From 02177c85d99ab744d3d202f39c0677e2b4ddf9bd Mon Sep 17 00:00:00 2001 From: David Mihalcik Date: Wed, 23 Oct 2024 17:13:16 -0400 Subject: [PATCH] fix(cli): Adds --assertions to cli for testing just a bump --- cli/package-lock.json | 8 +- cli/src/cli.ts | 28 +++- lib/package.json | 7 + lib/tdf3/src/assertions.ts | 182 ++++++++++++++++++++++++ lib/tdf3/src/client/AssertionConfig.ts | 29 ---- lib/tdf3/src/client/builders.ts | 2 +- lib/tdf3/src/models/assertion.ts | 131 ----------------- lib/tdf3/src/models/index.ts | 2 +- lib/tdf3/src/models/manifest.ts | 2 +- lib/tdf3/src/tdf.ts | 65 ++------- lib/tests/mocha/encrypt-decrypt.spec.ts | 5 +- remote-store/package-lock.json | 8 +- web-app/package-lock.json | 16 +-- 13 files changed, 247 insertions(+), 238 deletions(-) create mode 100644 lib/tdf3/src/assertions.ts delete mode 100644 lib/tdf3/src/client/AssertionConfig.ts delete mode 100644 lib/tdf3/src/models/assertion.ts diff --git a/cli/package-lock.json b/cli/package-lock.json index d550a67b..7c70159c 100644 --- a/cli/package-lock.json +++ b/cli/package-lock.json @@ -36,9 +36,9 @@ } }, "node_modules/@babel/runtime": { - "version": "7.25.7", - "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.25.7.tgz", - "integrity": "sha512-FjoyLe754PMiYsFaN5C94ttGiOmBNYTf6pLr4xXHAT5uctHb092PBszndLDR5XA/jghQvn4n7JMHl7dmTgbm9w==", + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.25.9.tgz", + "integrity": "sha512-4zpTHZ9Cm6L9L+uIqghQX8ZXg8HKFcjYO3qHoO8zTmRm6HQUJ8SSJ+KRvbMBZn0EGVlT4DRYeQ/6hjlyXBh+Kg==", "license": "MIT", "dependencies": { "regenerator-runtime": "^0.14.0" @@ -372,7 +372,7 @@ "node_modules/@opentdf/client": { "version": "2.0.0", "resolved": "file:../lib/opentdf-client-2.0.0.tgz", - "integrity": "sha512-blEbz/5x9qQ7JF7rySjyXAXTBFq6J7rgqSdDlUQxLtBPU2dpPOBxHuc6vn09xT11a90LZcf9T0tSPxpaqnaIVw==", + "integrity": "sha512-Y22FUUrlntiJ0wynFhiPW3kH6YbEw/+hfqpjjQWut6b9IBVA8bt38bD41YoXx07HYSc0pLsUKI5s0PjE5PUm9g==", "license": "BSD-3-Clause-Clear", "dependencies": { "axios": "^1.6.1", diff --git a/cli/src/cli.ts b/cli/src/cli.ts index 10755f69..56d8581c 100644 --- a/cli/src/cli.ts +++ b/cli/src/cli.ts @@ -18,6 +18,7 @@ import { } from '@opentdf/client'; import { CLIError, Level, log } from './logger.js'; import { webcrypto } from 'crypto'; +import * as assertions from '@opentdf/client/assertions'; import { attributeFQNsAsValues } from '@opentdf/client/nano'; import { base64 } from '@opentdf/client/encodings'; @@ -119,8 +120,26 @@ async function tdf3DecryptParamsFor(argv: Partial): Promise): Promise { const c = new EncryptParamsBuilder(); + if (argv.assertions?.length) { + c.withAssertions(parseAssertionConfig(argv.assertions)); + } if (argv.attributes?.length) { c.setAttributes(argv.attributes.split(',')); } @@ -203,7 +222,7 @@ export const handleArgs = (args: string[]) => { group: 'Security:', desc: 'allowed KAS origins, comma separated; defaults to [kasEndpoint]', type: 'string', - validate: (attributes: string) => attributes.split(','), + validate: (uris: string) => uris.split(','), }) .option('ignoreAllowList', { group: 'Security:', @@ -254,6 +273,13 @@ export const handleArgs = (args: string[]) => { // Policy, encryption, and container options .options({ + assertions: { + group: 'Encrypt Options:', + desc: 'ZTDF assertion config objects', + type: 'string', + default: '', + validate: parseAssertionConfig, + }, attributes: { group: 'Encrypt Options:', desc: 