V0.22 maintenance#2
Open
DhirenMhatre wants to merge 44 commits into
Open
Conversation
…ontains breaking changes
…preven getting included in the jsvm types
…t for more user friendly error message
…hen hooksDir is a symlink
…n successful import submission
…ze copying unnecessary data
…th state on deleting the related auth record
…e thumb preview or download link
…executing inline JS strings
![codity-dev[bot]](https://avatars.githubusercontent.com/u/228176587?s=60&v=4){kind=small}
| }) | ||
|
|
||
| bucket, err := OpenBucketV2(ctx, client, bucketName, nil) | ||
| bucket, err := s3lite.OpenBucketV2(ctx, client, bucketName, nil) |
There was a problem hiding this comment.
The opened bucket is not closed or stored, which can lead to resource leaks (open connections/handles) if this is only a connectivity check. Ensure the bucket is closed when not retained.
Code Suggestion or Comments
bucket, err := s3lite.OpenBucketV2(ctx, client, bucketName, nil)
if err != nil {
return nil, err
}
defer bucket.Close()Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert go developer with deep knowledge of security, performance, and best practices.
### Context
File: tools/filesystem/filesystem.go
Lines: 78-78
Issue Type: robustness-high
Severity: high
Issue Description:
The opened bucket is not closed or stored, which can lead to resource leaks (open connections/handles) if this is only a connectivity check. Ensure the bucket is closed when not retained.
Current Code:
bucket, err := s3lite.OpenBucketV2(ctx, client, bucketName, nil)
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow go best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+438
to
+440
| dirsErr := filepath.WalkDir(watchDir, func(path string, entry fs.DirEntry, err error) error { | ||
| // ignore hidden directories, node_modules, symlinks, sockets, etc. | ||
| if !entry.IsDir() || entry.Name() == "node_modules" || strings.HasPrefix(entry.Name(), ".") { |
There was a problem hiding this comment.
The WalkDir callback ignores the incoming err and immediately dereferences entry. If WalkDir encounters an error (e.g., permission denied), entry may be nil and this will cause a panic. Always handle err before using entry.
Code Suggestion or Comments
dirsErr := filepath.WalkDir(watchDir, func(path string, entry fs.DirEntry, err error) error {
if err != nil {
return err
}
// ignore hidden directories, node_modules, symlinks, sockets, etc.
if !entry.IsDir() || entry.Name() == "node_modules" || strings.HasPrefix(entry.Name(), ".") {
return nil
}
// continue with adding the directory to watcher here
return nil
})Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert go developer with deep knowledge of security, performance, and best practices.
### Context
File: plugins/jsvm/jsvm.go
Lines: 438-440
Issue Type: robustness-high
Severity: high
Issue Description:
The WalkDir callback ignores the incoming err and immediately dereferences entry. If WalkDir encounters an error (e.g., permission denied), entry may be nil and this will cause a panic. Always handle err before using entry.
Current Code:
dirsErr := filepath.WalkDir(watchDir, func(path string, entry fs.DirEntry, err error) error {
// ignore hidden directories, node_modules, symlinks, sockets, etc.
if !entry.IsDir() || entry.Name() == "node_modules" || strings.HasPrefix(entry.Name(), ".") {
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow go best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
| @@ -0,0 +1 @@ | |||
| import{S as B,i as F,s as J,O as j,e as v,b as S,f as h,g as y,h as m,P as D,Q as O,k as Q,R as Y,n as z,t as P,a as T,o as C,w,r as E,u as A,x as q,N as G,c as H,m as L,d as U}from"./index-CZ8anoOi.js";function K(o,e,l){const s=o.slice();return s[6]=e[l],s}function R(o,e,l){const s=o.slice();return s[6]=e[l],s}function I(o,e){let l,s,g=e[6].title+"",r,i,n,k;function c(){return e[5](e[6])}return{key:o,first:null,c(){l=v("button"),s=v("div"),r=w(g),i=S(),h(s,"class","txt"),h(l,"class","tab-item svelte-1maocj6"),E(l,"active",e[1]===e[6].language),this.first=l},m(_,f){y(_,l,f),m(l,s),m(s,r),m(l,i),n||(k=A(l,"click",c),n=!0)},p(_,f){e=_,f&4&&g!==(g=e[6].title+"")&&q(r,g),f&6&&E(l,"active",e[1]===e[6].language)},d(_){_&&C(l),n=!1,k()}}}function M(o,e){let l,s,g,r,i,n,k=e[6].title+"",c,_,f,p,d;return s=new G({props:{language:e[6].language,content:e[6].content}}),{key:o,first:null,c(){l=v("div"),H(s.$$.fragment),g=S(),r=v("div"),i=v("em"),n=v("a"),c=w(k),_=w(" SDK"),p=S(),h(n,"href",f=e[6].url),h(n,"target","_blank"),h(n,"rel","noopener noreferrer"),h(i,"class","txt-sm txt-hint"),h(r,"class","txt-right"),h(l,"class","tab-item svelte-1maocj6"),E(l,"active",e[1]===e[6].language),this.first=l},m(b,t){y(b,l,t),L(s,l,null),m(l,g),m(l,r),m(r,i),m(i,n),m(n,c),m(n,_),m(l,p),d=!0},p(b,t){e=b;const a={};t&4&&(a.language=e[6].language),t&4&&(a.content=e[6].content),s.$set(a),(!d||t&4)&&k!==(k=e[6].title+"")&&q(c,k),(!d||t&4&&f!==(f=e[6].url))&&h(n,"href",f),(!d||t&6)&&E(l,"active",e[1]===e[6].language)},i(b){d||(P(s.$$.fragment,b),d=!0)},o(b){T(s.$$.fragment,b),d=!1},d(b){b&&C(l),U(s)}}}function V(o){let e,l,s=[],g=new Map,r,i,n=[],k=new Map,c,_,f=j(o[2]);const p=t=>t[6].language;for(let t=0;t<f.length;t+=1){let a=R(o,f,t),u=p(a);g.set(u,s[t]=I(u,a))}let d=j(o[2]);const b=t=>t[6].language;for(let t=0;t<d.length;t+=1){let a=K(o,d,t),u=b(a);k.set(u,n[t]=M(u,a))}return{c(){e=v("div"),l=v("div");for(let t=0;t<s.length;t+=1)s[t].c();r=S(),i=v("div");for(let t=0;t<n.length;t+=1)n[t].c();h(l,"class","tabs-header compact combined left"),h(i,"class","tabs-content"),h(e,"class",c="tabs sdk-tabs "+o[0]+" svelte-1maocj6")},m(t,a){y(t,e,a),m(e,l);for(let u=0;u<s.length;u+=1)s[u]&&s[u].m(l,null);m(e,r),m(e,i);for(let u=0;u<n.length;u+=1)n[u]&&n[u].m(i,null);_=!0},p(t,[a]){a&6&&(f=j(t[2]),s=D(s,a,p,1,t,f,g,l,O,I,null,R)),a&6&&(d=j(t[2]),Q(),n=D(n,a,b,1,t,d,k,i,Y,M,null,K),z()),(!_||a&1&&c!==(c="tabs sdk-tabs "+t[0]+" svelte-1maocj6"))&&h(e,"class",c)},i(t){if(!_){for(let a=0;a<d.length;a+=1)P(n[a]);_=!0}},o(t){for(let a=0;a<n.length;a+=1)T(n[a]);_=!1},d(t){t&&C(e);for(let a=0;a<s.length;a+=1)s[a].d();for(let a=0;a<n.length;a+=1)n[a].d()}}}const N="pb_sdk_preference";function W(o,e,l){let s,{class:g="m-b-sm"}=e,{js:r=""}=e,{dart:i=""}=e,n=localStorage.getItem(N)||"javascript";const k=c=>l(1,n=c.language);return o.$$set=c=>{"class"in c&&l(0,g=c.class),"js"in c&&l(3,r=c.js),"dart"in c&&l(4,i=c.dart)},o.$$.update=()=>{o.$$.dirty&2&&n&&localStorage.setItem(N,n),o.$$.dirty&24&&l(2,s=[{title:"JavaScript",language:"javascript",content:r,url:"https://github.com/pocketbase/js-sdk"},{title:"Dart",language:"dart",content:i,url:"https://github.com/pocketbase/dart-sdk"}])},[g,n,s,r,i,k]}class Z extends B{constructor(e){super(),F(this,e,W,V,J,{class:0,js:3,dart:4})}}export{Z as S}; | |||
There was a problem hiding this comment.
Direct access to localStorage without availability checks or try/catch can throw runtime errors (e.g., DOMException/QuotaExceeded, or ReferenceError in SSR/disabled storage environments). This may break rendering or interaction of the component.
Code Suggestion or Comments
let n;
try {
n = typeof localStorage !== 'undefined' ? (localStorage.getItem(N) || 'javascript') : 'javascript';
} catch (e) {
n = 'javascript';
}
o.$$.update = () => {
if (o.$$.dirty & 2 && n) {
try {
if (typeof localStorage !== 'undefined') {
localStorage.setItem(N, n);
}
} catch (e) {
// no-op: storage may be unavailable (e.g., private mode or SSR)
}
}
if (o.$$.dirty & 24) {
l(2, s = [
{ title: 'JavaScript', language: 'javascript', content: r, url: 'https://github.com/pocketbase/js-sdk' },
{ title: 'Dart', language: 'dart', content: i, url: 'https://github.com/pocketbase/dart-sdk' }
]);
}
};Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert javascript developer with deep knowledge of security, performance, and best practices.
### Context
File: ui/dist/assets/SdkTabs-Dy-zG8M8.js
Lines: 1-1
Issue Type: robustness-high
Severity: high
Issue Description:
Direct access to localStorage without availability checks or try/catch can throw runtime errors (e.g., DOMException/QuotaExceeded, or ReferenceError in SSR/disabled storage environments). This may break rendering or interaction of the component.
Current Code:
let n=localStorage.getItem(N)||"javascript";
...
