.4, minimatch@npm:^3.1.2": - version: 3.1.2 - resolution: "minimatch@npm:3.1.2" +"minimatch@npm:^3.0.2, minimatch@npm:^3.0.4": + version: 3.0.4 + resolution: "minimatch@npm:3.0.4" dependencies: brace-expansion: ^1.1.7 - checksum: c154e566406683e7bcb746e000b84d74465b3a832c45d59912b9b55cd50dee66e5c4b1e5566dba26154040e51672f9aa450a9aef0c97cfc7336b78b7afb9540a + checksum: 66ac295f8a7b59788000ea3749938b0970344c841750abd96694f80269b926ebcafad3deeb3f1da2522978b119e6ae3a5869b63b13a7859a456b3408bd18a078 languageName: node linkType: hard @@ -7728,10 +7654,10 @@ __metadata: languageName: node linkType: hard -"minimist@npm:^1.1.0, minimist@npm:^1.2.0, minimist@npm:^1.2.3, minimist@npm:^1.2.5, minimist@npm:^1.2.6": - version: 1.2.6 - resolution: "minimist@npm:1.2.6" - checksum: d15428cd1e11eb14e1233bcfb88ae07ed7a147de251441d61158619dfb32c4d7e9061d09cab4825fdee18ecd6fce323228c8c47b5ba7cd20af378ca4048fb3fb +"minimist@npm:^1.1.0, minimist@npm:^1.2.0, minimist@npm:^1.2.3, minimist@npm:^1.2.5": + version: 1.2.5 + resolution: "minimist@npm:1.2.5" + checksum: 86706ce5b36c16bfc35c5fe3dbb01d5acdc9a22f2b6cc810b6680656a1d2c0e44a0159c9a3ba51fb072bb5c203e49e10b51dcd0eec39c481f4c42086719bae52 languageName: node linkType: hard @@ -7837,13 +7763,13 @@ __metadata: linkType: hard "mkdirp@npm:^0.5.1": - version: 0.5.6 - resolution: "mkdirp@npm:0.5.6" + version: 0.5.5 + resolution: "mkdirp@npm:0.5.5" dependencies: - minimist: ^1.2.6 + minimist: ^1.2.5 bin: mkdirp: bin/cmd.js - checksum: 0c91b721bb12c3f9af4b77ebf73604baf350e64d80df91754dc509491ae93bf238581e59c7188360cec7cb62fc4100959245a42cfe01834efedc5e9d068376c2 + checksum: 3bce20ea525f9477befe458ab85284b0b66c8dc3812f94155af07c827175948cdd8114852ac6c6d82009b13c1048c37f6d98743eb019651ee25c39acc8aabe7d languageName: node linkType: hard @@ -7956,17 +7882,12 @@ __metadata: languageName: node linkType: hard -"node-fetch@npm:^2.6.7": - version: 2.6.7 - resolution: "node-fetch@npm:2.6.7" +"node-fetch@npm:^2.6.1": + version: 2.6.6 + resolution: "node-fetch@npm:2.6.6" dependencies: whatwg-url: ^5.0.0 - peerDependencies: - encoding: ^0.1.0 - peerDependenciesMeta: - encoding: - optional: true - checksum: 8d816ffd1ee22cab8301c7756ef04f3437f18dace86a1dae22cf81db8ef29c0bf6655f3215cb0cdb22b420b6fe141e64b26905e7f33f9377a7fa59135ea3e10b + checksum: ee8290626bdb73629c59722b75dcf4b9b6a67c1ed7eb9102e368479c4a13b56a48c2bb3ad71571e378e98c8b2c64c820e11f9cd39e4b8557dd138ad571ef9a42 languageName: node linkType: hard @@ -7997,7 +7918,7 @@ __metadata: languageName: node linkType: hard -"node-jq@npm:2.1.0": +"node-jq@npm:2.1.0, node-jq@npm:^2.1.0": version: 2.1.0 resolution: "node-jq@npm:2.1.0" dependencies: @@ -8014,24 +7935,10 @@ __metadata: languageName: node linkType: hard -"node-jq@npm:^2.1.0": - version: 2.3.3 - resolution: "node-jq@npm:2.3.3" - dependencies: - bin-build: ^3.0.0 - download: ^8.0.0 - is-valid-path: ^0.1.1 - joi: ^17.4.0 - strip-final-newline: ^2.0.0 - tempfile: ^3.0.0 - checksum: df757de694ed0b8991c34974c9785c7d0d0b36e497975613a665afc00a3e63386ec2432a95c25ad02756e9c5d3ba06b50c9fcb45126c4c0310e182097e807540 - languageName: node - linkType: hard - -"node-releases@npm:^2.0.3": - version: 2.0.3 - resolution: "node-releases@npm:2.0.3" - checksum: 5e555fbbebb3343a5d1e5f4e10e1737998bedc57472a35027410d17b2678ed9bc0e5fae008f513798a960eb8687159331b1f46f82a3210d39bd7c40d3c9dcead +"node-releases@npm:^2.0.1": + version: 2.0.1 + resolution: "node-releases@npm:2.0.1" + checksum: b20dd8d4bced11f75060f0387e05e76b9dc4a0451f7bb3516eade6f50499ea7768ba95d8a60d520c193402df1e58cb3fe301510cc1c1ad68949c3d57b5149866 languageName: node linkType: hard @@ -8116,12 +8023,12 @@ __metadata: languageName: node linkType: hard -"npm-audit-report@npm:^3.0.0": - version: 3.0.0 - resolution: "npm-audit-report@npm:3.0.0" +"npm-audit-report@npm:^2.1.5": + version: 2.1.5 + resolution: "npm-audit-report@npm:2.1.5" dependencies: chalk: ^4.0.0 - checksum: 3927972c14e1d9fd21a6ab2d3c2d651e20346ff9a784ea2fcdc2b1e3b3e23994fc0e8961c3c9f4aea857e3a995a556a77f4f0250dbaf6238c481c609ed912a92 + checksum: 9199c4331a29b478b7adbafe1bf463943f65cfd840f62ffe9e6263f0ae64d77725ea102126b3892ef3379a6770a6fe11e1f68ab4cb196c0045db2e1aeafc593d languageName: node linkType: hard @@ -8144,12 +8051,12 @@ __metadata: languageName: node linkType: hard -"npm-install-checks@npm:^5.0.0": - version: 5.0.0 - resolution: "npm-install-checks@npm:5.0.0" +"npm-install-checks@npm:^4.0.0": + version: 4.0.0 + resolution: "npm-install-checks@npm:4.0.0" dependencies: semver: ^7.1.1 - checksum: 0e7d1aae52b1fe9d3a0fd4a008850c7047931722dd49ee908afd13fd0297ac5ddb10964d9c59afcdaaa2ca04b51d75af2788f668c729ae71fec0e4cdac590ffc + checksum: 8308ff48e61e0863d7f148f62543e1f6c832525a7d8002ea742d5e478efa8b29bf65a87f9fb82786e15232e4b3d0362b126c45afdceed4c051c0d3c227dd0ace languageName: node linkType: hard @@ -8169,7 +8076,7 @@ __metadata: languageName: node linkType: hard -"npm-package-arg@npm:^9.0.0, npm-package-arg@npm:^9.0.1, npm-package-arg@npm:^9.0.2": +"npm-package-arg@npm:^9.0.0, npm-package-arg@npm:^9.0.1": version: 9.0.2 resolution: "npm-package-arg@npm:9.0.2" dependencies: @@ -8181,8 +8088,8 @@ __metadata: linkType: hard "npm-packlist@npm:^5.0.0": - version: 5.0.2 - resolution: "npm-packlist@npm:5.0.2" + version: 5.0.3 + resolution: "npm-packlist@npm:5.0.3" dependencies: glob: ^8.0.1 ignore-walk: ^5.0.1 @@ -8190,7 +8097,7 @@ __metadata: npm-normalize-package-bin: ^1.0.1 bin: npm-packlist: bin/index.js - checksum: ff2c295dea161c800c5c2d4254d6b864126333786edec7e56387a9184e966864e8e46a77aa8121db13f210232b6439c7425098ead377fe2fc287ac316c888f4d + checksum: ab8444928518e652e2d4f3de75dd979b695170c9c9c96882c601dfc5f9e47eca6af65a6599cd45f5ea4e77ee66254fd4cc91a6f34ec8cd7754af258cb99fbb61 languageName: node linkType: hard @@ -8266,20 +8173,21 @@ __metadata: linkType: hard "npm@npm:^8.3.0": - version: 8.7.0 - resolution: "npm@npm:8.7.0" + version: 8.5.5 + resolution: "npm@npm:8.5.5" dependencies: "@isaacs/string-locale-compare": ^1.1.0 - "@npmcli/arborist": ^5.0.4 + "@npmcli/arborist": ^5.0.3 "@npmcli/ci-detect": ^2.0.0 - "@npmcli/config": ^4.1.0 - "@npmcli/fs": ^2.1.0 + "@npmcli/config": ^4.0.1 "@npmcli/map-workspaces": ^2.0.2 - "@npmcli/package-json": ^2.0.0 + "@npmcli/package-json": ^1.0.1 "@npmcli/run-script": ^3.0.1 abbrev: ~1.1.1 + ansicolors: ~0.3.2 + ansistyles: ~0.1.3 archy: ~1.0.0 - cacache: ^16.0.4 + cacache: ^16.0.2 chalk: ^4.1.2 chownr: ^2.0.0 