From ed582be83316e46896959c08dfd3864c2a152b18 Mon Sep 17 00:00:00 2001 From: Kris West Date: Fri, 8 May 2026 09:32:09 +0100 Subject: [PATCH 1/8] docs: add user manual for end-user contribution workflow --- website/docs/user-manual.mdx | 584 +++++++++++++++++++++++++++++++++++ 1 file changed, 584 insertions(+) create mode 100644 website/docs/user-manual.mdx diff --git a/website/docs/user-manual.mdx b/website/docs/user-manual.mdx new file mode 100644 index 000000000..4cf08cfe6 --- /dev/null +++ b/website/docs/user-manual.mdx @@ -0,0 +1,584 @@ +--- +title: User Manual +description: A guide for end users contributing to projects through GitProxy +--- + +# GitProxy User Manual + +## Introduction + +GitProxy is a web proxy application that forwards traffic towards external Source Code Management (SCM) platforms, such as GitHub, GitLab, and Bitbucket. It provides administrative control over which projects traffic is forwarded for and implements governance workflows over contributions, in the form of automated scans and manual reviews. + +### Quick Start + +1. Check your organisation's Open Source policy and satisfy any approval or training requirements necessary before contributing to an Open Source project. +2. [Fork the project you wish to contribute to](#setting-up-a-fork) and notify your OSPO or Open Source leads. +3. Acquire access to your organisation's GitProxy instance (the method depends on your deployment — see [Authentication](#authentication)). +4. Retrieve the proxied git URL for your project from the GitProxy UI and clone it — use a [Personal Access Token (PAT) from GitHub](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) (or whichever upstream SCM you are working with) to authenticate. + +### Why use GitProxy? + +Organisations in regulated industries must demonstrate to regulators and auditors that they control the risks associated with contributing to external projects: + +**Risk management:** + +- **Data and IP loss:** Inappropriate contributions of proprietary code to external projects can expose intellectual property. +- **Reputational harm:** Inappropriate contributions can damage an organisation's reputation and relationships with open source communities. +- **Supply chain attacks:** Attacks targeting developer machines can hunt for credentials and automate their exfiltration by contributing them to external SCM platforms using cached developer credentials. + +**The solution:** + +GitProxy enables contribution to external projects while maintaining security and compliance by: + +- Making contributions auditable with full tracking of who contributed what and when +- Providing governance through automated security checks and manual review workflows +- Ensuring all contributions are reviewed before reaching external platforms +- Maintaining a clear audit trail for regulators and auditors + +### Supported destinations + +GitProxy is designed to work with any git server as a destination, including: + +- GitHub (github.com and GitHub Enterprise) +- GitLab (gitlab.com and self-hosted/dedicated instances) +- Bitbucket (Cloud and Server) +- Any other git server accessible via HTTPS + +This broad compatibility is possible because GitProxy operates at the Git protocol level rather than relying on proprietary SCM platform APIs. As long as the destination supports standard git operations over HTTPS, GitProxy can proxy traffic to it. + +:::note +Currently, only HTTPS-based git operations are supported. SSH-based git operations are under active development. +::: + +### How does it work + +GitProxy operates as an intercepting proxy that sits between your local git client and external SCM platforms. When you perform git operations, GitProxy intercepts them, applies governance workflows, and forwards approved changes to the destination. + +#### Ingress flow + +```mermaid +sequenceDiagram + participant Dev as Developer + participant GP as GitProxy + participant SCM as Upstream SCM (e.g. GitHub) + participant Int as Internal SCM (optional) + + Dev->>SCM: Fork upstream project + Dev->>GP: Clone fork via GitProxy URL + GP->>SCM: Validate repo is authorised, forward clone + SCM-->>GP: Repository data + GP-->>Dev: Local clone created + Dev->>Int: (Optional) Push to internal fork for collaboration + Dev->>Dev: Create feature branch & develop +``` + +1. You'll usually need to [fork the project](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo) you wish to contribute to (unless you have write permissions to it on its host SCM). +2. GitProxy is configured for the forked project (with nominated contributors and reviewers), allowing you to clone, fetch and pull the project through the proxy. The GitProxy URL is added to your local clone as a *remote*. +3. (Optional) You can create an empty repo in your internal SCM platform and push the project into it to create an internal fork for collaboration with colleagues. +4. Create a feature branch within the project and start developing your contributions. + +#### Egress flow + +```mermaid +sequenceDiagram + participant Dev as Developer + participant GP as GitProxy + participant Rev as Reviewer + participant SCM as Upstream SCM (e.g. GitHub) + + Dev->>SCM: Sync fork with upstream + Dev->>Dev: Pull updates, rebase feature branch + Dev->>GP: git push proxy feature-branch + GP->>GP: Run automated checks + GP-->>Dev: Push blocked pending review (review URL) + Dev->>Rev: Share review URL + Rev->>GP: Review & approve contribution + Dev->>GP: git push proxy feature-branch (again) + GP->>SCM: Forward approved push + Dev->>SCM: Open Pull Request +``` + +1. Sync your fork with the parent project. +2. Pull any updates from the upstream repo into your local copy of the project's default branch. +3. Update your feature branch from the updated default branch and resolve any conflicts. +4. Push your changes to GitProxy — which will receive them, apply automated scans and then block their egress, providing a URL for review. Pass this to one of the nominated reviewers for the project. +5. Once reviewed, push the changes again. They will automatically egress and be forwarded to your fork of the upstream project. +6. [Raise a Pull Request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) from your fork into the upstream project to contribute them. + +:::note +Throughout this guide, we refer to `main` as the default branch. Some projects use `master`, `develop`, or another branch name as their trunk. Check the upstream project's repository to confirm which branch is used and substitute accordingly. +::: + +#### Authentication + +GitProxy uses two separate authentication mechanisms: + +- **Proxy authentication (for git operations):** You authenticate using a **Personal Access Token (PAT)** from the target SCM platform (e.g., GitHub PAT). GitProxy forwards these credentials when cloning repositories to calculate diffs and when pushing approved changes upstream. For GitHub you'll need a personal access token (classic) with `repo` permissions. See [GitHub's documentation](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic) for details. +- **UI authentication (for the web interface):** GitProxy supports multiple authentication methods for the web interface, including local accounts, Active Directory/LDAP, and OpenID Connect (OIDC). See the [Authentication configuration](/docs/configuration/authentication) page for details on available options. + +:::info Your organisation's configuration +The specific authentication method used for the GitProxy web interface depends on how your organisation has deployed GitProxy. Contact your OSPO or Open Source leads for the correct login credentials and method. +::: + +#### Checks applied to contributions + +GitProxy applies a series of automated checks (called processors) to every push. These checks run in sequence, and if any check fails, the push is blocked. The main checks include: + +**Repository and permission checks:** + +- **Authorized repository check:** Verifies the repository is in GitProxy's approved list. +- **User permission check:** Confirms the pusher has contributor access to the repository. +- **Empty branch check:** Blocks pushes that create branches without commits. + +**Commit validation:** + +- **Commit message scanning:** Blocks commits with messages containing configured forbidden patterns (e.g., "password", "secret", AWS keys). +- **Author email validation:** Ensures commit author emails match allowed domains and don't use blocked addresses (e.g., noreply@). +- **Hidden commit detection:** Identifies tampered pack files containing unreferenced commits. + +**Content security scanning:** + +- **Gitleaks scanning:** Detects secrets, API keys, passwords, and credentials in code changes. +- **Diff scanning:** Blocks changes containing configured sensitive patterns (e.g., private keys, database connection strings, debug flags). +- **Pre-receive hooks:** Optional custom scripts that can auto-approve, auto-reject, or require manual review based on organization-specific rules. + +After all automated checks pass, the contribution enters a pending state where an authorized reviewer must manually approve it before it can be pushed to the upstream repository. All actions are audited and stored in the database for compliance purposes. + +:::info Extending checks with plugins +Organisations can extend the default checks by writing custom [plugins](/docs/development/plugins). The checks applied to your contributions may differ from those listed above depending on your organisation's GitProxy configuration. +::: + +:::warning No email notifications +GitProxy does not currently send email notifications for pending reviews. You must contact the nominated reviewers directly and share the review link with them. +::: + +## Adding a project to GitProxy + +### Prerequisites + +Before a project can be added to GitProxy, check your organisation's Open Source policy and satisfy its requirements. This typically involves: + +1. **Review your Open Source Policy** — familiarise yourself with your organisation's contribution policy. +2. **Submit an application** — follow your organisation's process for requesting approval to contribute to an external project. +3. **Obtain approval** — your OSPO or Open Source leads will review your application and arrange any further sign-off required. + +### Setting up a fork + +In most cases you will not have write access to the upstream repository you wish to contribute to. You will need to [create a fork](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo) — a copy of the repository that you own — and have that fork added to GitProxy instead. Contributions are then made by pushing to your fork through GitProxy and opening a [Pull Request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) from your fork into the upstream project. + +- If you are the sole contributor from your organisation, you can [create a personal fork](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo) on the target SCM platform and have it added to GitProxy. +- If multiple engineers will contribute to the same project, you can create an [internal fork](#do-you-need-to-collaborate-internally-creating-an-internal-fork) of the project in your internal SCM platform and collaborate on contributions there. One or two contributors can then push changes to the upstream project through GitProxy via their personal forks. Commits are individually attributed, so the person pushing will not appear to have done all the work — they merely delivered it to the upstream project. + - Alternatively, your OSPO or Open Source leads can create a shared fork on the target SCM platform