o.$$.update=()=>{o.$$.dirty&2&&n&&localStorage.setItem(N,n),o.$$.dirty&24&&l(2,s=[{title:"JavaScript",language:"javascript",content:r,url:"https://github.com/pocketbase/js-sdk"},{title:"Dart",language:"dart",content:i,url:"https://github.com/pocketbase/dart-sdk"}])}
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow javascript best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
| @@ -1,2 +1,2 @@ | |||
| import{S as E,i as G,s as I,F as K,c as F,m as R,t as B,a as N,d as T,C as M,p as H,e as _,v as P,b as h,f,q as J,g as b,h as c,r as j,u as O,j as Q,l as U,o as w,z as V,A as L,B as X,D as Y,w as Z,y as q}from"./index-Bp3jGQ0J.js";function W(i){let e,n,s;return{c(){e=P("for "),n=_("strong"),s=P(i[3]),f(n,"class","txt-nowrap")},m(l,t){b(l,e,t),b(l,n,t),c(n,s)},p(l,t){t&8&&Z(s,l[3])},d(l){l&&(w(e),w(n))}}}function x(i){let e,n,s,l,t,u,p,d;return{c(){e=_("label"),n=P("New password"),l=h(),t=_("input"),f(e,"for",s=i[8]),f(t,"type","password"),f(t,"id",u=i[8]),t.required=!0,t.autofocus=!0},m(r,a){b(r,e,a),c(e,n),b(r,l,a),b(r,t,a),q(t,i[0]),t.focus(),p||(d=j(t,"input",i[6]),p=!0)},p(r,a){a&256&&s!==(s=r[8])&&f(e,"for",s),a&256&&u!==(u=r[8])&&f(t,"id",u),a&1&&t.value!==r[0]&&q(t,r[0])},d(r){r&&(w(e),w(l),w(t)),p=!1,d()}}}function ee(i){let e,n,s,l,t,u,p,d;return{c(){e=_("label"),n=P("New password confirm"),l=h(),t=_("input"),f(e,"for",s=i[8]),f(t,"type","password"),f(t,"id",u=i[8]),t.required=!0},m(r,a){b(r,e,a),c(e,n),b(r,l,a),b(r,t,a),q(t,i[1]),p||(d=j(t,"input",i[7]),p=!0)},p(r,a){a&256&&s!==(s=r[8])&&f(e,"for",s),a&256&&u!==(u=r[8])&&f(t,"id",u),a&2&&t.value!==r[1]&&q(t,r[1])},d(r){r&&(w(e),w(l),w(t)),p=!1,d()}}}function te(i){let e,n,s,l,t,u,p,d,r,a,g,S,k,v,C,A,y,m=i[3]&&W(i);return u=new H({props:{class:"form-field required",name:"password",$$slots:{default:[x,({uniqueId:o})=>({8:o}),({uniqueId:o})=>o?256:0]},$$scope:{ctx:i}}}),d=new H({props:{class:"form-field required",name:"passwordConfirm",$$slots:{default:[ee,({uniqueId:o})=>({8:o}),({uniqueId:o})=>o?256:0]},$$scope:{ctx:i}}}),{c(){e=_("form"),n=_("div"),s=_("h4"),l=P(`Reset your admin password | |||
| `),m&&m.c(),t=h(),F(u.$$.fragment),p=h(),F(d.$$.fragment),r=h(),a=_("button"),g=_("span"),g.textContent="Set new password",S=h(),k=_("div"),v=_("a"),v.textContent="Back to login",f(s,"class","m-b-xs"),f(n,"class","content txt-center m-b-sm"),f(g,"class","txt"),f(a,"type","submit"),f(a,"class","btn btn-lg btn-block"),a.disabled=i[2],J(a,"btn-loading",i[2]),f(e,"class","m-b-base"),f(v,"href","/login"),f(v,"class","link-hint"),f(k,"class","content txt-center")},m(o,$){b(o,e,$),c(e,n),c(n,s),c(s,l),m&&m.m(s,null),c(e,t),R(u,e,null),c(e,p),R(d,e,null),c(e,r),c(e,a),c(a,g),b(o,S,$),b(o,k,$),c(k,v),C=!0,A||(y=[j(e,"submit",O(i[4])),Q(U.call(null,v))],A=!0)},p(o,$){o[3]?m?m.p(o,$):(m=W(o),m.c(),m.m(s,null)):m&&(m.d(1),m=null);const z={};$&769&&(z.$$scope={dirty:$,ctx:o}),u.$set(z);const D={};$&770&&(D.$$scope={dirty:$,ctx:o}),d.$set(D),(!C||$&4)&&(a.disabled=o[2]),(!C||$&4)&&J(a,"btn-loading",o[2])},i(o){C||(B(u.$$.fragment,o),B(d.$$.fragment,o),C=!0)},o(o){N(u.$$.fragment,o),N(d.$$.fragment,o),C=!1},d(o){o&&(w(e),w(S),w(k)),m&&m.d(),T(u),T(d),A=!1,V(y)}}}function se(i){let e,n;return e=new K({props:{$$slots:{default:[te]},$$scope:{ctx:i}}}),{c(){F(e.$$.fragment)},m(s,l){R(e,s,l),n=!0},p(s,[l]){const t={};l&527&&(t.$$scope={dirty:l,ctx:s}),e.$set(t)},i(s){n||(B(e.$$.fragment,s),n=!0)},o(s){N(e.$$.fragment,s),n=!1},d(s){T(e,s)}}}function le(i,e,n){let s,{params:l}=e,t="",u="",p=!1;async function d(){if(!p){n(2,p=!0);try{await L.admins.confirmPasswordReset(l==null?void 0:l.token,t,u),X("Successfully set a new admin password."),Y("/")}catch(g){L.error(g)}n(2,p=!1)}}function r(){t=this.value,n(0,t)}function a(){u=this.value,n(1,u)}return i.$$set=g=>{"params"in g&&n(5,l=g.params)},i.$$.update=()=>{i.$$.dirty&32&&n(3,s=M.getJWTPayload(l==null?void 0:l.token).email||"")},[t,u,p,s,d,l,r,a]}class ae extends E{constructor(e){super(),G(this,e,le,se,I,{params:5})}}export{ae as default}; | |||
| import{S as E,i as G,s as I,F as K,c as R,m as A,t as B,a as N,d as T,C as M,q as J,e as _,w as P,b as k,f,r as L,g as b,h as c,u as j,v as O,j as Q,l as U,o as w,A as V,p as W,B as X,D as Y,x as Z,z as q}from"./index-CZ8anoOi.js";function y(i){let e,n,s;return{c(){e=P("for "),n=_("strong"),s=P(i[3]),f(n,"class","txt-nowrap")},m(l,t){b(l,e,t),b(l,n,t),c(n,s)},p(l,t){t&8&&Z(s,l[3])},d(l){l&&(w(e),w(n))}}}function x(i){let e,n,s,l,t,u,p,d;return{c(){e=_("label"),n=P("New password"),l=k(),t=_("input"),f(e,"for",s=i[8]),f(t,"type","password"),f(t,"id",u=i[8]),t.required=!0,t.autofocus=!0},m(r,a){b(r,e,a),c(e,n),b(r,l,a),b(r,t,a),q(t,i[0]),t.focus(),p||(d=j(t,"input",i[6]),p=!0)},p(r,a){a&256&&s!==(s=r[8])&&f(e,"for",s),a&256&&u!==(u=r[8])&&f(t,"id",u),a&1&&t.value!==r[0]&&q(t,r[0])},d(r){r&&(w(e),w(l),w(t)),p=!1,d()}}}function ee(i){let e,n,s,l,t,u,p,d;return{c(){e=_("label"),n=P("New password confirm"),l=k(),t=_("input"),f(e,"for",s=i[8]),f(t,"type","password"),f(t,"id",u=i[8]),t.required=!0},m(r,a){b(r,e,a),c(e,n),b(r,l,a),b(r,t,a),q(t,i[1]),p||(d=j(t,"input",i[7]),p=!0)},p(r,a){a&256&&s!==(s=r[8])&&f(e,"for",s),a&256&&u!==(u=r[8])&&f(t,"id",u),a&2&&t.value!==r[1]&&q(t,r[1])},d(r){r&&(w(e),w(l),w(t)),p=!1,d()}}}function te(i){let e,n,s,l,t,u,p,d,r,a,g,S,C,v,h,F,z,m=i[3]&&y(i);return u=new J({props:{class:"form-field required",name:"password",$$slots:{default:[x,({uniqueId:o})=>({8:o}),({uniqueId:o})=>o?256:0]},$$scope:{ctx:i}}}),d=new J({props:{class:"form-field required",name:"passwordConfirm",$$slots:{default:[ee,({uniqueId:o})=>({8:o}),({uniqueId:o})=>o?256:0]},$$scope:{ctx:i}}}),{c(){e=_("form"),n=_("div"),s=_("h4"),l=P(`Reset your admin password | |||
There was a problem hiding this comment.
Potential runtime error when parsing JWT payload without guarding against missing/invalid tokens. If l?.token is undefined or malformed, M.getJWTPayload(...) may throw, breaking the UI during reactive updates.
Code Suggestion or Comments
i.$$.update = () => {
if (i.$$.dirty & 32) {
let email = "";
try {
const payload = M.getJWTPayload(l == null ? void 0 : l.token);
email = (payload && payload.email) || "";
} catch (e) {
email = "";
}
n(3, s = email);
}
};Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert javascript developer with deep knowledge of security, performance, and best practices.
### Context
File: ui/dist/assets/PageAdminConfirmPasswordReset-43xE_SHs.js
Lines: 1-1
Issue Type: robustness-high
Severity: high
Issue Description:
Potential runtime error when parsing JWT payload without guarding against missing/invalid tokens. If `l?.token` is undefined or malformed, `M.getJWTPayload(...)` may throw, breaking the UI during reactive updates.
Current Code:
i.$$.update=()=>{i.$$.dirty&32&&n(3,s=M.getJWTPayload(l==null?void 0:l.token).email||"")}
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow javascript best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+7
to
+20
| import PocketBase from 'pocketbase'; | ||
|
|
||
| const pb = new PocketBase('${o[5]}'); | ||
|
|
||
| ... | ||
|
|
||
| // example create data | ||
| const data = ${JSON.stringify(Object.assign({},o[4],Q.dummyCollectionSchemaData(o[0])),null,4)}; | ||
|
|
||
| const record = await pb.collection('${(ot=o[0])==null?void 0:ot.name}').create(data); | ||
| `+(o[1]?` | ||
| // (optional) send an email verification request | ||
| await pb.collection('${(rt=o[0])==null?void 0:rt.name}').requestVerification('test@example.com'); | ||
| `:""),dart:` |
There was a problem hiding this comment.
Unescaped, user-influenced values (collection/base URL/schema-derived data) are interpolated into template strings that are later rendered by UI components. If those components render via innerHTML, this can enable stored XSS via crafted collection names or schema values. Escape HTML before injecting into template strings used for display.
Code Suggestion or Comments
/* define once near the top of the module */
const escapeHtml = (s) => String(s)
.replace(/&/g, "&")
.replace(/</g, "<")
.replace(/>/g, ">")
.replace(/"/g, """)
.replace(/'/g, "'");
// ... later in the template construction
import PocketBase from 'pocketbase';
const pb = new PocketBase('${escapeHtml(o[5])}');
...
// example create data
const data = ${escapeHtml(JSON.stringify(Object.assign({}, o[4], Q.dummyCollectionSchemaData(o[0])), null, 4))};
const record = await pb.collection('${escapeHtml((ot=o[0])==null ? '' : ot.name)}').create(data);
` + (o[1] ? `
// (optional) send an email verification request
await pb.collection('${escapeHtml((rt=o[0])==null ? '' : rt.name)}').requestVerification('test@example.com');
` : ""), dart:`Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert javascript developer with deep knowledge of security, performance, and best practices.
### Context
File: ui/dist/assets/CreateApiDocs-Bdq3joNg.js
Lines: 7-20
Issue Type: security-high
Severity: high
Issue Description:
Unescaped, user-influenced values (collection/base URL/schema-derived data) are interpolated into template strings that are later rendered by UI components. If those components render via innerHTML, this can enable stored XSS via crafted collection names or schema values. Escape HTML before injecting into template strings used for display.
Current Code:
import PocketBase from 'pocketbase';
const pb = new PocketBase('${o[5]}');
...
// example create data
const data = ${JSON.stringify(Object.assign({},o[4],Q.dummyCollectionSchemaData(o[0])),null,4)};
const record = await pb.collection('${(ot=o[0])==null?void 0:ot.name}').create(data);
`+(o[1]?`
// (optional) send an email verification request
await pb.collection('${(rt=o[0])==null?void 0:rt.name}').requestVerification('test@example.com');
`:""),dart:`
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow javascript best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+28
to
+34
| final body = <String, dynamic>${JSON.stringify(Object.assign({},o[4],Q.dummyCollectionSchemaData(o[0])),null,2)}; | ||
|
|
||
| final record = await pb.collection('${(dt=o[0])==null?void 0:dt.name}').create(body: body); | ||
| `+(o[1]?` | ||
| // (optional) send an email verification request | ||
| await pb.collection('${(ct=o[0])==null?void 0:ct.name}').requestVerification('test@example.com'); | ||
| `:"")}});let A=o[6]&>(),L=o[1]&&wt(o),me=ne((pt=o[0])==null?void 0:pt.schema);const at=l=>l[13].name;for(let l=0;l<me.length;l+=1){let s=vt(o,me,l),k=at(s);Je.set(k,V[l]=$t(k,s))}te=new Tt({props:{content:"?expand=relField1,relField2.subRelField"}}),le=new Bt({});let be=ne(o[3]);const st=l=>l[8].code;for(let l=0;l<be.length;l+=1){let s=yt(o,be,l),k=st(s);tt.set(k,J[l]=Ct(k,s))}let pe=ne(o[3]);const it=l=>l[8].code;for(let l=0;l<pe.length;l+=1){let s=kt(o,pe,l),k=it(s);nt.set(k,R[l]=St(k,s))}return{c(){e=i("h3"),t=_("Create ("),f=_(a),m=_(")"),c=u(),p=i("div"),y=i("p"),S=_("Create a new "),T=i("strong"),H=_(w),D=_(" record."),E=u(),P=i("p"),P.innerHTML=`Body parameters could be sent as <code>application/json</code> or |
There was a problem hiding this comment.
