diff --git a/.devcontainer/Dockerfile.hardened b/.devcontainer/Dockerfile.hardened new file mode 100644 index 000000000000..6d9ac0b52703 --- /dev/null +++ b/.devcontainer/Dockerfile.hardened @@ -0,0 +1,24 @@ +# Security-hardened Dockerfile for devcontainer +# Uses specific pinned versions for security + +# Use specific pinned version instead of "latest" or "dev" +ARG VARIANT="1.0.19-22-bullseye" +FROM mcr.microsoft.com/devcontainers/javascript-node:${VARIANT} + +# Set security-focused environment variables +ENV NODE_ENV=development +ENV NPM_CONFIG_AUDIT_LEVEL=moderate + +# Update packages and install security updates only +USER root +RUN apt-get update \ + && apt-get upgrade -y \ + && apt-get autoremove -y \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Switch back to non-root user for security +USER node + +# Set working directory +WORKDIR /workspaces/docs \ No newline at end of file diff --git a/.devcontainer/README.md b/.devcontainer/README.md new file mode 100644 index 000000000000..400fc3fbe183 --- /dev/null +++ b/.devcontainer/README.md @@ -0,0 +1,104 @@ +# Devcontainer Security Hardening + +This directory contains security-hardened devcontainer configurations for the GitHub Docs project. These configurations follow security best practices to minimize potential attack vectors while maintaining development functionality. + +## Available Configurations + +### 1. Default Configuration (`devcontainer.json`) +- **Security Level**: Moderate +- **Use Case**: Standard development with basic security hardening +- **Key Security Features**: + - Removed SSH daemon access + - Pinned GitHub CLI version + - Disabled automatic git fetching + - Removed external repository permissions + - Disabled automatic server startup + - Commented out automatic port visibility + +### 2. Hardened Configuration (`devcontainer.hardened.json`) +- **Security Level**: High +- **Use Case**: Security-focused development with minimal features +- **Key Security Features**: + - Minimal extension set + - No automatic command execution + - Manual dependency installation required + - Reduced resource allocation + - Explicit security-focused naming + +### 3. Team A Secure Configuration (`team-a-secure/devcontainer.json`) +- **Security Level**: High +- **Use Case**: Team-specific secure configuration +- **Key Security Features**: + - Team-specific extension subset + - Manual setup required + - Reduced resource requirements + +### 4. Team B Secure Configuration (`team-b-secure/devcontainer.json`) +- **Security Level**: Maximum +- **Use Case**: Ultra-secure development environment +- **Key Security Features**: + - Minimal extension set (only essential linting) + - No automatic commands whatsoever + - Workspace trust required + - Git sync confirmation required + - Minimal resource allocation + +## Security Improvements + +### Removed Security Risks +1. **SSH Daemon**: Removed `"sshd": "latest"` feature that provided remote access +2. **External Repository Access**: Removed automatic permissions for `github/docs-early-access` +3. **Automatic Command Execution**: Minimized or removed automatic lifecycle commands +4. **Unpinned Versions**: Changed `"latest"` to specific pinned versions +5. **Auto-fetching**: Disabled automatic git fetch operations + +### Enhanced Security Features +1. **Version Pinning**: All features use specific versions instead of "latest" +2. **Minimal Extensions**: Reduced extension sets to only essential tools +3. **Manual Operations**: Require manual approval for sensitive operations +4. **Resource Limits**: Reduced resource allocation where appropriate +5. **Non-root User**: Maintained non-root user execution + +## Usage + +### Selecting a Configuration +When creating a codespace, you can choose from the available configurations: +- Default project configuration (moderately hardened) +- Team A codespace config (highly secure) +- Team B codespace config (maximum security) + +### Manual Setup Requirements +For security-hardened configurations: +1. Install dependencies: `npm ci` +2. Start the development server: `npm start` +3. Configure port visibility manually if needed: `gh cs ports visibility 4000:public` + +## Security Best Practices + +1. **Review Configuration**: Always review devcontainer configurations before use +2. **Minimal Permissions**: Only grant necessary permissions and features +3. **Manual Operations**: Prefer manual over automatic operations for sensitive tasks +4. **Version Pinning**: Use specific versions instead of "latest" tags +5. **Regular Updates**: Keep pinned versions updated but test changes thoroughly + +## Migration Guide + +### From Standard to Hardened Configuration +1. Switch to `devcontainer.hardened.json` or team-specific configuration +2. Install dependencies manually: `npm ci` +3. Start development server manually: `npm start` +4. Configure port visibility if needed: `gh cs ports visibility 4000:public` + +### Custom Team Configurations +To create a custom secure configuration: +1. Copy an existing team configuration +2. Customize extensions and settings for your team's needs +3. Follow the minimal permissions principle +4. Test the configuration thoroughly + +## Security Considerations + +- These configurations prioritize security over convenience +- Some automatic features have been disabled and require manual intervention +- External repository access must be granted explicitly when needed +- Review and approve all configuration changes through your security review process \ No newline at end of file diff --git a/.devcontainer/devcontainer.hardened.json b/.devcontainer/devcontainer.hardened.json new file mode 100644 index 000000000000..b1c1abf31093 --- /dev/null +++ b/.devcontainer/devcontainer.hardened.json @@ -0,0 +1,69 @@ +// Hardened devcontainer configuration for enhanced security +// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at: +// https://github.com/microsoft/vscode-dev-containers/tree/v0.177.0/containers/javascript-node +// - Security hardened version with minimal features and restricted access +{ + "name": "docs.github.com (Security Hardened)", + "build": { + "dockerfile": "Dockerfile.hardened", + // Use specific Node version instead of generic variant + "args": { "VARIANT": "22" } + }, + + // Minimal features - removed SSH daemon for security + "features": { + // Only essential GitHub CLI, pinned to specific version + "ghcr.io/devcontainers/features/github-cli:1": { + "version": "2.40.1" + } + }, + + "customizations": { + "vscode": { + // Set *default* container specific settings.json values on container create. + "settings": { + "terminal.integrated.shell.linux": "/bin/bash", + "cSpell.language": ",en", + // Disable auto-fetch for security - manual fetching required + "git.autofetch": false + }, + // Minimal essential extensions only - removed potential security risks + "extensions": [ + "dbaeumer.vscode-eslint", + "sissel.shopify-liquid", + "davidanson.vscode-markdownlint", + "bierner.markdown-preview-github-styles", + "streetsidesoftware.code-spell-checker" + // Removed extensions that could pose security risks: + // - Custom extensions that might have privileged access + // - GitHub Copilot extensions (can be added manually if needed) + ] + } + // Removed codespaces repository permissions for security + // External repository access must be granted manually + }, + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + "forwardPorts": [4000], + + "portsAttributes": { + "4000": { + "label": "Review" + } + }, + + // Security hardened lifecycle commands - minimal automatic execution + // Manual setup required for enhanced security + "onCreateCommand": "echo 'Security hardened container created. Run npm ci manually to install dependencies.'", + // Removed automatic npm start for security - manual startup required + // Removed automatic port visibility command - manual configuration required + + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "node", + + // Reduced resource requirements for security-focused lightweight setup + "hostRequirements": { + "memory": "8gb", + "cpus": "2" + } +} \ No newline at end of file diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 3de3f41ff020..d32e632cfbe6 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,5 +1,8 @@ // For format details, see https://aka.ms/devcontainer.json. For config options, see the README at: // https://github.com/microsoft/vscode-dev-containers/tree/v0.177.0/containers/javascript-node +// +// SECURITY NOTE: This configuration has been hardened for security. +// See .devcontainer/README.md for details on security improvements and available configurations. // - { "name": "docs.github.com", @@ -10,9 +13,11 @@ }, // Install features. Type 'feature' in the VS Code command palette for a full list. + // Security hardened: removed SSH daemon, pinned GitHub CLI version "features": { - "sshd": "latest", - "ghcr.io/devcontainers/features/github-cli:1": {} + "ghcr.io/devcontainers/features/github-cli:1": { + "version": "2.40.1" + } }, "customizations": { @@ -21,7 +26,8 @@ "settings": { "terminal.integrated.shell.linux": "/bin/bash", "cSpell.language": ",en", - "git.autofetch": true + // Security: disabled auto-fetch, manual git operations recommended + "git.autofetch": false }, // Visual Studio Code extensions which help authoring for docs.github.com. "extensions": [ @@ -37,16 +43,9 @@ "GitHub.copilot-chat" ] }, - "codespaces": { - "repositories": { - // allow Codespaces to pull from separate repo when user has access - "github/docs-early-access": { - "permissions": { - "contents": "write" - } - } - } - } + // Security hardened: removed external repository permissions + // External repository access must be granted manually as needed + "codespaces": {} }, // Use 'forwardPorts' to make a list of ports inside the container available locally. @@ -58,11 +57,12 @@ } }, - // Lifecycle commands + // Security hardened lifecycle commands + // Reduced automatic command execution for enhanced security "onCreateCommand": "npm ci", - "postStartCommand": "nohup bash -c 'npm start &'", - // Set the port to be public - "postAttachCommand": "gh cs ports visibility 4000:public -c \"$CODESPACE_NAME\"", + "postStartCommand": "echo 'Container started. Run npm start manually when ready.'", + // Security: removed automatic port visibility command - manual configuration required + // "postAttachCommand": "gh cs ports visibility 4000:public -c \"$CODESPACE_NAME\"", // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. "remoteUser": "node", diff --git a/.devcontainer/team-a-secure/devcontainer.json b/.devcontainer/team-a-secure/devcontainer.json new file mode 100644 index 000000000000..4f1456e5cf07 --- /dev/null +++ b/.devcontainer/team-a-secure/devcontainer.json @@ -0,0 +1,52 @@ +{ + "name": "Team A Secure Codespace Config", + "build": { + "dockerfile": "../Dockerfile.hardened", + "args": { "VARIANT": "22" } + }, + + // Team A specific minimal features + "features": { + "ghcr.io/devcontainers/features/github-cli:1": { + "version": "2.40.1" + } + }, + + "customizations": { + "vscode": { + "settings": { + "terminal.integrated.shell.linux": "/bin/bash", + "cSpell.language": ",en", + "git.autofetch": false, + // Team A specific settings + "editor.formatOnSave": true, + "eslint.validate": ["javascript", "typescript", "markdown"] + }, + // Team A minimal essential extensions + "extensions": [ + "dbaeumer.vscode-eslint", + "sissel.shopify-liquid", + "davidanson.vscode-markdownlint", + "bierner.markdown-preview-github-styles" + ] + } + }, + + "forwardPorts": [4000], + + "portsAttributes": { + "4000": { + "label": "Team A Review" + } + }, + + // Security-first approach - manual setup required + "onCreateCommand": "echo 'Team A secure container ready. Manual setup required for security.'", + + "remoteUser": "node", + + "hostRequirements": { + "memory": "8gb", + "cpus": "2" + } +} \ No newline at end of file diff --git a/.devcontainer/team-b-secure/devcontainer.json b/.devcontainer/team-b-secure/devcontainer.json new file mode 100644 index 000000000000..0dffe8e85ff5 --- /dev/null +++ b/.devcontainer/team-b-secure/devcontainer.json @@ -0,0 +1,52 @@ +{ + "name": "Team B Secure Codespace Config", + "build": { + "dockerfile": "../Dockerfile.hardened", + "args": { "VARIANT": "22" } + }, + + // Team B specific minimal features - even more restrictive + "features": { + "ghcr.io/devcontainers/features/github-cli:1": { + "version": "2.40.1" + } + }, + + "customizations": { + "vscode": { + "settings": { + "terminal.integrated.shell.linux": "/bin/bash", + "cSpell.language": ",en", + "git.autofetch": false, + // Team B ultra-secure settings + "editor.formatOnSave": false, + "git.confirmSync": true, + "security.workspace.trust.enabled": true + }, + // Team B ultra-minimal extensions + "extensions": [ + "dbaeumer.vscode-eslint", + "davidanson.vscode-markdownlint" + ] + } + }, + + "forwardPorts": [4000], + + "portsAttributes": { + "4000": { + "label": "Team B Review" + } + }, + + // Maximum security - no automatic commands + // All setup must be done manually + + "remoteUser": "node", + + // Minimal resource allocation for security + "hostRequirements": { + "memory": "4gb", + "cpus": "2" + } +} \ No newline at end of file diff --git a/.github/workflows/pr-summary.yml b/.github/workflows/pr-summary.yml new file mode 100644 index 000000000000..977ad2c04b49 --- /dev/null +++ b/.github/workflows/pr-summary.yml @@ -0,0 +1,52 @@ +name: PR summary +on: + pull_request: { types: [opened, synchronize, reopened, ready_for_review] } +permissions: { contents: read, pull-requests: write } +concurrency: { group: pr-summary-${{ github.ref }}, cancel-in-progress: true } +jobs: + summary: + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/checkout@v4 + with: { fetch-depth: 0 } + - name: Write step summary + shell: bash + run: | + base="${{ github.base_ref }}"; head="${{ github.sha }}" + + # Ensure local knowledge of the base ref; fetch if missing (tolerate failures) + if ! git rev-parse --verify "origin/$base" >/dev/null 2>&1; then + git fetch --no-tags --depth=1 origin "$base" || echo "WARN: could not fetch origin/$base" >&2 + fi + + changed_count=0 + docs_count=0 + file_list="" + + if git rev-parse --verify "origin/$base" >/dev/null 2>&1; then + base_commit="$(git rev-parse "origin/$base" 2>/dev/null || echo "")" + if [ -n "$base_commit" ]; then + # Use diff-tree for robust listing between base and head + file_list="$(git diff-tree --no-commit-id --name-only -r "$base_commit" "$head" 2>/dev/null || echo "")" + else + echo "WARN: empty base commit for origin/$base" >&2 + fi + else + echo "WARN: origin/$base not available; counts default to 0" >&2 + fi + + if [ -n "$file_list" ]; then + changed_count="$(printf "%s\n" "$file_list" | sed '/^$/d' | wc -l | tr -d ' ')" + docs_count="$(printf "%s\n" "$file_list" | grep -E '^content/.*\.md$' | wc -l | tr -d ' ' || true)" + fi + + { + echo "## Pull request summary" + echo "- Changed files: $changed_count" + echo "- Docs content markdown files (regex ^content/.*\\.md$): $docs_count" + } >> "$GITHUB_STEP_SUMMARY" + - name: Comment on PR (non-forks) + if: ${{ github.event.pull_request.head.repo.fork == false }} + env: { GH_TOKEN: ${{ github.token }} } + run: gh pr comment ${{ github.event.pull_request.number }} --body-file "$GITHUB_STEP_SUMMARY" \ No newline at end of file diff --git a/Dockerfile.openapi_decorator b/Dockerfile.openapi_decorator index 7cc9fcfbdaa5..8dde581d4796 100644 --- a/Dockerfile.openapi_decorator +++ b/Dockerfile.openapi_decorator @@ -1,4 +1,4 @@ -FROM node:18.15-alpine +FROM node:18.20.8-alpine RUN apk add --no-cache git python make g++ diff --git a/content/actions/reference/workflows-and-actions/dockerfile-support.md b/content/actions/reference/workflows-and-actions/dockerfile-support.md index ff859e6cdb2e..d1389dacfc81 100644 --- a/content/actions/reference/workflows-and-actions/dockerfile-support.md +++ b/content/actions/reference/workflows-and-actions/dockerfile-support.md @@ -60,7 +60,7 @@ ENTRYPOINT ["sh", "-c", "echo $GITHUB_SHA"] ```dockerfile # Container image that runs your code -FROM debian:9.5-slim +FROM debian:13.0-slim # Copies your code file from your action repository to the filesystem path `/` of the container COPY entrypoint.sh /entrypoint.sh diff --git a/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/index.md b/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/index.md index 954f54803173..4ea53643cd9e 100644 --- a/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/index.md +++ b/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/index.md @@ -10,6 +10,7 @@ redirect_from: - /codespaces/setting-up-your-project-for-codespaces/setting-up-your-project-for-codespaces children: - /introduction-to-dev-containers + - /securing-port-forwarding-in-dev-containers - /setting-up-your-nodejs-project-for-codespaces - /setting-up-your-dotnet-project-for-codespaces - /setting-up-your-java-project-for-codespaces diff --git