cli-columns: ^4.0.0 @@ -8287,10 +8195,10 @@ __metadata: columnify: ^1.6.0 fastest-levenshtein: ^1.0.12 glob: ^7.2.0 - graceful-fs: ^4.2.10 + graceful-fs: ^4.2.9 hosted-git-info: ^5.0.0 - ini: ^3.0.0 - init-package-json: ^3.0.2 + ini: ^2.0.0 + init-package-json: ^3.0.1 is-cidr: ^4.0.2 json-parse-even-better-errors: ^2.3.1 libnpmaccess: ^6.0.2 @@ -8304,7 +8212,7 @@ __metadata: libnpmsearch: ^5.0.2 libnpmteam: ^4.0.2 libnpmversion: ^3.0.1 - make-fetch-happen: ^10.1.2 + make-fetch-happen: ^10.0.6 minipass: ^3.1.6 minipass-pipeline: ^1.2.4 mkdirp: ^1.0.4 @@ -8312,37 +8220,37 @@ __metadata: ms: ^2.1.2 node-gyp: ^9.0.0 nopt: ^5.0.0 - npm-audit-report: ^3.0.0 - npm-install-checks: ^5.0.0 - npm-package-arg: ^9.0.2 - npm-pick-manifest: ^7.0.1 + npm-audit-report: ^2.1.5 + npm-install-checks: ^4.0.0 + npm-package-arg: ^9.0.1 + npm-pick-manifest: ^7.0.0 npm-profile: ^6.0.2 - npm-registry-fetch: ^13.1.0 + npm-registry-fetch: ^13.0.1 npm-user-validate: ^1.0.1 npmlog: ^6.0.1 opener: ^1.5.2 - pacote: ^13.1.1 - parse-conflict-json: ^2.0.2 - proc-log: ^2.0.1 + pacote: ^13.0.5 + parse-conflict-json: ^2.0.1 + proc-log: ^2.0.0 qrcode-terminal: ^0.12.0 read: ~1.0.7 read-package-json: ^5.0.0 read-package-json-fast: ^2.0.3 readdir-scoped-modules: ^1.1.0 rimraf: ^3.0.2 - semver: ^7.3.6 - ssri: ^9.0.0 + semver: ^7.3.5 + ssri: ^8.0.1 tar: ^6.1.11 text-table: ~0.2.0 tiny-relative-date: ^1.3.0 - treeverse: ^2.0.0 - validate-npm-package-name: ^4.0.0 + treeverse: ^1.0.4 + validate-npm-package-name: ~3.0.0 which: ^2.0.2 write-file-atomic: ^4.0.1 bin: npm: bin/npm-cli.js npx: bin/npx-cli.js - checksum: fd2334914e671986a92c78eadc1cb38d6f7c1b69db8ac9200848c958d0c9b5921194bc1b6ced658a9b2f36fa2c7aa41ad85a7f86a0c83a125abb6d29d8dcf9f1 + checksum: f48fbac8c76a0afa709aaeb3ffeb2d6886b88577f6f7f54e91bc0d6169f6ec90f402bbd6ab7e643347970d95d43860f35b0dc0343664222def47cc6042ccf74a languageName: node linkType: hard @@ -8383,14 +8291,14 @@ __metadata: languageName: node linkType: hard -"object-inspect@npm:^1.12.0, object-inspect@npm:^1.9.0": +"object-inspect@npm:^1.11.0, object-inspect@npm:^1.9.0": version: 1.12.0 resolution: "object-inspect@npm:1.12.0" checksum: 2b36d4001a9c921c6b342e2965734519c9c58c355822243c3207fbf0aac271f8d44d30d2d570d450b2cc6f0f00b72bcdba515c37827d2560e5f22b1899a31cf4 languageName: node linkType: hard -"object-keys@npm:^1.1.1": +"object-keys@npm:^1.0.12, object-keys@npm:^1.1.1": version: 1.1.1 resolution: "object-keys@npm:1.1.1" checksum: b363c5e7644b1e1b04aa507e88dcb8e3a2f52b6ffd0ea801e4c7a62d5aa559affe21c55a07fd4b1fd55fc03a33c610d73426664b20032405d7b92a1414c34d6a @@ -8752,8 +8660,8 @@ __metadata: linkType: hard "pacote@npm:^13.0.3, pacote@npm:^13.0.5": - version: 13.1.1 - resolution: "pacote@npm:13.1.1" + version: 13.3.0 + resolution: "pacote@npm:13.3.0" dependencies: "@npmcli/git": ^3.0.0 "@npmcli/installed-package-contents": ^1.0.7 @@ -8778,7 +8686,7 @@ __metadata: tar: ^6.1.11 bin: pacote: lib/bin.js - checksum: e8309d80cef6299f120311fe5f82a493b1deae8f0a1985e102aec859bbffa087fc68f6fe73141f12427e297fd25e3ca9eef67633d477c392e1dc4bb0f8d1d33b + checksum: 49badbafac64e7cd9c87aa14342424ee90946e0ac729faeffb489a94ed6cdab815bd7ffec7673b4863e20e113ee678b8038ace95ee2fc1f58206bc4482ff0bf5 