From 104cc86f097cf34f9188cd89e190b25e6033f7fb Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 11:59:50 +0000 Subject: [PATCH 1/5] Initial plan From 5a646d5eebd6066681a476025a0b60889e34452f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 24 Mar 2026 12:05:41 +0000 Subject: [PATCH 2/5] Fix Snyk vulnerabilities: upgrade liquidjs to 10.25.0 and add fast-xml-parser resolution - Update liquidjs from ^10.8.4 to ^10.25.0 in packages/actions-shared - Update liquidjs from ^10.8.4 to ^10.25.0 in packages/destination-actions - Update liquidjs from ^10.21.0 to ^10.25.0 in root package.json - Add fast-xml-parser resolution to 5.5.9 for AWS SDK transitive dependency Fixes: - SNYK-JS-LIQUIDJS-15443434: Directory Traversal (High Severity) - SNYK-JS-FASTXMLPARSER-15307668: XML Entity Expansion (High Severity) - SNYK-JS-FASTXMLPARSER-15324289: Incorrect Regular Expression (High Severity) - SNYK-JS-FASTXMLPARSER-15677840: XML Entity Expansion (High Severity) - SNYK-JS-FASTXMLPARSER-15699647: Improper Validation (High Severity) --- package.json | 5 ++- packages/actions-shared/package.json | 2 +- packages/destination-actions/package.json | 2 +- yarn.lock | 55 +++++++++++------------ 4 files changed, 30 insertions(+), 34 deletions(-) diff --git a/package.json b/package.json index a3650973700..7a252d5ea27 100644 --- a/package.json +++ b/package.json @@ -83,7 +83,8 @@ "ansi-regex": "5.0.1", "@babel/core/semver": "6.3.1", "@babel/helper-compilation-targets/semver": "6.3.1", - "istanbul-lib-instrument/semver": "6.3.1" + "istanbul-lib-instrument/semver": "6.3.1", + "fast-xml-parser": "5.5.9" }, "husky": { "hooks": { @@ -119,7 +120,7 @@ }, "dependencies": { "chance": "^1.1.8", - "liquidjs": "^10.21.0", + "liquidjs": "^10.25.0", "xml-js": "^1.6.11" } } diff --git a/packages/actions-shared/package.json b/packages/actions-shared/package.json index 798b654a289..ebde1b9100b 100644 --- a/packages/actions-shared/package.json +++ b/packages/actions-shared/package.json @@ -41,7 +41,7 @@ "cheerio": "^1.0.0-rc.10", "dayjs": "^1.10.7", "escape-goat": "^3", - "liquidjs": "^10.8.4", + "liquidjs": "^10.25.0", "lodash": "^4.17.21" }, "jest": { diff --git a/packages/destination-actions/package.json b/packages/destination-actions/package.json index 2b3968b0245..b12050f489b 100644 --- a/packages/destination-actions/package.json +++ b/packages/destination-actions/package.json @@ -57,7 +57,7 @@ "escape-goat": "^3", "google-libphonenumber": "^3.2.31", "kafkajs": "^2.2.4", - "liquidjs": "^10.8.4", + "liquidjs": "^10.25.0", "lodash": "^4.17.21", "lru-cache": "10.4.3", "ssh2-sftp-client": "^12.0.1" diff --git a/yarn.lock b/yarn.lock index 218956924fa..694f60100c6 100644 --- a/yarn.lock +++ b/yarn.lock @@ -10939,19 +10939,21 @@ fast-url-parser@1.1.3: dependencies: punycode "^1.3.2" -fast-xml-parser@5.3.4: - version "5.3.4" - resolved "https://registry.yarnpkg.com/fast-xml-parser/-/fast-xml-parser-5.3.4.tgz#06f39aafffdbc97bef0321e626c7ddd06a043ecf" - integrity sha512-EFd6afGmXlCx8H8WTZHhAoDaWaGyuIBoZJ2mknrNxug+aZKjkp0a0dlars9Izl+jF+7Gu1/5f/2h68cQpe0IiA== +fast-xml-builder@^1.1.4: + version "1.1.4" + resolved "https://registry.yarnpkg.com/fast-xml-builder/-/fast-xml-builder-1.1.4.tgz#0c407a1d9d5996336c0cd76f7ff785cac6413017" + integrity