a/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers.md b/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers.md index ad242446be5c..cb451069f209 100644 --- a/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers.md +++ b/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers.md @@ -51,6 +51,17 @@ For information about how to choose your preferred dev container configuration w {% data reusables.codespaces.more-info-devcontainer %} +#### Security considerations for dev containers + +When configuring your dev container, consider security implications, especially for port forwarding and network access: + +* **Port visibility**: By default, forwarded ports are private to you. Consider whether ports need to be accessible to your organization or publicly accessible +* **Automated port configuration**: Use `postAttachCommand` with the {% data variables.product.prodname_cli %} to automatically apply consistent port visibility settings +* **Organization policies**: Work within your organization's port visibility policies if they have restrictions in place +* **Minimal port exposure**: Only forward ports that are necessary for development and testing + +For detailed guidance on secure port forwarding configurations, see [AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/securing-port-forwarding-in-dev-containers). + #### How to use the devcontainer.json It's useful to think of the `devcontainer.json` file as providing "customization" rather than "personalization." You should only include things that everyone working on your codebase needs as standard elements of the development environment, not things that are personal preferences. Things like linters are good to standardize on, and to require everyone to have installed, so they're good to include in your `devcontainer.json` file. Things like user interface decorators or themes are personal choices that should not be put in the `devcontainer.json` file. @@ -230,4 +241,5 @@ Changes to a configuration will be applied the next time you create a codespace. ## Further reading +* [AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/securing-port-forwarding-in-dev-containers) * [AUTOTITLE](/codespaces/prebuilding-your-codespaces) diff --git a/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/securing-port-forwarding-in-dev-containers.md b/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/securing-port-forwarding-in-dev-containers.md new file mode 100644 index 000000000000..a44270bd7fee --- /dev/null +++ b/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/securing-port-forwarding-in-dev-containers.md @@ -0,0 +1,160 @@ +--- +title: Securing port forwarding in dev containers +shortTitle: Secure port forwarding +intro: 'Learn how to configure secure port forwarding settings in your dev container configuration to control port visibility and automate security settings.' +permissions: People with write permissions to a repository can create or edit the codespace configuration. +versions: + fpt: '*' + ghec: '*' +type: how_to +topics: + - Codespaces + - Set up + - Security +--- + +## About port forwarding security in dev containers + +When you configure a dev container for {% data variables.product.prodname_github_codespaces %}, you can control how ports are forwarded and their visibility settings. This is important for security, especially when working with sensitive applications or in organizations with strict access policies. + +By default, {% data variables.product.prodname_github_codespaces %} forwards ports privately, meaning only you can access them. However, you can configure your dev container to automatically apply specific visibility settings when the codespace starts. + +## Configuring port forwarding with security in mind + +You can configure port forwarding in your dev container using several properties, each serving different security purposes. The key properties for secure port forwarding are `forwardPorts`, `portsAttributes`, and `postAttachCommand`. + +### Using forwardPorts with portsAttributes + +The most basic approach is to specify which ports should be forwarded and configure their attributes: + +```jsonc +{ + "name": "My Secure Dev Container", + "image": "mcr.microsoft.com/devcontainers/base:bullseye", + + "forwardPorts": [3000, 8080, 8443], + + "portsAttributes": { + "3000": { + "label": "Application Server", + "protocol": "http" + }, + "8080": { + "label": "API Server", + "protocol": "http" + }, + "8443": { + "label": "Secure API", + "protocol": "https" + } + } +} +``` + +{% data reusables.codespaces.portsattributes-configuration %} + +### Automating port visibility settings + +You can automate port visibility settings using the `postAttachCommand` property. This ensures consistent security settings every time someone connects to the codespace: + +```jsonc +{ + "name": "My Secure Dev Container", + "image": "mcr.microsoft.com/devcontainers/base:bullseye", + + "forwardPorts": [3000, 8080], + + "portsAttributes": { + "3000": { + "label": "Dev Server (Private)" + }, + "8080": { + "label": "API Server (Team Only)" + } + }, + + "features": { + "ghcr.io/devcontainers/features/github-cli:1": {} + }, + + "postAttachCommand": "gh codespace ports visibility 3000:private 8080:org -c \"$CODESPACE_NAME\"" +} +``` + +{% data reusables.codespaces.port-visibility-automation %} + +## Security best practices + +{% data reusables.codespaces.port-security-best-practices %} + +## Working with organization policies + +Organization administrators can set policies that restrict which port visibility options are available. For more information, see [AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-the-visibility-of-forwarded-ports). + +If your organization has port visibility restrictions in place, make sure your dev container automation commands comply with these policies. For example, if your organization disallows public port forwarding, don't use `public` in your `postAttachCommand`. + +## Example configurations + +The following examples demonstrate different security approaches for common development scenarios. + +### Development environment with private ports + +```jsonc +{ + "name": "Private Development Environment", + "image": "mcr.microsoft.com/devcontainers/javascript-node:0-18", + + "forwardPorts": [3000, 3001], + + "portsAttributes": { + "3000": { + "label": "Web Server (Private)", + "protocol": "http" + }, + "3001": { + "label": "API Server (Private)", + "protocol": "http" + } + }, + + "features": { + "ghcr.io/devcontainers/features/github-cli:1": {} + }, + + "postAttachCommand": "gh cs ports visibility 3000:private 3001:private -c \"$CODESPACE_NAME\"" +} +``` + +### Team collaboration with organization-only ports + +```jsonc +{ + "name": "Team Collaboration Environment", + "image": "mcr.microsoft.com/devcontainers/python:3-bullseye", + + "forwardPorts": [5000, 8000], + + "portsAttributes": { + "5000": { + "label": "Flask App (Team)", + "protocol": "http" + }, + "8000": { + "label": "Django Admin (Team)", + "protocol": "https" + } + }, + + "features": { + "ghcr.io/devcontainers/features/github-cli:1": {} + }, + + "postAttachCommand": "gh codespace ports visibility 5000:org 8000:org -c \"$CODESPACE_NAME\"" +} +``` + +## Further reading + +* [AUTOTITLE](/codespaces/developing-in-a-codespace/forwarding-ports-in-your-codespace) +* [AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/restricting-the-visibility-of-forwarded-ports) +* {% data reusables.codespaces.more-info-devcontainer %} diff --git a/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/setting-up-your-nodejs-project-for-codespaces.md b/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/setting-up-your-nodejs-project-for-codespaces.md index 19c4b4cf33a2..254cebf8be38 100644 --- a/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/setting-up-your-nodejs-project-for-codespaces.md +++ b/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/setting-up-your-nodejs-project-for-codespaces.md @@ -147,9 +147,82 @@ With your dev container configuration added and a basic understanding of what ev After the dev container is rebuilt, and your codespace becomes available again, the `postCreateCommand` will have been run, installing npm, and the "Code Spell Checker" extension will be available for use. -## Step 4: Run your application +## Step 4: Configure port forwarding and security -In the previous section, you used the `postCreateCommand` to install a set of packages via the `npm