Dart example block also interpolates user-controlled schema-derived strings without HTML escaping. If rendered via innerHTML, a malicious collection name or schema value can break out of the code block and execute scripts.
Code Suggestion or Comments
final body = <String, dynamic>${escapeHtml(JSON.stringify(Object.assign({}, o[4], Q.dummyCollectionSchemaData(o[0])), null, 2))};
final record = await pb.collection('${escapeHtml((dt=o[0])==null ? '' : dt.name)}').create(body: body);
` + (o[1] ? `
// (optional) send an email verification request
await pb.collection('${escapeHtml((ct=o[0])==null ? '' : ct.name)}').requestVerification('test@example.com');
` : "")}});Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert javascript developer with deep knowledge of security, performance, and best practices.
### Context
File: ui/dist/assets/CreateApiDocs-Bdq3joNg.js
Lines: 28-34
Issue Type: security-high
Severity: high
Issue Description:
Dart example block also interpolates user-controlled schema-derived strings without HTML escaping. If rendered via innerHTML, a malicious collection name or schema value can break out of the code block and execute scripts.
Current Code:
final body = <String, dynamic>${JSON.stringify(Object.assign({},o[4],Q.dummyCollectionSchemaData(o[0])),null,2)};
final record = await pb.collection('${(dt=o[0])==null?void 0:dt.name}').create(body: body);
`+(o[1]?`
// (optional) send an email verification request
await pb.collection('${(ct=o[0])==null?void 0:ct.name}').requestVerification('test@example.com');
`:"")}});
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow javascript best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+48
to
+61
| import PocketBase from 'pocketbase'; | ||
|
|
||
| const pb = new PocketBase('${l[5]}'); | ||
|
|
||
| ... | ||
|
|
||
| // example create data | ||
| const data = ${JSON.stringify(Object.assign({},l[4],Q.dummyCollectionSchemaData(l[0])),null,4)}; | ||
|
|
||
| const record = await pb.collection('${(ut=l[0])==null?void 0:ut.name}').create(data); | ||
| `+(l[1]?` | ||
| // (optional) send an email verification request | ||
| await pb.collection('${(ft=l[0])==null?void 0:ft.name}').requestVerification('test@example.com'); | ||
| `:"")),s&51&&(k.dart=` |
There was a problem hiding this comment.
The updated JS example block in the component's p() (update) path continues interpolating unescaped dynamic values. This presents the same stored XSS risk during reactive updates when schema/URL changes.
Code Suggestion or Comments
import PocketBase from 'pocketbase';
const pb = new PocketBase('${escapeHtml(l[5])}');
...
// example create data
const data = ${escapeHtml(JSON.stringify(Object.assign({}, l[4], Q.dummyCollectionSchemaData(l[0])), null, 4))};
const record = await pb.collection('${escapeHtml((ut=l[0])==null ? '' : ut.name)}').create(data);
` + (l[1] ? `
// (optional) send an email verification request
await pb.collection('${escapeHtml((ft=l[0])==null ? '' : ft.name)}').requestVerification('test@example.com');
` : ""))Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert javascript developer with deep knowledge of security, performance, and best practices.
### Context
File: ui/dist/assets/CreateApiDocs-Bdq3joNg.js
Lines: 48-61
Issue Type: security-high
Severity: high
Issue Description:
The updated JS example block in the component's p() (update) path continues interpolating unescaped dynamic values. This presents the same stored XSS risk during reactive updates when schema/URL changes.
Current Code:
import PocketBase from 'pocketbase';
const pb = new PocketBase('${l[5]}');
...
// example create data
const data = ${JSON.stringify(Object.assign({},l[4],Q.dummyCollectionSchemaData(l[0])),null,4)};
const record = await pb.collection('${(ut=l[0])==null?void 0:ut.name}').create(data);
`+(l[1]?`
// (optional) send an email verification request
await pb.collection('${(ft=l[0])==null?void 0:ft.name}').requestVerification('test@example.com');
`:""))
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow javascript best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+62
to
+75
| import 'package:pocketbase/pocketbase.dart'; | ||
|
|
||
| final pb = PocketBase('${l[5]}'); | ||
|
|
||
| ... | ||
|
|
||
| // example create body | ||
| final body = <String, dynamic>${JSON.stringify(Object.assign({},l[4],Q.dummyCollectionSchemaData(l[0])),null,2)}; | ||
|
|
||
| final record = await pb.collection('${(mt=l[0])==null?void 0:mt.name}').create(body: body); | ||
| `+(l[1]?` | ||
| // (optional) send an email verification request | ||
| await pb.collection('${(bt=l[0])==null?void 0:bt.name}').requestVerification('test@example.com'); | ||
| `:"")),$.$set(k),(!Z||s&1)&&K!==(K=l[0].name+"")&&x(ve,K),l[6]?A||(A=gt(),A.c(),A.m(b,null)):A&&(A.d(1),A=null),l[1]?L?L.p(l,s):(L=wt(l),L.c(),L.m(U,Se)):L&&(L.d(1),L=null),s&1&&(me=ne((_t=l[0])==null?void 0:_t.schema),V=Be(V,s,at,1,l,me,Je,U,ht,$t,null,vt)),s&12&&(be=ne(l[3]),J=Be(J,s,st,1,l,be,tt,de,ht,Ct,null,yt)),s&12&&(pe=ne(l[3]),Ht(),R=Be(R,s,it,1,l,pe,nt,ce,Lt,St,null,kt),Pt())},i(l){if(!Z){ue($.$$.fragment,l),ue(te.$$.fragment,l),ue(le.$$.fragment,l);for(let s=0;s<pe.length;s+=1)ue(R[s]);Z=!0}},o(l){fe($.$$.fragment,l),fe(te.$$.fragment,l),fe(le.$$.fragment,l);for(let s=0;s<R.length;s+=1)fe(R[s]);Z=!1},d(l){l&&(d(e),d(c),d(p),d(B),d(N),d(q),d(g),d(b),d(ge),d(se),d(we),d(W),d(Te),d(ie),d(qe),d(Y),d(Re),d(re),d(Ae),d(X)),ke($,l),A&&A.d(),L&&L.d();for(let s=0;s<V.length;s+=1)V[s].d();ke(te),ke(le);for(let s=0;s<J.length;s+=1)J[s].d();for(let s=0;s<R.length;s+=1)R[s].d()}}}function Yt(o,e,t){let a,f,m,{collection:c}=e,p=200,y=[],S={};const T=w=>t(2,p=w.code);return o.$$set=w=>{"collection"in w&&t(0,c=w.collection)},o.$$.update=()=>{var w,H;o.$$.dirty&1&&t(1,a=c.type==="auth"),o.$$.dirty&1&&t(6,f=(c==null?void 0:c.createRule)===null),o.$$.dirty&1&&t(3,y=[{code:200,body:JSON.stringify(Q.dummyCollectionRecord(c),null,2)},{code:400,body:` |
There was a problem hiding this comment.
The updated Dart example block in the component's p() (update) path also interpolates unescaped dynamic values. If the renderer uses innerHTML, crafted schema names can inject HTML/JS on reactive updates.
Code Suggestion or Comments
import 'package:pocketbase/pocketbase.dart';
final pb = PocketBase('${escapeHtml(l[5])}');
...
// example create body
final body = <String, dynamic>${escapeHtml(JSON.stringify(Object.assign({}, l[4], Q.dummyCollectionSchemaData(l[0])), null, 2))};
final record = await pb.collection('${escapeHtml((mt=l[0])==null ? '' : mt.name)}').create(body: body);
` + (l[1] ? `
// (optional) send an email verification request
await pb.collection('${escapeHtml((bt=l[0])==null ? '' : bt.name)}').requestVerification('test@example.com');
` : ""))Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert javascript developer with deep knowledge of security, performance, and best practices.
### Context
File: ui/dist/assets/CreateApiDocs-Bdq3joNg.js
Lines: 62-75
Issue Type: security-high
Severity: high
Issue Description:
The updated Dart example block in the component's p() (update) path also interpolates unescaped dynamic values. If the renderer uses innerHTML, crafted schema names can inject HTML/JS on reactive updates.
Current Code:
import 'package:pocketbase/pocketbase.dart';
final pb = PocketBase('${l[5]}');
...
// example create body
final body = <String, dynamic>${JSON.stringify(Object.assign({},l[4],Q.dummyCollectionSchemaData(l[0])),null,2)};
final record = await pb.collection('${(mt=l[0])==null?void 0:mt.name}').create(body: body);
`+(l[1]?`
// (optional) send an email verification request
await pb.collection('${(bt=l[0])==null?void 0:bt.name}').requestVerification('test@example.com');
`:""))
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow javascript best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+76
to
+86
| { | ||
| "code": 400, | ||
| "message": "Failed to create record.", | ||
| "data": { | ||
| "${(H=(w=c==null?void 0:c.schema)==null?void 0:w[0])==null?void 0:H.name}": { | ||
| "code": "validation_required", | ||
| "message": "Missing required value." | ||
| } | ||
| } | ||
| } | ||
| `},{code:403,body:` |
There was a problem hiding this comment.
Building API response examples with an unescaped, user-controlled field name inside a template string can lead to HTML injection when rendered (e.g., a field name containing angle brackets). Escape the field name before inserting it into the response JSON string.
Code Suggestion or Comments
{
"code": 400,
"message": "Failed to create record.",
"data": {
"${escapeHtml(((H=(w=c==null?void 0:c.schema)==null?void 0:w[0])==null?void 0:H.name) || ""))}": {
"code": "validation_required",
"message": "Missing required value."
}
}
}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert javascript developer with deep knowledge of security, performance, and best practices.
### Context
File: ui/dist/assets/CreateApiDocs-Bdq3joNg.js
Lines: 76-86
Issue Type: security-high
Severity: high
Issue Description:
Building API response examples with an unescaped, user-controlled field name inside a template string can lead to HTML injection when rendered (e.g., a field name containing angle brackets). Escape the field name before inserting it into the response JSON string.
Current Code:
{
"code": 400,
"message": "Failed to create record.",
"data": {
"${(H=(w=c==null?void 0:c.schema)==null?void 0:w[0])==null?void 0:H.name}": {
"code": "validation_required",
"message": "Missing required value."
}
}
}
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow javascript best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+50
to
+53
| on:click|stopPropagation={async () => { | ||
| if (!hasPreview) { | ||
| return; | ||
| } |
There was a problem hiding this comment.
Non-preview files are no longer downloadable. The click handler returns early when hasPreview is false, but there is no fallback to open or download the file (previously handled by an anchor href). This is a regression that breaks expected functionality and contradicts the button title indicating a download.
Code Suggestion or Comments
on:click|stopPropagation={async () => {
if (!hasPreview) {
try {
const t = await ApiClient.getAdminFileToken(record.collectionId);
const url = ApiClient.files.getUrl(record, filename, { token: t });
window.open(url, "_blank", "noopener,noreferrer");
} catch (err) {
console.warn("File download token failure:", err);
}
return;
}
try {
// refetch the token because it could have expired
previewPopup?.show(async () => {
token = await ApiClient.getAdminFileToken(record.collectionId);
return ApiClient.files.getUrl(record, filename, { token });
});
} catch (err) {
console.warn("Preview file token failure:", err);
}
}}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert svelte developer with deep knowledge of security, performance, and best practices.
### Context
File: ui/src/components/records/RecordFileThumb.svelte
Lines: 50-53
Issue Type: functional-high
Severity: high
Issue Description:
Non-preview files are no longer downloadable. The click handler returns early when hasPreview is false, but there is no fallback to open or download the file (previously handled by an anchor href). This is a regression that breaks expected functionality and contradicts the button title indicating a download.