languageName: node linkType: hard @@ -8791,7 +8699,7 @@ __metadata: languageName: node linkType: hard -"parse-conflict-json@npm:^2.0.1, parse-conflict-json@npm:^2.0.2": +"parse-conflict-json@npm:^2.0.1": version: 2.0.2 resolution: "parse-conflict-json@npm:2.0.2" dependencies: @@ -8920,7 +8828,7 @@ __metadata: languageName: node linkType: hard -"picomatch@npm:^2.0.4, picomatch@npm:^2.2.3, picomatch@npm:^2.3.1": +"picomatch@npm:^2.0.4, picomatch@npm:^2.2.3": version: 2.3.1 resolution: "picomatch@npm:2.3.1" checksum: 050c865ce81119c4822c45d3c84f1ced46f93a0126febae20737bd05ca20589c564d6e9226977df859ed5e03dc73f02584a2b0faad36e896936238238b0446cf @@ -8965,9 +8873,9 @@ __metadata: linkType: hard "pirates@npm:^4.0.4": - version: 4.0.5 - resolution: "pirates@npm:4.0.5" - checksum: c9994e61b85260bec6c4fc0307016340d9b0c4f4b6550a957afaaff0c9b1ad58fbbea5cfcf083860a25cb27a375442e2b0edf52e2e1e40e69934e08dcc52d227 + version: 4.0.4 + resolution: "pirates@npm:4.0.4" + checksum: 6b7187d526fd025a2b91e8fd289c78d88c4adc3ea947b9facbe9cb300a896b0ec00f3e77b36a043001695312a8debbf714453495283bd8a4eaad3bc0c38df425 languageName: node linkType: hard @@ -9057,26 +8965,26 @@ __metadata: linkType: hard "prettier@npm:^2.4.1, prettier@npm:^2.5.1": - version: 2.6.2 - resolution: "prettier@npm:2.6.2" + version: 2.5.1 + resolution: "prettier@npm:2.5.1" bin: prettier: bin-prettier.js - checksum: 48d08dde8e9fb1f5bccdd205baa7f192e9fc8bc98f86e1b97d919de804e28c806b0e6cc685e4a88211aa7987fa9668f30baae19580d87ced3ed0f2ec6572106f + checksum: 21b9408476ea1c544b0e45d51ceb94a84789ff92095abb710942d780c862d0daebdb29972d47f6b4d0f7ebbfb0ffbf56cc2cfa3e3e9d1cca54864af185b15b66 languageName: node linkType: hard -"pretty-format@npm:^27.0.0, pretty-format@npm:^27.5.1": - version: 27.5.1 - resolution: "pretty-format@npm:27.5.1" +"pretty-format@npm:^27.0.0, pretty-format@npm:^27.4.6": + version: 27.4.6 + resolution: "pretty-format@npm:27.4.6" dependencies: ansi-regex: ^5.0.1 ansi-styles: ^5.0.0 react-is: ^17.0.1 - checksum: cf610cffcb793885d16f184a62162f2dd0df31642d9a18edf4ca298e909a8fe80bdbf556d5c9573992c102ce8bf948691da91bf9739bee0ffb6e79c8a8a6e088 + checksum: 5eda32e4e47ddd1a9e8fe9ebef519b217ba403eb8bcb804ba551dfb37f87e674472013fcf78480ab535844fdddcc706fac94511eba349bfb94a138a02d1a7a59 languageName: node linkType: hard -"proc-log@npm:^2.0.0, proc-log@npm:^2.0.1": +"proc-log@npm:^2.0.0": version: 2.0.1 resolution: "proc-log@npm:2.0.1" checksum: f6f23564ff759097db37443e6e2765af84979a703d2c52c1b9df506ee9f87caa101ba49d8fdc115c1a313ec78e37e8134704e9069e6a870f3499d98bb24c436f @@ -9208,15 +9116,6 @@ __metadata: languageName: node linkType: hard -"qs@npm:^6.9.4": - version: 6.10.3 - resolution: "qs@npm:6.10.3" - dependencies: - side-channel: ^1.0.4 - checksum: 0fac5e6c7191d0295a96d0e83c851aeb015df7e990e4d3b093897d3ac6c94e555dbd0a599739c84d7fa46d7fee282d94ba76943983935cf33bba6769539b8019 - languageName: node - linkType: hard - "query-string@npm:^5.0.1": version: 5.1.1 resolution: "query-string@npm:5.1.1" @@ -9585,29 +9484,29 @@ __metadata: languageName: node linkType: hard -"resolve@npm:^1.1.6, resolve@npm:^1.1.7, resolve@npm:^1.10.0, resolve@npm:^1.20.0, resolve@npm:^1.22.0": - version: 