sha512-f2jhpN4Eccy0/Uz9csxh3Nu6q4ErKxf0XIsasomfOihuSUa3/xw6w8dnOtCDgEItQFJG8KyXPzQXzcODDrrbOg== dependencies: - strnum "^2.1.0" + path-expression-matcher "^1.1.3" -fast-xml-parser@5.3.6: - version "5.3.6" - resolved "https://registry.yarnpkg.com/fast-xml-parser/-/fast-xml-parser-5.3.6.tgz#85a69117ca156b1b3c52e426495b6de266cb6a4b" - integrity sha512-QNI3sAvSvaOiaMl8FYU4trnEzCwiRr8XMWgAHzlrWpTSj+QaCSvOf1h82OEP1s4hiAXhnbXSyFWCf4ldZzZRVA== +fast-xml-parser@5.3.4, fast-xml-parser@5.3.6, fast-xml-parser@5.5.9: + version "5.5.9" + resolved "https://registry.yarnpkg.com/fast-xml-parser/-/fast-xml-parser-5.5.9.tgz#e59637abebec3dbfbb4053b532d787af6ea11527" + integrity sha512-jldvxr1MC6rtiZKgrFnDSvT8xuH+eJqxqOBThUVjYrxssYTo1avZLGql5l0a0BAERR01CadYzZ83kVEkbyDg+g== dependencies: - strnum "^2.1.2" + fast-xml-builder "^1.1.4" + path-expression-matcher "^1.2.0" + strnum "^2.2.2" fastest-levenshtein@^1.0.12: version "1.0.12" @@ -14790,17 +14792,10 @@ lint-staged@^10.5.3: string-argv "0.3.1" stringify-object "^3.3.0" -liquidjs@^10.21.0: - version "10.21.0" - resolved "https://registry.yarnpkg.com/liquidjs/-/liquidjs-10.21.0.tgz#d3e43df2144bf6fc12c3ee1f3e6dcabd65b22ba9" - integrity sha512-DouqxNU2jfoZzb1LinVjOc/f6ssitGIxiDJT+kEKyYqPSSSd+WmGOAhtWbVm1/n75svu4aQ+FyQ3ctd3wh1bbw== - dependencies: - commander "^10.0.0" - -liquidjs@^10.8.4: - version "10.12.0" - resolved "https://registry.yarnpkg.com/liquidjs/-/liquidjs-10.12.0.tgz#1f24fdaee79ab16e65504fd9979513b435838a3b" - integrity sha512-ZpT27WEqUu8IeddXoLbdeBTbRfV5r7oUKDjJMthuQKQTScgI8pbLGbSWiiAktQVpPG7mHMGsJ0JVbZYn1w9Gtg== +liquidjs@^10.25.0: + version "10.25.1" + resolved "https://registry.yarnpkg.com/liquidjs/-/liquidjs-10.25.1.tgz#75472e266a1ec32986c5a6d98d40358c49372670" + integrity sha512-D+jsJvkGigFn8qNUgh8U6XNHhGFBp+p8Dk26ea/Hl+XrjFVSg9OXlN31hGAfS3MYQ3Kr8Xi9sEVBVQa/VTVSmg== dependencies: commander "^10.0.0" @@ -16569,6 +16564,11 @@ path-exists@^4.0.0: resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-4.0.0.tgz#513bdbe2d3b95d7762e8c1137efa195c6c61b5b3" integrity sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w== +path-expression-matcher@^1.1.3, path-expression-matcher@^1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/path-expression-matcher/-/path-expression-matcher-1.2.0.tgz#9bdae3787f43b0857b0269e9caaa586c12c8abee" + integrity sha512-DwmPWeFn+tq7TiyJ2CxezCAirXjFxvaiD03npak3cRjlP9+OjTmSy1EpIrEbh+l6JgUundniloMLDQ/6VTdhLQ== + path-is-absolute@^1.0.0: version "1.0.1" resolved "https://registry.yarnpkg.com/path-is-absolute/-/path-is-absolute-1.0.1.tgz#174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f" @@ -18615,15 +18615,10 @@ strip-outer@^1.0.0: dependencies: escape-string-regexp "^1.0.2" -strnum@^2.1.0: - version "2.1.1" - resolved "https://registry.yarnpkg.com/strnum/-/strnum-2.1.1.tgz#cf2a6e0cf903728b8b2c4b971b7e36b4e82d46ab" - integrity sha512-7ZvoFTiCnGxBtDqJ//Cu6fWtZtc7Y3x+QOirG15wztbdngGSkht27o2pyGWrVy0b4WAy3jbKmnoK6g5VlVNUUw== - -strnum@^2.1.2: - version "2.1.2" - resolved "https://registry.yarnpkg.com/strnum/-/strnum-2.1.2.tgz#a5e00ba66ab25f9cafa3726b567ce7a49170937a" - integrity sha512-l63NF9y/cLROq/yqKXSLtcMeeyOfnSQlfMSlzFt/K73oIaD8DGaQWd7Z34X9GPiKqP5rbSh84Hl4bOlLcjiSrQ== +strnum@^2.2.2: + version "2.2.2" + resolved "https://registry.yarnpkg.com/strnum/-/strnum-2.2.2.tgz#f11fd94ab62b536ba2ecc615858f3747c2881b3f" + integrity sha512-DnR90I+jtXNSTXWdwrEy9FakW7UX+qUZg28gj5fk2vxxl7uS/3bpI4fjFYVmdK9etptYBPNkpahuQnEwhwECqA== strong-log-transformer@2.1.0, strong-log-transformer@^2.1.0: version "2.1.0" From 43f7e3df3ebeeb18ce62d6b5a95b16ae49eb828c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 9 Apr 2026 10:08:22 +0000 Subject: [PATCH 3/5] Fix Snyk vulnerabilities: upgrade liquidjs, lodash, and picomatch - Update liquidjs from ^10.25.0 to ^10.25.3 (fixes SNYK-JS-LIQUIDJS-15953364 - Symlink Following) - Update lodash from ^4.17.21/^4.17.20 to ^4.18.1 (fixes SNYK-JS-LODASH-15869625 - Arbitrary Code Injection) - Add picomatch resolution to 2.3.2 (fixes SNYK-JS-PICOMATCH-15765511 - ReDoS) --- package.json | 5 ++-- packages/actions-shared/package.json | 4 +-- packages/cli/package.json | 2 +- packages/destination-actions/package.json | 4 +-- yarn.lock | 31 ++++++++++------------- 5 files changed, 21 insertions(+), 25 deletions(-) diff --git a/package.json b/package.json index 7a252d5ea27..a8fd048f118 100644 --- a/package.json +++ b/package.json @@ -84,7 +84,8 @@ "@babel/core/semver": "6.3.1", "@babel/helper-compilation-targets/semver": "6.3.1", "istanbul-lib-instrument/semver": "6.3.1", - "fast-xml-parser": "5.5.9" + "fast-xml-parser": "5.5.9", + "picomatch": "2.3.2" }, "husky": { "hooks": { @@ -120,7 +121,7 @@ }, "dependencies": { "chance": "^1.1.8", - "liquidjs": "^10.25.0", + "liquidjs": "^10.25.3", "xml-js": "^1.6.11" } } diff --git a/packages/actions-shared/package.json b/packages/actions-shared/package.json index ebde1b9100b..42eda005a12 100644 --- a/packages/actions-shared/package.json +++ b/packages/actions-shared/package.json @@ -41,8 +41,8 @@ "cheerio": "^1.0.0-rc.10", "dayjs": "^1.10.7", "escape-goat": "^3", - "liquidjs": "^10.25.0", - "lodash": "^4.17.21" + "liquidjs": "^10.25.3", + "lodash": "^4.18.1" }, "jest": { "preset": "ts-jest", diff --git a/packages/cli/package.json b/packages/cli/package.json index 756c764338f..9993e7d5c2e 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -71,7 +71,7 @@ "jsdom": "^24.1.1", "json-diff": "^0.5.4", "json-schema-to-typescript": "^10.1.5", - "lodash": "^4.17.20", + "lodash": "^4.18.1", "mustache": "^4.2.0", "ora": "^5.4.0", "prompts": "^2.4.2", diff --git a/packages/destination-actions/package.json b/packages/destination-actions/package.json index d7106370d77..54f3f3e172d 100644 --- a/packages/destination-actions/package.json +++ b/packages/destination-actions/package.json @@ -57,8 +57,8 @@ "escape-goat": "^3", "google-libphonenumber": "^3.2.31", "kafkajs": "^2.2.4", - "liquidjs": "^10.25.0", - "lodash": "^4.17.21", + "liquidjs": "^10.25.3", + "lodash": "^4.18.1", "lru-cache": "10.4.3", "ssh2-sftp-client": "^12.0.1" }, diff --git a/yarn.lock b/yarn.lock index 694f60100c6..80bee9a52eb 100644 --- a/yarn.lock +++ b/yarn.lock @@ -14792,10 +14792,10 @@ lint-staged@^10.5.3: string-argv "0.3.1" stringify-object "^3.3.0" -liquidjs@^10.25.0: - version "10.25.1" - resolved "https://registry.yarnpkg.com/liquidjs/-/liquidjs-10.25.1.tgz#75472e266a1ec32986c5a6d98d40358c49372670" - integrity