owned by your organisation. This avoids routing contributions through personal forks and may be preferable for projects with many contributors. + +Forks should generally have the same name as the upstream project to avoid confusion. + +:::tip Keeping your fork up to date +It is your responsibility to keep your external fork synced with the upstream repository. An out-of-date fork will lead to merge conflicts when you open a Pull Request. Most SCM platforms make this straightforward — for example, GitHub provides a "Sync fork" button on your fork's page that updates your default branch with a single click. You should sync your fork before starting new work and again before pushing a contribution through GitProxy. +::: + +### Requesting the project be added + +Once your contribution has been approved, contact your OSPO or Open Source leads to request that the project (or your fork of it) be added to GitProxy. Provide: + +- The full repository URL to be added (your fork or the upstream project if you have write access) +- The names of contributors and reviewers to be authorised + +## Adding a user in GitProxy to contribute or review + +Contributors and reviewers must be explicitly added to a repository in GitProxy before they can push to it or review contributions. + +### Prerequisites + +Before being added as a contributor or reviewer, satisfy the requirements of your organisation's Open Source policy. For example, you may be expected to complete training such as the free [Open Source Contribution in Finance (LFD137)](https://training.linuxfoundation.org/training/open-source-contribution-in-finance-lfd137/) course from Linux Foundation Training. + +### Steps + +1. Acquire access to your organisation's GitProxy instance (the method depends on your deployment). +2. Log in to the GitProxy web interface to create your user account. The authentication method depends on your organisation's configuration — see [Authentication](#authentication). + +Contact your OSPO or Open Source leads to be added as a contributor or reviewer on the relevant repository. + +## Contributing to a project through GitProxy + +### Do you have write access? Creating a fork + +If you do not have write access to the upstream repository, you will need a fork. See [Setting up a fork](#setting-up-a-fork) for guidance on choosing between a personal fork, an internal fork for collaboration, or a shared fork. + +Once your fork exists and has been added to GitProxy, add it as a remote: + +```bash +git remote add proxy http://://.git +``` + +Push your changes through GitProxy to your fork, then [open a Pull Request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request) from your fork into the upstream project. + +### Do you need to collaborate internally? Creating an internal fork + +An internal fork on your internal SCM platform allows you to collaborate with colleagues on contributions before pushing them externally through GitProxy. This is useful for: + +- Running internal CI/CD pipelines against your changes +- Reviewing contributions internally via Merge Requests before external submission +- Coordinating work across multiple contributors + +**Working with the internal fork:** + +- Retain an unmodified copy of the upstream project's default branch (typically `main`) as a base for your contributions. Do not commit internal changes — such as pipeline configurations — directly to it. Instead, keep the default branch clean and synced with upstream, and use a separate internal branch (e.g., `internal` or `ci`) for pipeline configs and other organisation-specific changes. +- Create feature branches off the default branch for your contributions. +- When ready to contribute, [push your feature branch through GitProxy](#pushing-to-the-remote-repository-through-gitproxy) to your external fork, then open a Pull Request into the upstream project. + +:::note +Avoid pushing internal pipeline configurations or organisation-specific files to the upstream project — particularly if it is hosted on a different platform. +::: + +### Pushing to the remote repository through GitProxy + +#### Git client configuration + +Before using GitProxy, ensure your git client is properly configured. + +**Set your git identity:** + +```bash +git config --global user.name "Your Name" +git config --global user.email "your.email@example.com" +``` + +Your email must match the email registered in GitProxy. + +**SSL certificate configuration:** + +:::danger Do not disable SSL verification +Never set `http.sslVerify=false` — it is insecure and leaves you vulnerable to man-in-the-middle attacks. +::: + +If your organisation uses internal Certificate Authorities (CAs) for SSL certificates on internal infrastructure, tools like git may not recognise these CAs by default, causing certificate errors. The correct fix is to configure git to use your operating system's certificate store, which includes the internal CAs. + +On a Windows machine, set the SSL backend to use the Windows system certificate store: + +```bash +git config --global http.sslBackend schannel +``` + +On Linux, the `schannel` backend is not available. Instead, point git at a certificate bundle that includes your organisation's internal CA certificates: + +```bash +git config --global http.sslCAInfo /path/to/ca-certificates.crt +``` + +The exact path depends on your distribution (e.g., `/etc/ssl/certs/ca-certificates.crt` on Ubuntu). Your organisation's internal CA certificates must be added to this bundle for git to trust internal infrastructure. Refer to your organisation's developer onboarding documentation for instructions on updating certificates in your environment. + +In both cases, ensure SSL verification is not disabled: + +```bash +git config --global --get http.sslVerify +``` + +If the command returns `false`, unset it: + +```bash +git config --global --unset http.sslVerify +``` + +#### Authentication and Personal Access Tokens + +When performing git operations through GitProxy (cloning, fetching, pushing), you must authenticate with credentials from the target SCM platform (e.g., GitHub). This is because GitProxy forwards your credentials to the upstream platform on your behalf. + +SCMs will typically require: + +- Your username on the target platform (e.g., your GitHub username) +- A Personal Access Token (PAT) from the target platform, **not** your password. + +**Creating a Personal Access Token (GitHub):** + +1. Go to GitHub Settings → Developer Settings → Personal Access Tokens → Tokens (classic) +2. Click "Generate new token (classic)" +3. Give it a descriptive name (e.g., "GitProxy") +4. Select the `repo` scope (full control of private repositories) +5. Set an appropriate expiration date +6. Click "Generate token" and copy it immediately (you won't see it again) + +:::warning PAT security +- Your PAT must have the `repo` permission scope. +- Keep your PAT secure and never commit it to a repository. +- If your PAT expires, you'll need to generate a new one. +- If you are prompted for credentials every time, check that your credential helper is configured. +::: + +This is separate from the credentials you use to log in to the GitProxy web interface for reviewing contributions and managing repositories. + +#### Cloning the project through GitProxy + +You can clone a repository through GitProxy using the proxy URL (also found in the GitProxy web interface under "Repositories"): + +```bash +git clone http://://.git +``` + +When prompted, enter your target platform credentials (see [Authentication and Personal Access Tokens](#authentication-and-personal-access-tokens) above). + +If you clone through GitProxy, `origin` will point to the GitProxy URL and you can push directly to `origin`. However, in many cases you will have cloned from elsewhere — the upstream platform, your personal fork, or an internal fork. In those cases, you need to add GitProxy as an additional remote. + +#### Adding a remote to an existing clone + +If you cloned from the upstream platform, your personal fork, or an internal fork, your `origin` remote will point to that source. Add GitProxy as a separate remote: + +```bash +cd /path/to/your/repository +git remote add proxy http://://.git +``` + +Verify the remote was added: + +```bash +git remote -v +``` + +You should now see both `origin` and `proxy`. + +#### Pushing through the proxy + +Once GitProxy is configured as a remote, push your changes to it: + +```bash +git push proxy +``` + +Or to push your current branch: + +```bash +git push proxy HEAD +``` + +**What happens next:** + +1. GitProxy intercepts your push and runs automated checks +2. If checks pass, you'll see a message indicating the push is awaiting approval +3. If checks fail, you'll see an error message explaining what needs to be fixed +4. Once a reviewer approves your contribution, push again to send changes upstream + +#### Request a review + +After pushing to GitProxy and passing all automated checks, your contribution enters a pending state awaiting manual review. + +**Finding the review link:** + +When your push passes all automated scans, GitProxy will output a URL for the review directly in your terminal as part of the git push response. Copy this link to share with a reviewer. + +Alternatively, find the review link through the GitProxy web interface: + +1. Log in to the GitProxy UI +2. Navigate to the "Pushes" or "Dashboard" tab +3. Find your pending contribution in the list + +**Notifying a reviewer:** + +GitProxy does not currently send email notifications for pending reviews. You will need to notify a reviewer directly — share the review link with them via your team's preferred channel. Reviewers for each project are listed in the project configuration in the GitProxy UI. + +**After review:** + +- If approved: Push again to send your changes to the upstream repository +- If rejected: Review the feedback, make necessary changes, commit them, and push again to create a new review request + +#### When approved, push again + +Once your contribution has been approved by a reviewer: + +1. Push the same branch again to GitProxy: + + ```bash + git push proxy + ``` + +2. GitProxy will recognize the approved push and forward it to the upstream repository +3. Your changes are now in the upstream repository and visible to the project maintainers + +:::warning +- You must push the exact same commits that were approved. +- If you make new commits after approval, they will require a new review. +- The approval is specific to the commit SHA(s) that were reviewed. +- After successful push to upstream, you can create a pull request on the target platform as normal. +::: + +### Reviewing contributions + +If you have reviewer permissions for a project in GitProxy, you can approve or reject contributions from other users. + +**Review process:** + +1. **Log in to GitProxy:** Navigate to your GitProxy web interface and authenticate +2. **View pending contributions:** Go to the "Pushes" or "Dashboard" tab to see contributions awaiting review +3. **Examine the contribution:** Click on a pending push to view: + - Full diff of all changes + - Commit messages and author information + - Results of automated security and quality checks + - Repository and branch information +4. **Complete the attestation:** Before approving, you must confirm the contribution complies with policies and is appropriate for the target repository +5. **Make a decision:** + - **Approve:** Click "Approve". The contributor can then push again to send changes upstream. + - **Reject:** Click "Reject" and provide clear feedback explaining what needs to be fixed. + +**Reviewer