1.22.0 - resolution: "resolve@npm:1.22.0" +"resolve@npm:^1.1.6, resolve@npm:^1.1.7, resolve@npm:^1.10.0, resolve@npm:^1.20.0": + version: 1.21.0 + resolution: "resolve@npm:1.21.0" dependencies: - is-core-module: ^2.8.1 + is-core-module: ^2.8.0 path-parse: ^1.0.7 supports-preserve-symlinks-flag: ^1.0.0 bin: resolve: bin/resolve - checksum: a2d14cc437b3a23996f8c7367eee5c7cf8149c586b07ca2ae00e96581ce59455555a1190be9aa92154785cf9f2042646c200d0e00e0bbd2b8a995a93a0ed3e4e + checksum: d7d9092a5c04a048bea16c7e5a2eb605ac3e8363a0cc5644de1fde17d5028e8d5f4343aab1d99bd327b98e91a66ea83e242718150c64dfedcb96e5e7aad6c4f5 languageName: node linkType: hard -"resolve@patch:resolve@^1.1.6#~builtin, resolve@patch:resolve@^1.1.7#~builtin, resolve@patch:resolve@^1.10.0#~builtin, resolve@patch:resolve@^1.20.0#~builtin, resolve@patch:resolve@^1.22.0#~builtin": - version: 1.22.0 - resolution: "resolve@patch:resolve@npm%3A1.22.0#~builtin::version=1.22.0&hash=07638b" +"resolve@patch:resolve@^1.1.6#~builtin, resolve@patch:resolve@^1.1.7#~builtin, resolve@patch:resolve@^1.10.0#~builtin, resolve@patch:resolve@^1.20.0#~builtin": + version: 1.21.0 + resolution: "resolve@patch:resolve@npm%3A1.21.0#~builtin::version=1.21.0&hash=07638b" dependencies: - is-core-module: ^2.8.1 + is-core-module: ^2.8.0 path-parse: ^1.0.7 supports-preserve-symlinks-flag: ^1.0.0 bin: resolve: bin/resolve - checksum: c79ecaea36c872ee4a79e3db0d3d4160b593f2ca16e031d8283735acd01715a203607e9ded3f91f68899c2937fa0d49390cddbe0fb2852629212f3cda283f4a7 + checksum: a0a4d1f7409e73190f31f901f8a619960bb3bd4ae38ba3a54c7ea7e1c87758d28a73256bb8d6a35996a903d1bf14f53883f0dcac6c571c063cb8162d813ad26e languageName: node linkType: hard @@ -9685,16 +9584,16 @@ __metadata: languageName: node linkType: hard -"rxjs@npm:^7.5.5": - version: 7.5.5 - resolution: "rxjs@npm:7.5.5" +"rxjs@npm:^7.2.0": + version: 7.5.1 + resolution: "rxjs@npm:7.5.1" dependencies: tslib: ^2.1.0 - checksum: e034f60805210cce756dd2f49664a8108780b117cf5d0e2281506e9e6387f7b4f1532d974a8c8b09314fa7a16dd2f6cff3462072a5789672b5dcb45c4173f3c6 + checksum: 78e3eecb1644dd83adabc8d956f879dca62eb19c8afcd6acac71cf6d94534c33ea201e65387494fdeb1332395cba081e194f5a9699d58a5d48e416b8b52372aa languageName: node linkType: hard -"safe-buffer@npm:5.2.1, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.1.1": +"safe-buffer@npm:5.2.1, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.1.1, safe-buffer@npm:~5.2.0": version: 5.2.1 resolution: "safe-buffer@npm:5.2.1" checksum: b99c4b41fdd67a6aaf280fcd05e9ffb0813654894223afb78a31f14a19ad220bba8aba1cb14eddce1fcfb037155fe6de4e861784eb434f7d11ed58d1e70dd491 @@ -9886,7 +9785,7 @@ __metadata: languageName: node linkType: hard -"shelljs@npm:^0.8.5": +"shelljs@npm:^0.8.4": version: 0.8.5 resolution: "shelljs@npm:0.8.5" dependencies: @@ -9900,14 +9799,14 @@ __metadata: linkType: hard "shx@npm:^0.3.3": - version: 0.3.4 - resolution: "shx@npm:0.3.4" + version: 0.3.3 + resolution: "shx@npm:0.3.3" dependencies: minimist: ^1.2.3 - shelljs: ^0.8.5 + shelljs: ^0.8.4 bin: shx: lib/cli.js - checksum: 0aa168bfddc11e3fe8943cce2e0d2d8514a560bd58cf2b835b4351ba03f46068f7d88286c2627f4b85604e81952154c43746369fb3f0d60df0e3b511f465e5b8 + checksum: 2e408a79c680cef4d719a56563217031ef20d5c2c18fdfe28933e22d833adabd995ad6fa6be087a141832cb17010facfc0288e90a6743c0276b478759fd393e0 languageName: node linkType: hard @@ -10037,11 +9936,11 @@ __metadata: linkType: hard "sonic-boom@npm:^2.1.0": - version: 2.7.0 - resolution: "sonic-boom@npm:2.7.0" + version: 2.4.2 + resolution: "sonic-boom@npm:2.4.2" dependencies: atomic-sleep: ^1.0.0 - checksum: 00dfa56fe9f3b9989fed08809c48645b1ea33759d81a22319ab87211a64e6834c33909dbfa75aa0ec6f6a7502290342a79ce7ba460d137a58579a2acb8ebe835 + checksum: 2f63eb28f95e742f2d1f022cf0e3e9df427d0d5c2fd4d24185ac983f60dfd2b45a2d8631e7a88e4d2c21a141cd2890af5aa3ed642ad8edb8716f8f3e017131b6 languageName: node linkType: hard @@ -10207,12 +10106,12 @@ __metadata: languageName: node linkType: hard -"ssri@npm:^9.0.0": - version: 9.0.0 - resolution: "ssri@npm:9.0.0" +"ssri@npm:^8.0.1": + version: 8.0.1 + resolution: "ssri@npm:8.0.1" dependencies: minipass: ^3.1.1 - checksum: bf33174232d07cc64e77ab1c51b55d28352273380c503d35642a19627e88a2c5f160039bb0a28608a353485075dda084dbf0390c7070f9f284559eb71d01b84b + checksum: bc447f5af814fa9713aa201ec2522208ae0f4d8f3bda7a1f445a797c7b929a02720436ff7c478fb5edc4045adb02b1b88d2341b436a80798734e2494f1067b36 languageName: node linkType: hard @@ -10318,7 +10217,16 @@ __metadata: languageName: node linkType: hard -"string_decoder@npm:^1.1.1, string_decoder@npm:~1.1.1": +"string_decoder@npm:^1.1.1": + version: 1.3.0 + resolution: "string_decoder@npm:1.3.0" + dependencies: + safe-buffer: ~5.2.0 + checksum: 8417646695a66e73aefc4420eb3b84cc9ffd89572861fe004e6aeb13c7bc00e2f616247505d2dbbef24247c372f70268f594af7126f43548565c68c117bdeb56 + languageName: node + linkType: hard + +"string_decoder@npm:~1.1.1": version: 1.1.1 resolution: "string_decoder@npm:1.1.1" dependencies: @@ -10774,10 +10682,10 @@ __metadata: languageName: node linkType: hard -"treeverse@npm:^2.0.0": - version: 2.0.0 - resolution: "treeverse@npm:2.0.0" - checksum: 3c6b2b890975a4d42c86b9a0f1eb932b4450db3fa874be5c301c4f5e306fd76330c6a490cf334b0937b3a44b049787ba5d98c88bc7b140f34fdb3ab1f83e5269 +"treeverse@npm:^1.0.4": + version: 1.0.4 + resolution: "treeverse@npm:1.0.4" + checksum: 712640acd811060ff552a3c761f700d18d22a4da544d31b4e290817ac4bbbfcfe33b58f85e7a5787e6ff7351d3a9100670721a289ca14eb87b36ad8a0c20ebd8 languageName: node linkType: hard @@ -10812,8 +10720,8 @@ __metadata: linkType: hard "ts-jest@npm:^27.0.4": - version: 27.1.4 - resolution: "ts-jest@npm:27.1.4" + version: 27.1.2 + resolution: "ts-jest@npm:27.1.2" dependencies: bs-logger: 0.x fast-json-stable-stringify: 2.x @@ -10827,6 +10735,7 @@ __metadata: "@babel/core": ">=7.0.0-beta.0 <8" "@types/jest": ^27.0.0 babel-jest: ">=27.0.0 <28" + esbuild: ~0.14.0 jest: ^27.0.0 typescript: ">=3.8 <5.0" peerDependenciesMeta: @@ -10840,19 +10749,19 @@ __metadata: optional: true bin: ts-jest: cli.js - checksum: d2cc2719ed2884a880ab50d2c14c311834be9c88bc79d0064fa0189afce5c296d7676314d26cc3f7e82ddd52df272c2d4137a832c89616f30cbe8f43e30f9a29 + checksum: 2e7275f8a3545ec1340b37c458ace9244b5903e86861eb108beffff97d433f296c1254f76a41b573b1fe6245110b21bb62150bb88d55159f1dc7a929886535cb languageName: node linkType: hard -"tsconfig-paths@npm:^3.14.1": - version: 