Current Code:
on:click|stopPropagation={async () => {
if (!hasPreview) {
return;
}
try {
// refetch the token because it could have expired
previewPopup?.show(async () => {
token = await ApiClient.getAdminFileToken(record.collectionId);
return ApiClient.files.getUrl(record, filename, { token });
});
} catch (err) {
console.warn("Preview file token failure:", err);
}
}}
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow svelte best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
| @@ -0,0 +1,4 @@ | |||
| (function(){"use strict";class Y extends Error{}class zn extends Y{constructor(e){super(`Invalid DateTime: ${e.toMessage()}`)}}class Pn extends Y{constructor(e){super(`Invalid Interval: ${e.toMessage()}`)}}class Yn extends Y{constructor(e){super(`Invalid Duration: ${e.toMessage()}`)}}class j extends Y{}class lt extends Y{constructor(e){super(`Invalid unit ${e}`)}}class v extends Y{}class U extends Y{constructor(){super("Zone is an abstract class")}}const f="numeric",C="short",M="long",Se={year:f,month:f,day:f},ct={year:f,month:C,day:f},Jn={year:f,month:C,day:f,weekday:C},ft={year:f,month:M,day:f},dt={year:f,month:M,day:f,weekday:M},ht={hour:f,minute:f},mt={hour:f,minute:f,second:f},yt={hour:f,minute:f,second:f,timeZoneName:C},gt={hour:f,minute:f,second:f,timeZoneName:M},pt={hour:f,minute:f,hourCycle:"h23"},wt={hour:f,minute:f,second:f,hourCycle:"h23"},St={hour:f,minute:f,second:f,hourCycle:"h23",timeZoneName:C},kt={hour:f,minute:f,second:f,hourCycle:"h23",timeZoneName:M},Tt={year:f,month:f,day:f,hour:f,minute:f},Ot={year:f,month:f,day:f,hour:f,minute:f,second:f},Nt={year:f,month:C,day:f,hour:f,minute:f},Et={year:f,month:C,day:f,hour:f,minute:f,second:f},Bn={year:f,month:C,day:f,weekday:C,hour:f,minute:f},xt={year:f,month:M,day:f,hour:f,minute:f,timeZoneName:C},bt={year:f,month:M,day:f,hour:f,minute:f,second:f,timeZoneName:C},vt={year:f,month:M,day:f,weekday:M,hour:f,minute:f,timeZoneName:M},It={year:f,month:M,day:f,weekday:M,hour:f,minute:f,second:f,timeZoneName:M};class oe{get type(){throw new U}get name(){throw new U}get ianaName(){return this.name}get isUniversal(){throw new U}offsetName(e,t){throw new U}formatOffset(e,t){throw new U}offset(e){throw new U}equals(e){throw new U}get isValid(){throw new U}}let $e=null;class ke extends oe{static get instance(){return $e===null&&($e=new ke),$e}get type(){return"system"}get name(){return new Intl.DateTimeFormat().resolvedOptions().timeZone}get isUniversal(){return!1}offsetName(e,{format:t,locale:n}){return Xt(e,t,n)}formatOffset(e,t){return fe(this.offset(e),t)}offset(e){return-new Date(e).getTimezoneOffset()}equals(e){return e.type==="system"}get isValid(){return!0}}let Te={};function Gn(s){return Te[s]||(Te[s]=new Intl.DateTimeFormat("en-US",{hour12:!1,timeZone:s,year:"numeric",month:"2-digit",day:"2-digit",hour:"2-digit",minute:"2-digit",second:"2-digit",era:"short"})),Te[s]}const jn={year:0,month:1,day:2,era:3,hour:4,minute:5,second:6};function Kn(s,e){const t=s.format(e).replace(/\u200E/g,""),n=/(\d+)\/(\d+)\/(\d+) (AD|BC),? (\d+):(\d+):(\d+)/.exec(t),[,r,i,a,o,u,l,c]=n;return[a,r,i,o,u,l,c]}function Hn(s,e){const t=s.formatToParts(e),n=[];for(let r=0;r<t.length;r++){const{type:i,value:a}=t[r],o=jn[i];i==="era"?n[o]=a:g(o)||(n[o]=parseInt(a,10))}return n}let Oe={};class $ extends oe{static create(e){return Oe[e]||(Oe[e]=new $(e)),Oe[e]}static resetCache(){Oe={},Te={}}static isValidSpecifier(e){return this.isValidZone(e)}static isValidZone(e){if(!e)return!1;try{return new Intl.DateTimeFormat("en-US",{timeZone:e}).format(),!0}catch{return!1}}constructor(e){super(),this.zoneName=e,this.valid=$.isValidZone(e)}get type(){return"iana"}get name(){return this.zoneName}get isUniversal(){return!1}offsetName(e,{format:t,locale:n}){return Xt(e,t,n,this.name)}formatOffset(e,t){return fe(this.offset(e),t)}offset(e){const t=new Date(e);if(isNaN(t))return NaN;const n=Gn(this.name);let[r,i,a,o,u,l,c]=n.formatToParts?Hn(n,t):Kn(n,t);o==="BC"&&(r=-Math.abs(r)+1);const p=ve({year:r,month:i,day:a,hour:u===24?0:u,minute:l,second:c,millisecond:0});let m=+t;const N=m%1e3;return m-=N>=0?N:1e3+N,(p-m)/(60*1e3)}equals(e){return e.type==="iana"&&e.name===this.name}get isValid(){return this.valid}}let Dt={};function _n(s,e={}){const t=JSON.stringify([s,e]);let n=Dt[t];return n||(n=new Intl.ListFormat(s,e),Dt[t]=n),n}let Ue={};function qe(s,e={}){const t=JSON.stringify([s,e]);let n=Ue[t];return n||(n=new Intl.DateTimeFormat(s,e),Ue[t]=n),n}let Ze={};function Qn(s,e={}){const t=JSON.stringify([s,e]);let n=Ze[t];return n||(n=new Intl.NumberFormat(s,e),Ze[t]=n),n}let ze={};function Xn(s,e={}){const{base:t,...n}=e,r=JSON.stringify([s,n]);let i=ze[r];return i||(i=new Intl.RelativeTimeFormat(s,e),ze[r]=i),i}let ue=null;function es(){return ue||(ue=new Intl.DateTimeFormat().resolvedOptions().locale,ue)}let Mt={};function ts(s){let e=Mt[s];if(!e){const t=new Intl.Locale(s);e="getWeekInfo"in t?t.getWeekInfo():t.weekInfo,Mt[s]=e}return e}function ns(s){const e=s.indexOf("-x-");e!==-1&&(s=s.substring(0,e));const t=s.indexOf("-u-");if(t===-1)return[s];{let n,r;try{n=qe(s).resolvedOptions(),r=s}catch{const u=s.substring(0,t);n=qe(u).resolvedOptions(),r=u}const{numberingSystem:i,calendar:a}=n;return[r,i,a]}}function ss(s,e,t){return(t||e)&&(s.includes("-u-")||(s+="-u"),t&&(s+=`-ca-${t}`),e&&(s+=`-nu-${e}`)),s}function rs(s){const e=[];for(let t=1;t<=12;t++){const n=y.utc(2009,t,1);e.push(s(n))}return e}function is(s){const e=[];for(let t=1;t<=7;t++){const n=y.utc(2016,11,13+t);e.push(s(n))}return e}function Ne(s,e,t,n){const r=s.listingMode();return r==="error"?null:r==="en"?t(e):n(e)}function as(s){return s.numberingSystem&&s.numberingSystem!=="latn"?!1:s.numberingSystem==="latn"||!s.locale||s.locale.startsWith("en")||new Intl.DateTimeFormat(s.intl).resolvedOptions().numberingSystem==="latn"}class os{constructor(e,t,n){this.padTo=n.padTo||0,this.floor=n.floor||!1;const{padTo:r,floor:i,...a}=n;if(!t||Object.keys(a).length>0){const o={useGrouping:!1,...n};n.padTo>0&&(o.minimumIntegerDigits=n.padTo),this.inf=Qn(e,o)}}format(e){if(this.inf){const t=this.floor?Math.floor(e):e;return this.inf.format(t)}else{const t=this.floor?Math.floor(e):He(e,3);return b(t,this.padTo)}}}class us{constructor(e,t,n){this.opts=n,this.originalZone=void 0;let r;if(this.opts.timeZone)this.dt=e;else if(e.zone.type==="fixed"){const a=-1*(e.offset/60),o=a>=0?`Etc/GMT+${a}`:`Etc/GMT${a}`;e.offset!==0&&$.create(o).valid?(r=o,this.dt=e):(r="UTC",this.dt=e.offset===0?e:e.setZone("UTC").plus({minutes:e.offset}),this.originalZone=e.zone)}else e.zone.type==="system"?this.dt=e:e.zone.type==="iana"?(this.dt=e,r=e.zone.name):(r="UTC",this.dt=e.setZone("UTC").plus({minutes:e.offset}),this.originalZone=e.zone);const i={...this.opts};i.timeZone=i.timeZone||r,this.dtf=qe(t,i)}format(){return this.originalZone?this.formatToParts().map(({value:e})=>e).join(""):this.dtf.format(this.dt.toJSDate())}formatToParts(){const e=this.dtf.formatToParts(this.dt.toJSDate());return this.originalZone?e.map(t=>{if(t.type==="timeZoneName"){const n=this.originalZone.offsetName(this.dt.ts,{locale:this.dt.locale,format:this.opts.timeZoneName});return{...t,value:n}}else return t}):e}resolvedOptions(){return this.dtf.resolvedOptions()}}class ls{constructor(e,t,n){this.opts={style:"long",...n},!t&&Kt()&&(this.rtf=Xn(e,n))}format(e,t){return this.rtf?this.rtf.format(e,t):Vs(t,e,this.opts.numeric,this.opts.style!=="long")}formatToParts(e,t){return this.rtf?this.rtf.formatToParts(e,t):[]}}const cs={firstDay:1,minimalDays:4,weekend:[6,7]};class T{static fromOpts(e){return T.create(e.locale,e.numberingSystem,e.outputCalendar,e.weekSettings,e.defaultToEN)}static create(e,t,n,r,i=!1){const a=e||E.defaultLocale,o=a||(i?"en-US":es()),u=t||E.defaultNumberingSystem,l=n||E.defaultOutputCalendar,c=je(r)||E.defaultWeekSettings;return new T(o,u,l,c,a)}static resetCache(){ue=null,Ue={},Ze={},ze={}}static fromObject({locale:e,numberingSystem:t,outputCalendar:n,weekSettings:r}={}){return T.create(e,t,n,r)}constructor(e,t,n,r,i){const[a,o,u]=ns(e);this.locale=a,this.numberingSystem=t||o||null,this.outputCalendar=n||u||null,this.weekSettings=r,this.intl=ss(this.locale,this.numberingSystem,this.outputCalendar),this.weekdaysCache={format:{},standalone:{}},this.monthsCache={format:{},standalone:{}},this.meridiemCache=null,this.eraCache={},this.specifiedLocale=i,this.fastNumbersCached=null}get fastNumbers(){return this.fastNumbersCached==null&&(this.fastNumbersCached=as(this)),this.fastNumbersCached}listingMode(){const e=this.isEnglish(),t=(this.numberingSystem===null||this.numberingSystem==="latn")&&(this.outputCalendar===null||this.outputCalendar==="gregory");return e&&t?"en":"intl"}clone(e){return!e||Object.getOwnPropertyNames(e).length===0?this:T.create(e.locale||this.specifiedLocale,e.numberingSystem||this.numberingSystem,e.outputCalendar||this.outputCalendar,je(e.weekSettings)||this.weekSettings,e.defaultToEN||!1)}redefaultToEN(e={}){return this.clone({...e,defaultToEN:!0})}redefaultToSystem(e={}){return this.clone({...e,defaultToEN:!1})}months(e,t=!1){return Ne(this,e,nn,()=>{const n=t?