install` command. With the dependencies now installed, you can run the application. +Node.js applications typically run on port 3000. You can configure your dev container to automatically forward this port and set appropriate security settings. + +1. Add port forwarding configuration by uncommenting and modifying the `forwardPorts` property: + + ```jsonc copy + // Use 'forwardPorts' to make a list of ports inside the container available locally. + "forwardPorts": [3000], + ``` + +1. Add port attributes to label your forwarded port: + + ```jsonc copy + "portsAttributes": { + "3000": { + "label": "Node.js App" + } + }, + ``` + +1. For enhanced security, you can add a `postAttachCommand` to automatically set port visibility. Add the {% data variables.product.prodname_cli %} feature first: + + ```jsonc copy + "features": { + "ghcr.io/devcontainers-contrib/features/jshint:2": {}, + "ghcr.io/devcontainers/features/github-cli:1": {} + }, + ``` + +1. Then add the `postAttachCommand` to control port visibility: + + ```jsonc copy + // Automatically set port visibility when attaching to the codespace + "postAttachCommand": "gh cs ports visibility 3000:private -c \"$CODESPACE_NAME\"" + ``` + + Your updated `devcontainer.json` should look similar to this: + + ```jsonc + { + "name": "Node.js", + "image": "mcr.microsoft.com/devcontainers/javascript-node:0-18-bullseye", + "features": { + "ghcr.io/devcontainers-contrib/features/jshint:2": {}, + "ghcr.io/devcontainers/features/github-cli:1": {} + }, + + "forwardPorts": [3000], + + "portsAttributes": { + "3000": { + "label": "Node.js App" + } + }, + + "postCreateCommand": "npm install", + + "postAttachCommand": "gh cs ports visibility 3000:private -c \"$CODESPACE_NAME\"", + + "customizations": { + "vscode": { + "extensions": [ + "streetsidesoftware.code-spell-checker" + ] + } + } + } + ``` + +{% data reusables.codespaces.save-changes %} +{% data reusables.codespaces.rebuild-command %} + +## Step 5: Run your application + +In the previous section, you configured port forwarding for your Node.js application. Now you can run the application and see it in action. 1. In the Terminal of your codespace, enter `npm start`. @@ -159,7 +232,7 @@ In the previous section, you used the `postCreateCommand` to install a set of pa ![Screenshot of the port forwarding message, reading "Your application running on port 3000 is available." The "Open in Browser" button is also shown.](/assets/images/help/codespaces/codespaces-port3000-toast.png) -## Step 5: Commit your changes +## Step 6: Commit your changes {% data reusables.codespaces.committing-link-to-procedure %} @@ -167,4 +240,6 @@ In the previous section, you used the `postCreateCommand` to install a set of pa You should now be able to add a custom dev container configuration to your own Node.js, JavaScript, or TypeScript project. +For more advanced port security configurations, see [AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/securing-port-forwarding-in-dev-containers). + {% data reusables.codespaces.next-steps-adding-devcontainer %} diff --git a/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/setting-up-your-python-project-for-codespaces.md b/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/setting-up-your-python-project-for-codespaces.md index b37529103c1c..da424764f7db 100644 --- a/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/setting-up-your-python-project-for-codespaces.md +++ b/content/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/setting-up-your-python-project-for-codespaces.md @@ -87,6 +87,7 @@ The default development container, or "dev container," for {% data variables.pro ## Step 3: Modify your devcontainer.json file With your dev container configuration added and a basic understanding of what everything does, you can now make changes to customize your environment further. In this example, you'll add properties that will: +* Configure port forwarding for the Flask application with security settings. * Install a package required by the application. * Install a {% data variables.product.prodname_vscode_shortname %} extension in this codespace. @@ -101,6 +102,32 @@ With your dev container configuration added and a basic understanding of what ev // "features": {}, ``` +1. Uncomment the `forwardPorts` property and configure it for Flask (port 5000): + + ```jsonc copy + // Use 'forwardPorts' to make a list of ports inside the container available locally. + "forwardPorts": [5000], + ``` + +1. Add port attributes and security configuration: + + ```jsonc copy + "portsAttributes": { + "5000": { + "label": "Flask Application" + } + }, + ``` + +1. Add the {% data variables.product.prodname_cli %} feature for port visibility automation: + + ```jsonc copy + "features": { + "ghcr.io/devcontainers-contrib/features/coverage-py:2": {}, + "ghcr.io/devcontainers/features/github-cli:1": {} + }, + ``` + 1. Uncomment the `postCreateCommand` property. ```jsonc copy @@ -108,6 +135,13 @@ With your dev container configuration added and a basic understanding of what ev "postCreateCommand": "pip3 install --user -r requirements.txt", ``` +1. Add automated port visibility configuration: + + ```jsonc copy + // Automatically set port visibility when attaching to the codespace + "postAttachCommand": "gh cs ports visibility 5000:private -c \"$CODESPACE_NAME\"" + ``` + {% data reusables.codespaces.add-extension-to-devcontainer %} ```jsonc @@ -118,14 +152,24 @@ With your dev container configuration added and a basic understanding of what ev // Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile "image": "mcr.microsoft.com/devcontainers/python:0-3.11-bullseye", "features": { - "ghcr.io/devcontainers-contrib/features/coverage-py:2": {} + "ghcr.io/devcontainers-contrib/features/coverage-py:2": {}, + "ghcr.io/devcontainers/features/github-cli:1": {} }, // Use 'forwardPorts' to make a list of ports inside the container available locally. - // "forwardPorts": [], + "forwardPorts": [5000], + + "portsAttributes": { + "5000": { + "label": "Flask Application" + } + }, // Use 'postCreateCommand' to run commands after the container is created. "postCreateCommand": "pip3 install --user -r requirements.txt", + + // Automatically set port visibility when attaching to the codespace + "postAttachCommand": "gh codespace ports visibility 5000:private -c \"$CODESPACE_NAME\"", // Configure tool-specific properties. "customizations": { @@ -147,7 +191,7 @@ With your dev container configuration added and a basic understanding of what ev {% data reusables.codespaces.rebuild-command %} {% data reusables.codespaces.rebuild-reason %} - After the dev container is rebuilt, and your codespace becomes available again, the `postCreateCommand` will have been run, installing the package listed in the `requirements.txt` file, and the "Code Spell Checker" extension will be available for use. + After the dev container is rebuilt, and your codespace becomes available again, the `postCreateCommand` will have been run, installing the package listed in the `requirements.txt` file, the `postAttachCommand` will have configured the port visibility settings, and the "Code Spell Checker" extension will be available for use. ## Step 4: Run your application @@ -169,4 +213,6 @@ In the previous section, you used the `postCreateCommand` to install a package f You should now be able to add a custom dev container configuration to your own Python project. +For more advanced port security configurations, see [AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/securing-port-forwarding-in-dev-containers). + {% data reusables.codespaces.next-steps-adding-devcontainer %} diff --git a/data/reusables/codespaces/devcontainer-properties-1.md b/data/reusables/codespaces/devcontainer-properties-1.md index 0c9e7862e9df..64bc3ad27e25 100644 --- a/data/reusables/codespaces/devcontainer-properties-1.md +++ b/data/reusables/codespaces/devcontainer-properties-1.md @@ -2,3 +2,4 @@ * **image:** The name of an image in a container registry ([DockerHub](https://hub.docker.com/), [{% data variables.product.prodname_dotcom %} {% data variables.product.prodname_container_registry %}](/packages/learn-github-packages/introduction-to-github-packages), or [Azure Container Registry](https://azure.microsoft.com/services/container-registry/)) that will be used to create the dev container for the codespace. * **features:** A list of one or more objects, each of which references one of the available dev container features. Features