3.14.1 - resolution: "tsconfig-paths@npm:3.14.1" +"tsconfig-paths@npm:^3.12.0": + version: 3.12.0 + resolution: "tsconfig-paths@npm:3.12.0" dependencies: "@types/json5": ^0.0.29 json5: ^1.0.1 - minimist: ^1.2.6 + minimist: ^1.2.0 strip-bom: ^3.0.0 - checksum: 8afa01c673ebb4782ba53d3a12df97fa837ce524f8ad38ee4e2b2fd57f5ac79abc21c574e9e9eb014d93efe7fe8214001b96233b5c6ea75bd1ea82afe17a4c6d + checksum: 4999ec6cd1c7cc06750a460dbc0d39fe3595a4308cb5f1d0d0a8283009cf9c0a30d5a156508c28fe3a47760508af5263ab288fc23d71e9762779674257a95d3b languageName: node linkType: hard @@ -10863,14 +10772,7 @@ __metadata: languageName: node linkType: hard -"tslib@npm:^2.1.0, tslib@npm:^2.3.1": - version: 2.4.0 - resolution: "tslib@npm:2.4.0" - checksum: 8c4aa6a3c5a754bf76aefc38026134180c053b7bd2f81338cb5e5ebf96fefa0f417bff221592bf801077f5bf990562f6264fecbc42cd3309b33872cb6fc3b113 - languageName: node - linkType: hard - -"tslib@npm:~2.3.0": +"tslib@npm:^2.1.0, tslib@npm:^2.3.1, tslib@npm:~2.3.0": version: 2.3.1 resolution: "tslib@npm:2.3.1" checksum: de17a98d4614481f7fcb5cd53ffc1aaf8654313be0291e1bfaee4b4bb31a20494b7d218ff2e15017883e8ea9626599b3b0e0229c18383ba9dce89da2adf15cb9 @@ -10972,9 +10874,9 @@ __metadata: linkType: hard "type-fest@npm:^2.0.0": - version: 2.12.2 - resolution: "type-fest@npm:2.12.2" - checksum: ee69676da1f69d2b14bbec28c7b95220a3221ab14093f54bde179c59e185a80470859553eada535ec35d8637a245c2f0efe9d7c99cc46a43f3b4c7ef64db7957 + version: 2.12.1 + resolution: "type-fest@npm:2.12.1" + checksum: faac07668190b7709c16ba4696e42b6cc83b702fa11e8936ce94d9ed1415eb9034b157ae25bba23e222d755e031787f7b92552710704d55e39aadcc27f0ee1da languageName: node linkType: hard @@ -10988,43 +10890,43 @@ __metadata: linkType: hard "typescript@npm:^4.3.5": - version: 4.6.3 - resolution: "typescript@npm:4.6.3" + version: 4.5.4 + resolution: "typescript@npm:4.5.4" bin: tsc: bin/tsc tsserver: bin/tsserver - checksum: 255bb26c8cb846ca689dd1c3a56587af4f69055907aa2c154796ea28ee0dea871535b1c78f85a6212c77f2657843a269c3a742d09d81495b97b914bf7920415b + checksum: 59f3243f9cd6fe3161e6150ff6bf795fc843b4234a655dbd938a310515e0d61afd1ac942799e7415e4334255e41c2c49b7dd5d9fd38a17acd25a6779ca7e0961 languageName: node linkType: hard "typescript@patch:typescript@^4.3.5#~builtin": - version: 4.6.3 - resolution: "typescript@patch:typescript@npm%3A4.6.3#~builtin::version=4.6.3&hash=bda367" + version: 4.5.4 + resolution: "typescript@patch:typescript@npm%3A4.5.4#~builtin::version=4.5.4&hash=bda367" bin: tsc: bin/tsc tsserver: bin/tsserver - checksum: 6bf45caf847062420592e711bc9c28bf5f9a9a7fa8245343b81493e4ededae33f1774009d1234d911422d1646a2c839f44e1a23ecb111b40a60ac2ea4c1482a8 + checksum: eda87927f9cfb94aca9b5e47842daf37347ad3073133e17f556fbb6c18f3493c5b551eedab0f4b26774235ddb7acbe0087250d5285f72ce6819a0891dd5a74ed languageName: node linkType: hard "uglify-js@npm:^3.1.4": - version: 3.15.4 - resolution: "uglify-js@npm:3.15.4" + version: 3.14.5 + resolution: "uglify-js@npm:3.14.5" bin: uglifyjs: bin/uglifyjs - checksum: 5f673c5dd7f3b3dd15d1d26aebfe29bccbb1b896c4b5423ec70a2e8b9506c70b6fb6a53dec83df5ad65a717ec9a850adf08e0aedf9b1711eac5eb080216615fa + checksum: 