{month:e,day:"numeric"}:{month:e},r=t?"format":"standalone";return this.monthsCache[r][e]||(this.monthsCache[r][e]=rs(i=>this.extract(i,n,"month"))),this.monthsCache[r][e]})}weekdays(e,t=!1){return Ne(this,e,an,()=>{const n=t?{weekday:e,year:"numeric",month:"long",day:"numeric"}:{weekday:e},r=t?"format":"standalone";return this.weekdaysCache[r][e]||(this.weekdaysCache[r][e]=is(i=>this.extract(i,n,"weekday"))),this.weekdaysCache[r][e]})}meridiems(){return Ne(this,void 0,()=>on,()=>{if(!this.meridiemCache){const e={hour:"numeric",hourCycle:"h12"};this.meridiemCache=[y.utc(2016,11,13,9),y.utc(2016,11,13,19)].map(t=>this.extract(t,e,"dayperiod"))}return this.meridiemCache})}eras(e){return Ne(this,e,un,()=>{const t={era:e};return this.eraCache[e]||(this.eraCache[e]=[y.utc(-40,1,1),y.utc(2017,1,1)].map(n=>this.extract(n,t,"era"))),this.eraCache[e]})}extract(e,t,n){const r=this.dtFormatter(e,t),i=r.formatToParts(),a=i.find(o=>o.type.toLowerCase()===n);return a?a.value:null}numberFormatter(e={}){return new os(this.intl,e.forceSimple||this.fastNumbers,e)}dtFormatter(e,t={}){return new us(e,this.intl,t)}relFormatter(e={}){return new ls(this.intl,this.isEnglish(),e)}listFormatter(e={}){return _n(this.intl,e)}isEnglish(){return this.locale==="en"||this.locale.toLowerCase()==="en-us"||new Intl.DateTimeFormat(this.intl).resolvedOptions().locale.startsWith("en-us")}getWeekSettings(){return this.weekSettings?this.weekSettings:Ht()?ts(this.locale):cs}getStartOfWeek(){return this.getWeekSettings().firstDay}getMinDaysInFirstWeek(){return this.getWeekSettings().minimalDays}getWeekendDays(){return this.getWeekSettings().weekend}equals(e){return this.locale===e.locale&&this.numberingSystem===e.numberingSystem&&this.outputCalendar===e.outputCalendar}toString(){return`Locale(${this.locale}, ${this.numberingSystem}, ${this.outputCalendar})`}}let Pe=null;class D extends oe{static get utcInstance(){return Pe===null&&(Pe=new D(0)),Pe}static instance(e){return e===0?D.utcInstance:new D(e)}static parseSpecifier(e){if(e){const t=e.match(/^utc(?:([+-]\d{1,2})(?::(\d{2}))?)?$/i);if(t)return new D(Ie(t[1],t[2]))}return null}constructor(e){super(),this.fixed=e}get type(){return"fixed"}get name(){return this.fixed===0?"UTC":`UTC${fe(this.fixed,"narrow")}`}get ianaName(){return this.fixed===0?"Etc/UTC":`Etc/GMT${fe(-this.fixed,"narrow")}`}offsetName(){return this.name}formatOffset(e,t){return fe(this.fixed,t)}get isUniversal(){return!0}offset(){return this.fixed}equals(e){return e.type==="fixed"&&e.fixed===this.fixed}get isValid(){return!0}}class fs extends oe{constructor(e){super(),this.zoneName=e}get type(){return"invalid"}get name(){return this.zoneName}get isUniversal(){return!1}offsetName(){return null}formatOffset(){return""}offset(){return NaN}equals(){return!1}get isValid(){return!1}}function q(s,e){if(g(s)||s===null)return e;if(s instanceof oe)return s;if(ps(s)){const t=s.toLowerCase();return t==="default"?e:t==="local"||t==="system"?ke.instance:t==="utc"||t==="gmt"?D.utcInstance:D.parseSpecifier(t)||$.create(s)}else return Z(s)?D.instance(s):typeof s=="object"&&"offset"in s&&typeof s.offset=="function"?s:new fs(s)}const Ye={arab:"[٠-٩]",arabext:"[۰-۹]",bali:"[᭐-᭙]",beng:"[০-৯]",deva:"[०-९]",fullwide:"[0-9]",gujr:"[૦-૯]",hanidec:"[〇|一|二|三|四|五|六|七|八|九]",khmr:"[០-៩]",knda:"[೦-೯]",laoo:"[໐-໙]",limb:"[᥆-᥏]",mlym:"[൦-൯]",mong:"[᠐-᠙]",mymr:"[၀-၉]",orya:"[୦-୯]",tamldec:"[௦-௯]",telu:"[౦-౯]",thai:"[๐-๙]",tibt:"[༠-༩]",latn:"\\d"},Ft={arab:[1632,1641],arabext:[1776,1785],bali:[6992,7001],beng:[2534,2543],deva:[2406,2415],fullwide:[65296,65303],gujr:[2790,2799],khmr:[6112,6121],knda:[3302,3311],laoo:[3792,3801],limb:[6470,6479],mlym:[3430,3439],mong:[6160,6169],mymr:[4160,4169],orya:[2918,2927],tamldec:[3046,3055],telu:[3174,3183],thai:[3664,3673],tibt:[3872,3881]},ds=Ye.hanidec.replace(/[\[|\]]/g,"").split("");function hs(s){let e=parseInt(s,10);if(isNaN(e)){e="";for(let t=0;t<s.length;t++){const n=s.charCodeAt(t);if(s[t].search(Ye.hanidec)!==-1)e+=ds.indexOf(s[t]);else for(const r in Ft){const[i,a]=Ft[r];n>=i&&n<=a&&(e+=n-i)}}return parseInt(e,10)}else return e}let K={};function ms(){K={}}function W({numberingSystem:s},e=""){const t=s||"latn";return K[t]||(K[t]={}),K[t][e]||(K[t][e]=new RegExp(`${Ye[t]}${e}`)),K[t][e]}let Vt=()=>Date.now(),At="system",Ct=null,Wt=null,Lt=null,Rt=60,$t,Ut=null;class E{static get now(){return Vt}static set now(e){Vt=e}static set defaultZone(e){At=e}static get defaultZone(){return q(At,ke.instance)}static get defaultLocale(){return Ct}static set defaultLocale(e){Ct=e}static get defaultNumberingSystem(){return Wt}static set defaultNumberingSystem(e){Wt=e}static get defaultOutputCalendar(){return Lt}static set defaultOutputCalendar(e){Lt=e}static get defaultWeekSettings(){return Ut}static set defaultWeekSettings(e){Ut=je(e)}static get twoDigitCutoffYear(){return Rt}static set twoDigitCutoffYear(e){Rt=e%100}static get throwOnInvalid(){return $t}static set throwOnInvalid(e){$t=e}static resetCaches(){T.resetCache(),$.resetCache(),y.resetCache(),ms()}}class L{constructor(e,t){this.reason=e,this.explanation=t}toMessage(){return this.explanation?`${this.reason}: ${this.explanation}`:this.reason}}const qt=[0,31,59,90,120,151,181,212,243,273,304,334],Zt=[0,31,60,91,121,152,182,213,244,274,305,335];function F(s,e){return new L("unit out of range",`you specified ${e} (of type ${typeof e}) as a ${s}, which is invalid`)}function Je(s,e,t){const n=new Date(Date.UTC(s,e-1,t));s<100&&s>=0&&n.setUTCFullYear(n.getUTCFullYear()-1900);const r=n.getUTCDay();return r===0?7:r}function zt(s,e,t){return t+(le(s)?Zt:qt)[e-1]}function Pt(s,e){const t=le(s)?Zt:qt,n=t.findIndex(i=>i<e),r=e-t[n];return{month:n+1,day:r}}function Be(s,e){return(s-e+7)%7+1}function Ee(s,e=4,t=1){const{year:n,month:r,day:i}=s,a=zt(n,r,i),o=Be(Je(n,r,i),t);let u=Math.floor((a-o+14-e)/7),l;return u<1?(l=n-1,u=ce(l,e,t)):u>ce(n,e,t)?(l=n+1,u=1):l=n,{weekYear:l,weekNumber:u,weekday:o,...Me(s)}}function Yt(s,e=4,t=1){const{weekYear:n,weekNumber:r,weekday:i}=s,a=Be(Je(n,1,e),t),o=_(n);let u=r*7+i-a-7+e,l;u<1?(l=n-1,u+=_(l)):u>o?(l=n+1,u-=_(n)):l=n;const{month:c,day:h}=Pt(l,u);return{year:l,month:c,day:h,...Me(s)}}function Ge(s){const{year:e,month:t,day:n}=s,r=zt(e,t,n);return{year:e,ordinal:r,...Me(s)}}function Jt(s){const{year:e,ordinal:t}=s,{month:n,day:r}=Pt(e,t);return{year:e,month:n,day:r,...Me(s)}}function Bt(s,e){if(!g(s.localWeekday)||!g(s.localWeekNumber)||!g(s.localWeekYear)){if(!g(s.weekday)||!g(s.weekNumber)||!g(s.weekYear))throw new j("Cannot mix locale-based week fields with ISO-based week fields");return g(s.localWeekday)||(s.weekday=s.localWeekday),g(s.localWeekNumber)||(s.weekNumber=s.localWeekNumber),g(s.localWeekYear)||(s.weekYear=s.localWeekYear),delete s.localWeekday,delete s.localWeekNumber,delete s.localWeekYear,{minDaysInFirstWeek:e.getMinDaysInFirstWeek(),startOfWeek:e.getStartOfWeek()}}else return{minDaysInFirstWeek:4,startOfWeek:1}}function ys(s,e=4,t=1){const n=xe(s.weekYear),r=V(s.weekNumber,1,ce(s.weekYear,e,t)),i=V(s.weekday,1,7);return n?r?i?!1:F("weekday",s.weekday):F("week",s.weekNumber):F("weekYear",s.weekYear)}function gs(s){const e=xe(s.year),t=V(s.ordinal,1,_(s.year));return e?t?!1:F("ordinal",s.ordinal):F("year",s.year)}function Gt(s){const e=xe(s.year),t=V(s.month,1,12),n=V(s.day,1,be(s.year,s.month));return e?t?n?!1:F("day",s.day):F("month",s.month):F("year",s.year)}function jt(s){const{hour:e,minute:t,second:n,millisecond:r}=s,i=V(e,0,23)||e===24&&t===0&&n===0&&r===0,a=V(t,0,59),o=V(n,0,59),u=V(r,0,999);return i?a?o?u?!1:F("millisecond",r):F("second",n):F("minute",t):F("hour",e)}function g(s){return typeof s>"u"}function Z(s){return typeof s=="number"}function xe(s){return typeof s=="number"&&s%1===0}function ps(s){return typeof s=="string"}function ws(s){return Object.prototype.toString.call(s)==="[object Date]"}function Kt(){try{return typeof Intl<"u"&&!!Intl.RelativeTimeFormat}catch{return!1}}function Ht(){try{return typeof Intl<"u"&&!!Intl.Locale&&("weekInfo"in Intl.Locale.prototype||"getWeekInfo"in Intl.Locale.prototype)}catch{return!1}}function Ss(s){return Array.isArray(s)?s:[s]}function _t(s,e,t){if(s.length!==0)return s.reduce((n,r)=>{const i=[e(r),r];return n&&t(n[0],i[0])===n[0]?n:i},null)[1]}function ks(s,e){return e.reduce((t,n)=>(t[n]=s[n],t),{})}function H(s,e){return Object.prototype.hasOwnProperty.call(s,e)}function je(s){if(s==null)return null;if(typeof s!="object")throw new v("Week settings must be an object");if(!V(s.firstDay,1,7)||!V(s.minimalDays,1,7)||!Array.isArray(s.weekend)||s.weekend.some(e=>!V(e,1,7)))throw new v("Invalid week settings");return{firstDay:s.firstDay,minimalDays:s.minimalDays,weekend:Array.from(s.weekend)}}function V(s,e,t){return xe(s)&&s>=e&&s<=t}function Ts(s,e){return s-e*Math.floor(s/e)}function b(s,e=2){const t=s<0;let n;return t?n="-"+(""+-s).padStart(e,"0"):n=(""+s).padStart(e,"0"),n}function z(s){if(!(g(s)||s===null||s===""))return parseInt(s,10)}function J(s){if(!(g(s)||s===null||s===""))return parseFloat(s)}function Ke(s){if(!(g(s)||s===null||s==="")){const e=parseFloat("0."+s)*1e3;return Math.floor(e)}}function He(s,e,t=!1){const n=10**e;return(t?Math.trunc:Math.round)(s*n)/n}function le(s){return s%4===0&&(s%100!