responsibilities:** + +- Ensure contributions don't contain sensitive organisational information or intellectual property +- Verify changes align with the target project's contribution guidelines +- Check that code quality meets acceptable standards +- Confirm no credentials, secrets, or PII are being exposed +- Provide constructive feedback when rejecting contributions + +### Troubleshooting + +**Git keeps asking for my credentials** + +If you're prompted for credentials on every git operation, the Git Credential Manager (GCM) may be disabled or misconfigured. + +Verify if your GCM configuration has been altered: + +```bash +git config --global --get credential.helper +``` + +If this returns anything, unset it so Git uses the system-level GCM: + +```bash +git config --global --unset credential.helper +``` + +Verify Git is now using the system-level GCM: + +```bash +git config --show-origin --get-all credential.helper +``` + +**The proxy is not accepting my credentials** + +Make sure that: + +- You are using the username for the SCM you're pushing through the proxy to (e.g., your GitHub username) +- You are using a Personal Access Token (PAT), not your password +- Your PAT is not expired +- Your PAT has the `repo` permissions scope enabled +- You have copied and pasted the PAT correctly + +**My push was blocked because a commit author is not a registered contributor** + +GitProxy checks that every commit in a push is authored by a user registered as a contributor on the repository. To resolve: + +1. **Add the author as a contributor** in GitProxy — contact your OSPO or Open Source leads. +2. **Remove the offending commit** from your branch using an interactive rebase: + + ```bash + git rebase -i HEAD~ + ``` + +**My push was blocked with a commit message error** + +Your commit messages contain forbidden patterns. To fix: + +1. Review the error message to identify which pattern was matched +2. Amend your commit messages: + + ```bash + git rebase -i HEAD~ + ``` + +3. Mark commits to edit, change the messages, and continue the rebase +4. Push again to GitProxy + +**My push was blocked by Gitleaks or diff scanning** + +Your code changes contain secrets, credentials, or sensitive patterns. To fix: + +1. Review the error message to identify what was detected +2. Remove the sensitive content from your code +3. If you accidentally committed secrets: + - Remove them from the code + - Rotate/revoke the exposed credentials immediately + - Use git rebase to remove them from history if needed +4. Commit the fixes and push again + +**My push was blocked because the repository is not authorized** + +The repository you're trying to push to is not in GitProxy's approved list. Contact your OSPO or Open Source leads to request the repository be added, providing the full repository URL and justification for access. + +**I can't log in to the GitProxy UI** + +Make sure that: + +- You have the required access to the GitProxy instance +- You are using the correct credentials for your organisation's authentication method (see [Authentication](#authentication)) +- You are accessing the correct URL for your GitProxy deployment + +:::info +The login method depends on your organisation's GitProxy configuration. It may use local accounts, Active Directory, or OIDC. Contact your OSPO or Open Source leads if you are unsure. +::: + +**My approved push is not going through** + +Ensure that: + +- You are pushing the exact same commits that were approved (same SHA) +- You haven't made additional commits since the approval +- Your credentials are still valid and not expired +- The upstream repository still exists and you have access to it + +**I'm getting SSL/TLS certificate errors** + +If you encounter certificate validation errors: + +1. Ensure you're using the correct GitProxy URL +2. Ensure that your SSL configuration is not `http.sslVerify=false` +3. Check that your system's certificate store is up to date +4. Contact your OSPO or Open Source leads if the issue persists + +**Encountering other git operation issues** + +If you encounter any other issues, gather the following diagnostic information: + +```bash +cd /path/to/your/repository +git remote -v +git config --list --show-origin +GIT_CURL_VERBOSE=1 GCM_TRACE=1 git push proxy +``` + +:::warning +Ensure there are no passwords in the output before sharing it. Review the output and redact any sensitive information. +::: + +**My commits are missing DCO sign-offs** + +Many open source projects require contributors to sign off their commits using the [Developer Certificate of Origin (DCO)](https://developercertificate.org). A DCO sign-off is a line at the end of each commit message: + +``` +Signed-off-by: Your Name +``` + +Check the project's `CONTRIBUTING.md` to determine whether DCO sign-offs are required. Projects hosted by foundations such as FINOS and the Linux Foundation typically require them. + +To sign off commits, add the `-s` flag: + +```bash +git commit -s -m "Your commit message" +``` + +To sign off every commit by default: + +```bash +git config --global format.signOff true +``` + +If you have already made commits without sign-offs, add them retroactively: + +```bash +git rebase --signoff HEAD~3 +``` + +Or to fix all commits since diverging from the default branch: + +```bash +git rebase --signoff main +``` + +:::warning +Rebasing changes the SHA hashes of the affected commits. If you have already pushed these commits through GitProxy and they have been approved, the rebased commits will be treated as a new push and will require a new approval. Plan your sign-offs before pushing through GitProxy where possible. +::: From b7fa94eb9d82b96f03ffb5dafc87724d93d2c798 Mon Sep 17 00:00:00 2001 From: Kris West Date: Fri, 8 May 2026 14:06:00 +0100 Subject: [PATCH 2/8] docs: improve advice on internal CAs --- website/docs/user-manual.mdx | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/website/docs/user-manual.mdx b/website/docs/user-manual.mdx index 4cf08cfe6..ce5a96e16 100644 --- a/website/docs/user-manual.mdx +++ b/website/docs/user-manual.mdx @@ -73,7 +73,7 @@ sequenceDiagram ``` 1. You'll usually need to [fork the project](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo) you wish to contribute to (unless you have write permissions to it on its host SCM). -2. GitProxy is configured for the forked project (with nominated contributors and reviewers), allowing you to clone, fetch and pull the project through the proxy. The GitProxy URL is added to your local clone as a *remote*. +2. GitProxy is configured for the forked project (with nominated contributors and reviewers), allowing you to clone, fetch and pull the project through the proxy. The GitProxy URL is added to your local clone as a _remote_. 3. (Optional) You can create an empty repo in your internal SCM platform and push the project into it to create an internal fork for collaboration with colleagues. 4. Create a feature branch within the project and start developing your contributions. @@ -168,7 +168,7 @@ In most cases you will not have write access to the upstream repository you wish - If you are the sole contributor from your organisation, you can [create a personal fork](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo) on the target SCM platform and have it added to GitProxy. - If multiple engineers will contribute to the same project, you can create an [internal fork](#do-you-need-to-collaborate-internally-creating-an-internal-fork) of the project in your internal SCM platform and collaborate on contributions there. One or two contributors can then push changes to the upstream project through GitProxy via their personal forks. Commits are individually attributed, so the person pushing will not appear to have done all the work — they merely delivered it to the upstream project. - - Alternatively, your OSPO or Open Source leads can create a shared fork on the target SCM platform owned by your organisation. This avoids routing contributions through personal forks and may be preferable for projects with many contributors. + - Alternatively, your OSPO or Open Source leads can create a shared fork on the target SCM platform owned by your organisation. This avoids routing contributions through personal forks and may be preferable for projects with many contributors. Forks should generally have the same name as the upstream project to avoid confusion. @@ -245,13 +245,13 @@ git config --global user.email "your.email@example.com" Your email must match the email registered in GitProxy. -**SSL certificate configuration:** +##### SSL certificate configuration -:::danger Do not disable SSL verification -Never set `http.sslVerify=false` — it is insecure and leaves you vulnerable to man-in-the-middle attacks. +:::tip Internal Certificate Authorities +If your organisation uses internal Certificate Authorities (CAs) for SSL certificates on internal infrastructure, tools like git may not recognise these CAs by default, causing certificate errors. If you encounter SSL errors, the advice in this section may help to resolve them. ::: -If your organisation uses internal Certificate Authorities (CAs) for SSL certificates on internal infrastructure, tools like git may not recognise these CAs by default, causing certificate errors. The correct fix is to configure git to use your operating system's certificate store, which includes the internal CAs. +If your organisation uses an internal Certificate Authority (CA) to issue the SSL certificates for you Git proxy server, your git client may need to be configured to use your operating system's certificate store. On a Windows machine, set the SSL backend to use the Windows system certificate store: @@ -298,11 +298,12 @@ SCMs will typically require: 6. Click "Generate token" and copy it immediately (you won't see it again) :::warning PAT security + - Your PAT must have the `repo` permission scope. - Keep your PAT secure and never commit it to a repository. - If your PAT expires, you'll need to generate a new one. - If you are prompted for credentials every time, check that your credential helper is configured. -::: + ::: This is separate from the credentials you use to log in to the GitProxy web interface for reviewing contributions and managing repositories. @@ -393,11 +394,12 @@ Once your contribution has been approved by a reviewer: 3. Your changes are now in the upstream repository and visible to the project maintainers :::warning + - You must push the exact same commits that were approved. - If you make new commits after approval, they will require a new review. - The approval is specific to the commit SHA(s) that were reviewed. - After successful push to upstream, you can create a pull request on the target platform as normal. -::: + ::: ### Reviewing contributions @@ -491,9 +493,9 @@ Your code changes contain secrets, credentials, or sensitive patterns. To fix: 1. Review the error message to identify what was detected 2. Remove the sensitive content from your code 3. If you accidentally committed secrets: - - Remove them from the code - - Rotate/revoke the exposed credentials immediately - - Use git rebase to remove them from history if needed + - Remove them from the code + - Rotate/revoke the exposed credentials immediately + - Use git rebase to remove them from history if needed 4. Commit the fixes and push again **My push was blocked because the repository is not authorized** From 809f139ea83dab184e3f32954c8a7c39cdd4aef6 Mon Sep 17 00:00:00 2001 From: Kris West Date: Fri, 8 May 2026 14:06:29 +0100 Subject: [PATCH 3/8] docs: add user manual to navigation --- website/sidebars.js | 1 + 1 file changed, 1 