0330eb11a36f4181b6d9a00336355989bfad9dd2203049fc63a59454b0d12337612272ad011bc571b9a382bf74d829ca20409ebfe089e38edb26cfc06bfa2cc9 languageName: node linkType: hard "unbox-primitive@npm:^1.0.1": - version: 1.0.2 - resolution: "unbox-primitive@npm:1.0.2" + version: 1.0.1 + resolution: "unbox-primitive@npm:1.0.1" dependencies: - call-bind: ^1.0.2 - has-bigints: ^1.0.2 - has-symbols: ^1.0.3 + function-bind: ^1.1.1 + has-bigints: ^1.0.1 + has-symbols: ^1.0.2 which-boxed-primitive: ^1.0.2 - checksum: b7a1cf5862b5e4b5deb091672ffa579aa274f648410009c81cca63fed3b62b610c4f3b773f912ce545bb4e31edc3138975b5bc777fc6e4817dca51affb6380e9 + checksum: 89d950e18fb45672bc6b3c961f1e72c07beb9640c7ceed847b571ba6f7d2af570ae1a2584cfee268b9d9ea1e3293f7e33e0bc29eaeb9f8e8a0bab057ff9e6bba languageName: node linkType: hard @@ -11212,13 +11114,13 @@ __metadata: linkType: hard "v8-to-istanbul@npm:^8.1.0": - version: 8.1.1 - resolution: "v8-to-istanbul@npm:8.1.1" + version: 8.1.0 + resolution: "v8-to-istanbul@npm:8.1.0" dependencies: "@types/istanbul-lib-coverage": ^2.0.1 convert-source-map: ^1.6.0 source-map: ^0.7.3 - checksum: 54ce92bec2727879626f623d02c8d193f0c7e919941fa373ec135189a8382265117f5316ea317a1e12a5f9c13d84d8449052a731fe3306fa4beaafbfa4cab229 + checksum: c7dabf9567e0c210b24d0720e553803cbe1ff81edb1ec7f2080eb4be01ed081a40286cc9f4aaa86d1bf8d57840cefae8fdf326b7cb8faa316ba50c7b948030d4 languageName: node linkType: hard @@ -11241,6 +11143,15 @@ __metadata: languageName: node linkType: hard +"validate-npm-package-name@npm:~3.0.0": + version: 3.0.0 + resolution: "validate-npm-package-name@npm:3.0.0" + dependencies: + builtins: ^1.0.3 + checksum: ce4c68207abfb22c05eedb09ff97adbcedc80304a235a0844f5344f1fd5086aa80e4dbec5684d6094e26e35065277b765c1caef68bcea66b9056761eddb22967 + languageName: node + linkType: hard + "w3c-hr-time@npm:^1.0.2": version: 1.0.2 resolution: "w3c-hr-time@npm:1.0.2" @@ -11441,8 +11352,8 @@ __metadata: linkType: hard "ws@npm:^7.4.6": - version: 7.5.7 - resolution: "ws@npm:7.5.7" + version: 7.5.6 + resolution: "ws@npm:7.5.6" peerDependencies: bufferutil: ^4.0.1 utf-8-validate: ^5.0.2 @@ -11451,7 +11362,7 @@ __metadata: optional: true utf-8-validate: optional: true - checksum: 5c1f669a166fb57560b4e07f201375137fa31d9186afde78b1508926345ce546332f109081574ddc4e38cc474c5406b5fc71c18d71eb75f6e2d2245576976cba + checksum: 0c2ffc9a539dd61dd2b00ff6cc5c98a3371e2521011fe23da4b3578bb7ac26cbdf7ca8a68e8e08023c122ae247013216dde2a20c908de415a6bcc87bdef68c87 languageName: node linkType: hard @@ -11504,7 +11415,14 @@ __metadata: languageName: node linkType: hard -"yargs-parser@npm:20.x, yargs-parser@npm:^20.2.2, yargs-parser@npm:^20.2.3, yargs-parser@npm:^20.2.9": +"yargs-parser@npm:20.x, yargs-parser@npm:^20.2.2, yargs-parser@npm:^20.2.3": + version: 20.2.4 + resolution: "yargs-parser@npm:20.2.4" + checksum: d251998a374b2743a20271c2fd752b9fbef24eb881d53a3b99a7caa5e8227fcafd9abf1f345ac5de46435821be25ec12189a11030c12ee6481fef6863ed8b924 + languageName: node + linkType: hard + +"yargs-parser@npm:^20.2.9": version: 20.2.9 resolution: "yargs-parser@npm:20.2.9" checksum: 8bb69015f2b0ff9e17b2c8e6bfe224ab463dd00ca211eece72a4cd8a906224d2703fb8a326d36fdd0e68701e201b2a60ed7cf81ce0fd9b3799f9fe7745977ae3