'Data attributes for the policy', diff --git a/lib/package.json b/lib/package.json index 039e0f79..227418fc 100644 --- a/lib/package.json +++ b/lib/package.json @@ -29,6 +29,13 @@ "require": "./dist/cjs/tdf3/index.js", "import": "./dist/web/tdf3/index.js" }, + "./assertions": { + "default": { + "types": "./dist/types/tdf3/src/assertions.d.ts", + "require": "./dist/cjs/tdf3/src/assertions.js", + "import": "./dist/web/tdf3/src/assertions.js" + } + }, "./encodings": { "default": { "types": "./dist/types/src/encodings/index.d.ts", diff --git a/lib/tdf3/src/assertions.ts b/lib/tdf3/src/assertions.ts new file mode 100644 index 00000000..dd680a6d --- /dev/null +++ b/lib/tdf3/src/assertions.ts @@ -0,0 +1,182 @@ +import { canonicalizeEx } from 'json-canonicalize'; +import { SignJWT, jwtVerify } from 'jose'; +import { base64, hex } from '../../src/encodings/index.js'; +import { ConfigurationError, IntegrityError, InvalidFileError } from '../../src/errors.js'; + +export type AssertionKeyAlg = 'RS256' | 'HS256'; +export type AssertionType = 'handling' | 'other'; +export type Scope = 'tdo' | 'payload'; +export type AppliesToState = 'encrypted' | 'unencrypted'; +export type BindingMethod = 'jws'; + +// Statement type +export type Statement = { + format: string; + schema: string; + value: string; +}; + +// Binding type +export type Binding = { + method: string; + signature: string; +}; + +// Assertion type +export type Assertion = { + id: string; + type: AssertionType; + scope: Scope; + appliesToState?: AppliesToState; + statement: Statement; + binding: Binding; +}; + +export type AssertionPayload = { + assertionHash: string; + assertionSig: string; +}; + +/** + * Computes the SHA-256 hash of the assertion object, excluding the 'binding' and 'hash' properties. + * + * @returns the hexadecimal string representation of the hash + */ +export async function hash(a: Assertion): Promise { + const result = canonicalizeEx(a, { exclude: ['binding', 'hash', 'sign', 'verify'] }); + + const hash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(result)); + return hex.encodeArrayBuffer(hash); +} + +/** + * Signs the given hash and signature using the provided key and sets the binding method and signature. + * + * @param hash - The hash to be signed. + * @param sig - The signature to be signed. + * @param {AssertionKey} key - The key used for signing. + * @returns {Promise} A promise that resolves when the signing is complete. + */ +async function sign( + thiz: Assertion, + assertionHash: string, + sig: string, + key: AssertionKey +): Promise { + const payload: AssertionPayload = { + assertionHash, + assertionSig: sig, + }; + + let token: string; + try { + token = await new SignJWT(payload).setProtectedHeader({ alg: key.alg }).sign(key.key as any); + } catch (error) { + throw new ConfigurationError(`Signing assertion failed: ${error.message}`, error); + } + thiz.binding.method = 'jws'; + thiz.binding.signature = token; + return thiz; +} + +// a function that takes an unknown or any object and asserts that it is or is not an AssertionConfig object +export function isAssertionConfig(obj: unknown): obj is AssertionConfig { + return ( + !!obj && + typeof obj === 'object' && + 'id' in obj && + 'type' in obj && + 'scope' in obj && + 'appliesToState' in obj && + 'statement' in obj + ); +} + +/** + * Verifies the signature of the assertion using the provided key. + * + * @param {AssertionKey} key - The key used for verification. + * @returns {Promise<[string, string]>} A promise that resolves to a tuple containing the assertion hash and signature. + * @throws {Error} If the verification fails. + */ +export async function verify( + thiz: Assertion, + aggregateHash: string, + key: AssertionKey +): Promise { + let payload: AssertionPayload; + try { + const uj = await jwtVerify(thiz.binding.signature, key.key as any, { + algorithms: [key.alg], + }); + payload = uj.payload as AssertionPayload; + } catch (error) { + throw new InvalidFileError(`Verifying assertion failed: ${error.message}`, error); + } + const { assertionHash, assertionSig } = payload; + + // Get the hash of the assertion + const hashOfAssertion = await hash(thiz); + const combinedHash = aggregateHash + hashOfAssertion; + const encodedHash = base64.encode(combinedHash); + + // check if assertionHash is same as hashOfAssertion + if (hashOfAssertion !== assertionHash) { + throw new IntegrityError('Assertion hash mismatch'); + } + + // check if assertionSig is same as encodedHash + if (assertionSig !== encodedHash) { + throw new IntegrityError('Failed integrity check on assertion signature'); + } +} + +/** + * Creates an Assertion object with the specified properties. + */ +export async function CreateAssertion( + aggregateHash: string, + assertionConfig: AssertionConfig +): Promise { + if (!assertionConfig.signingKey) { + throw new ConfigurationError('Assertion signing key is required'); + } + + const a: Assertion = { + id: assertionConfig.id, + type: assertionConfig.type, + scope: assertionConfig.scope, + appliesToState: assertionConfig.appliesToState, + statement: assertionConfig.statement, + // empty binding + binding: { method: '', signature: '' }, + }; + + const assertionHash = await hash(a); + const combinedHash = aggregateHash + assertionHash; + const encodedHash = base64.encode(combinedHash); + + return await sign(a, assertionHash, encodedHash, assertionConfig.signingKey); +} + +export type AssertionKey = { + alg: AssertionKeyAlg; + key: unknown; // Replace AnyKey with the actual type of your key +}; + +// AssertionConfig is a shadow of Assertion with the addition of the signing key. +// It is used on creation of the assertion. +export type AssertionConfig = { + id: string; + type: AssertionType; + scope: Scope; + appliesToState: AppliesToState; + statement: Statement; + signingKey?: AssertionKey; +}; + +// AssertionVerificationKeys represents the verification keys for assertions. +export type AssertionVerificationKeys = { + DefaultKey?: AssertionKey; + Keys: Record; +}; diff --git a/lib/tdf3/src/client/AssertionConfig.ts b/lib/tdf3/src/client/AssertionConfig.ts deleted file mode 100644 index cd065aa8..00000000 --- a/lib/tdf3/src/client/AssertionConfig.ts +++ /dev/null @@ -1,29 +0,0 @@ -import { - AssertionKeyAlg, - AssertionType, - Scope, - AppliesToState, - Statement, -} from '../models/assertion.js'; - -export type AssertionKey = { - alg: AssertionKeyAlg; - key: any; // Replace AnyKey with the actual type of your key -}; - -// AssertionConfig is a shadow of Assertion with the addition of the signing key. -// It is used on creation of the assertion. -export type AssertionConfig = { - id: string; - type: AssertionType; - scope: Scope; - appliesToState: AppliesToState; - statement: Statement; - signingKey?: AssertionKey; -}; - -// AssertionVerificationKeys