are self-contained, shareable units of installation code and development container configuration. They provide an easy way to add more tooling, runtime, or library features to your development container. You can add features either within {% data variables.product.prodname_vscode_shortname %} or in the `devcontainer.json` editor on {% data variables.product.github %}. For more information, click either the **{% data variables.product.prodname_vscode %}** or **Web browser** tab in [AUTOTITLE](/codespaces/setting-up-your-project-for-codespaces/configuring-dev-containers/adding-features-to-a-devcontainer-file?tool=webui). * **forwardPorts:** Any ports listed here will be forwarded automatically. For more information, see [AUTOTITLE](/codespaces/developing-in-codespaces/forwarding-ports-in-your-codespace). +* **portsAttributes:** This property maps specified ports to configuration options such as labels and protocols. {% data reusables.codespaces.portsattributes-configuration %} diff --git a/data/reusables/codespaces/devcontainer-properties-2.md b/data/reusables/codespaces/devcontainer-properties-2.md index 0734c8fb7b2e..d2adb6bd8249 100644 --- a/data/reusables/codespaces/devcontainer-properties-2.md +++ b/data/reusables/codespaces/devcontainer-properties-2.md @@ -1,3 +1,4 @@ * **postCreateCommand:** Use this property to run commands after your codespace is created. This can be formatted as a string (as above), an array, or an object. For more information, see the [dev containers specification](https://containers.dev/implementors/json_reference/#lifecycle-scripts) on the Development Containers website. +* **postAttachCommand:** Use this property to run commands each time a tool or person attaches to the codespace. This is useful for automating port visibility settings and other per-session configurations. * **customizations:** This property allows you to customize a specific tool or service when it is used for working in a codespace. For example, you can configure specific settings and extensions for {% data variables.product.prodname_vscode_shortname %}. For more information, see [Supporting tools and services](https://containers.dev/supporting) on the Development Containers website. * **remoteUser:** By default, you’re running as the vscode user, but you can optionally set this to root. diff --git a/data/reusables/codespaces/port-security-best-practices.md b/data/reusables/codespaces/port-security-best-practices.md new file mode 100644 index 000000000000..a9a7288a3d65 --- /dev/null +++ b/data/reusables/codespaces/port-security-best-practices.md @@ -0,0 +1,24 @@ +When configuring port forwarding for your dev container, consider these security best practices: + +- **Use private or organization-only visibility by default**: Avoid automatically setting ports to public unless necessary for your specific use case +- **Forward only required ports**: Only include ports in `forwardPorts` that are essential for development and testing +- **Use descriptive labels**: Configure port labels using `portsAttributes` to help team members understand each port's purpose +- **Leverage organization policies**: Work with your organization administrators to establish port visibility policies that align with your security requirements +- **Review automation commands**: When using `postAttachCommand` for port visibility automation, ensure the visibility settings match your security needs + +Example of a security-focused port configuration: + +```jsonc +"forwardPorts": [3000, 8080], +"portsAttributes": { + "3000": { + "label": "Dev Server (Private)", + "protocol": "http" + }, + "8080": { + "label": "API Server (Team Only)", + "protocol": "http" + } +}, +"postAttachCommand": "gh cs ports visibility 3000:private 8080:org -c \"$CODESPACE_NAME\"" +``` \ No newline at end of file diff --git a/data/reusables/codespaces/port-visibility-automation.md b/data/reusables/codespaces/port-visibility-automation.md new file mode 100644 index 000000000000..1c3af070c3ad --- /dev/null +++ b/data/reusables/codespaces/port-visibility-automation.md @@ -0,0 +1,13 @@ +You can automate port visibility settings in your dev container configuration using the `postAttachCommand` property with the {% data variables.product.prodname_cli %}. This allows you to automatically set forwarded ports to be private, organization-only, or public when someone attaches to the codespace. + +```jsonc +"postAttachCommand": "gh codespace ports visibility 3000:org -c \"$CODESPACE_NAME\"" +``` + +The available visibility options are: +- `private`: Only you can access the forwarded port +- `org`: Members of your organization can access the forwarded port +- `public`: Anyone with the URL can access the forwarded port + +> [!NOTE] +> Port visibility automation requires the {% data variables.product.prodname_cli %} to be available in your dev container. Most dev container templates include it by default, or you can add it using the `"ghcr.io/devcontainers/features/github-cli:1": {}` feature. \ No newline at end of file diff --git a/data/reusables/codespaces/portsattributes-configuration.md b/data/reusables/codespaces/portsattributes-configuration.md new file mode 100644 index 000000000000..495f145cdeb6 --- /dev/null +++ b/data/reusables/codespaces/portsattributes-configuration.md @@ -0,0 +1,20 @@ +You can use the `portsAttributes` property to configure default settings for specific ports, including their labels, protocols, and in some cases, initial visibility preferences: + +```jsonc +"portsAttributes": { + "3000": { + "label": "Application Server", + "protocol": "https" + }, + "8080": { + "label": "API Server" + } +} +``` + +The `portsAttributes` property supports these configuration options: +- **label**: A human-readable name for the port that appears in the {% data variables.product.prodname_github_codespaces %} interface +- **protocol**: Set to `"https"` to use HTTPS forwarding, or `"http"` (default) for HTTP forwarding +- **onAutoForward**: Action to take when the port is automatically forwarded (e.g., `"notify"`, `"openBrowser"`, `"openPreview"`) + +For more information about available port attributes, see the [dev containers specification](https://containers.dev/implementors/json_reference/#port-attributes) on the Development Containers website. \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index 209899e532aa..c13cf46c522a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -69,7 +69,7 @@ "mdast-util-to-hast": "^13.2.0", "mdast-util-to-markdown": "2.1.2", "mdast-util-to-string": "^4.0.0", - "next": "^15.3.3", + "next": "^15.4.2", "ora": "^8.0.1", "parse5": "7.1.2", "quick-lru": "7.0.1", @@ -968,9 +968,9 @@ } }, "node_modules/@emnapi/runtime": { - "version": "1.4.3", - "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.4.3.tgz", - "integrity": "sha512-pBPWdu6MLKROBX05wSNKcNb++m5Er+KQ9QkB+WVM+pW2Kx9hoSrVTnu3BdkI5eBLZoKu/J6mW/B6i6bJB2ytXQ==", + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.5.0.tgz", + "integrity": "sha512-97/BJ3iXHww3djw6hYIfErCZFee7qCtrneuLa20UXFCOTCfBM2cvQHjWJ2EG0s0MtdNwInarqCTz35i4wWXHsQ==", "license": "MIT", "optional": true, "dependencies": { @@ -2036,9 +2036,9 @@ } }, "node_modules/@img/sharp-libvips-linux-ppc64": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-ppc64/-/sharp-libvips-linux-ppc64-1.1.0.tgz", - "integrity": "sha512-tiXxFZFbhnkWE2LA8oQj7KYR+bWBkiV2nilRldT7bqoEZ4HiDOcePr9wVDAZPi/Id5fT1oY9iGnDq20cwUz8lQ==", + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-ppc64/-/sharp-libvips-linux-ppc64-1.2.0.tgz", + "integrity": "sha512-Xod/7KaDDHkYu2phxxfeEPXfVXFKx70EAFZ0qyUdOjCcxbjqyJOEUpDe6RIyaunGxT34Anf9ue/wuWOqBW2WcQ==", "cpu": [ "ppc64" ], @@ -2159,6 +2159,28 @@ "@img/sharp-libvips-linux-arm64": "1.0.4" } }, + "node_modules/@img/sharp-linux-ppc64": { + "version": "0.34.3", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-ppc64/-/sharp-linux-ppc64-0.34.3.tgz", + "integrity": "sha512-GLtbLQMCNC5nxuImPR2+RgrviwKwVql28FWZIW1zWruy6zLgA5/x2ZXk3mxj58X/tszVF69KK0Is83V8YgWhLA==", + "cpu": [ + "ppc64" + ], + "license": "Apache-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + }, + "optionalDependencies": { + "@img/sharp-libvips-linux-ppc64": "1.2.0" + } + }, "node_modules/@img/sharp-linux-s390x": { "version": "0.33.5", "resolved": "https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.33.5.tgz", @@ -2266,6 +2288,25 @@ "url": "https://opencollective.com/libvips" } }, + "node_modules/@img/sharp-win32-arm64": { + "version": "0.34.3", + "resolved": "https://registry.npmjs.org/@img/sharp-win32-arm64/-/sharp-win32-arm64-0.34.3.tgz", + "integrity": "sha512-MjnHPnbqMXNC2UgeLJtX4XqoVHHlZNd+nPt1kRPmj63wURegwBhZlApELdtxM2OIZDRv/DFtLcNhVbd1z8GYXQ==", + "cpu": [ + "arm64" + ], + "license": "Apache-2.0 AND LGPL-3.0-or-later", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": "^18.17.0 || ^20.3.0 || >=21.0.0" + }, + "funding": { + "url": "https://opencollective.com/libvips" + } + }, "node_modules/@img/sharp-win32-ia32": { "version": "0.33.5", "resolved": "https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.33.5.tgz", @@ -2448,17 +2489,19 @@ } }, "node_modules/@next/env": { - "version": "15.3.3", - "resolved": "https://registry.npmjs.org/@next/env/-/env-15.3.3.tgz", - "integrity": "sha512-OdiMrzCl2Xi0VTjiQQUK0Xh7bJHnOuET2s+3V+Y40WJBAXrJeGA3f+I8MZJ/YQ3mVGi5XGR1L66oFlgqXhQ4Vw==" + "version": "15.4.2", + "resolved": "https://registry.npmjs.org/@next/env/-/env-15.4.2.tgz", + "integrity": "sha512-kd7MvW3pAP7tmk1NaiX4yG15xb2l4gNhteKQxt3f+NGR22qwPymn9RBuv26QKfIKmfo6z2NpgU8W2RT0s0jlvg==", + "license": "MIT" }, "node_modules/@next/swc-darwin-arm64": { - "version": "15.3.3", - "resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-15.3.3.tgz", - "integrity": "sha512-WRJERLuH+O3oYB4yZNVahSVFmtxRNjNF1I1c34tYMoJb0Pve+7/RaLAJJizyYiFhjYNGHRAE1Ri2Fd23zgDqhg==", + "version": "15.4.2", + "resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-15.4.2.tgz", + "integrity": "sha512-ovqjR8NjCBdBf1U+R/Gvn0RazTtXS9n6wqs84iFaCS1NHbw9ksVE4dfmsYcLoyUVd9BWE0bjkphOWrrz8uz/uw==", "cpu": [ "arm64" ], + "license": "MIT", "optional": true, "os": [ "darwin" @@ -2468,12 +2511,13 @@ } }, "node_modules/@next/swc-darwin-x64": { - "version": "15.3.3", - "resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-15.3.3.tgz", - "integrity": "sha512-XHdzH/yBc55lu78k/XwtuFR/ZXUTcflpRXcsu0nKmF45U96jt1tsOZhVrn5YH+paw66zOANpOnFQ9i6/j+UYvw==", + "version": "15.4.2", + "resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-15.4.2.tgz", + "integrity": "sha512-I8d4W7tPqbdbHRI4z1iBfaoJIBrEG4fnWKIe+Rj1vIucNZ5cEinfwkBt3RcDF00bFRZRDpvKuDjgMFD3OyRBnw==", "cpu": [ "x64" ], + "license": "MIT", "optional": true, "os": [ "darwin" @@ -2483,12 +2527,13 @@ } }, "node_modules/@next/swc-linux-arm64-gnu": { - "version": "15.3.3", - "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-15.3.3.tgz", - "integrity": "sha512-VZ3sYL2LXB8znNGcjhocikEkag/8xiLgnvQts41tq6i+wql63SMS1Q6N8RVXHw5pEUjiof+II3HkDd7GFcgkzw==", + "version": "15.4.2", + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-15.4.2.tgz", + "integrity": "sha512-lvhz02dU3Ec5thzfQ2RCUeOFADjNkS/px1W7MBt7HMhf0/amMfT8Z/aXOwEA+cVWN7HSDRSUc8hHILoHmvajsg==", "cpu": [ "arm64" ], + "license": "MIT", "optional": true, "os": [ "linux" @@ -2498,12 +2543,13 @@ } }, "node_modules/@next/swc-linux-arm64-musl": { - "version": "15.3.3", - "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-15.3.3.tgz", - "integrity": "sha512-h6Y1fLU4RWAp1HPNJWDYBQ+e3G7sLckyBXhmH9ajn8l/RSMnhbuPBV/fXmy3muMcVwoJdHL+UtzRzs0nXOf9SA==", + "version": "15.4.2", + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-15.4.2.tgz", + "integrity": "sha512-v+5PPfL8UP+KKHS3Mox7QMoeFdMlaV0zeNMIF7eLC4qTiVSO0RPNnK0nkBZSD5BEkkf//c+vI9s/iHxddCZchA==", "cpu": [ "arm64" ], + "license": "MIT", "optional": true, "os": [ "linux" @@ -2513,12 +2559,13 @@ } }, "node_modules/@next/swc-linux-x64-gnu": { - "version": "15.3.3", - "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-15.3.3.tgz", - "integrity": "sha512-jJ8HRiF3N8Zw6hGlytCj5BiHyG/K+fnTKVDEKvUCyiQ/0r5tgwO7OgaRiOjjRoIx2vwLR+Rz8hQoPrnmFbJdfw==", + "version": "15.4.2", + "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-15.4.2.tgz", + "integrity": "sha512-PHLYOC9W2cu6I/JEKo77+LW4uPNvyEQiSkVRUQPsOIsf01PRr8PtPhwtz3XNnC9At8CrzPkzqQ9/kYDg4R4Inw==", "cpu": [ "x64" ], + "license": "MIT", "optional": true, "os": [ "linux" @@ -2528,12 +2575,13 @@ } }, "node_modules/@next/swc-linux-x64-musl": { - "version": "15.3.3", - "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-15.3.3.tgz", - "integrity": "sha512-HrUcTr4N+RgiiGn3jjeT6Oo208UT/7BuTr7K0mdKRBtTbT4v9zJqCDKO97DUqqoBK1qyzP1RwvrWTvU6EPh/Cw==", + "version": "15.4.2", + "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-15.4.2.tgz", + "integrity": "sha512-lpmUF9FfLFns4JbTu+5aJGA8aR9dXaA12eoNe9CJbVkGib0FDiPa4kBGTwy0xDxKNGlv3bLDViyx1U+qafmuJQ==", "cpu": [ "x64" ], + "license": "MIT", "optional": true, "os": [ "linux" @@ -2543,12 +2591,13 @@ } }, "node_modules/@next/swc-win32-arm64-msvc": { - "version": "15.3.3", - "resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-15.3.3.tgz", - "integrity": "sha512-SxorONgi6K7ZUysMtRF3mIeHC5aA3IQLmKFQzU0OuhuUYwpOBc1ypaLJLP5Bf3M9k53KUUUj4vTPwzGvl/NwlQ==", + "version": "15.4.2", + "resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-15.4.2.tgz", + "integrity": "sha512-aMjogoGnRepas0LQ/PBPsvvUzj+IoXw2IoDSEShEtrsu2toBiaxEWzOQuPZ8nie8+1iF7TA63S7rlp3YWAjNEg==", "cpu": [ "arm64" ], + "license": "MIT", "optional": true, "os": [ "win32" @@ -2558,12 +2607,13 @@ } }, "node_modules/@next/swc-win32-x64-msvc": { - "version": "15.3.3", - "resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-15.3.3.tgz", - "integrity": "sha512-4QZG6F8enl9/S2+yIiOiju0iCTFd93d8VC1q9LZS4p/Xuk81W2QDjCFeoogmrWWkAD59z8ZxepBQap2dKS5ruw==", + "version": "15.4.2", + "resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-15.4.2.tgz", + "integrity": "sha512-FxwauyexSFu78wEqR/+NB9MnqXVj6SxJKwcVs2CRjeSX/jBagDCgtR2W36PZUYm0WPgY1pQ3C1+nn7zSnwROuw==", "cpu": [ "x64" ], + "license": "MIT", "optional": true, "os": [ "win32" @@ -3264,13 +3314,13 @@ } }, "node_modules/@playwright/test": { - "version": "1.50.0", - "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.50.0.tgz", - "integrity": "sha512-ZGNXbt+d65EGjBORQHuYKj+XhCewlwpnSd/EDuLPZGSiEWmgOJB5RmMCCYGy5aMfTs9wx61RivfDKi8H/hcMvw==", + "version": "1.55.0", + "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.55.0.tgz", + "integrity": "sha512-04IXzPwHrW69XusN/SIdDdKZBzMfOT9UNT/YiJit/xpy2VuAoB8NHc8Aplb96zsWDddLnbkPL3TsmrS04ZU2xQ==", "devOptional": true, "license": "Apache-2.0", "dependencies": { - "playwright": "1.50.0" + "playwright": "1.55.0" }, "bin": { "playwright": "cli.js" @@ -3863,12 +3913,6 @@ "@styled-system/css": "^5.1.5" } }, - "node_modules/@swc/counter": { - "version": "0.1.3", - "resolved": "https://registry.npmjs.org/@swc/counter/-/counter-0.1.3.tgz", - "integrity": "sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ==", - "license": "Apache-2.0" - }, "node_modules/@swc/helpers": { "version": "0.5.15", "resolved": "https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.15.tgz", @@ -5607,17 +5651,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/busboy": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz", - "integrity": "sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==", - "dependencies": { - "streamsearch": "^1.1.0" - }, - "engines": { - "node": ">=10.16.0" - } - }, "node_modules/bytes": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", @@ -6625,9 +6658,9 @@ "license": "MIT" }, "node_modules/detect-libc": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.0.3.tgz", - "integrity": "sha512-bwy0MGW55bG41VqxxypOsdSdGqLwXPI/focwgTYCFMbdUiBAxLg9CFzG08sz2aqzknwiX7Hkl0bQENjg8iLByw==", + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.0.4.tgz", + "integrity": "sha512-3UDv+G9CsCKO1WKMGw9fwq/SWJYbI0c5Y7LU1AXYoDdbhE2AHQ6N6Nb34sG8Fj7T5APy8qXDCKuuIHd1BR0tVA==", "license": "Apache-2.0", "engines": { "node": ">=8" @@ -12092,14 +12125,13 @@ } }, "node_modules/next": { - "version": "15.3.3", - "resolved": "https://registry.npmjs.org/next/-/next-15.3.3.tgz", - "integrity": "sha512-JqNj29hHNmCLtNvd090SyRbXJiivQ+58XjCcrC50Crb5g5u2zi7Y2YivbsEfzk6AtVI80akdOQbaMZwWB1Hthw==", + "version": "15.4.2", + "resolved": "https://registry.npmjs.org/next/-/next-15.4.2.tgz", + "integrity": "sha512-oH1rmFso+84NIkocfuxaGKcXIjMUTmnzV2x0m8qsYtB4gD6iflLMESXt5XJ8cFgWMBei4v88rNr/j+peNg72XA==", + "license": "MIT", "dependencies": { - "@next/env": "15.3.3", - "@swc/counter": "0.1.3", + "@next/env": "15.4.2", "@swc/helpers": "0.5.15", - "busboy": "1.6.0", "caniuse-lite": "^1.0.30001579", "postcss": "8.4.31", "styled-jsx": "5.1.6" @@ -12111,19 +12143,19 @@ "node": "^18.18.0 || ^19.8.0 || >= 