insertion(+) diff --git a/website/sidebars.js b/website/sidebars.js index df341fe77..405e9cde8 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -65,5 +65,6 @@ module.exports = { collapsed: false, items: ['development/contributing', 'development/plugins'], }, + 'user-manual', ], }; From 431a26d4348237c43772befb5c485482d09e7b4b Mon Sep 17 00:00:00 2001 From: Kris West Date: Fri, 8 May 2026 14:06:59 +0100 Subject: [PATCH 4/8] docs: add mermaid rendering support to docusaurus website --- website/docusaurus.config.js | 4 + website/package-lock.json | 1449 +++++++++++++++++++++++++++++++++- website/package.json | 2 + 3 files changed, 1412 insertions(+), 43 deletions(-) diff --git a/website/docusaurus.config.js b/website/docusaurus.config.js index 3cbc6bf55..092b236d7 100644 --- a/website/docusaurus.config.js +++ b/website/docusaurus.config.js @@ -194,4 +194,8 @@ module.exports = { }, ], ], + markdown: { + mermaid: true, + }, + themes: ['@docusaurus/theme-mermaid'], }; diff --git a/website/package-lock.json b/website/package-lock.json index bf8b2b468..aaaa405f0 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -8,6 +8,8 @@ "@docusaurus/core": "^3.10.0", "@docusaurus/plugin-google-gtag": "^3.10.0", "@docusaurus/preset-classic": "^3.10.0", + "@docusaurus/theme-mermaid": "^3.10.0", + "@mermaid-js/layout-elk": "^0.1.9", "ajv": "^8.17.1", "axios": "^1.13.4", "classnames": "^2.5.1", @@ -274,6 +276,20 @@ "node": ">= 14.0.0" } }, + "node_modules/@antfu/install-pkg": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@antfu/install-pkg/-/install-pkg-1.1.0.tgz", + "integrity": "sha512-MGQsmw10ZyI+EJo45CdSER4zEb+p31LpDAFp2Z3gkSd1yqVZGi0Ebx++YTEMonJy4oChEMLsxZ64j8FH6sSqtQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "package-manager-detector": "^1.3.0", + "tinyexec": "^1.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/antfu" + } + }, "node_modules/@babel/code-frame": { "version": "7.29.0", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz", @@ -2102,6 +2118,55 @@ "node": ">=6.9.0" } }, + "node_modules/@braintree/sanitize-url": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-7.1.2.tgz", + "integrity": "sha512-jigsZK+sMF/cuiB7sERuo9V7N9jx+dhmHHnQyDSVdpZwVutaBu7WvNYqMDLSgFgfB30n452TP3vjDAvFC973mA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@chevrotain/cst-dts-gen": { + "version": "12.0.0", + "resolved": "https://registry.npmjs.org/@chevrotain/cst-dts-gen/-/cst-dts-gen-12.0.0.tgz", + "integrity": "sha512-fSL4KXjTl7cDgf0B5Rip9Q05BOrYvkJV/RrBTE/bKDN096E4hN/ySpcBK5B24T76dlQ2i32Zc3PAE27jFnFrKg==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@chevrotain/gast": "12.0.0", + "@chevrotain/types": "12.0.0" + } + }, + "node_modules/@chevrotain/gast": { + "version": "12.0.0", + "resolved": "https://registry.npmjs.org/@chevrotain/gast/-/gast-12.0.0.tgz", + "integrity": "sha512-1ne/m3XsIT8aEdrvT33so0GUC+wkctpUPK6zU9IlOyJLUbR0rg4G7ZiApiJbggpgPir9ERy3FRjT6T7lpgetnQ==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@chevrotain/types": "12.0.0" + } + }, + "node_modules/@chevrotain/regexp-to-ast": { + "version": "12.0.0", + "resolved": "https://registry.npmjs.org/@chevrotain/regexp-to-ast/-/regexp-to-ast-12.0.0.tgz", + "integrity": "sha512-p+EW9MaJwgaHguhoqwOtx/FwuGr+DnNn857sXWOi/mClXIkPGl3rn7hGNWvo31HA3vyeQxjqe+H36yZJwYU8cA==", + "dev": true, + "license": "Apache-2.0" + }, + "node_modules/@chevrotain/types": { + "version": "12.0.0", + "resolved": "https://registry.npmjs.org/@chevrotain/types/-/types-12.0.0.tgz", + "integrity": "sha512-S+04vjFQKeuYw0/eW3U52LkAHQsB1ASxsPGsLPUyQgrZ2iNNibQrsidruDzjEX2JYfespXMG0eZmXlhA6z7nWA==", + "dev": true, + "license": "Apache-2.0" + }, + "node_modules/@chevrotain/utils": { + "version": "12.0.0", + "resolved": "https://registry.npmjs.org/@chevrotain/utils/-/utils-12.0.0.tgz", + "integrity": "sha512-lB59uJoaGIfOOL9knQqQRfhl9g7x8/wqFkp13zTdkRu1huG9kg6IJs1O8hqj9rs6h7orGxHJUKb+mX3rPbWGhA==", + "dev": true, + "license": "Apache-2.0" + }, "node_modules/@colors/colors": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz", @@ -4162,6 +4227,35 @@ "react-dom": "^18.0.0 || ^19.0.0" } }, + "node_modules/@docusaurus/theme-mermaid": { + "version": "3.10.1", + "resolved": "https://registry.npmjs.org/@docusaurus/theme-mermaid/-/theme-mermaid-3.10.1.tgz", + "integrity": "sha512-2gxpmln8Pc4EN1oWzshQEx2HTs67jk14v7MmgqGs8ZU7Nm8oihg+fTouof2u4vN8DtB3Fln4cDJu4UprSX1S3Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.10.1", + "@docusaurus/module-type-aliases": "3.10.1", + "@docusaurus/theme-common": "3.10.1", + "@docusaurus/types": "3.10.1", + "@docusaurus/utils-validation": "3.10.1", + "mermaid": ">=11.6.0", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=20.0" + }, + "peerDependencies": { + "@mermaid-js/layout-elk": "^0.1.9", + "react": "^18.0.0 || ^19.0.0", + "react-dom": "^18.0.0 || ^19.0.0" + }, + "peerDependenciesMeta": { + "@mermaid-js/layout-elk": { + "optional": true + } + } + }, "node_modules/@docusaurus/theme-search-algolia": { "version": "3.10.1", "resolved": "https://registry.npmjs.org/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.10.1.tgz", @@ -4565,6 +4659,25 @@ "url": "https://github.com/sponsors/nzakas" } }, + "node_modules/@iconify/types": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@iconify/types/-/types-2.0.0.tgz", + "integrity": "sha512-+wluvCrRhXrhyOmRDJ3q8mux9JkKy5SJ/v8ol2tu4FVjyYvtEzkc/3pK15ET6RKg4b4w4BmTk1+gsCUhf21Ykg==", + "dev": true, + "license": "MIT" + }, + "node_modules/@iconify/utils": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/@iconify/utils/-/utils-3.1.3.tgz", + "integrity": "sha512-LPKOXPn/zV+zis1oOfGWogaXVpqUybF3ZS6SCZIsz8vg0ivVp9+fVqyYB7xq0aiST/VhUQYGO1qo6uoYSiEJqw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@antfu/install-pkg": "^1.1.0", + "@iconify/types": "^2.0.0", + "import-meta-resolve": "^4.2.0" + } + }, "node_modules/@jest/schemas": { "version": "29.6.3", "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", @@ -5150,6 +5263,30 @@ "react": ">=16" } }, + "node_modules/@mermaid-js/layout-elk": { + "version": "0.1.9", + "resolved": "https://registry.npmjs.org/@mermaid-js/layout-elk/-/layout-elk-0.1.9.tgz", + "integrity": "sha512-HuvaqFZBr6yT9PpWYockvKAZPJVd89yn/UjOYPxhzbZxlybL2v+2BjVCg7MVH6vRs1irUohb/s42HEdec1CCZw==", + "dev": true, + "license": "MIT", + "dependencies": { + "d3": "^7.9.0", + "elkjs": "^0.9.3" + }, + "peerDependencies": { + "mermaid": "^11.0.2" + } + }, + "node_modules/@mermaid-js/parser": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@mermaid-js/parser/-/parser-1.1.0.tgz", + "integrity": "sha512-gxK9ZX2+Fex5zu8LhRQoMeMPEHbc73UKZ0FQ54YrQtUxE1VVhMwzeNtKRPAu5aXks4FasbMe4xB4bWrmq6Jlxw==", + "dev": true, + "license": "MIT", + "dependencies": { + "langium": "^4.0.0" + } + }, "node_modules/@mux/mux-data-google-ima": { "version": "0.3.17", "resolved": "https://registry.npmjs.org/@mux/mux-data-google-ima/-/mux-data-google-ima-0.3.17.tgz", @@ -5970,6 +6107,290 @@ "@types/node": "*" } }, + "node_modules/@types/d3": { + "version": "7.4.3", + "resolved": "https://registry.npmjs.org/@types/d3/-/d3-7.4.3.tgz", + "integrity": "sha512-lZXZ9ckh5R8uiFVt8ogUNf+pIrK4EsWrx2Np75WvF/eTpJ0FMHNhjXk8CKEx/+gpHbNQyJWehbFaTvqmHWB3ww==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/d3-array": "*", + "@types/d3-axis": "*", + "@types/d3-brush": "*", + "@types/d3-chord": "*", + "@types/d3-color": "*", + "@types/d3-contour": "*", + "@types/d3-delaunay": "*", + "@types/d3-dispatch": "*", + "@types/d3-drag": "*", + "@types/d3-dsv": "*", + "@types/d3-ease": "*", + "@types/d3-fetch": "*", + "@types/d3-force": "*", + "@types/d3-format": "*", + "@types/d3-geo": "*", + "@types/d3-hierarchy": "*", + "@types/d3-interpolate": "*", + "@types/d3-path": "*", + "@types/d3-polygon": "*", + "@types/d3-quadtree": "*", + "@types/d3-random": "*", + "@types/d3-scale": "*", + "@types/d3-scale-chromatic": "*", + "@types/d3-selection": "*", + "@types/d3-shape": "*", + "@types/d3-time": "*", + "@types/d3-time-format": "*", + "@types/d3-timer": "*", + "@types/d3-transition": "*", + "@types/d3-zoom": "*" + } + }, + "node_modules/@types/d3-array": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/@types/d3-array/-/d3-array-3.2.2.tgz", + "integrity": "sha512-hOLWVbm7uRza0BYXpIIW5pxfrKe0W+D5lrFiAEYR+pb6w3N2SwSMaJbXdUfSEv+dT4MfHBLtn5js0LAWaO6otw==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-axis": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@types/d3-axis/-/d3-axis-3.0.6.tgz", + "integrity": "sha512-pYeijfZuBd87T0hGn0FO1vQ/cgLk6E1ALJjfkC0oJ8cbwkZl3TpgS8bVBLZN+2jjGgg38epgxb2zmoGtSfvgMw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/d3-selection": "*" + } + }, + "node_modules/@types/d3-brush": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@types/d3-brush/-/d3-brush-3.0.6.tgz", + "integrity": "sha512-nH60IZNNxEcrh6L1ZSMNA28rj27ut/2ZmI3r96Zd+1jrZD++zD3LsMIjWlvg4AYrHn/Pqz4CF3veCxGjtbqt7A==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/d3-selection": "*" + } + }, + "node_modules/@types/d3-chord": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@types/d3-chord/-/d3-chord-3.0.6.tgz", + "integrity": "sha512-LFYWWd8nwfwEmTZG9PfQxd17HbNPksHBiJHaKuY1XeqscXacsS2tyoo6OdRsjf+NQYeB6XrNL3a25E3gH69lcg==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-color": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/@types/d3-color/-/d3-color-3.1.3.tgz", + "integrity": "sha512-iO90scth9WAbmgv7ogoq57O9YpKmFBbmoEoCHDB2xMBY0+/KVrqAaCDyCE16dUspeOvIxFFRI+0sEtqDqy2b4A==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-contour": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@types/d3-contour/-/d3-contour-3.0.6.tgz", + "integrity": "sha512-BjzLgXGnCWjUSYGfH1cpdo41/hgdWETu4YxpezoztawmqsvCeep+8QGfiY6YbDvfgHz/DkjeIkkZVJavB4a3rg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/d3-array": "*", + "@types/geojson": "*" + } + }, + "node_modules/@types/d3-delaunay": { + "version": "6.0.4", + "resolved": "https://registry.npmjs.org/@types/d3-delaunay/-/d3-delaunay-6.0.4.tgz", + "integrity": "sha512-ZMaSKu4THYCU6sV64Lhg6qjf1orxBthaC161plr5KuPHo3CNm8DTHiLw/5Eq2b6TsNP0W0iJrUOFscY6Q450Hw==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-dispatch": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/@types/d3-dispatch/-/d3-dispatch-3.0.7.tgz", + "integrity": "sha512-5o9OIAdKkhN1QItV2oqaE5KMIiXAvDWBDPrD85e58Qlz1c1kI/J0NcqbEG88CoTwJrYe7ntUCVfeUl2UJKbWgA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-drag": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/@types/d3-drag/-/d3-drag-3.0.7.tgz", + "integrity": "sha512-HE3jVKlzU9AaMazNufooRJ5ZpWmLIoc90A37WU2JMmeq28w1FQqCZswHZ3xR+SuxYftzHq6WU6KJHvqxKzTxxQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/d3-selection": "*" + } + }, + "node_modules/@types/d3-dsv": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/@types/d3-dsv/-/d3-dsv-3.0.7.tgz", + "integrity": "sha512-n6QBF9/+XASqcKK6waudgL0pf/S5XHPPI8APyMLLUHd8NqouBGLsU8MgtO7NINGtPBtk9Kko/W4ea0oAspwh9g==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-ease": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@types/d3-ease/-/d3-ease-3.0.2.tgz", + "integrity": "sha512-NcV1JjO5oDzoK26oMzbILE6HW7uVXOHLQvHshBUW4UMdZGfiY6v5BeQwh9a9tCzv+CeefZQHJt5SRgK154RtiA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-fetch": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/@types/d3-fetch/-/d3-fetch-3.0.7.tgz", + "integrity": "sha512-fTAfNmxSb9SOWNB9IoG5c8Hg6R+AzUHDRlsXsDZsNp6sxAEOP0tkP3gKkNSO/qmHPoBFTxNrjDprVHDQDvo5aA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/d3-dsv": "*" + } + }, + "node_modules/@types/d3-force": { + "version": "3.0.10", + "resolved": "https://registry.npmjs.org/@types/d3-force/-/d3-force-3.0.10.tgz", + "integrity": "sha512-ZYeSaCF3p73RdOKcjj+swRlZfnYpK1EbaDiYICEEp5Q6sUiqFaFQ9qgoshp5CzIyyb/yD09kD9o2zEltCexlgw==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-format": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@types/d3-format/-/d3-format-3.0.4.tgz", + "integrity": "sha512-fALi2aI6shfg7vM5KiR1wNJnZ7r6UuggVqtDA+xiEdPZQwy/trcQaHnwShLuLdta2rTymCNpxYTiMZX/e09F4g==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-geo": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@types/d3-geo/-/d3-geo-3.1.0.tgz", + "integrity": "sha512-856sckF0oP/diXtS4jNsiQw/UuK5fQG8l/a9VVLeSouf1/PPbBE1i1W852zVwKwYCBkFJJB7nCFTbk6UMEXBOQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/geojson": "*" + } + }, + "node_modules/@types/d3-hierarchy": { + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@types/d3-hierarchy/-/d3-hierarchy-3.1.7.tgz", + "integrity": "sha512-tJFtNoYBtRtkNysX1Xq4sxtjK8YgoWUNpIiUee0/jHGRwqvzYxkq0hGVbbOGSz+JgFxxRu4K8nb3YpG3CMARtg==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-interpolate": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@types/d3-interpolate/-/d3-interpolate-3.0.4.tgz", + "integrity": "sha512-mgLPETlrpVV1YRJIglr4Ez47g7Yxjl1lj7YKsiMCb27VJH9W8NVM6Bb9d8kkpG/uAQS5AmbA48q2IAolKKo1MA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/d3-color": "*" + } + }, + "node_modules/@types/d3-path": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@types/d3-path/-/d3-path-3.1.1.tgz", + "integrity": "sha512-VMZBYyQvbGmWyWVea0EHs/BwLgxc+MKi1zLDCONksozI4YJMcTt8ZEuIR4Sb1MMTE8MMW49v0IwI5+b7RmfWlg==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-polygon": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@types/d3-polygon/-/d3-polygon-3.0.2.tgz", + "integrity": "sha512-ZuWOtMaHCkN9xoeEMr1ubW2nGWsp4nIql+OPQRstu4ypeZ+zk3YKqQT0CXVe/PYqrKpZAi+J9mTs05TKwjXSRA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-quadtree": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@types/d3-quadtree/-/d3-quadtree-3.0.6.tgz", + "integrity": "sha512-oUzyO1/Zm6rsxKRHA1vH0NEDG58HrT5icx/azi9MF1TWdtttWl0UIUsjEQBBh+SIkrpd21ZjEv7ptxWys1ncsg==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-random": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/d3-random/-/d3-random-3.0.3.tgz", + "integrity": "sha512-Imagg1vJ3y76Y2ea0871wpabqp613+8/r0mCLEBfdtqC7xMSfj9idOnmBYyMoULfHePJyxMAw3nWhJxzc+LFwQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-scale": { + "version": "4.0.9", + "resolved": "https://registry.npmjs.org/@types/d3-scale/-/d3-scale-4.0.9.tgz", + "integrity": "sha512-dLmtwB8zkAeO/juAMfnV+sItKjlsw2lKdZVVy6LRr0cBmegxSABiLEpGVmSJJ8O08i4+sGR6qQtb6WtuwJdvVw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/d3-time": "*" + } + }, + "node_modules/@types/d3-scale-chromatic": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@types/d3-scale-chromatic/-/d3-scale-chromatic-3.1.0.tgz", + "integrity": "sha512-iWMJgwkK7yTRmWqRB5plb1kadXyQ5Sj8V/zYlFGMUBbIPKQScw+Dku9cAAMgJG+z5GYDoMjWGLVOvjghDEFnKQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-selection": { + "version": "3.0.11", + "resolved": "https://registry.npmjs.org/@types/d3-selection/-/d3-selection-3.0.11.tgz", + "integrity": "sha512-bhAXu23DJWsrI45xafYpkQ4NtcKMwWnAC/vKrd2l+nxMFuvOT3XMYTIj2opv8vq8AO5Yh7Qac/nSeP/3zjTK0w==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-shape": { + "version": "3.1.8", + "resolved": "https://registry.npmjs.org/@types/d3-shape/-/d3-shape-3.1.8.tgz", + "integrity": "sha512-lae0iWfcDeR7qt7rA88BNiqdvPS5pFVPpo5OfjElwNaT2yyekbM0C9vK+yqBqEmHr6lDkRnYNoTBYlAgJa7a4w==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/d3-path": "*" + } + }, + "node_modules/@types/d3-time": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@types/d3-time/-/d3-time-3.0.4.tgz", + "integrity": "sha512-yuzZug1nkAAaBlBBikKZTgzCeA+k1uy4ZFwWANOfKw5z5LRhV0gNA7gNkKm7HoK+HRN0wX3EkxGk0fpbWhmB7g==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-time-format": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/@types/d3-time-format/-/d3-time-format-4.0.3.tgz", + "integrity": "sha512-5xg9rC+wWL8kdDj153qZcsJ0FWiFt0J5RB6LYUNZjwSnesfblqrI/bJ1wBdJ8OQfncgbJG5+2F+qfqnqyzYxyg==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-timer": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@types/d3-timer/-/d3-timer-3.0.2.tgz", + "integrity": "sha512-Ps3T8E8dZDam6fUyNiMkekK3XUsaUEik+idO9/YjPtfj2qruF8tFBXS7XhtE4iIXBLxhmLjP3SXpLhVf21I9Lw==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/d3-transition": { + "version": "3.0.9", + "resolved": "https://registry.npmjs.org/@types/d3-transition/-/d3-transition-3.0.9.tgz", + "integrity": "sha512-uZS5shfxzO3rGlu0cC3bjmMFKsXv+SmZZcgp0KD22ts4uGXp5EVYGzu/0YdwZeKmddhcAccYtREJKkPfXkZuCg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/d3-selection": "*" + } + }, + "node_modules/@types/d3-zoom": { + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@types/d3-zoom/-/d3-zoom-3.0.8.tgz", + "integrity": "sha512-iqMC4/YlFCSlO8+2Ii1GGGliCAY4XdeG748w5vQUbevlbDu0zSjH/+jojorQVBK/se0j6DUFNPBGSqD3YWYnDw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/d3-interpolate": "*", + "@types/d3-selection": "*" + } + }, "node_modules/@types/debug": { "version": "4.1.13", "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.13.tgz", @@ -6045,6 +6466,13 @@ "@types/send": "*" } }, + "node_modules/@types/geojson": { + "version": "7946.0.16", + "resolved": "https://registry.npmjs.org/@types/geojson/-/geojson-7946.0.16.tgz", + "integrity": "sha512-6C8nqWur3j98U6+lXDfTUWIfgvZU+EumvpHKcYjujKH7woYyLj2sUmff0tRhrqM7BohUw7Pz3ZB1jj2gW9Fvmg==", + "dev": true, + "license": "MIT" + }, "node_modules/@types/gtag.js": { "version": "0.0.20", "resolved": "https://registry.npmjs.org/@types/gtag.js/-/gtag.js-0.0.20.tgz", @@ -6311,6 +6739,14 @@ "@types/node": "*" } }, + "node_modules/@types/trusted-types": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz", + "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==", + "dev": true, + "license": "MIT", + "optional": true + }, "node_modules/@types/unist": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz", @@ -6359,6 +6795,17 @@ "dev": true, "license": "ISC" }, + "node_modules/@upsetjs/venn.js": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@upsetjs/venn.js/-/venn.js-2.0.0.tgz", + "integrity": "sha512-WbBhLrooyePuQ1VZxrJjtLvTc4NVfpOyKx0sKqioq9bX1C1m7Jgykkn8gLrtwumBioXIqam8DLxp88Adbue6Hw==", + "dev": true, + "license": "MIT", + "optionalDependencies": { + "d3-selection": "^3.0.0", + "d3-transition": "^3.0.1" + } + }, "node_modules/@vimeo/player": { "version": "2.29.0", "resolved": "https://registry.npmjs.org/@vimeo/player/-/player-2.29.0.tgz", @@ -7782,6 +8229,36 @@ "url": "https://github.com/sponsors/fb55" } }, + "node_modules/chevrotain": { + "version": "12.0.0", + "resolved": "https://registry.npmjs.org/chevrotain/-/chevrotain-12.0.0.tgz", + "integrity": "sha512-csJvb+6kEiQaqo1woTdSAuOWdN0WTLIydkKrBnS+V5gZz0oqBrp4kQ35519QgK6TpBThiG3V1vNSHlIkv4AglQ==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@chevrotain/cst-dts-gen": "12.0.0", + "@chevrotain/gast": "12.0.0", + "@chevrotain/regexp-to-ast": "12.0.0", + "@chevrotain/types": "12.0.0", + "@chevrotain/utils": "12.0.0" + }, + "engines": { + "node": ">=22.0.0" + } + }, + "node_modules/chevrotain-allstar": { + "version": "0.4.3", + "resolved": "https://registry.npmjs.org/chevrotain-allstar/-/chevrotain-allstar-0.4.3.tgz", + "integrity": "sha512-2X4mkroolSMKqW+H22pyPMUVDqYZzPhephTmg/NODKb1IGYPHfxfhcW0EjS7wcPJNbze2i4vBWT7zT5FKF2lrQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "lodash-es": "^4.18.1" + }, + "peerDependencies": { + "chevrotain": "^12.0.0" + } + }, "node_modules/chokidar": { "version": "3.6.0", "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", @@ -8344,6 +8821,16 @@ "dev": true, "license": "MIT" }, + "node_modules/cose-base": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/cose-base/-/cose-base-1.0.3.tgz", + "integrity": "sha512-s9whTXInMSgAp/NVXVNuVxVKzGH2qck3aQlVHxDCdAEPgtMKwc4Wq6/QKhgdEdgbLSi9rBTAcPoRa6JpiG4ksg==", + "dev": true, + "license": "MIT", + "dependencies": { + "layout-base": "^1.0.0" + } + }, "node_modules/cosmiconfig": { "version": "8.3.6", "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-8.3.6.tgz", @@ -8770,74 +9257,638 @@ "postcss-unique-selectors": "^6.0.4" }, "engines": { - "node": "^14 || ^16 || >=18.0" + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/cssnano-utils": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/cssnano-utils/-/cssnano-utils-4.0.2.tgz", + "integrity": "sha512-ZR1jHg+wZ8o4c3zqf1SIUSTIvm/9mU343FMR6Obe/unskbvpGhZOo1J6d/r8D1pzkRQYuwbcH3hToOuoA2G7oQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/csso": { + "version": "5.0.5", + "resolved": "https://registry.npmjs.org/csso/-/csso-5.0.5.tgz", + "integrity": "sha512-0LrrStPOdJj+SPCCrGhzryycLjwcgUSHBtxNA8aIDxf0GLsRh1cKYhB00Gd1lDOS4yGH69+SNn13+TWbVHETFQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "css-tree": "~2.2.0" + }, + "engines": { + "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0", + "npm": ">=7.0.0" + } + }, + "node_modules/csso/node_modules/css-tree": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-2.2.1.tgz", + "integrity": "sha512-OA0mILzGc1kCOCSJerOeqDxDQ4HOh+G8NbOJFOTgOCzpw7fCBubk0fEyxp8AgOL/jvLgYA/uV0cMbe43ElF1JA==", + "dev": true, + "license": "MIT", + "dependencies": { + "mdn-data": "2.0.28", + "source-map-js": "^1.0.1" + }, + "engines": { + "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0", + "npm": ">=7.0.0" + } + }, + "node_modules/csso/node_modules/mdn-data": { + "version": "2.0.28", + "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.28.tgz", + "integrity": "sha512-aylIc7Z9y4yzHYAJNuESG3hfhC+0Ibp/MAMiaOZgNv4pmEdFyfZhhhny4MNiAfWdBQ1RQ2mfDWmM1x8SvGyp8g==", + "dev": true, + "license": "CC0-1.0" + }, + "node_modules/csstype": { + "version": "3.2.3", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz", + "integrity": "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/custom-media-element": { + "version": "1.4.6", + "resolved": "https://registry.npmjs.org/custom-media-element/-/custom-media-element-1.4.6.tgz", + "integrity": "sha512-/HRYqJOa1ob5ik4q7FIJVYxTJCFs/FL3+cQPAJjUf2uiqrDEzbTgB315gQ2rG8oK3w094W9m5tcB8S5Qah+caA==", + "dev": true, + "license": "MIT" + }, + "node_modules/cytoscape": { + "version": "3.33.3", + "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.33.3.tgz", + "integrity": "sha512-Gej7U+OKR+LZ8kvX7rb2HhCYJ0IhvEFsnkud4SB1PR+BUY/TsSO0dmOW59WEVLu51b1Rm+gQRKoz4bLYxGSZ2g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10" + } + }, + "node_modules/cytoscape-cose-bilkent": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/cytoscape-cose-bilkent/-/cytoscape-cose-bilkent-4.1.0.tgz", + "integrity": "sha512-wgQlVIUJF13Quxiv5e1gstZ08rnZj2XaLHGoFMYXz7SkNfCDOOteKBE6SYRfA9WxxI/iBc3ajfDoc6hb/MRAHQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "cose-base": "^1.0.0" + }, + "peerDependencies": { + "cytoscape": "^3.2.0" + } + }, + "node_modules/cytoscape-fcose": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/cytoscape-fcose/-/cytoscape-fcose-2.2.0.tgz", + "integrity": "sha512-ki1/VuRIHFCzxWNrsshHYPs6L7TvLu3DL+TyIGEsRcvVERmxokbf5Gdk7mFxZnTdiGtnA4cfSmjZJMviqSuZrQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "cose-base": "^2.2.0" + }, + "peerDependencies": { + "cytoscape": "^3.2.0" + } + }, + "node_modules/cytoscape-fcose/node_modules/cose-base": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/cose-base/-/cose-base-2.2.0.tgz", + "integrity": "sha512-AzlgcsCbUMymkADOJtQm3wO9S3ltPfYOFD5033keQn9NJzIbtnZj+UdBJe7DYml/8TdbtHJW3j58SOnKhWY/5g==", + "dev": true, + "license": "MIT", + "dependencies": { + "layout-base": "^2.0.0" + } + }, + "node_modules/cytoscape-fcose/node_modules/layout-base": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/layout-base/-/layout-base-2.0.1.tgz", + "integrity": "sha512-dp3s92+uNI1hWIpPGH3jK2kxE2lMjdXdr+DH8ynZHpd6PUlH6x6cbuXnoMmiNumznqaNO31xu9e79F0uuZ0JFg==", + "dev": true, + "license": "MIT" + }, + "node_modules/d3": { + "version": "7.9.0", + "resolved": "https://registry.npmjs.org/d3/-/d3-7.9.0.tgz", + "integrity": "sha512-e1U46jVP+w7Iut8Jt8ri1YsPOvFpg46k+K8TpCb0P+zjCkjkPnV7WzfDJzMHy1LnA+wj5pLT1wjO901gLXeEhA==", + "dev": true, + "license": "ISC", + "dependencies": { + "d3-array": "3", + "d3-axis": "3", + "d3-brush": "3", + "d3-chord": "3", + "d3-color": "3", + "d3-contour": "4", + "d3-delaunay": "6", + "d3-dispatch": "3", + "d3-drag": "3", + "d3-dsv": "3", + "d3-ease": "3", + "d3-fetch": "3", + "d3-force": "3", + "d3-format": "3", + "d3-geo": "3", + "d3-hierarchy": "3", + "d3-interpolate": "3", + "d3-path": "3", + "d3-polygon": "3", + "d3-quadtree": "3", + "d3-random": "3", + "d3-scale": "4", + "d3-scale-chromatic": "3", + "d3-selection": "3", + "d3-shape": "3", + "d3-time": "3", + "d3-time-format": "4", + "d3-timer": "3", + "d3-transition": "3", + "d3-zoom": "3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-array": { + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/d3-array/-/d3-array-3.2.4.tgz", + "integrity": "sha512-tdQAmyA18i4J7wprpYq8ClcxZy3SC31QMeByyCFyRt7BVHdREQZ5lpzoe5mFEYZUWe+oq8HBvk9JjpibyEV4Jg==", + "dev": true, + "license": "ISC", + "dependencies": { + "internmap": "1 - 2" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-axis": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/d3-axis/-/d3-axis-3.0.0.tgz", + "integrity": "sha512-IH5tgjV4jE/GhHkRV0HiVYPDtvfjHQlQfJHs0usq7M30XcSBvOotpmH1IgkcXsO/5gEQZD43B//fc7SRT5S+xw==", + "dev": true, + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-brush": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/d3-brush/-/d3-brush-3.0.0.tgz", + "integrity": "sha512-ALnjWlVYkXsVIGlOsuWH1+3udkYFI48Ljihfnh8FZPF2QS9o+PzGLBslO0PjzVoHLZ2KCVgAM8NVkXPJB2aNnQ==", + "dev": true, + "license": "ISC", + "dependencies": { + "d3-dispatch": "1 - 3", + "d3-drag": "2 - 3", + "d3-interpolate": "1 - 3", + "d3-selection": "3", + "d3-transition": "3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-chord": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-chord/-/d3-chord-3.0.1.tgz", + "integrity": "sha512-VE5S6TNa+j8msksl7HwjxMHDM2yNK3XCkusIlpX5kwauBfXuyLAtNg9jCp/iHH61tgI4sb6R/EIMWCqEIdjT/g==", + "dev": true, + "license": "ISC", + "dependencies": { + "d3-path": "1 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-color": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/d3-color/-/d3-color-3.1.0.tgz", + "integrity": "sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA==", + "dev": true, + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-contour": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/d3-contour/-/d3-contour-4.0.2.tgz", + "integrity": "sha512-4EzFTRIikzs47RGmdxbeUvLWtGedDUNkTcmzoeyg4sP/dvCexO47AaQL7VKy/gul85TOxw+IBgA8US2xwbToNA==", + "dev": true, + "license": "ISC", + "dependencies": { + "d3-array": "^3.2.0" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-delaunay": { + "version": "6.0.4", + "resolved": "https://registry.npmjs.org/d3-delaunay/-/d3-delaunay-6.0.4.tgz", + "integrity": "sha512-mdjtIZ1XLAM8bm/hx3WwjfHt6Sggek7qH043O8KEjDXN40xi3vx/6pYSVTwLjEgiXQTbvaouWKynLBiUZ6SK6A==", + "dev": true, + "license": "ISC", + "dependencies": { + "delaunator": "5" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-dispatch": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-dispatch/-/d3-dispatch-3.0.1.tgz", + "integrity": "sha512-rzUyPU/S7rwUflMyLc1ETDeBj0NRuHKKAcvukozwhshr6g6c5d8zh4c2gQjY2bZ0dXeGLWc1PF174P2tVvKhfg==", + "dev": true, + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-drag": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/d3-drag/-/d3-drag-3.0.0.tgz", + "integrity": "sha512-pWbUJLdETVA8lQNJecMxoXfH6x+mO2UQo8rSmZ+QqxcbyA3hfeprFgIT//HW2nlHChWeIIMwS2Fq+gEARkhTkg==", + "dev": true, + "license": "ISC", + "dependencies": { + "d3-dispatch": "1 - 3", + "d3-selection": "3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-dsv": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-dsv/-/d3-dsv-3.0.1.tgz", + "integrity": "sha512-UG6OvdI5afDIFP9w4G0mNq50dSOsXHJaRE8arAS5o9ApWnIElp8GZw1Dun8vP8OyHOZ/QJUKUJwxiiCCnUwm+Q==", + "dev": true, + "license": "ISC", + "dependencies": { + "commander": "7", + "iconv-lite": "0.6", + "rw": "1" + }, + "bin": { + "csv2json": "bin/dsv2json.js", + "csv2tsv": "bin/dsv2dsv.js", + "dsv2dsv": "bin/dsv2dsv.js", + "dsv2json": "bin/dsv2json.js", + "json2csv": "bin/json2dsv.js", + "json2dsv": "bin/json2dsv.js", + "json2tsv": "bin/json2dsv.js", + "tsv2csv": "bin/dsv2dsv.js", + "tsv2json": "bin/dsv2json.js" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-dsv/node_modules/commander": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", + "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 10" + } + }, + "node_modules/d3-dsv/node_modules/iconv-lite": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", + "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", + "dev": true, + "license": "MIT", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3.0.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/d3-ease": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-ease/-/d3-ease-3.0.1.tgz", + "integrity": "sha512-wR/XK3D3XcLIZwpbvQwQ5fK+8Ykds1ip7A2Txe0yxncXSdq1L9skcG7blcedkOX+ZcgxGAmLX1FrRGbADwzi0w==", + "dev": true, + "license": "BSD-3-Clause", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-fetch": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-fetch/-/d3-fetch-3.0.1.tgz", + "integrity": "sha512-kpkQIM20n3oLVBKGg6oHrUchHM3xODkTzjMoj7aWQFq5QEM+R6E4WkzT5+tojDY7yjez8KgCBRoj4aEr99Fdqw==", + "dev": true, + "license": "ISC", + "dependencies": { + "d3-dsv": "1 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-force": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/d3-force/-/d3-force-3.0.0.tgz", + "integrity": "sha512-zxV/SsA+U4yte8051P4ECydjD/S+qeYtnaIyAs9tgHCqfguma/aAQDjo85A9Z6EKhBirHRJHXIgJUlffT4wdLg==", + "dev": true, + "license": "ISC", + "dependencies": { + "d3-dispatch": "1 - 3", + "d3-quadtree": "1 - 3", + "d3-timer": "1 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-format": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/d3-format/-/d3-format-3.1.2.tgz", + "integrity": "sha512-AJDdYOdnyRDV5b6ArilzCPPwc1ejkHcoyFarqlPqT7zRYjhavcT3uSrqcMvsgh2CgoPbK3RCwyHaVyxYcP2Arg==", + "dev": true, + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-geo": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/d3-geo/-/d3-geo-3.1.1.tgz", + "integrity": "sha512-637ln3gXKXOwhalDzinUgY83KzNWZRKbYubaG+fGVuc/dxO64RRljtCTnf5ecMyE1RIdtqpkVcq0IbtU2S8j2Q==", + "dev": true, + "license": "ISC", + "dependencies": { + "d3-array": "2.5.0 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-hierarchy": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/d3-hierarchy/-/d3-hierarchy-3.1.2.tgz", + "integrity": "sha512-FX/9frcub54beBdugHjDCdikxThEqjnR93Qt7PvQTOHxyiNCAlvMrHhclk3cD5VeAaq9fxmfRp+CnWw9rEMBuA==", + "dev": true, + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-interpolate": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-interpolate/-/d3-interpolate-3.0.1.tgz", + "integrity": "sha512-3bYs1rOD33uo8aqJfKP3JWPAibgw8Zm2+L9vBKEHJ2Rg+viTR7o5Mmv5mZcieN+FRYaAOWX5SJATX6k1PWz72g==", + "dev": true, + "license": "ISC", + "dependencies": { + "d3-color": "1 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-path": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/d3-path/-/d3-path-3.1.0.tgz", + "integrity": "sha512-p3KP5HCf/bvjBSSKuXid6Zqijx7wIfNW+J/maPs+iwR35at5JCbLUT0LzF1cnjbCHWhqzQTIN2Jpe8pRebIEFQ==", + "dev": true, + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-polygon": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-polygon/-/d3-polygon-3.0.1.tgz", + "integrity": "sha512-3vbA7vXYwfe1SYhED++fPUQlWSYTTGmFmQiany/gdbiWgU/iEyQzyymwL9SkJjFFuCS4902BSzewVGsHHmHtXg==", + "dev": true, + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-quadtree": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-quadtree/-/d3-quadtree-3.0.1.tgz", + "integrity": "sha512-04xDrxQTDTCFwP5H6hRhsRcb9xxv2RzkcsygFzmkSIOJy3PeRJP7sNk3VRIbKXcog561P9oU0/rVH6vDROAgUw==", + "dev": true, + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-random": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-random/-/d3-random-3.0.1.tgz", + "integrity": "sha512-FXMe9GfxTxqd5D6jFsQ+DJ8BJS4E/fT5mqqdjovykEB2oFbTMDVdg1MGFxfQW+FBOGoB++k8swBrgwSHT1cUXQ==", + "dev": true, + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-sankey": { + "version": "0.12.3", + "resolved": "https://registry.npmjs.org/d3-sankey/-/d3-sankey-0.12.3.tgz", + "integrity": "sha512-nQhsBRmM19Ax5xEIPLMY9ZmJ/cDvd1BG3UVvt5h3WRxKg5zGRbvnteTyWAbzeSvlh3tW7ZEmq4VwR5mB3tutmQ==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "d3-array": "1 - 2", + "d3-shape": "^1.2.0" + } + }, + "node_modules/d3-sankey/node_modules/d3-array": { + "version": "2.12.1", + "resolved": "https://registry.npmjs.org/d3-array/-/d3-array-2.12.1.tgz", + "integrity": "sha512-B0ErZK/66mHtEsR1TkPEEkwdy+WDesimkM5gpZr5Dsg54BiTA5RXtYW5qTLIAcekaS9xfZrzBLF/OAkB3Qn1YQ==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "internmap": "^1.0.0" + } + }, + "node_modules/d3-sankey/node_modules/d3-path": { + "version": "1.0.9", + "resolved": "https://registry.npmjs.org/d3-path/-/d3-path-1.0.9.tgz", + "integrity": "sha512-VLaYcn81dtHVTjEHd8B+pbe9yHWpXKZUC87PzoFmsFrJqgFwDe/qxfp5MlfsfM1V5E/iVt0MmEbWQ7FVIXh/bg==", + "dev": true, + "license": "BSD-3-Clause" + }, + "node_modules/d3-sankey/node_modules/d3-shape": { + "version": "1.3.7", + "resolved": "https://registry.npmjs.org/d3-shape/-/d3-shape-1.3.7.tgz", + "integrity": "sha512-EUkvKjqPFUAZyOlhY5gzCxCeI0Aep04LwIRpsZ/mLFelJiUfnK56jo5JMDSE7yyP2kLSb6LtF+S5chMk7uqPqw==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "d3-path": "1" + } + }, + "node_modules/d3-sankey/node_modules/internmap": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/internmap/-/internmap-1.0.1.tgz", + "integrity": "sha512-lDB5YccMydFBtasVtxnZ3MRBHuaoE8GKsppq+EchKL2U4nK/DmEpPHNH8MZe5HkMtpSiTSOZwfN0tzYjO/lJEw==", + "dev": true, + "license": "ISC" + }, + "node_modules/d3-scale": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/d3-scale/-/d3-scale-4.0.2.tgz", + "integrity": "sha512-GZW464g1SH7ag3Y7hXjf8RoUuAFIqklOAq3MRl4OaWabTFJY9PN/E1YklhXLh+OQ3fM9yS2nOkCoS+WLZ6kvxQ==", + "dev": true, + "license": "ISC", + "dependencies": { + "d3-array": "2.10.0 - 3", + "d3-format": "1 - 3", + "d3-interpolate": "1.2.0 - 3", + "d3-time": "2.1.1 - 3", + "d3-time-format": "2 - 4" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-scale-chromatic": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/d3-scale-chromatic/-/d3-scale-chromatic-3.1.0.tgz", + "integrity": "sha512-A3s5PWiZ9YCXFye1o246KoscMWqf8BsD9eRiJ3He7C9OBaxKhAd5TFCdEx/7VbKtxxTsu//1mMJFrEt572cEyQ==", + "dev": true, + "license": "ISC", + "dependencies": { + "d3-color": "1 - 3", + "d3-interpolate": "1 - 3" }, - "peerDependencies": { - "postcss": "^8.4.31" + "engines": { + "node": ">=12" } }, - "node_modules/cssnano-utils": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/cssnano-utils/-/cssnano-utils-4.0.2.tgz", - "integrity": "sha512-ZR1jHg+wZ8o4c3zqf1SIUSTIvm/9mU343FMR6Obe/unskbvpGhZOo1J6d/r8D1pzkRQYuwbcH3hToOuoA2G7oQ==", + "node_modules/d3-selection": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/d3-selection/-/d3-selection-3.0.0.tgz", + "integrity": "sha512-fmTRWbNMmsmWq6xJV8D19U/gw/bwrHfNXxrIN+HfZgnzqTHp9jOmKMhsTUjXOJnZOdZY9Q28y4yebKzqDKlxlQ==", "dev": true, - "license": "MIT", + "license": "ISC", "engines": { - "node": "^14 || ^16 || >=18.0" + "node": ">=12" + } + }, + "node_modules/d3-shape": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/d3-shape/-/d3-shape-3.2.0.tgz", + "integrity": "sha512-SaLBuwGm3MOViRq2ABk3eLoxwZELpH6zhl3FbAoJ7Vm1gofKx6El1Ib5z23NUEhF9AsGl7y+dzLe5Cw2AArGTA==", + "dev": true, + "license": "ISC", + "dependencies": { + "d3-path": "^3.1.0" }, - "peerDependencies": { - "postcss": "^8.4.31" + "engines": { + "node": ">=12" } }, - "node_modules/csso": { - "version": "5.0.5", - "resolved": "https://registry.npmjs.org/csso/-/csso-5.0.5.tgz", - "integrity": "sha512-0LrrStPOdJj+SPCCrGhzryycLjwcgUSHBtxNA8aIDxf0GLsRh1cKYhB00Gd1lDOS4yGH69+SNn13+TWbVHETFQ==", + "node_modules/d3-time": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/d3-time/-/d3-time-3.1.0.tgz", + "integrity": "sha512-VqKjzBLejbSMT4IgbmVgDjpkYrNWUYJnbCGo874u7MMKIWsILRX+OpX/gTk8MqjpT1A/c6HY2dCA77ZN0lkQ2Q==", "dev": true, - "license": "MIT", + "license": "ISC", "dependencies": { - "css-tree": "~2.2.0" + "d3-array": "2 - 3" }, "engines": { - "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0", - "npm": ">=7.0.0" + "node": ">=12" } }, - "node_modules/csso/node_modules/css-tree": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-2.2.1.tgz", - "integrity": "sha512-OA0mILzGc1kCOCSJerOeqDxDQ4HOh+G8NbOJFOTgOCzpw7fCBubk0fEyxp8AgOL/jvLgYA/uV0cMbe43ElF1JA==", + "node_modules/d3-time-format": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/d3-time-format/-/d3-time-format-4.1.0.tgz", + "integrity": "sha512-dJxPBlzC7NugB2PDLwo9Q8JiTR3M3e4/XANkreKSUxF8vvXKqm1Yfq4Q5dl8budlunRVlUUaDUgFt7eA8D6NLg==", "dev": true, - "license": "MIT", + "license": "ISC", "dependencies": { - "mdn-data": "2.0.28", - "source-map-js": "^1.0.1" + "d3-time": "1 - 3" }, "engines": { - "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0", - "npm": ">=7.0.0" + "node": ">=12" } }, - "node_modules/csso/node_modules/mdn-data": { - "version": "2.0.28", - "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.28.tgz", - "integrity": "sha512-aylIc7Z9y4yzHYAJNuESG3hfhC+0Ibp/MAMiaOZgNv4pmEdFyfZhhhny4MNiAfWdBQ1RQ2mfDWmM1x8SvGyp8g==", + "node_modules/d3-timer": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-timer/-/d3-timer-3.0.1.tgz", + "integrity": "sha512-ndfJ/JxxMd3nw31uyKoY2naivF+r29V+Lc0svZxe1JvvIRmi8hUsrMvdOwgS1o6uBHmiz91geQ0ylPP0aj1VUA==", "dev": true, - "license": "CC0-1.0" + "license": "ISC", + "engines": { + "node": ">=12" + } }, - "node_modules/csstype": { - "version": "3.2.3", - "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz", - "integrity": "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==", + "node_modules/d3-transition": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-transition/-/d3-transition-3.0.1.tgz", + "integrity": "sha512-ApKvfjsSR6tg06xrL434C0WydLr7JewBB3V+/39RMHsaXTOG0zmt/OAXeng5M5LBm0ojmxJrpomQVZ1aPvBL4w==", "dev": true, - "license": "MIT" + "license": "ISC", + "dependencies": { + "d3-color": "1 - 3", + "d3-dispatch": "1 - 3", + "d3-ease": "1 - 3", + "d3-interpolate": "1 - 3", + "d3-timer": "1 - 3" + }, + "engines": { + "node": ">=12" + }, + "peerDependencies": { + "d3-selection": "2 - 3" + } }, - "node_modules/custom-media-element": { - "version": "1.4.6", - "resolved": "https://registry.npmjs.org/custom-media-element/-/custom-media-element-1.4.6.tgz", - "integrity": "sha512-/HRYqJOa1ob5ik4q7FIJVYxTJCFs/FL3+cQPAJjUf2uiqrDEzbTgB315gQ2rG8oK3w094W9m5tcB8S5Qah+caA==", + "node_modules/d3-zoom": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/d3-zoom/-/d3-zoom-3.0.0.tgz", + "integrity": "sha512-b8AmV3kfQaqWAuacbPuNbL6vahnOJflOhexLzMMNLga62+/nh0JzvJ0aO/5a5MVgUFGS7Hu1P9P03o3fJkDCyw==", "dev": true, - "license": "MIT" + "license": "ISC", + "dependencies": { + "d3-dispatch": "1 - 3", + "d3-drag": "2 - 3", + "d3-interpolate": "1 - 3", + "d3-selection": "2 - 3", + "d3-transition": "2 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/dagre-d3-es": { + "version": "7.0.14", + "resolved": "https://registry.npmjs.org/dagre-d3-es/-/dagre-d3-es-7.0.14.tgz", + "integrity": "sha512-P4rFMVq9ESWqmOgK+dlXvOtLwYg0i7u0HBGJER0LZDJT2VHIPAMZ/riPxqJceWMStH5+E61QxFra9kIS3AqdMg==", + "dev": true, + "license": "MIT", + "dependencies": { + "d3": "^7.9.0", + "lodash-es": "^4.17.21" + } }, "node_modules/dash-video-element": { "version": "0.3.2", @@ -8930,6 +9981,13 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/dayjs": { + "version": "1.11.20", + "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.20.tgz", + "integrity": "sha512-YbwwqR/uYpeoP4pu043q+LTDLFBLApUP6VxRihdfNTqu4ubqMlGDLd6ErXhEgsyvY0K6nCs7nggYumAN+9uEuQ==", + "dev": true, + "license": "MIT" + }, "node_modules/debounce": { "version": "1.2.1", "resolved": "https://registry.npmjs.org/debounce/-/debounce-1.2.1.tgz", @@ -9111,6 +10169,16 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/delaunator": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/delaunator/-/delaunator-5.1.0.tgz", + "integrity": "sha512-AGrQ4QSgssa1NGmWmLPqN5NY2KajF5MqxetNEO+o0n3ZwZZeTmt7bBnvzHWrmkZFxGgr4HdyFgelzgi06otLuQ==", + "dev": true, + "license": "ISC", + "dependencies": { + "robust-predicates": "^3.0.2" + } + }, "node_modules/delayed-stream": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", @@ -9284,6 +10352,16 @@ "url": "https://github.com/fb55/domhandler?sponsor=1" } }, + "node_modules/dompurify": { + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.2.tgz", + "integrity": "sha512-lHeS9SA/IKeIFFyYciHBr2n0v1VMPlSj843HdLOwjb2OxNwdq9Xykxqhk+FE42MzAdHvInbAolSE4mhahPpjXA==", + "dev": true, + "license": "(MPL-2.0 OR Apache-2.0)", + "optionalDependencies": { + "@types/trusted-types": "^2.0.7" + } + }, "node_modules/domutils": { "version": "3.2.2", "resolved": "https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz", @@ -9379,6 +10457,13 @@ "dev": true, "license": "ISC" }, + "node_modules/elkjs": { + "version": "0.9.3", + "resolved": "https://registry.npmjs.org/elkjs/-/elkjs-0.9.3.tgz", + "integrity": "sha512-f/ZeWvW/BCXbhGEf1Ujp29EASo/lk1FDnETgNKwJrsVvGZhUWCZyg3xLJjAsxfOmt8KjswHmI5EwCQcPMpOYhQ==", + "dev": true, + "license": "EPL-2.0" + }, "node_modules/emoji-regex": { "version": "9.2.2", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", @@ -11103,6 +12188,13 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/hachure-fill": { + "version": "0.5.2", + "resolved": "https://registry.npmjs.org/hachure-fill/-/hachure-fill-0.5.2.tgz", + "integrity": "sha512-3GKBOn+m2LX9iq+JC1064cSFprJY4jL1jCXTcpnfER5HYE2l/4EfWSGzkPa/ZDBmYI0ZOEj5VHV/eKnPGkHuOg==", + "dev": true, + "license": "MIT" + }, "node_modules/handle-thing": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/handle-thing/-/handle-thing-2.0.1.tgz", @@ -11871,6 +12963,17 @@ "node": ">=8" } }, + "node_modules/import-meta-resolve": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/import-meta-resolve/-/import-meta-resolve-4.2.0.tgz", + "integrity": "sha512-Iqv2fzaTQN28s/FwZAoFq0ZSs/7hMAHJVX+w8PZl3cY19Pxk6jFFalxQoIfW2826i/fDLXv8IiEZRIT0lDuWcg==", + "dev": true, + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, "node_modules/imsc": { "version": "1.1.5", "resolved": "https://registry.npmjs.org/imsc/-/imsc-1.1.5.tgz", @@ -11950,6 +13053,16 @@ "node": ">= 0.4" } }, + "node_modules/internmap": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/internmap/-/internmap-2.0.3.tgz", + "integrity": "sha512-5Hh7Y1wQbvY5ooGgPbDaL5iYLAPzMTUrjMulskHLH6wnv/A+1q5rgEaiuqEjB+oxGXIVZs1FF+R/KPN3ZSQYYg==", + "dev": true, + "license": "ISC", + "engines": { + "node": ">=12" + } + }, "node_modules/invariant": { "version": "2.2.4", "resolved": "https://registry.npmjs.org/invariant/-/invariant-2.2.4.tgz", @@ -12885,6 +13998,33 @@ "node": ">=4.0" } }, + "node_modules/katex": { + "version": "0.16.45", + "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.45.tgz", + "integrity": "sha512-pQpZbdBu7wCTmQUh7ufPmLr0pFoObnGUoL/yhtwJDgmmQpbkg/0HSVti25Fu4rmd1oCR6NGWe9vqTWuWv3GcNA==", + "dev": true, + "funding": [ + "https://opencollective.com/katex", + "https://github.com/sponsors/katex" + ], + "license": "MIT", + "dependencies": { + "commander": "^8.3.0" + }, + "bin": { + "katex": "cli.js" + } + }, + "node_modules/katex/node_modules/commander": { + "version": "8.3.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz", + "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 12" + } + }, "node_modules/keyv": { "version": "4.5.4", "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", @@ -12895,6 +14035,12 @@ "json-buffer": "3.0.1" } }, + "node_modules/khroma": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/khroma/-/khroma-2.1.0.tgz", + "integrity": "sha512-Ls993zuzfayK269Svk9hzpeGUKob/sIgZzyHYdjQoAdQetRKpOLj+k/QQQ/6Qi0Yz65mlROrfd+Ev+1+7dz9Kw==", + "dev": true + }, "node_modules/kind-of": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", @@ -12915,6 +14061,25 @@ "node": ">=6" } }, + "node_modules/langium": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/langium/-/langium-4.2.3.tgz", + "integrity": "sha512-sOPIi4hISFnY7twwV97ca1TsxpBtXq0URu/LL1AvxwccPG/RIBBlKS7a/f/EL6w8lTNaS0EFs/F+IdSOaqYpng==", + "dev": true, + "license": "MIT", + "dependencies": { + "@chevrotain/regexp-to-ast": "~12.0.0", + "chevrotain": "~12.0.0", + "chevrotain-allstar": "~0.4.3", + "vscode-languageserver": "~9.0.1", + "vscode-languageserver-textdocument": "~1.0.11", + "vscode-uri": "~3.1.0" + }, + "engines": { + "node": ">=20.10.0", + "npm": ">=10.2.3" + } + }, "node_modules/latest-version": { "version": "7.0.0", "resolved": "https://registry.npmjs.org/latest-version/-/latest-version-7.0.0.tgz", @@ -12942,6 +14107,13 @@ "shell-quote": "^1.8.3" } }, + "node_modules/layout-base": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/layout-base/-/layout-base-1.0.2.tgz", + "integrity": "sha512-8h2oVEZNktL4BH2JCOI90iD1yXwL6iNW7KcCKT2QZgQJR2vbqDsldCTPRU9NifTCqHZci57XvQQ15YTu+sTYPg==", + "dev": true, + "license": "MIT" + }, "node_modules/leven": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", @@ -13065,6 +14237,13 @@ "dev": true, "license": "MIT" }, + "node_modules/lodash-es": { + "version": "4.18.1", + "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.18.1.tgz", + "integrity": "sha512-J8xewKD/Gk22OZbhpOVSwcs60zhd95ESDwezOFuA3/099925PdHJ7OFHNTGtajL3AlZkykD32HykiMo+BIBI8A==", + "dev": true, + "license": "MIT" + }, "node_modules/lodash.debounce": { "version": "4.0.8", "resolved": "https://registry.npmjs.org/lodash.debounce/-/lodash.debounce-4.0.8.tgz", @@ -13174,6 +14353,19 @@ "url": "https://github.com/sponsors/wooorm" } }, + "node_modules/marked": { + "version": "16.4.2", + "resolved": "https://registry.npmjs.org/marked/-/marked-16.4.2.tgz", + "integrity": "sha512-TI3V8YYWvkVf3KJe1dRkpnjs68JUPyEa5vjKrp1XEEJUAOaQc+Qj+L1qWbPd0SJuAdQkFU0h73sXXqwDYxsiDA==", + "dev": true, + "license": "MIT", + "bin": { + "marked": "bin/marked.js" + }, + "engines": { + "node": ">= 20" + } + }, "node_modules/math-intrinsics": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", @@ -13707,6 +14899,36 @@ "node": ">= 8" } }, + "node_modules/mermaid": { + "version": "11.14.0", + "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.14.0.tgz", + "integrity": "sha512-GSGloRsBs+JINmmhl0JDwjpuezCsHB4WGI4NASHxL3fHo3o/BRXTxhDLKnln8/Q0lRFRyDdEjmk1/d5Sn1Xz8g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@braintree/sanitize-url": "^7.1.1", + "@iconify/utils": "^3.0.2", + "@mermaid-js/parser": "^1.1.0", + "@types/d3": "^7.4.3", + "@upsetjs/venn.js": "^2.0.0", + "cytoscape": "^3.33.1", + "cytoscape-cose-bilkent": "^4.1.0", + "cytoscape-fcose": "^2.2.0", + "d3": "^7.9.0", + "d3-sankey": "^0.12.3", + "dagre-d3-es": "7.0.14", + "dayjs": "^1.11.19", + "dompurify": "^3.3.1", + "katex": "^0.16.25", + "khroma": "^2.1.0", + "lodash-es": "^4.17.23", + "marked": "^16.3.0", + "roughjs": "^4.6.6", + "stylis": "^4.3.6", + "ts-dedent": "^2.2.0", + "uuid": "^11.1.0" + } + }, "node_modules/methods": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", @@ -16353,6 +17575,13 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/package-manager-detector": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/package-manager-detector/-/package-manager-detector-1.6.0.tgz", + "integrity": "sha512-61A5ThoTiDG/C8s8UMZwSorAGwMJ0ERVGj2OjoW5pAalsNOg15+iQiPzrLJ4jhZ1HJzmC2PIHT2oEiH3R5fzNA==", + "dev": true, + "license": "MIT" + }, "node_modules/param-case": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", @@ -16498,6 +17727,13 @@ "dev": true, "license": "MIT" }, + "node_modules/path-data-parser": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/path-data-parser/-/path-data-parser-0.1.0.tgz", + "integrity": "sha512-NOnmBpt5Y2RWbuv0LMzsayp3lVylAHLPUTut412ZA3l+C4uw4ZVkQbjShYCQ8TCpUMdPapr4YjUqLYD6v68j+w==", + "dev": true, + "license": "MIT" + }, "node_modules/path-exists": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", @@ -16711,6 +17947,24 @@ "media-chrome": "~4.19.0" } }, + "node_modules/points-on-curve": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/points-on-curve/-/points-on-curve-0.2.0.tgz", + "integrity": "sha512-0mYKnYYe9ZcqMCWhUjItv/oHjvgEsfKvnUTg8sAtnHr3GVy7rGkXCb6d5cSyqrWqL4k81b9CPg3urd+T7aop3A==", + "dev": true, + "license": "MIT" + }, + "node_modules/points-on-path": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/points-on-path/-/points-on-path-0.2.1.tgz", + "integrity": "sha512-25ClnWWuw7JbWZcgqY/gJ4FQWadKxGWk+3kR/7kD0tCaDtPPMj7oHu2ToLaVhfpnHrZzYby2w6tUA0eOIuUg8g==", + "dev": true, + "license": "MIT", + "dependencies": { + "path-data-parser": "0.1.0", + "points-on-curve": "0.2.0" + } + }, "node_modules/possible-typed-array-names": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/possible-typed-array-names/-/possible-typed-array-names-1.1.0.tgz", @@ -19430,6 +20684,26 @@ "node": ">=0.10.0" } }, + "node_modules/robust-predicates": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/robust-predicates/-/robust-predicates-3.0.3.tgz", + "integrity": "sha512-NS3levdsRIUOmiJ8FZWCP7LG3QpJyrs/TE0Zpf1yvZu8cAJJ6QMW92H1c7kWpdIHo8RvmLxN/o2JXTKHp74lUA==", + "dev": true, + "license": "Unlicense" + }, + "node_modules/roughjs": { + "version": "4.6.6", + "resolved": "https://registry.npmjs.org/roughjs/-/roughjs-4.6.6.tgz", + "integrity": "sha512-ZUz/69+SYpFN/g/lUlo2FXcIjRkSu3nDarreVdGGndHEBJ6cXPdKguS8JGxwj5HA5xIbVKSmLgr5b3AWxtRfvQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "hachure-fill": "^0.5.2", + "path-data-parser": "^0.1.0", + "points-on-curve": "^0.2.0", + "points-on-path": "^0.2.1" + } + }, "node_modules/rtlcss": { "version": "4.3.0", "resolved": "https://registry.npmjs.org/rtlcss/-/rtlcss-4.3.0.tgz", @@ -19486,6 +20760,13 @@ "queue-microtask": "^1.2.2" } }, + "node_modules/rw": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/rw/-/rw-1.3.3.tgz", + "integrity": "sha512-PdhdWy89SiZogBLaw42zdeqtRJ//zFd2PgQavcICDUgJT5oW10QCRKbJ6bg4r0/UY2M6BWd5tkxuGFRvCkgfHQ==", + "dev": true, + "license": "BSD-3-Clause" + }, "node_modules/safe-array-concat": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/safe-array-concat/-/safe-array-concat-1.1.4.tgz", @@ -20640,6 +21921,13 @@ "postcss": "^8.4.31" } }, + "node_modules/stylis": { + "version": "4.4.0", + "resolved": "https://registry.npmjs.org/stylis/-/stylis-4.4.0.tgz", + "integrity": "sha512-5Z9ZpRzfuH6l/UAvCPAPUo3665Nk2wLaZU3x+TLHKVzIz33+sbJqbtrYoC3KD4/uVOr2Zp+L0LySezP9OHV9yA==", + "dev": true, + "license": "MIT" + }, "node_modules/super-media-element": { "version": "1.4.2", "resolved": "https://registry.npmjs.org/super-media-element/-/super-media-element-1.4.2.tgz", @@ -20876,6 +22164,16 @@ "dev": true, "license": "MIT" }, + "node_modules/tinyexec": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-1.1.2.tgz", + "integrity": "sha512-dAqSqE/RabpBKI8+h26GfLq6Vb3JVXs30XYQjdMjaj/c2tS8IYYMbIzP599KtRj7c57/wYApb3QjgRgXmrCukA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + } + }, "node_modules/tinypool": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-1.1.1.tgz", @@ -20958,6 +22256,16 @@ "url": "https://github.com/sponsors/wooorm" } }, + "node_modules/ts-dedent": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/ts-dedent/-/ts-dedent-2.2.0.tgz", + "integrity": "sha512-q5W7tVM71e2xjHZTlgfTDoPF/SmqKG5hddq9SzR49CH2hayqRKJtQ4mtRlSxKaJlR/+9rEM+mnBHf7I2/BQcpQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6.10" + } + }, "node_modules/tslib": { "version": "2.8.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", @@ -21691,6 +22999,61 @@ "media-played-ranges-mixin": "^0.1.0" } }, + "node_modules/vscode-jsonrpc": { + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-8.2.0.tgz", + "integrity": "sha512-C+r0eKJUIfiDIfwJhria30+TYWPtuHJXHtI7J0YlOmKAo7ogxP20T0zxB7HZQIFhIyvoBPwWskjxrvAtfjyZfA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/vscode-languageserver": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/vscode-languageserver/-/vscode-languageserver-9.0.1.tgz", + "integrity": "sha512-woByF3PDpkHFUreUa7Hos7+pUWdeWMXRd26+ZX2A8cFx6v/JPTtd4/uN0/jB6XQHYaOlHbio03NTHCqrgG5n7g==", + "dev": true, + "license": "MIT", + "dependencies": { + "vscode-languageserver-protocol": "3.17.5" + }, + "bin": { + "installServerIntoExtension": "bin/installServerIntoExtension" + } + }, + "node_modules/vscode-languageserver-protocol": { + "version": "3.17.5", + "resolved": "https://registry.npmjs.org/vscode-languageserver-protocol/-/vscode-languageserver-protocol-3.17.5.tgz", + "integrity": "sha512-mb1bvRJN8SVznADSGWM9u/b07H7Ecg0I3OgXDuLdn307rl/J3A9YD6/eYOssqhecL27hK1IPZAsaqh00i/Jljg==", + "dev": true, + "license": "MIT", + "dependencies": { + "vscode-jsonrpc": "8.2.0", + "vscode-languageserver-types": "3.17.5" + } + }, + "node_modules/vscode-languageserver-textdocument": { + "version": "1.0.12", + "resolved": "https://registry.npmjs.org/vscode-languageserver-textdocument/-/vscode-languageserver-textdocument-1.0.12.tgz", + "integrity": "sha512-cxWNPesCnQCcMPeenjKKsOCKQZ/L6Tv19DTRIGuLWe32lyzWhihGVJ/rcckZXJxfdKCFvRLS3fpBIsV/ZGX4zA==", + "dev": true, + "license": "MIT" + }, + "node_modules/vscode-languageserver-types": { + "version": "3.17.5", + "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.5.tgz", + "integrity": "sha512-Ld1VelNuX9pdF39h2Hgaeb5hEZM2Z3jUrrMgWQAu82jMtZp7p3vJT3BzToKtZI7NgQssZje5o0zryOrhQvzQAg==", + "dev": true, + "license": "MIT" + }, + "node_modules/vscode-uri": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/vscode-uri/-/vscode-uri-3.1.0.tgz", + "integrity": "sha512-/BpdSx+yCQGnCvecbyXdxHDkuk55/G3xwnC0GqY4gmQ3j+A+g8kzzgB4Nk/SINjqn6+waqw3EgbVF2QKExkRxQ==", + "dev": true, + "license": "MIT" + }, "node_modules/watchpack": { "version": "2.5.1", "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.5.1.tgz", diff --git a/website/package.json b/website/package.json index 7ad579179..c364f0597 100644 --- a/website/package.json +++ b/website/package.json @@ -13,6 +13,8 @@ "@docusaurus/core": "^3.10.0", "@docusaurus/plugin-google-gtag": "^3.10.0", "@docusaurus/preset-classic": "^3.10.0", + "@docusaurus/theme-mermaid": "^3.10.0", + "@mermaid-js/layout-elk": "^0.1.9", "ajv": "^8.17.1", "axios": "^1.13.4", "classnames": "^2.5.1", From 666ec396ae282d250fffb97c7ca91ebf25bb9d34 Mon Sep 17 00:00:00 2001 From: Kris West Date: Fri, 8 May 2026 16:16:36 +0100 Subject: [PATCH 5/8] chore: allow Eclipse public license (EPL-2.0) in dependency review --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 79ad7c9dc..54cb34139 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,6 +21,6 @@ jobs: with: comment-summary-in-pr: always fail-on-severity: high - allow-licenses: MIT, MIT-0, Apache-2.0, BSD-3-Clause, BSD-3-Clause-Clear, ISC, BSD-2-Clause, Unlicense, CC0-1.0, 0BSD, X11, MPL-2.0, MPL-1.0, MPL-1.1, MPL-2.0, OFL-1.1, Zlib, BlueOak-1.0.0, Ubuntu-font-1.0, Artistic-2.0, Python-2.0 + allow-licenses: MIT, MIT-0, Apache-2.0, BSD-3-Clause, BSD-3-Clause-Clear, ISC, BSD-2-Clause, Unlicense, CC0-1.0, 0BSD, X11, MPL-2.0, MPL-1.0, MPL-1.1, MPL-2.0, OFL-1.1, Zlib, BlueOak-1.0.0, Ubuntu-font-1.0, Artistic-2.0, Python-2.0, EPL-2.0 fail-on-scopes: development, runtime allow-dependencies-licenses: 'pkg:npm/caniuse-lite, pkg:npm/path-is-inside, pkg:npm/unicode-match-property-value-ecmascript, pkg:npm/unicode-property-aliases-ecmascript, pkg:npm/uri-js' From f19214687e0aeb75bc6fd0acbd1ad3ed48af822c Mon Sep 17 00:00:00 2001 From: Kris West Date: Fri, 15 May 2026 16:52:11 +0100 Subject: [PATCH 6/8] Apply suggestion from @jescalada Co-authored-by: Juan Escalada <97265671+jescalada@users.noreply.github.com> Signed-off-by: Kris West --- website/docs/user-manual.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/user-manual.mdx b/website/docs/user-manual.mdx index ce5a96e16..083ed5403 100644 --- a/website/docs/user-manual.mdx +++ b/website/docs/user-manual.mdx @@ -122,7 +122,7 @@ The specific authentication method used for the GitProxy web interface depends o #### Checks applied to contributions -GitProxy applies a series of automated checks (called processors) to every push. These checks run in sequence, and if any check fails, the push is blocked. The main checks include: +GitProxy applies a series of automated checks (called [Processors](processors.md)) to every push. These checks run in sequence, and if any check fails, the push is blocked. The main checks include: **Repository and permission checks:** From 59688f5172d179ac62142fe3f10a1e632152c0a2 Mon Sep 17 00:00:00 2001 From: Kris West Date: Fri, 15 May 2026 17:02:32 +0100 Subject: [PATCH 7/8] docs: apply suggestions from code review to user manual Signed-off-by: Kris West --- website/docs/user-manual.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/user-manual.mdx b/website/docs/user-manual.mdx index 083ed5403..afa82981a 100644 --- a/website/docs/user-manual.mdx +++ b/website/docs/user-manual.mdx @@ -122,7 +122,7 @@ The specific authentication method used for the GitProxy web interface depends o #### Checks applied to contributions -GitProxy applies a series of automated checks (called [Processors](processors.md)) to every push. These checks run in sequence, and if any check fails, the push is blocked. The main checks include: +GitProxy applies a series of automated checks (called [Processors](architecture/processors.md)) to every push. These checks run in sequence, and if any check fails, the push is blocked. The main checks include: **Repository and permission checks:** From 0d6052cb53093d8df121445f17104ed3a661aaca Mon Sep 17 00:00:00 2001 From: Kris West Date: Fri, 15 May 2026 17:09:23 +0100 Subject: [PATCH 8/8] docs: apply suggestions from code review to user manual Signed-off-by: Kris West --- website/docs/user-manual.mdx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/website/docs/user-manual.mdx b/website/docs/user-manual.mdx index afa82981a..b61026eca 100644 --- a/website/docs/user-manual.mdx +++ b/website/docs/user-manual.mdx @@ -433,6 +433,10 @@ If you have reviewer permissions for a project in GitProxy, you can approve or r If you're prompted for credentials on every git operation, the Git Credential Manager (GCM) may be disabled or misconfigured. +:::info +Credentials request popups will vary based on your git client. VS code (and derivates) may catch the credentials request and display their own UI, while Git Bash will display Git Credentials Manager popups. +::: + Verify if your GCM configuration has been altered: ```bash