represents the verification keys for assertions. -export type AssertionVerificationKeys = { - DefaultKey?: AssertionKey; - Keys: Record; -}; diff --git a/lib/tdf3/src/client/builders.ts b/lib/tdf3/src/client/builders.ts index 5eb382ce..3cf9f9aa 100644 --- a/lib/tdf3/src/client/builders.ts +++ b/lib/tdf3/src/client/builders.ts @@ -8,7 +8,7 @@ import { PemKeyPair } from '../crypto/declarations.js'; import { EntityObject } from '../../../src/tdf/EntityObject.js'; import { DecoratedReadableStream } from './DecoratedReadableStream.js'; import { type Chunker } from '../utils/chunkers.js'; -import { AssertionConfig, AssertionVerificationKeys } from './AssertionConfig.js'; +import { AssertionConfig, AssertionVerificationKeys } from '../assertions.js'; import { Value } from '../../../src/policy/attributes.js'; export const DEFAULT_SEGMENT_SIZE: number = 1024 * 1024; diff --git a/lib/tdf3/src/models/assertion.ts b/lib/tdf3/src/models/assertion.ts deleted file mode 100644 index ea19f3b4..00000000 --- a/lib/tdf3/src/models/assertion.ts +++ /dev/null @@ -1,131 +0,0 @@ -import { canonicalizeEx } from 'json-canonicalize'; -import { SignJWT, jwtVerify } from 'jose'; -import { AssertionKey } from './../client/AssertionConfig.js'; -import { hex } from '../../../src/encodings/index.js'; -import { ConfigurationError, InvalidFileError } from '../../../src/errors.js'; - -export type AssertionKeyAlg = 'RS256' | 'HS256'; -export type AssertionType = 'handling' | 'other'; -export type Scope = 'tdo' | 'payload'; -export type AppliesToState = 'encrypted' | 'unencrypted'; -export type BindingMethod = 'jws'; - -const kAssertionHash = 'assertionHash'; -const kAssertionSignature = 'assertionSig'; - -// Statement type -export type Statement = { - format: string; - schema: string; - value: string; -}; - -// Binding type -export type Binding = { - method: string; - signature: string; -}; - -// Assertion type -export type Assertion = { - id: string; - type: AssertionType; - scope: Scope; - appliesToState?: AppliesToState; - statement: Statement; - binding: Binding; - hash: () => Promise; - sign: (hash: string, sig: string, key: AssertionKey) => Promise; - verify: (key: AssertionKey) => Promise<[string, string]>; -}; - -/** - * Computes the SHA-256 hash of the assertion object, excluding the 'binding' and 'hash' properties. - * - * @returns {Promise} A promise that resolves to the hexadecimal string representation of the hash. - */ -export async function hash(this: Assertion): Promise { - const result = canonicalizeEx(this, { exclude: ['binding', 'hash', 'sign', 'verify'] }); - - const hash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(result)); - return hex.encodeArrayBuffer(hash); -} - -/** - * Signs the given hash and signature using the provided key and sets the binding method and signature. - * - * @param {string} hash - The hash to be signed. - * @param {string} sig - The signature to be signed. - * @param {AssertionKey} key - The key used for signing. - * @returns {Promise} A promise that resolves when the signing is complete. - */ -export async function sign( - this: Assertion, - assertionHash: string, - sig: string, - key: AssertionKey -): Promise { - const payload: Record = {}; - payload[kAssertionHash] = assertionHash; - payload[kAssertionSignature] = sig; - - let token: string; - try { - token = await new SignJWT(payload).setProtectedHeader({ alg: key.alg }).sign(key.key); - } catch (error) { - throw new ConfigurationError(`Signing assertion failed: ${error.message}`, error); - } - this.binding.method = 'jws'; - this.binding.signature = token; -} - -/** - * Verifies the signature of the assertion using the provided key. - * - * @param {AssertionKey} key - The key used for verification. - * @returns {Promise<[string, string]>} A promise that resolves to a tuple containing the assertion hash and signature. - * @throws {Error} If the verification fails. - */ -export async function verify(this: Assertion, key: AssertionKey): Promise<[string, string]> { - try { - const { payload } = await jwtVerify(this.binding.signature, key.key, { - algorithms: [key.alg], - }); - - return [payload[kAssertionHash] as string, payload[kAssertionSignature] as string]; - } catch (error) { - throw new InvalidFileError(`Verifying assertion failed: ${error.message}`, error); - } -} - -/** - * Creates an Assertion object with the specified properties. - * - * @param {string} id - The unique identifier for the assertion. - * @param {AssertionType} type - The type of the assertion (e.g., 'handling', 'other'). - * @param {Scope} scope - The scope of the assertion (e.g., 'tdo', 'payload'). - * @param {Statement} statement - The statement associated with the assertion. - * @param {Binding} binding - The binding method and signature for the assertion. - * @param {AppliesToState} [appliesToState] - The state to which the assertion applies (optional). - * @returns {Assertion} The created Assertion object. - */ -export function CreateAssertion( - id: string, - type: AssertionType, - scope: Scope, - statement: Statement, - appliesToState?: AppliesToState, - binding?: Binding -): Assertion { - return { - id, - type, - scope, - appliesToState, - statement, - binding: { method: binding?.method ?? '', signature: binding?.signature ?? '' }, - hash, - sign, - verify, - }; -} diff --git a/lib/tdf3/src/models/index.ts b/lib/tdf3/src/models/index.ts index 12ba37ef..b7a9d0c0 100644 --- a/lib/tdf3/src/models/index.ts +++ b/lib/tdf3/src/models/index.ts @@ -5,4 +5,4 @@ export * from './manifest.js'; export * from './payload.js'; export * from './policy.js'; export * from './upsert-response.js'; -export * from './assertion.js'; +export * from '../assertions.js'; diff --git a/lib/tdf3/src/models/manifest.ts b/lib/tdf3/src/models/manifest.ts index 51e86f81..4ed4ebdd 100644 --- a/lib/tdf3/src/models/manifest.ts +++ b/lib/tdf3/src/models/manifest.ts @@ -1,4 +1,4 @@ -import { type Assertion } from './assertion.js'; +import { type Assertion } from '../assertions.js'; import { type Payload } from './payload.js'; import { type EncryptionInformation } from './encryption-information.js'; diff --git a/lib/tdf3/src/tdf.ts b/lib/tdf3/src/tdf.ts index 9d6ce933..8e118419 100644 --- a/lib/tdf3/src/tdf.ts +++ b/lib/tdf3/src/tdf.ts @@ -5,12 +5,8 @@ import { DecoratedReadableStream } from './client/DecoratedReadableStream.js'; import { EntityObject } from '../../src/tdf/EntityObject.js'; import { pemToCryptoPublicKey, validateSecureUrl } from '../../src/utils.js'; import { DecryptParams } from './client/builders.js'; -import { - AssertionConfig, - AssertionKey, - AssertionVerificationKeys, -} from './client/AssertionConfig.js'; -import { Assertion, CreateAssertion } from './models/assertion.js'; +import { AssertionConfig, AssertionKey, AssertionVerificationKeys } from './assertions.js'; +import * as assertions from './assertions.js'; import { AttributeSet, @@ -452,7 +448,7 @@ async function _generateManifest( }; const encryptionInformationStr = await encryptionInformation.write(policy, keyInfo); - const assertions: Assertion[] = []; + const assertions: assertions.Assertion[] = []; return { payload, // generate the manifest first, then insert integrity information into it @@ -741,31 +737,19 @@ export async function writeStream(cfg: EncryptConfiguration): Promise 0) { await Promise.all( cfg.assertionConfigs.map(async (assertionConfig) => { // Create assertion using the assertionConfig values - const assertion = CreateAssertion( - assertionConfig.id, - assertionConfig.type, - assertionConfig.scope, - assertionConfig.statement, - assertionConfig.appliesToState - ); - - const assertionHash = await assertion.hash(); - const combinedHash = aggregateHash + assertionHash; - const encodedHash = base64.encode(combinedHash); - - // Create assertion key using the signingKey from the config, or a default key - const assertionKey: AssertionKey = assertionConfig.signingKey ?? { + const signingKey: AssertionKey = assertionConfig.signingKey ?? { alg: 'HS256', key: new Uint8Array(cfg.keyForEncryption.unwrappedKeyBinary.asArrayBuffer()), }; - - // Sign the assertion - await assertion.sign(assertionHash, encodedHash, assertionKey); + const assertion = await assertions.CreateAssertion(aggregateHash, { + ...assertionConfig, + signingKey, + }); // Add signed assertion to the signedAssertions array signedAssertions.push(assertion); @@ -1226,8 +1210,7 @@ export async function readStream(cfg: DecryptConfiguration) { } // // Validate assertions - const assertions = manifest.assertions || []; - for (const assertion of assertions) { + for (const assertion of manifest.assertions || []) { // Create a default assertion key let assertionKey: AssertionKey = { alg: 'HS256', @@ -1240,33 +1223,7 @@ export async function readStream(cfg: DecryptConfiguration) { assertionKey = foundKey; } } - - // create assertion object from the assertion - const assertionObj = CreateAssertion( - assertion.id, - assertion.type, - assertion.scope, - assertion.statement, - assertion.appliesToState, - assertion.binding - ); - - const [assertionHash, assertionSig] = await assertionObj.verify(assertionKey); - - // Get the hash of the assertion - const hashOfAssertion = await assertionObj.hash(); - const combinedHash = aggregateHash + hashOfAssertion; - const encodedHash = base64.encode(combinedHash); - - // check if assertionHash is same as hashOfAssertion - if (hashOfAssertion !== assertionHash) { - throw new IntegrityError('Assertion hash mismatch'); - } - - // check if assertionSig is same as encodedHash - if (assertionSig !== encodedHash) { - throw new IntegrityError('Failed integrity check on assertion signature'); - } + await assertions.verify(assertion, aggregateHash, assertionKey); } let mapOfRequestsOffset = 0; diff --git a/lib/tests/mocha/encrypt-decrypt.spec.ts b/lib/tests/mocha/encrypt-decrypt.spec.ts index 532856e8..a2094aea 100644 --- a/lib/tests/mocha/encrypt-decrypt.spec.ts +++ b/lib/tests/mocha/encrypt-decrypt.spec.ts @@ -7,10 +7,7 @@ import { WebCryptoService } from '../../tdf3/index.js'; import { Client } from '../../tdf3/src/index.js'; import { SplitKey } from '../../tdf3/src/models/encryption-information.js'; import { AesGcmCipher } from '../../tdf3/src/ciphers/aes-gcm-cipher.js'; -import { - AssertionConfig, - AssertionVerificationKeys, -} from '../../tdf3/src/client/AssertionConfig.js'; +import { AssertionConfig, AssertionVerificationKeys } from '../../tdf3/src/assertions.js'; import { Scope } from '../../tdf3/src/client/builders.js'; const Mocks = getMocks(); diff --git a/remote-store/package-lock.json b/remote-store/package-lock.json index 7f361f41..9d633ea4 100644 --- a/remote-store/package-lock.json +++ b/remote-store/package-lock.json @@ -1536,9 +1536,9 @@ } }, "node_modules/@babel/runtime": { - "version": "7.25.7", - "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.25.7.tgz", - "integrity": "sha512-FjoyLe754PMiYsFaN5C94ttGiOmBNYTf6pLr4xXHAT5uctHb092PBszndLDR5XA/jghQvn4n7JMHl7dmTgbm9w==", + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.25.9.tgz", + "integrity": "sha512-4zpTHZ9Cm6L9L+uIqghQX8ZXg8HKFcjYO3qHoO8zTmRm6HQUJ8SSJ+KRvbMBZn0EGVlT4DRYeQ/6hjlyXBh+Kg==", "license": "MIT", "dependencies": { "regenerator-runtime": "^0.14.0" @@ -1821,7 +1821,7 @@ "node_modules/@opentdf/client": { "version": "2.0.0", "resolved": "file:../lib/opentdf-client-2.0.0.tgz", - "integrity": "sha512-blEbz/5x9qQ7JF7rySjyXAXTBFq6J7rgqSdDlUQxLtBPU2dpPOBxHuc6vn09xT11a90LZcf9T0tSPxpaqnaIVw==", + "integrity": "sha512-Xp+Zg1KOSpM2BwzIbwOKPO1WwcHYG8c23NNOIQM+SoJrF0tkdh3TxeYZZKvqiz8+Ktrruj9IBR9iBmWG8PzA3w==", "license": "BSD-3-Clause-Clear", "dependencies": { "axios": "^1.6.1", diff --git a/web-app/package-lock.json b/web-app/package-lock.json index 1558212b..e27586e4 100644 --- a/web-app/package-lock.json +++ b/web-app/package-lock.json @@ -350,9 +350,9 @@ } }, "node_modules/@babel/runtime": { - "version": "7.25.7", - "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.25.7.tgz", - "integrity": "sha512-FjoyLe754PMiYsFaN5C94ttGiOmBNYTf6pLr4xXHAT5uctHb092PBszndLDR5XA/jghQvn4n7JMHl7dmTgbm9w==", + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.25.9.tgz", + "integrity": "sha512-4zpTHZ9Cm6L9L+uIqghQX8ZXg8HKFcjYO3qHoO8zTmRm6HQUJ8SSJ+KRvbMBZn0EGVlT4DRYeQ/6hjlyXBh+Kg==", "license": "MIT", "dependencies": { "regenerator-runtime": "^0.14.0" @@ -607,7 +607,7 @@ "node_modules/@opentdf/client": { "version": "2.0.0", "resolved": "file:../lib/opentdf-client-2.0.0.tgz", - "integrity": "sha512-blEbz/5x9qQ7JF7rySjyXAXTBFq6J7rgqSdDlUQxLtBPU2dpPOBxHuc6vn09xT11a90LZcf9T0tSPxpaqnaIVw==", + "integrity": "sha512-Xp+Zg1KOSpM2BwzIbwOKPO1WwcHYG8c23NNOIQM+SoJrF0tkdh3TxeYZZKvqiz8+Ktrruj9IBR9iBmWG8PzA3w==", "license": "BSD-3-Clause-Clear", "dependencies": { "axios": "^1.6.1", @@ -3959,9 +3959,9 @@ } }, "@babel/runtime": { - "version": "7.25.7", - "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.25.7.tgz", - "integrity": "sha512-FjoyLe754PMiYsFaN5C94ttGiOmBNYTf6pLr4xXHAT5uctHb092PBszndLDR5XA/jghQvn4n7JMHl7dmTgbm9w==", + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.25.9.tgz", + "integrity": "sha512-4zpTHZ9Cm6L9L+uIqghQX8ZXg8HKFcjYO3qHoO8zTmRm6HQUJ8SSJ+KRvbMBZn0EGVlT4DRYeQ/6hjlyXBh+Kg==", "requires": { "regenerator-runtime": "^0.14.0" } @@ -4119,7 +4119,7 @@ }, "@opentdf/client": { "version": "file:../lib/opentdf-client-2.0.0.tgz", - "integrity": "sha512-blEbz/5x9qQ7JF7rySjyXAXTBFq6J7rgqSdDlUQxLtBPU2dpPOBxHuc6vn09xT11a90LZcf9T0tSPxpaqnaIVw==", + "integrity": "sha512-Xp+Zg1KOSpM2BwzIbwOKPO1WwcHYG8c23NNOIQM+SoJrF0tkdh3TxeYZZKvqiz8+Ktrruj9IBR9iBmWG8PzA3w==", "requires": { "axios": "^1.6.1", "axios-retry": "^3.9.0",