==0||s%400===0)}function _(s){return le(s)?366:365}function be(s,e){const t=Ts(e-1,12)+1,n=s+(e-t)/12;return t===2?le(n)?29:28:[31,null,31,30,31,30,31,31,30,31,30,31][t-1]}function ve(s){let e=Date.UTC(s.year,s.month-1,s.day,s.hour,s.minute,s.second,s.millisecond);return s.year<100&&s.year>=0&&(e=new Date(e),e.setUTCFullYear(s.year,s.month-1,s.day)),+e}function Qt(s,e,t){return-Be(Je(s,1,e),t)+e-1}function ce(s,e=4,t=1){const n=Qt(s,e,t),r=Qt(s+1,e,t);return(_(s)-n+r)/7}function _e(s){return s>99?s:s>E.twoDigitCutoffYear?1900+s:2e3+s}function Xt(s,e,t,n=null){const r=new Date(s),i={hourCycle:"h23",year:"numeric",month:"2-digit",day:"2-digit",hour:"2-digit",minute:"2-digit"};n&&(i.timeZone=n);const a={timeZoneName:e,...i},o=new Intl.DateTimeFormat(t,a).formatToParts(r).find(u=>u.type.toLowerCase()==="timezonename");return o?o.value:null}function Ie(s,e){let t=parseInt(s,10);Number.isNaN(t)&&(t=0);const n=parseInt(e,10)||0,r=t<0||Object.is(t,-0)?-n:n;return t*60+r}function en(s){const e=Number(s);if(typeof s=="boolean"||s===""||Number.isNaN(e))throw new v(`Invalid unit value ${s}`);return e}function De(s,e){const t={};for(const n in s)if(H(s,n)){const r=s[n];if(r==null)continue;t[e(n)]=en(r)}return t}function fe(s,e){const t=Math.trunc(Math.abs(s/60)),n=Math.trunc(Math.abs(s%60)),r=s>=0?"+":"-";switch(e){case"short":return`${r}${b(t,2)}:${b(n,2)}`;case"narrow":return`${r}${t}${n>0?`:${n}`:""}`;case"techie":return`${r}${b(t,2)}${b(n,2)}`;default:throw new RangeError(`Value format ${e} is out of range for property format`)}}function Me(s){return ks(s,["hour","minute","second","millisecond"])}const Os=["January","February","March","April","May","June","July","August","September","October","November","December"],tn=["Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],Ns=["J","F","M","A","M","J","J","A","S","O","N","D"];function nn(s){switch(s){case"narrow":return[...Ns];case"short":return[...tn];case"long":return[...Os];case"numeric":return["1","2","3","4","5","6","7","8","9","10","11","12"];case"2-digit":return["01","02","03","04","05","06","07","08","09","10","11","12"];default:return null}}const sn=["Monday","Tuesday","Wednesday","Thursday","Friday","Saturday","Sunday"],rn=["Mon","Tue","Wed","Thu","Fri","Sat","Sun"],Es=["M","T","W","T","F","S","S"];function an(s){switch(s){case"narrow":return[...Es];case"short":return[...rn];case"long":return[...sn];case"numeric":return["1","2","3","4","5","6","7"];default:return null}}const on=["AM","PM"],xs=["Before Christ","Anno Domini"],bs=["BC","AD"],vs=["B","A"];function un(s){switch(s){case"narrow":return[...vs];case"short":return[...bs];case"long":return[...xs];default:return null}}function Is(s){return on[s.hour<12?0:1]}function Ds(s,e){return an(e)[s.weekday-1]}function Ms(s,e){return nn(e)[s.month-1]}function Fs(s,e){return un(e)[s.year<0?0:1]}function Vs(s,e,t="always",n=!1){const r={years:["year","yr."],quarters:["quarter","qtr."],months:["month","mo."],weeks:["week","wk."],days:["day","day","days"],hours:["hour","hr."],minutes:["minute","min."],seconds:["second","sec."]},i=["hours","minutes","seconds"].indexOf(s)===-1;if(t==="auto"&&i){const h=s==="days";switch(e){case 1:return h?"tomorrow":`next ${r[s][0]}`;case-1:return h?"yesterday":`last ${r[s][0]}`;case 0:return h?"today":`this ${r[s][0]}`}}const a=Object.is(e,-0)||e<0,o=Math.abs(e),u=o===1,l=r[s],c=n?u?l[1]:l[2]||l[1]:u?r[s][0]:s;return a?`${o} ${c} ago`:`in ${o} ${c}`}function ln(s,e){let t="";for(const n of s)n.literal?t+=n.val:t+=e(n.val);return t}const As={D:Se,DD:ct,DDD:ft,DDDD:dt,t:ht,tt:mt,ttt:yt,tttt:gt,T:pt,TT:wt,TTT:St,TTTT:kt,f:Tt,ff:Nt,fff:xt,ffff:vt,F:Ot,FF:Et,FFF:bt,FFFF:It};class I{static create(e,t={}){return new I(e,t)}static parseFormat(e){let t=null,n="",r=!1;const i=[];for(let a=0;a<e.length;a++){const o=e.charAt(a);o==="'"?(n.length>0&&i.push({literal:r||/^\s+$/.test(n),val:n}),t=null,n="",r=!r):r||o===t?n+=o:(n.length>0&&i.push({literal:/^\s+$/.test(n),val:n}),n=o,t=o)}return n.length>0&&i.push({literal:r||/^\s+$/.test(n),val:n}),i}static macroTokenToFormatOpts(e){return As[e]}constructor(e,t){this.opts=t,this.loc=e,this.systemLoc=null}formatWithSystemDefault(e,t){return this.systemLoc===null&&(this.systemLoc=this.loc.redefaultToSystem()),this.systemLoc.dtFormatter(e,{...this.opts,...t}).format()}dtFormatter(e,t={}){return this.loc.dtFormatter(e,{...this.opts,...t})}formatDateTime(e,t){return this.dtFormatter(e,t).format()}formatDateTimeParts(e,t){return this.dtFormatter(e,t).formatToParts()}formatInterval(e,t){return this.dtFormatter(e.start,t).dtf.formatRange(e.start.toJSDate(),e.end.toJSDate())}resolvedOptions(e,t){return this.dtFormatter(e,t).resolvedOptions()}num(e,t=0){if(this.opts.forceSimple)return b(e,t);const n={...this.opts};return t>0&&(n.padTo=t),this.loc.numberFormatter(n).format(e)}formatDateTimeFromString(e,t){const n=this.loc.listingMode()==="en",r=this.loc.outputCalendar&&this.loc.outputCalendar!=="gregory",i=(m,N)=>this.loc.extract(e,m,N),a=m=>e.isOffsetFixed&&e.offset===0&&m.allowZ?"Z":e.isValid?e.zone.formatOffset(e.ts,m.format):"",o=()=>n?Is(e):i({hour:"numeric",hourCycle:"h12"},"dayperiod"),u=(m,N)=>n?Ms(e,m):i(N?{month:m}:{month:m,day:"numeric"},"month"),l=(m,N)=>n?Ds(e,m):i(N?{weekday:m}:{weekday:m,month:"long",day:"numeric"},"weekday"),c=m=>{const N=I.macroTokenToFormatOpts(m);return N?this.formatWithSystemDefault(e,N):m},h=m=>n?Fs(e,m):i({era:m},"era"),p=m=>{switch(m){case"S":return this.num(e.millisecond);case"u":case"SSS":return this.num(e.millisecond,3);case"s":return this.num(e.second);case"ss":return this.num(e.second,2);case"uu":return this.num(Math.floor(e.millisecond/10),2);case"uuu":return this.num(Math.floor(e.millisecond/100));case"m":return this.num(e.minute);case"mm":return this.num(e.minute,2);case"h":return this.num(e.hour%12===0?12:e.hour%12);case"hh":return this.num(e.hour%12===0?12:e.hour%12,2);case"H":return this.num(e.hour);case"HH":return this.num(e.hour,2);case"Z":return a({format:"narrow",allowZ:this.opts.allowZ});case"ZZ":return a({format:"short",allowZ:this.opts.allowZ});case"ZZZ":return a({format:"techie",allowZ:this.opts.allowZ});case"ZZZZ":return e.zone.offsetName(e.ts,{format:"short",locale:this.loc.locale});case"ZZZZZ":return e.zone.offsetName(e.ts,{format:"long",locale:this.loc.locale});case"z":return e.zoneName;case"a":return o();case"d":return r?i({day:"numeric"},"day"):this.num(e.day);case"dd":return r?i({day:"2-digit"},"day"):this.num(e.day,2);case"c":return this.num(e.weekday);case"ccc":return l("short",!0);case"cccc":return l("long",!0);case"ccccc":return l("narrow",!0);case"E":return this.num(e.weekday);case"EEE":return l("short",!1);case"EEEE":return l("long",!1);case"EEEEE":return l("narrow",!1);case"L":return r?i({month:"numeric",day:"numeric"},"month"):this.num(e.month);case"LL":return r?i({month:"2-digit",day:"numeric"},"month"):this.num(e.month,2);case"LLL":return u("short",!0);case"LLLL":return u("long",!0);case"LLLLL":return u("narrow",!0);case"M":return r?i({month:"numeric"},"month"):this.num(e.month);case"MM":return r?i({month:"2-digit"},"month"):this.num(e.month,2);case"MMM":return u("short",!1);case"MMMM":return u("long",!1);case"MMMMM":return u("narrow",!1);case"y":return r?i({year:"numeric"},"year"):this.num(e.year);case"yy":return r?i({year:"2-digit"},"year"):this.num(e.year.toString().slice(-2),2);case"yyyy":return r?i({year:"numeric"},"year"):this.num(e.year,4);case"yyyyyy":return r?i({year:"numeric"},"year"):this.num(e.year,6);case"G":return h("short");case"GG":return h("long");case"GGGGG":return h("narrow");case"kk":return this.num(e.weekYear.toString().slice(-2),2);case"kkkk":return this.num(e.weekYear,4);case"W":return this.num(e.weekNumber);case"WW":return this.num(e.weekNumber,2);case"n":return this.num(e.localWeekNumber);case"nn":return this.num(e.localWeekNumber,2);case"ii":return this.num(e.localWeekYear.toString().slice(-2),2);case"iiii":return this.num(e.localWeekYear,4);case"o":return this.num(e.ordinal);case"ooo":return this.num(e.ordinal,3);case"q":return this.num(e.quarter);case"qq":return this.num(e.quarter,2);case"X":return this.num(Math.floor(e.ts/1e3));case"x":return this.num(e.ts);default:return c(m)}};return ln(I.parseFormat(t),p)}formatDurationFromString(e,t){const n=u=>{switch(u[0]){case"S":return"millisecond";case"s":return"second";case"m":return"minute";case"h":return"hour";case"d":return"day";case"w":return"week";case"M":return"month";case"y":return"year";default:return null}},r=u=>l=>{const c=n(l);return c?this.num(u.get(c),l.length):l},i=I.parseFormat(t),a=i.reduce((u,{literal:l,val:c})=>l?u:u.concat(c),[]),o=e.shiftTo(...a.map(n).filter(u=>u));return ln(i,r(o))}}const cn=/[A-Za-z_+-]{1,256}(?::?\/[A-Za-z0-9_+-]{1,256}(?:\/[A-Za-z0-9_+-]{1,256})?)?/;function Q(...s){const e=s.reduce((t,n)=>t+n.source,"");return RegExp(`^${e}$`)}function X(...s){return e=>s.reduce(([t,n,r],i)=>{const[a,o,u]=i(e,r);return[{...t,...a},o||n,u]},[{},null,1]).slice(0,2)}function ee(s,...e){if(s==null)return[null,null];for(const[t,n]of e){const r=t.exec(s);if(r)return n(r)}return[null,null]}function fn(...s){return(e,t)=>{const n={};let r;for(r=0;r<s.length;r++)n[s[r]]=z(e[t+r]);return[n,null,t+r]}}const dn=/(?:(Z)|([+-]\d\d)(?::?