20.0.0" }, "optionalDependencies": { - "@next/swc-darwin-arm64": "15.3.3", - "@next/swc-darwin-x64": "15.3.3", - "@next/swc-linux-arm64-gnu": "15.3.3", - "@next/swc-linux-arm64-musl": "15.3.3", - "@next/swc-linux-x64-gnu": "15.3.3", - "@next/swc-linux-x64-musl": "15.3.3", - "@next/swc-win32-arm64-msvc": "15.3.3", - "@next/swc-win32-x64-msvc": "15.3.3", - "sharp": "^0.34.1" + "@next/swc-darwin-arm64": "15.4.2", + "@next/swc-darwin-x64": "15.4.2", + "@next/swc-linux-arm64-gnu": "15.4.2", + "@next/swc-linux-arm64-musl": "15.4.2", + "@next/swc-linux-x64-gnu": "15.4.2", + "@next/swc-linux-x64-musl": "15.4.2", + "@next/swc-win32-arm64-msvc": "15.4.2", + "@next/swc-win32-x64-msvc": "15.4.2", + "sharp": "^0.34.3" }, "peerDependencies": { "@opentelemetry/api": "^1.1.0", - "@playwright/test": "^1.41.2", + "@playwright/test": "^1.51.1", "babel-plugin-react-compiler": "*", "react": "^18.2.0 || 19.0.0-rc-de68d2f4-20241204 || ^19.0.0", "react-dom": "^18.2.0 || 19.0.0-rc-de68d2f4-20241204 || ^19.0.0", @@ -12145,9 +12177,9 @@ } }, "node_modules/next/node_modules/@img/sharp-darwin-arm64": { - "version": "0.34.1", - "resolved": "https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.34.1.tgz", - "integrity": "sha512-pn44xgBtgpEbZsu+lWf2KNb6OAf70X68k+yk69Ic2Xz11zHR/w24/U49XT7AeRwJ0Px+mhALhU5LPci1Aymk7A==", + "version": "0.34.3", + "resolved": "https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.34.3.tgz", + "integrity": "sha512-ryFMfvxxpQRsgZJqBd4wsttYQbCxsJksrv9Lw/v798JcQ8+w84mBWuXwl+TT0WJ/WrYOLaYpwQXi3sA9nTIaIg==", "cpu": [ "arm64" ], @@ -12163,13 +12195,13 @@ "url": "https://opencollective.com/libvips" }, "optionalDependencies": { - "@img/sharp-libvips-darwin-arm64": "1.1.0" + "@img/sharp-libvips-darwin-arm64": "1.2.0" } }, "node_modules/next/node_modules/@img/sharp-darwin-x64": { - "version": "0.34.1", - "resolved": "https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.34.1.tgz", - "integrity": "sha512-VfuYgG2r8BpYiOUN+BfYeFo69nP/MIwAtSJ7/Zpxc5QF3KS22z8Pvg3FkrSFJBPNQ7mmcUcYQFBmEQp7eu1F8Q==", + "version": "0.34.3", + "resolved": "https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.34.3.tgz", + "integrity": "sha512-yHpJYynROAj12TA6qil58hmPmAwxKKC7reUqtGLzsOHfP7/rniNGTL8tjWX6L3CTV4+5P4ypcS7Pp+7OB+8ihA==", "cpu": [ "x64" ], @@ -12185,13 +12217,13 @@ "url": "https://opencollective.com/libvips" }, "optionalDependencies": { - "@img/sharp-libvips-darwin-x64": "1.1.0" + "@img/sharp-libvips-darwin-x64": "1.2.0" } }, "node_modules/next/node_modules/@img/sharp-libvips-darwin-arm64": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.1.0.tgz", - "integrity": "sha512-HZ/JUmPwrJSoM4DIQPv/BfNh9yrOA8tlBbqbLz4JZ5uew2+o22Ik+tHQJcih7QJuSa0zo5coHTfD5J8inqj9DA==", + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.2.0.tgz", + "integrity": "sha512-sBZmpwmxqwlqG9ueWFXtockhsxefaV6O84BMOrhtg/YqbTaRdqDE7hxraVE3y6gVM4eExmfzW4a8el9ArLeEiQ==", "cpu": [ "arm64" ], @@ -12205,9 +12237,9 @@ } }, "node_modules/next/node_modules/@img/sharp-libvips-darwin-x64": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.1.0.tgz", - "integrity": "sha512-Xzc2ToEmHN+hfvsl9wja0RlnXEgpKNmftriQp6XzY/RaSfwD9th+MSh0WQKzUreLKKINb3afirxW7A0fz2YWuQ==", + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.2.0.tgz", + "integrity": "sha512-M64XVuL94OgiNHa5/m2YvEQI5q2cl9d/wk0qFTDVXcYzi43lxuiFTftMR1tOnFQovVXNZJ5TURSDK2pNe9Yzqg==", "cpu": [ "x64" ], @@ -12221,9 +12253,9 @@ } }, "node_modules/next/node_modules/@img/sharp-libvips-linux-arm": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.1.0.tgz", - "integrity": "sha512-s8BAd0lwUIvYCJyRdFqvsj+BJIpDBSxs6ivrOPm/R7piTs5UIwY5OjXrP2bqXC9/moGsyRa37eYWYCOGVXxVrA==", + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.2.0.tgz", + "integrity": "sha512-mWd2uWvDtL/nvIzThLq3fr2nnGfyr/XMXlq8ZJ9WMR6PXijHlC3ksp0IpuhK6bougvQrchUAfzRLnbsen0Cqvw==", "cpu": [ "arm" ], @@ -12237,9 +12269,9 @@ } }, "node_modules/next/node_modules/@img/sharp-libvips-linux-arm64": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.1.0.tgz", - "integrity": "sha512-IVfGJa7gjChDET1dK9SekxFFdflarnUB8PwW8aGwEoF3oAsSDuNUTYS+SKDOyOJxQyDC1aPFMuRYLoDInyV9Ew==", + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.2.0.tgz", + "integrity": "sha512-RXwd0CgG+uPRX5YYrkzKyalt2OJYRiJQ8ED/fi1tq9WQW2jsQIn0tqrlR5l5dr/rjqq6AHAxURhj2DVjyQWSOA==", "cpu": [ "arm64" ], @@ -12253,9 +12285,9 @@ } }, "node_modules/next/node_modules/@img/sharp-libvips-linux-s390x": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-s390x/-/sharp-libvips-linux-s390x-1.1.0.tgz", - "integrity": "sha512-xukSwvhguw7COyzvmjydRb3x/09+21HykyapcZchiCUkTThEQEOMtBj9UhkaBRLuBrgLFzQ2wbxdeCCJW/jgJA==", + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-s390x/-/sharp-libvips-linux-s390x-1.2.0.tgz", + "integrity": "sha512-eMKfzDxLGT8mnmPJTNMcjfO33fLiTDsrMlUVcp6b96ETbnJmd4uvZxVJSKPQfS+odwfVaGifhsB07J1LynFehw==", "cpu": [ "s390x" ], @@ -12269,9 +12301,9 @@ } }, "node_modules/next/node_modules/@img/sharp-libvips-linux-x64": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.1.0.tgz", - "integrity": "sha512-yRj2+reB8iMg9W5sULM3S74jVS7zqSzHG3Ol/twnAAkAhnGQnpjj6e4ayUz7V+FpKypwgs82xbRdYtchTTUB+Q==", + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.2.0.tgz", + "integrity": "sha512-ZW3FPWIc7K1sH9E3nxIGB3y3dZkpJlMnkk7z5tu1nSkBoCgw2nSRTFHI5pB/3CQaJM0pdzMF3paf9ckKMSE9Tg==", "cpu": [ "x64" ], @@ -12285,9 +12317,9 @@ } }, "node_modules/next/node_modules/@img/sharp-libvips-linuxmusl-arm64": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.1.0.tgz", - "integrity": "sha512-jYZdG+whg0MDK+q2COKbYidaqW/WTz0cc1E+tMAusiDygrM4ypmSCjOJPmFTvHHJ8j/6cAGyeDWZOsK06tP33w==", + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.2.0.tgz", + "integrity": "sha512-UG+LqQJbf5VJ8NWJ5Z3tdIe/HXjuIdo4JeVNADXBFuG7z9zjoegpzzGIyV5zQKi4zaJjnAd2+g2nna8TZvuW9Q==", "cpu": [ "arm64" ], @@ -12301,9 +12333,9 @@ } }, "node_modules/next/node_modules/@img/sharp-libvips-linuxmusl-x64": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.1.0.tgz", - "integrity": "sha512-wK7SBdwrAiycjXdkPnGCPLjYb9lD4l6Ze2gSdAGVZrEL05AOUJESWU2lhlC+Ffn5/G+VKuSm6zzbQSzFX/P65A==", + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.2.0.tgz", + "integrity": "sha512-SRYOLR7CXPgNze8akZwjoGBoN1ThNZoqpOgfnOxmWsklTGVfJiGJoC/Lod7aNMGA1jSsKWM1+HRX43OP6p9+6Q==", "cpu": [ "x64" ], @@ -12317,9 +12349,9 @@ } }, "node_modules/next/node_modules/@img/sharp-linux-arm": { - "version": "0.34.1", - "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.34.1.tgz", - "integrity": "sha512-anKiszvACti2sGy9CirTlNyk7BjjZPiML1jt2ZkTdcvpLU1YH6CXwRAZCA2UmRXnhiIftXQ7+Oh62Ji25W72jA==", + "version": "0.34.3", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.34.3.tgz", + "integrity": "sha512-oBK9l+h6KBN0i3dC8rYntLiVfW8D8wH+NPNT3O/WBHeW0OQWCjfWksLUaPidsrDKpJgXp3G3/hkmhptAW0I3+A==", "cpu": [ "arm" ], @@ -12335,13 +12367,13 @@ "url": "https://opencollective.com/libvips" }, "optionalDependencies": { - "@img/sharp-libvips-linux-arm": "1.1.0" + "@img/sharp-libvips-linux-arm": "1.2.0" } }, "node_modules/next/node_modules/@img/sharp-linux-arm64": { - "version": "0.34.1", - "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.34.1.tgz", - "integrity": "sha512-kX2c+vbvaXC6vly1RDf/IWNXxrlxLNpBVWkdpRq5Ka7OOKj6nr66etKy2IENf6FtOgklkg9ZdGpEu9kwdlcwOQ==", + "version": "0.34.3", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.34.3.tgz", + "integrity": "sha512-QdrKe3EvQrqwkDrtuTIjI0bu6YEJHTgEeqdzI3uWJOH6G1O8Nl1iEeVYRGdj1h5I21CqxSvQp1Yv7xeU3ZewbA==", "cpu": [ "arm64" ], @@ -12357,13 +12389,13 @@ "url": "https://opencollective.com/libvips" }, "optionalDependencies": { - "@img/sharp-libvips-linux-arm64": "1.1.0" + "@img/sharp-libvips-linux-arm64": "1.2.0" } }, "node_modules/next/node_modules/@img/sharp-linux-s390x": { - "version": "0.34.1", - "resolved": "https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.34.1.tgz", - "integrity": "sha512-7s0KX2tI9mZI2buRipKIw2X1ufdTeaRgwmRabt5bi9chYfhur+/C1OXg3TKg/eag1W+6CCWLVmSauV1owmRPxA==", + "version": "0.34.3", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.34.3.tgz", + "integrity": "sha512-3gahT+A6c4cdc2edhsLHmIOXMb17ltffJlxR0aC2VPZfwKoTGZec6u5GrFgdR7ciJSsHT27BD3TIuGcuRT0KmQ==", "cpu": [ "s390x" ], @@ -12379,13 +12411,13 @@ "url": "https://opencollective.com/libvips" }, "optionalDependencies": { - "@img/sharp-libvips-linux-s390x": "1.1.0" + "@img/sharp-libvips-linux-s390x": "1.2.0" } }, "node_modules/next/node_modules/@img/sharp-linux-x64": { - "version": "0.34.1", - "resolved": "https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.34.1.tgz", - "integrity": "sha512-wExv7SH9nmoBW3Wr2gvQopX1k8q2g5V5Iag8Zk6AVENsjwd+3adjwxtp3Dcu2QhOXr8W9NusBU6XcQUohBZ5MA==", + "version": "0.34.3", + "resolved": "https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.34.3.tgz", + "integrity": "sha512-8kYso8d806ypnSq3/Ly0QEw90V5ZoHh10yH0HnrzOCr6DKAPI6QVHvwleqMkVQ0m+fc7EH8ah0BB0QPuWY6zJQ==", "cpu": [ "x64" ], @@ -12401,13 +12433,13 @@ "url": "https://opencollective.com/libvips" }, "optionalDependencies": { - "@img/sharp-libvips-linux-x64": "1.1.0" + "@img/sharp-libvips-linux-x64": "1.2.0" } }, "node_modules/next/node_modules/@img/sharp-linuxmusl-arm64": { - "version": "0.34.1", - "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.34.1.tgz", - "integrity": "sha512-DfvyxzHxw4WGdPiTF0SOHnm11Xv4aQexvqhRDAoD00MzHekAj9a/jADXeXYCDFH/DzYruwHbXU7uz+H+nWmSOQ==", + "version": "0.34.3", + "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.34.3.tgz", + "integrity": "sha512-vAjbHDlr4izEiXM1OTggpCcPg9tn4YriK5vAjowJsHwdBIdx0fYRsURkxLG2RLm9gyBq66gwtWI8Gx0/ov+JKQ==", "cpu": [ "arm64" ], @@ -12423,13 +12455,13 @@ "url": "https://opencollective.com/libvips" }, "optionalDependencies": { - "@img/sharp-libvips-linuxmusl-arm64": "1.1.0" + "@img/sharp-libvips-linuxmusl-arm64": "1.2.0" } }, "node_modules/next/node_modules/@img/sharp-linuxmusl-x64": { - "version": "0.34.1", - "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.34.1.tgz", - "integrity": "sha512-pax/kTR407vNb9qaSIiWVnQplPcGU8LRIJpDT5o8PdAx5aAA7AS3X9PS8Isw1/WfqgQorPotjrZL3Pqh6C5EBg==", + "version": "0.34.3", + "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.34.3.tgz", + "integrity": "sha512-gCWUn9547K5bwvOn9l5XGAEjVTTRji4aPTqLzGXHvIr6bIDZKNTA34seMPgM0WmSf+RYBH411VavCejp3PkOeQ==", "cpu": [ "x64" ], @@ -12445,20 +12477,20 @@ "url": "https://opencollective.com/libvips" }, "optionalDependencies": { - "@img/sharp-libvips-linuxmusl-x64": "1.1.0" + "@img/sharp-libvips-linuxmusl-x64": "1.2.0" } }, "node_modules/next/node_modules/@img/sharp-wasm32": { - "version": "0.34.1", - "resolved": "https://registry.npmjs.org/@img/sharp-wasm32/-/sharp-wasm32-0.34.1.tgz", - "integrity": "sha512-YDybQnYrLQfEpzGOQe7OKcyLUCML4YOXl428gOOzBgN6Gw0rv8dpsJ7PqTHxBnXnwXr8S1mYFSLSa727tpz0xg==", + "version": "0.34.3", + "resolved": "https://registry.npmjs.org/@img/sharp-wasm32/-/sharp-wasm32-0.34.3.tgz", + "integrity": "sha512-+CyRcpagHMGteySaWos8IbnXcHgfDn7pO2fiC2slJxvNq9gDipYBN42/RagzctVRKgxATmfqOSulgZv5e1RdMg==", "cpu": [ "wasm32" ], "license": "Apache-2.0 AND LGPL-3.0-or-later AND MIT", "optional": true, "dependencies": { - "@emnapi/runtime": "^1.4.0" + "@emnapi/runtime": "^1.4.4" }, "engines": { "node": "^18.17.0 || ^20.3.0 || >=21.0.0" @@ -12468,9 +12500,9 @@ } }, "node_modules/next/node_modules/@img/sharp-win32-ia32": { - "version": "0.34.1", - "resolved": "https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.34.1.tgz", - "integrity": "sha512-WKf/NAZITnonBf3U1LfdjoMgNO5JYRSlhovhRhMxXVdvWYveM4kM3L8m35onYIdh75cOMCo1BexgVQcCDzyoWw==", + "version": "0.34.3", + "resolved": "https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.34.3.tgz", + "integrity": "sha512-xuCdhH44WxuXgOM714hn4amodJMZl3OEvf0GVTm0BEyMeA2to+8HEdRPShH0SLYptJY1uBw+SCFP9WVQi1Q/cw==", "cpu": [ "ia32" ], @@ -12487,9 +12519,9 @@ } }, "node_modules/next/node_modules/@img/sharp-win32-x64": { - "version": "0.34.1", - "resolved": "https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.34.1.tgz", - "integrity": "sha512-hw1iIAHpNE8q3uMIRCgGOeDoz9KtFNarFLQclLxr/LK1VBkj8nby18RjFvr6aP7USRYAjTZW6yisnBWMX571Tw==", + "version": "0.34.3", + "resolved": "https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.34.3.tgz", + "integrity": "sha512-OWwz05d++TxzLEv4VnsTz5CmZ6mI6S05sfQGEMrNrQcOEERbX46332IvE7pO/EUiw7jUrrS40z/M7kPyjfl04g==", "cpu": [ "x64" ], @@ -12506,16 +12538,16 @@ } }, "node_modules/next/node_modules/sharp": { - "version": "0.34.1", - "resolved": "https://registry.npmjs.org/sharp/-/sharp-0.34.1.tgz", - "integrity": "sha512-1j0w61+eVxu7DawFJtnfYcvSv6qPFvfTaqzTQ2BLknVhHTwGS8sc63ZBF4rzkWMBVKybo4S5OBtDdZahh2A1xg==", + "version": "0.34.3", + "resolved": "https://registry.npmjs.org/sharp/-/sharp-0.34.3.tgz", + "integrity": "sha512-eX2IQ6nFohW4DbvHIOLRB3MHFpYqaqvXd3Tp5e/T/dSH83fxaNJQRvDMhASmkNTsNTVF2/OOopzRCt7xokgPfg==", "hasInstallScript": true, "license": "Apache-2.0", "optional": true, "dependencies": { "color": "^4.2.3", - "detect-libc": "^2.0.3", - "semver": "^7.7.1" + "detect-libc": "^2.0.4", + "semver": "^7.7.2" }, "engines": { "node": "^18.17.0 || ^20.3.0 || >=21.0.0" @@ -12524,26 +12556,28 @@ "url": "https://opencollective.com/libvips" }, "optionalDependencies": { - "@img/sharp-darwin-arm64": "0.34.1", - "@img/sharp-darwin-x64": "0.34.1", - "@img/sharp-libvips-darwin-arm64": "1.1.0", - "@img/sharp-libvips-darwin-x64": "1.1.0", - "@img/sharp-libvips-linux-arm": "1.1.0", - "@img/sharp-libvips-linux-arm64": "1.1.0", - "@img/sharp-libvips-linux-ppc64": "1.1.0", - "@img/sharp-libvips-linux-s390x": "1.1.0", - "@img/sharp-libvips-linux-x64": "1.1.0", - "@img/sharp-libvips-linuxmusl-arm64": "1.1.0", - "@img/sharp-libvips-linuxmusl-x64": "1.1.0", - "@img/sharp-linux-arm": "0.34.1", - "@img/sharp-linux-arm64": "0.34.1", - "@img/sharp-linux-s390x": "0.34.1", - "@img/sharp-linux-x64": "0.34.1", - "@img/sharp-linuxmusl-arm64": "0.34.1", - "@img/sharp-linuxmusl-x64": "0.34.1", - "@img/sharp-wasm32": "0.34.1", - "@img/sharp-win32-ia32": "0.34.1", - "@img/sharp-win32-x64": "0.34.1" + "@img/sharp-darwin-arm64": "0.34.3", + "@img/sharp-darwin-x64": "0.34.3", + "@img/sharp-libvips-darwin-arm64": "1.2.0", + "@img/sharp-libvips-darwin-x64": "1.2.0", + "@img/sharp-libvips-linux-arm": "1.2.0", + "@img/sharp-libvips-linux-arm64": "1.2.0", + "@img/sharp-libvips-linux-ppc64": "1.2.0", + "@img/sharp-libvips-linux-s390x": "1.2.0", + "@img/sharp-libvips-linux-x64": "1.2.0", + "@img/sharp-libvips-linuxmusl-arm64": "1.2.0", + "@img/sharp-libvips-linuxmusl-x64": "1.2.0", + "@img/sharp-linux-arm": "0.34.3", + "@img/sharp-linux-arm64": "0.34.3", + "@img/sharp-linux-ppc64": "0.34.3", + "@img/sharp-linux-s390x": "0.34.3", + "@img/sharp-linux-x64": "0.34.3", + "@img/sharp-linuxmusl-arm64": "0.34.3", + "@img/sharp-linuxmusl-x64": "0.34.3", + "@img/sharp-wasm32": "0.34.3", + "@img/sharp-win32-arm64": "0.34.3", + "@img/sharp-win32-ia32": "0.34.3", + "@img/sharp-win32-x64": "0.34.3" } }, "node_modules/nock": { @@ -13174,13 +13208,13 @@ } }, "node_modules/playwright": { - "version": "1.50.0", - "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.50.0.tgz", - "integrity": "sha512-+GinGfGTrd2IfX1TA4N2gNmeIksSb+IAe589ZH+FlmpV3MYTx6+buChGIuDLQwrGNCw2lWibqV50fU510N7S+w==", + "version": "1.55.0", + "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.55.0.tgz", + "integrity": "sha512-sdCWStblvV1YU909Xqx0DhOjPZE4/5lJsIS84IfN9dAZfcl/CIZ5O8l3o0j7hPMjDvqoTF8ZUcc+i/GL5erstA==", "devOptional": true, "license": "Apache-2.0", "dependencies": { - "playwright-core": "1.50.0" + "playwright-core": "1.55.0" }, "bin": { "playwright": "cli.js" @@ -13193,9 +13227,9 @@ } }, "node_modules/playwright-core": { - "version": "1.50.0", - "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.50.0.tgz", - "integrity": "sha512-CXkSSlr4JaZs2tZHI40DsZUN/NIwgaUPsyLuOAaIZp2CyF2sN5MM5NJsyB188lFSSozFxQ5fPT4qM+f0tH/6wQ==", + "version": "1.55.0", + "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.55.0.tgz", + "integrity": "sha512-GvZs4vU3U5ro2nZpeiwyb0zuFaqb9sUiAJuyrWpcGouD8y9/HLgGbNRjIph7zU9D3hnPaisMl9zG9CgFi/biIg==", "devOptional": true, "license": "Apache-2.0", "bin": { @@ -14163,9 +14197,9 @@ "integrity": "sha512-6aU+Rwsezw7VR8/nyvKTx8QpWH9FrcYiXXlqC4z5d5XQBDRqtbfsRjnwGyqbi3gddNtWHuEk9OANUotL26qKUw==" }, "node_modules/semver": { - "version": "7.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz", - "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==", + "version": "7.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz", + "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==", "license": "ISC", "bin": { "semver": "bin/semver.js" @@ -14714,14 +14748,6 @@ "xtend": "^4.0.2" } }, - "node_modules/streamsearch": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz", - "integrity": "sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==", - "engines": { - "node": ">=10.0.0" - } - }, "node_modules/strict-event-emitter": { "version": "0.5.1", "resolved": "https://registry.npmjs.org/strict-event-emitter/-/strict-event-emitter-0.5.1.tgz", diff --git a/package.json b/package.json index 52b1236332d5..aee292e23cff 100644 --- a/package.json +++ b/package.json @@ -216,7 +216,7 @@ "mdast-util-to-hast": "^13.2.0", "mdast-util-to-markdown": "2.1.2", "mdast-util-to-string": "^4.0.0", - "next": "^15.3.3", + "next": "^15.4.2", "ora": "^8.0.1", "parse5": "7.1.2", "quick-lru": "7.0.1",