sha512-D+jsJvkGigFn8qNUgh8U6XNHhGFBp+p8Dk26ea/Hl+XrjFVSg9OXlN31hGAfS3MYQ3Kr8Xi9sEVBVQa/VTVSmg== +liquidjs@^10.25.3: + version "10.25.5" + resolved "https://registry.yarnpkg.com/liquidjs/-/liquidjs-10.25.5.tgz#09c1ee6d6c00a5464e3b9a5bb3889b14f04fcc05" + integrity sha512-GKiKeZjJDdVoQAu+S9rzkYsYnYhcep5W3WwZXgb5f+yq484P/k9JqamBbGYu+LBEixcUAXZr2jogdAIjB3ki1w== dependencies: commander "^10.0.0" @@ -14988,6 +14988,11 @@ lodash@^4.17.11, lodash@^4.17.13, lodash@^4.17.15, lodash@^4.17.20, lodash@^4.17 resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== +lodash@^4.18.1: + version "4.18.1" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.18.1.tgz#ff2b66c1f6326d59513de2407bf881439812771c" + integrity sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q== + log-symbols@4.1.0, log-symbols@^4.0.0, log-symbols@^4.1.0: version "4.1.0" resolved "https://registry.yarnpkg.com/log-symbols/-/log-symbols-4.1.0.tgz#3fbdbb95b4683ac9fc785111e792e558d4abd503" @@ -16668,20 +16673,10 @@ picocolors@^1.1.1: resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.1.1.tgz#3d321af3eab939b083c8f929a1d12cda81c26b6b" integrity sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA== -picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.2.3: - version "2.3.0" - resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.0.tgz#f1f061de8f6a4bf022892e2d128234fb98302972" - integrity sha512-lY1Q/PiJGC2zOv/z391WOTD+Z02bCgsFfvxoXXf6h7kv9o+WmsmzYqrAwY63sNgOxE4xEdq0WyUnXfKeBrSvYw== - -picomatch@^2.3.1: - version "2.3.1" - resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42" - integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA== - -picomatch@^4.0.2: - version "4.0.2" - resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-4.0.2.tgz#77c742931e8f3b8820946c76cd0c1f13730d1dab" - integrity sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg== +picomatch@2.3.2, picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.2.3, picomatch@^2.3.1, picomatch@^4.0.2: + version "2.3.2" + resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.2.tgz#5a942915e26b372dc0f0e6753149a16e6b1c5601" + integrity sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA== pify@5.0.0: version "5.0.0" From 4a76b657d925cb9df69b1c6584775f0d8f3fb7c6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 27 Apr 2026 06:29:16 +0000 Subject: [PATCH 4/5] Add lodash resolution to fix remaining Snyk vulnerability The previous lodash update in package.json files was not enough because transitive dependencies were still pulling in lodash@4.17.21. Adding a yarn resolution forces ALL lodash versions to resolve to 4.18.1. Fixes SNYK-JS-LODASH-15869625 - Arbitrary Code Injection vulnerability --- package.json | 3 ++- yarn.lock | 7 +------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index a8fd048f118..aed7dfba7c4 100644 --- a/package.json +++ b/package.json @@ -85,7 +85,8 @@ "@babel/helper-compilation-targets/semver": "6.3.1", "istanbul-lib-instrument/semver": "6.3.1", "fast-xml-parser": "5.5.9", - "picomatch": "2.3.2" + "picomatch": "2.3.2", + "lodash": "4.18.1" }, "husky": { "hooks": { diff --git a/yarn.lock b/yarn.lock index 80bee9a52eb..4583d186635 100644 --- a/yarn.lock +++ b/yarn.lock @@ -14983,12 +14983,7 @@ lodash.zip@^4.2.0: resolved "https://registry.yarnpkg.com/lodash.zip/-/lodash.zip-4.2.0.tgz#ec6662e4896408ed4ab6c542a3990b72cc080020" integrity sha512-C7IOaBBK/0gMORRBd8OETNx3kmOkgIWIPvyDpZSCTwUrpYmgZwJkjZeOD8ww4xbOUOs4/attY+pciKvadNfFbg== -lodash@^4.17.11, lodash@^4.17.13, lodash@^4.17.15, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.17.4, lodash@^4.7.0: - version "4.17.21" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" - integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== - -lodash@^4.18.1: +lodash@4.18.1, lodash@^4.17.11, lodash@^4.17.13, lodash@^4.17.15, lodash@^4.17.20, lodash@^4.17.21, lodash@^4.17.4, lodash@^4.18.1, lodash@^4.7.0: version "4.18.1" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.18.1.tgz#ff2b66c1f6326d59513de2407bf881439812771c" integrity sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q== From 7bfd6386cdd20879fd6644679bc74068c5739d09 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 27 Apr 2026 09:45:34 +0000 Subject: [PATCH 5/5] Update liquidjs to 10.25.7 to fix SNYK-JS-LIQUIDJS-16205829 vulnerability --- package.json | 5 +++-- packages/actions-shared/package.json | 2 +- packages/destination-actions/package.json | 2 +- yarn.lock | 8 ++++---- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index aed7dfba7c4..3705806e5f6 100644 --- a/package.json +++ b/package.json @@ -86,7 +86,8 @@ "istanbul-lib-instrument/semver": "6.3.1", "fast-xml-parser": "5.5.9", "picomatch": "2.3.2", - "lodash": "4.18.1" + "lodash": "4.18.1", + "liquidjs": "10.25.7" }, "husky": { "hooks": { @@ -122,7 +123,7 @@ }, "dependencies": { "chance": "^1.1.8", - "liquidjs": "^10.25.3", + "liquidjs": "^10.25.7", "xml-js": "^1.6.11" } } diff --git a/packages/actions-shared/package.json b/packages/actions-shared/package.json index 04769ec2006..fc9a9aa2221 100644 --- a/packages/actions-shared/package.json +++ b/packages/actions-shared/package.json @@ -41,7 +41,7 @@ "cheerio": "^1.0.0-rc.10", "dayjs": "^1.10.7", "escape-goat": "^3", - "liquidjs": "^10.25.3", + "liquidjs": "^10.25.7", "lodash": "^4.18.1" }, "jest": { diff --git a/packages/destination-actions/package.json b/packages/destination-actions/package.json index 98d6fb81fad..2439e160951 100644 --- a/packages/destination-actions/package.json +++ b/packages/destination-actions/package.json @@ -57,7 +57,7 @@ "escape-goat": "^3", "google-libphonenumber": "^3.2.31", "kafkajs": "^2.2.4", - "liquidjs": "^10.25.3", + "liquidjs": "^10.25.7", "lodash": "^4.18.1", "lru-cache": "10.4.3", "ssh2-sftp-client": "^12.0.1" diff --git a/yarn.lock b/yarn.lock index 4583d186635..ed5bac2c363 100644 --- a/yarn.lock +++ b/yarn.lock @@ -14792,10 +14792,10 @@ lint-staged@^10.5.3: string-argv "0.3.1" stringify-object "^3.3.0" -liquidjs@^10.25.3: - version "10.25.5" - resolved "https://registry.yarnpkg.com/liquidjs/-/liquidjs-10.25.5.tgz#09c1ee6d6c00a5464e3b9a5bb3889b14f04fcc05" - integrity sha512-GKiKeZjJDdVoQAu+S9rzkYsYnYhcep5W3WwZXgb5f+yq484P/k9JqamBbGYu+LBEixcUAXZr2jogdAIjB3ki1w== +liquidjs@10.25.7, liquidjs@^10.25.7: + version "10.25.7" + resolved "https://registry.yarnpkg.com/liquidjs/-/liquidjs-10.25.7.tgz#75c5765ae42e04da30fba15ae20daab57c4a7a8c" + integrity sha512-rPCjJLiD4eDhQjvv964AeXFC+HbeYBbZrd7Z82Q6hqv1lX7G+5w4SJcKLn9CAAAwHI4aS3dTdo083UB79K3pDA== dependencies: commander "^10.0.0"