(\d\d))?)/,Cs=`(?:${dn.source}?(?:\\[(${cn.source})\\])?)?`,Qe=/(\d\d)(?::?(\d\d)(?::?(\d\d)(?:[.,](\d{1,30}))?)?)?/,hn=RegExp(`${Qe.source}${Cs}`),Xe=RegExp(`(?:T${hn.source})?`),Ws=/([+-]\d{6}|\d{4})(?:-?(\d\d)(?:-?(\d\d))?)?/,Ls=/(\d{4})-?W(\d\d)(?:-?(\d))?/,Rs=/(\d{4})-?(\d{3})/,$s=fn("weekYear","weekNumber","weekDay"),Us=fn("year","ordinal"),qs=/(\d{4})-(\d\d)-(\d\d)/,mn=RegExp(`${Qe.source} ?(?:${dn.source}|(${cn.source}))?`),Zs=RegExp(`(?: ${mn.source})?`);function te(s,e,t){const n=s[e];return g(n)?t:z(n)}function zs(s,e){return[{year:te(s,e),month:te(s,e+1,1),day:te(s,e+2,1)},null,e+3]}function ne(s,e){return[{hours:te(s,e,0),minutes:te(s,e+1,0),seconds:te(s,e+2,0),milliseconds:Ke(s[e+3])},null,e+4]}function de(s,e){const t=!s[e]&&!s[e+1],n=Ie(s[e+1],s[e+2]),r=t?null:D.instance(n);return[{},r,e+3]}function he(s,e){const t=s[e]?$.create(s[e]):null;return[{},t,e+1]}const Ps=RegExp(`^T?${Qe.source}$`),Ys=/^-?P(?:(?:(-?\d{1,20}(?:\.\d{1,20})?)Y)?(?:(-?\d{1,20}(?:\.\d{1,20})?)M)?(?:(-?\d{1,20}(?:\.\d{1,20})?)W)?(?:(-?\d{1,20}(?:\.\d{1,20})?)D)?(?:T(?:(-?\d{1,20}(?:\.\d{1,20})?)H)?(?:(-?\d{1,20}(?:\.\d{1,20})?)M)?(?:(-?\d{1,20})(?:[.,](-?\d{1,20}))?S)?)?)$/;function Js(s){const[e,t,n,r,i,a,o,u,l]=s,c=e[0]==="-",h=u&&u[0]==="-",p=(m,N=!1)=>m!==void 0&&(N||m&&c)?-m:m;return[{years:p(J(t)),months:p(J(n)),weeks:p(J(r)),days:p(J(i)),hours:p(J(a)),minutes:p(J(o)),seconds:p(J(u),u==="-0"),milliseconds:p(Ke(l),h)}]}const Bs={GMT:0,EDT:-4*60,EST:-5*60,CDT:-5*60,CST:-6*60,MDT:-6*60,MST:-7*60,PDT:-7*60,PST:-8*60};function et(s,e,t,n,r,i,a){const o={year:e.length===2?_e(z(e)):z(e),month:tn.indexOf(t)+1,day:z(n),hour:z(r),minute:z(i)};return a&&(o.second=z(a)),s&&(o.weekday=s.length>3?sn.indexOf(s)+1:rn.indexOf(s)+1),o}const Gs=/^(?:(Mon|Tue|Wed|Thu|Fri|Sat|Sun),\s)?(\d{1,2})\s(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s(\d{2,4})\s(\d\d):(\d\d)(?::(\d\d))?\s(?:(UT|GMT|[ECMP][SD]T)|([Zz])|(?:([+-]\d\d)(\d\d)))$/;function js(s){const[,e,t,n,r,i,a,o,u,l,c,h]=s,p=et(e,r,n,t,i,a,o);let m;return u?m=Bs[u]:l?m=0:m=Ie(c,h),[p,new D(m)]}function Ks(s){return s.replace(/\([^()]*\)|[\n\t]/g," ").replace(/(\s\s+)/g," ").trim()}const Hs=/^(Mon|Tue|Wed|Thu|Fri|Sat|Sun), (\d\d) (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) (\d{4}) (\d\d):(\d\d):(\d\d) GMT$/,_s=/^(Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday), (\d\d)-(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)-(\d\d) (\d\d):(\d\d):(\d\d) GMT$/,Qs=/^(Mon|Tue|Wed|Thu|Fri|Sat|Sun) (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) ( \d|\d\d) (\d\d):(\d\d):(\d\d) (\d{4})$/;function yn(s){const[,e,t,n,r,i,a,o]=s;return[et(e,r,n,t,i,a,o),D.utcInstance]}function Xs(s){const[,e,t,n,r,i,a,o]=s;return[et(e,o,t,n,r,i,a),D.utcInstance]}const er=Q(Ws,Xe),tr=Q(Ls,Xe),nr=Q(Rs,Xe),sr=Q(hn),gn=X(zs,ne,de,he),rr=X($s,ne,de,he),ir=X(Us,ne,de,he),ar=X(ne,de,he);function or(s){return ee(s,[er,gn],[tr,rr],[nr,ir],[sr,ar])}function ur(s){return ee(Ks(s),[Gs,js])}function lr(s){return ee(s,[Hs,yn],[_s,yn],[Qs,Xs])}function cr(s){return ee(s,[Ys,Js])}const fr=X(ne);function dr(s){return ee(s,[Ps,fr])}const hr=Q(qs,Zs),mr=Q(mn),yr=X(ne,de,he);function gr(s){return ee(s,[hr,gn],[mr,yr])}const pn="Invalid Duration",wn={weeks:{days:7,hours:7*24,minutes:7*24*60,seconds:7*24*60*60,milliseconds:7*24*60*60*1e3},days:{hours:24,minutes:24*60,seconds:24*60*60,milliseconds:24*60*60*1e3},hours:{minutes:60,seconds:60*60,milliseconds:60*60*1e3},minutes:{seconds:60,milliseconds:60*1e3},seconds:{milliseconds:1e3}},pr={years:{quarters:4,months:12,weeks:52,days:365,hours:365*24,minutes:365*24*60,seconds:365*24*60*60,milliseconds:365*24*60*60*1e3},quarters:{months:3,weeks:13,days:91,hours:91*24,minutes:91*24*60,seconds:91*24*60*60,milliseconds:91*24*60*60*1e3},months:{weeks:4,days:30,hours:30*24,minutes:30*24*60,seconds:30*24*60*60,milliseconds:30*24*60*60*1e3},...wn},A=146097/400,se=146097/4800,wr={years:{quarters:4,months:12,weeks:A/7,days:A,hours:A*24,minutes:A*24*60,seconds:A*24*60*60,milliseconds:A*24*60*60*1e3},quarters:{months:3,weeks:A/28,days:A/4,hours:A*24/4,minutes:A*24*60/4,seconds:A*24*60*60/4,milliseconds:A*24*60*60*1e3/4},months:{weeks:se/7,days:se,hours:se*24,minutes:se*24*60,seconds:se*24*60*60,milliseconds:se*24*60*60*1e3},...wn},B=["years","quarters","months","weeks","days","hours","minutes","seconds","milliseconds"],Sr=B.slice(0).reverse();function P(s,e,t=!1){const n={values:t?e.values:{...s.values,...e.values||{}},loc:s.loc.clone(e.loc),conversionAccuracy:e.conversionAccuracy||s.conversionAccuracy,matrix:e.matrix||s.matrix};return new w(n)}function Sn(s,e){let t=e.milliseconds??0;for(const n of Sr.slice(1))e[n]&&(t+=e[n]*s[n].milliseconds);return t}function kn(s,e){const t=Sn(s,e)<0?-1:1;B.reduceRight((n,r)=>{if(g(e[r]))return n;if(n){const i=e[n]*t,a=s[r][n],o=Math.floor(i/a);e[r]+=o*t,e[n]-=o*a*t}return r},null),B.reduce((n,r)=>{if(g(e[r]))return n;if(n){const i=e[n]%1;e[n]-=i,e[r]+=i*s[n][r]}return r},null)}function kr(s){const e={};for(const[t,n]of Object.entries(s))n!==0&&(e[t]=n);return e}class w{constructor(e){const t=e.conversionAccuracy==="longterm"||!1;let n=t?wr:pr;e.matrix&&(n=e.matrix),this.values=e.values,this.loc=e.loc||T.create(),this.conversionAccuracy=t?"longterm":"casual",this.invalid=e.invalid||null,this.matrix=n,this.isLuxonDuration=!0}static fromMillis(e,t){return w.fromObject({milliseconds:e},t)}static fromObject(e,t={}){if(e==null||typeof e!="object")throw new v(`Duration.fromObject: argument expected to be an object, got ${e===null?"null":typeof e}`);return new w({values:De(e,w.normalizeUnit),loc:T.fromObject(t),conversionAccuracy:t.conversionAccuracy,matrix:t.matrix})}static fromDurationLike(e){if(Z(e))return w.fromMillis(e);if(w.isDuration(e))return e;if(typeof e=="object")return w.fromObject(e);throw new v(`Unknown duration argument ${e} of type ${typeof e}`)}static fromISO(e,t){const[n]=cr(e);return n?w.fromObject(n,t):w.invalid("unparsable",`the input "${e}" can't be parsed as ISO 8601`)}static fromISOTime(e,t){const[n]=dr(e);return n?w.fromObject(n,t):w.invalid("unparsable",`the input "${e}" can't be parsed as ISO 8601`)}static invalid(e,t=null){if(!e)throw new v("need to specify a reason the Duration is invalid");const n=e instanceof L?e:new L(e,t);if(E.throwOnInvalid)throw new Yn(n);return new w({invalid:n})}static normalizeUnit(e){const t={year:"years",years:"years",quarter:"quarters",quarters:"quarters",month:"months",months:"months",week:"weeks",weeks:"weeks",day:"days",days:"days",hour:"hours",hours:"hours",minute:"minutes",minutes:"minutes",second:"seconds",seconds:"seconds",millisecond:"milliseconds",milliseconds:"milliseconds"}[e&&e.toLowerCase()];if(!t)throw new lt(e);return t}static isDuration(e){return e&&e.isLuxonDuration||!1}get locale(){return this.isValid?this.loc.locale:null}get numberingSystem(){return this.isValid?this.loc.numberingSystem:null}toFormat(e,t={}){const n={...t,floor:t.round!==!1&&t.floor!==!1};return this.isValid?I.create(this.loc,n).formatDurationFromString(this,e):pn}toHuman(e={}){if(!this.isValid)return pn;const t=B.map(n=>{const r=this.values[n];return g(r)?null:this.loc.numberFormatter({style:"unit",unitDisplay:"long",...e,unit:n.slice(0,-1)}).format(r)}).filter(n=>n);return this.loc.listFormatter({type:"conjunction",style:e.listStyle||"narrow",...e}).format(t)}toObject(){return this.isValid?{...this.values}:{}}toISO(){if(!this.isValid)return null;let e="P";return this.years!==0&&(e+=this.years+"Y"),(this.months!==0||this.quarters!==0)&&(e+=this.months+this.quarters*3+"M"),this.weeks!==0&&(e+=this.weeks+"W"),this.days!==0&&(e+=this.days+"D"),(this.hours!==0||this.minutes!==0||this.seconds!==0||this.milliseconds!==0)&&(e+="T"),this.hours!==0&&(e+=this.hours+"H"),this.minutes!==0&&(e+=this.minutes+"M"),(this.seconds!==0||this.milliseconds!==0)&&(e+=He(this.seconds+this.milliseconds/1e3,3)+"S"),e==="P"&&(e+="T0S"),e}toISOTime(e={}){if(!this.isValid)return null;const t=this.toMillis();return t<0||t>=864e5?null:(e={suppressMilliseconds:!1,suppressSeconds:!1,includePrefix:!1,format:"extended",...e,includeOffset:!1},y.fromMillis(t,{zone:"UTC"}).toISOTime(e))}toJSON(){return this.toISO()}toString(){return this.toISO()}[Symbol.for("nodejs.util.inspect.custom")](){return this.isValid?`Duration { values: ${JSON.stringify(this.values)} }`:`Duration { Invalid, reason: ${this.invalidReason} }`}toMillis(){return this.isValid?Sn(this.matrix,this.values):NaN}valueOf(){return this.toMillis()}plus(e){if(!this.isValid)return this;const t=w.fromDurationLike(e),n={};for(const r of B)(H(t.values,r)||H(this.values,r))&&(n[r]=t.get(r)+this.get(r));return P(this,{values:n},!0)}minus(e){if(!this.isValid)return this;const t=w.fromDurationLike(e);return this.plus(t.negate())}mapUnits(e){if(!this.isValid)return this;const t={};for(const n of Object.keys(this.values))t[n]=en(e(this.values[n],n));return P(this,{values:t},!0)}get(e){return this[w.normalizeUnit(e)]}set(e){if(!this.isValid)return this;const t={...this.values,...De(e,w.normalizeUnit)};return P(this,{values:t})}reconfigure({locale:e,numberingSystem:t,conversionAccuracy:n,matrix:r}={}){const a={loc:this.loc.clone({locale:e,numberingSystem:t}),matrix:r,conversionAccuracy:n};return P(this,a)}as(e){return this.isValid?this.shiftTo(e).get(e):NaN}normalize(){if(!this.isValid)return this;const e=this.toObject();return kn(this.matrix,e),P(this,{values:e},!0)}rescale(){if(!this.isValid)return this;const e=kr(this.normalize().shiftToAll().toObject());return P(this,{values:e},!0)}shiftTo(...e){if(!this.isValid)return this;if(e.length===0)return this;e=e.map(a=>w.normalizeUnit(a));const t={},n={},r=this.toObject();let i;for(const a of B)if(e.indexOf(a)>=0){i=a;let o=0;for(const l in n)o+=this.matrix[l][a]*n[l],n[l]=0;Z(r[a])&&(o+=r[a]);const u=Math.trunc(o);t[a]=u,n[a]=(o*1e3-u*1e3)/1e3}else Z(r[a])&&(n[a]=r[a]);for(const a in n)n[a]!==0&&(t[i]+=a===i?n[a]:n[a]/this.matrix[i][a]);return kn(this.matrix,t),P(this,{values:t},!0)}shiftToAll(){return this.isValid?this.shiftTo("years","months","weeks","days","hours","minutes","seconds","milliseconds"):this}negate(){if(!this.isValid)return this;const e={};for(const t of Object.keys(this.values))e[t]=this.values[t]===0?0:-this.values[t];return P(this,{values:e},!0)}get years(){return this.isValid?this.values.years||0:NaN}get quarters(){return this.isValid?this.values.quarters||0:NaN}get months(){return this.isValid?this.values.months||0:NaN}get weeks(){return this.isValid?this.values.weeks||0:NaN}get days(){return this.isValid?this.values.days||0:NaN}get hours(){return this.isValid?this.values.hours||0:NaN}get minutes(){return this.isValid?this.values.minutes||0:NaN}get seconds(){return this.isValid?this.values.seconds||0:NaN}get milliseconds(){return this.isValid?this.values.milliseconds||0:NaN}get isValid(){return this.invalid===null}get invalidReason(){return this.invalid?this.invalid.reason:null}get invalidExplanation(){return this.invalid?this.invalid.explanation:null}equals(e){if(!this.isValid||!e.isValid||!this.loc.equals(e.loc))return!1;function t(n,r){return n===void 0||n===0?r===void 0||r===0:n===r}for(const n of B)if(!t(this.values[n],e.values[n]))return!1;return!0}}const re="Invalid Interval";function Tr(s,e){return!s||!s.isValid?x.invalid("missing or invalid start"):!e||!e.isValid?x.invalid("missing or invalid end"):e<s?x.invalid("end before start",`The end of an interval must be after its start, but you had start=${s.toISO()} and end=${e.toISO()}`):null}class x{constructor(e){this.s=e.start,this.e=e.end,this.invalid=e.invalid||null,this.isLuxonInterval=!0}static invalid(e,t=null){if(!e)throw new v("need to specify a reason the Interval is invalid");const n=e instanceof L?e:new L(e,t);if(E.throwOnInvalid)throw new Pn(n);return new x({invalid:n})}static fromDateTimes(e,t){const n=ye(e),r=ye(t),i=Tr(n,r);return i??new x({start:n,end:r})}static after(e,t){const n=w.fromDurationLike(t),r=ye(e);return x.fromDateTimes(r,r.plus(n))}static before(e,t){const n=w.fromDurationLike(t),r=ye(e);return x.fromDateTimes(r.minus(n),r)}static fromISO(e,t){const[n,r]=(e||"").split("/",2);if(n&&r){let i,a;try{i=y.fromISO(n,t),a=i.isValid}catch{a=!1}let o,u;try{o=y.fromISO(r,t),u=o.isValid}catch{u=!1}if(a&&u)return x.fromDateTimes(i,o);if(a){const l=w.fromISO(r,t);if(l.isValid)return x.after(i,l)}else if(u){const l=w.fromISO(n,t);if(l.isValid)return x.before(o,l)}}return x.invalid("unparsable",`the input "${e}" can't be parsed as ISO 8601`)}static isInterval(e){return e&&e.isLuxonInterval||!1}get start(){return this.isValid?this.s:null}get end(){return this.isValid?this.e:null}get isValid(){return this.invalidReason===null}get invalidReason(){return this.invalid?this.invalid.reason:null}get invalidExplanation(){return this.invalid?this.invalid.explanation:null}length(e="milliseconds"){return this.isValid?this.toDuration(e).get(e):NaN}count(e="milliseconds",t){if(!this.isValid)return NaN;const n=this.start.startOf(e,t);let r;return t!=null&&t.useLocaleWeeks?r=this.end.reconfigure({locale:n.locale}):r=this.end,r=r.startOf(e,t),Math.floor(r.diff(n,e).get(e))+(r.valueOf()!==this.end.valueOf())}hasSame(e){return this.isValid?this.isEmpty()||this.e.minus(1).hasSame(this.s,e):!1}isEmpty(){return this.s.valueOf()===this.e.valueOf()}isAfter(e){return this.isValid?this.s>e:!1}isBefore(e){return this.isValid?this.e<=e:!1}contains(e){return this.isValid?this.s<=e&&this.e>e:!1}set({start:e,end:t}={}){return this.isValid?x.fromDateTimes(e||this.s,t||this.e):this}splitAt(...e){if(!this.isValid)return[];const t=e.map(ye).filter(a=>this.contains(a)).sort((a,o)=>a.toMillis()-o.toMillis()),n=[];let{s:r}=this,i=0;for(;r<this.e;){const a=t[i]||this.e,o=+a>+this.e?this.e:a;n.push(x.fromDateTimes(r,o)),r=o,i+=1}return n}splitBy(e){const t=w.fromDurationLike(e);if(!this.isValid||!t.isValid||t.as("milliseconds")===0)return[];let{s:n}=this,r=1,i;const a=[];for(;n<this.e;){const o=this.start.plus(t.mapUnits(u=>u*r));i=+o>+this.e?this.e:o,a.push(x.fromDateTimes(n,i)),n=i,r+=1}return a}divideEqually(e){return this.isValid?this.splitBy(this.length()/e).slice(0,e):[]}overlaps(e){return this.e>e.s&&this.s<e.e}abutsStart(e){return this.isValid?+this.e==+e.s:!1}abutsEnd(e){return this.isValid?+e.e==+this.s:!1}engulfs(e){return this.isValid?this.s<=e.s&&this.e>=e.e:!1}equals(e){return!this.isValid||!e.isValid?!1:this.s.equals(e.s)&&this.e.equals(e.e)}intersection(e){if(!this.isValid)return this;const t=this.s>e.s?this.s:e.s,n=this.e<e.e?this.e:e.e;return t>=n?null:x.fromDateTimes(t,n)}union(e){if(!this.isValid)return this;const t=this.s<e.s?this.s:e.s,n=this.e>e.e?this.e:e.e;return x.fromDateTimes(t,n)}static merge(e){const[t,n]=e.sort((r,i)=>r.s-i.s).reduce(([r,i],a)=>i?i.overlaps(a)||i.abutsStart(a)?[r,i.union(a)]:[r.concat([i]),a]:[r,a],[[],null]);return n&&t.push(n),t}static xor(e){let t=null,n=0;const r=[],i=e.map(u=>[{time:u.s,type:"s"},{time:u.e,type:"e"}]),a=Array.prototype.concat(...i),o=a.sort((u,l)=>u.time-l.time);for(const u of o)n+=u.type==="s"?1:-1,n===1?t=u.time:(t&&+t!=+u.time&&r.push(x.fromDateTimes(t,u.time)),t=null);return x.merge(r)}difference(...e){return x.xor([this].concat(e)).map(t=>this.intersection(t)).filter(t=>t&&!t.isEmpty())}toString(){return this.isValid?`[${this.s.toISO()} – ${this.e.toISO()})`:re}[Symbol.for("nodejs.util.inspect.custom")](){return this.isValid?`Interval { start: ${this.s.toISO()}, end: ${this.e.toISO()} }`:`Interval { Invalid, reason: ${this.invalidReason} }`}toLocaleString(e=Se,t={}){return this.isValid?I.create(this.s.loc.clone(t),e).formatInterval(this):re}toISO(e){return this.isValid?`${this.s.toISO(e)}/${this.e.toISO(e)}`:re}toISODate(){return this.isValid?`${this.s.toISODate()}/${this.e.toISODate()}`:re}toISOTime(e){return this.isValid?`${this.s.toISOTime(e)}/${this.e.toISOTime(e)}`:re}toFormat(e,{separator:t=" – "}={}){return this.isValid?`${this.s.toFormat(e)}${t}${this.e.toFormat(e)}`:re}toDuration(e,t){return this.isValid?this.e.diff(this.s,e,t):w.invalid(this.invalidReason)}mapEndpoints(e){return x.fromDateTimes(e(this.s),e(this.e))}}class Fe{static hasDST(e=E.defaultZone){const t=y.now().setZone(e).set({month:12});return!e.isUniversal&&t.offset!==t.set({month:6}).offset}static isValidIANAZone(e){return $.isValidZone(e)}static normalizeZone(e){return q(e,E.defaultZone)}static getStartOfWeek({locale:e=null,locObj:t=null}={}){return(t||T.create(e)).getStartOfWeek()}static getMinimumDaysInFirstWeek({locale:e=null,locObj:t=null}={}){return(t||T.create(e)).getMinDaysInFirstWeek()}static getWeekendWeekdays({locale:e=null,locObj:t=null}={}){return(t||T.create(e)).getWeekendDays().slice()}static months(e="long",{locale:t=null,numberingSystem:n=null,locObj:r=null,outputCalendar:i="gregory"}={}){return(r||T.create(t,n,i)).months(e)}static monthsFormat(e="long",{locale:t=null,numberingSystem:n=null,locObj:r=null,outputCalendar:i="gregory"}={}){return(r||T.create(t,n,i)).months(e,!0)}static weekdays(e="long",{locale:t=null,numberingSystem:n=null,locObj:r=null}={}){return(r||T.create(t,n,null)).weekdays(e)}static weekdaysFormat(e="long",{locale:t=null,numberingSystem:n=null,locObj:r=null}={}){return(r||T.create(t,n,null)).weekdays(e,!0)}static meridiems({locale:e=null}={}){return T.create(e).meridiems()}static eras(e="short",{locale:t=null}={}){return T.create(t,null,"gregory").eras(e)}static features(){return{relative:Kt(),localeWeek:Ht()}}}function Tn(s,e){const t=r=>r.toUTC(0,{keepLocalTime:!0}).startOf("day").valueOf(),n=t(e)-t(s);return Math.floor(w.fromMillis(n).as("days"))}function Or(s,e,t){const n=[["years",(u,l)=>l.year-u.year],["quarters",(u,l)=>l.quarter-u.quarter+(l.year-u.year)*4],["months",(u,l)=>l.month-u.month+(l.year-u.year)*12],["weeks",(u,l)=>{const c=Tn(u,l);return(c-c%7)/7}],["days",Tn]],r={},i=s;let a,o;for(const[u,l]of n)t.indexOf(u)>=0&&(a=u,r[u]=l(s,e),o=i.plus(r),o>e?(r[u]--,s=i.plus(r),s>e&&(o=s,r[u]--,s=i.plus(r))):s=o);return[s,r,o,a]}function Nr(s,e,t,n){let[r,i,a,o]=Or(s,e,t);const u=e-r,l=t.filter(h=>["hours","minutes","seconds","milliseconds"].indexOf(h)>=0);l.length===0&&(a<e&&(a=r.plus({[o]:1})),a!==r&&(i[o]=(i[o]||0)+u/(a-r)));const c=w.fromObject(i,n);return l.length>0?w.fromMillis(u,n).shiftTo(...l).plus(c):c}const Er="missing Intl.DateTimeFormat.formatToParts support";function S(s,e=t=>t){return{regex:s,deser:([t])=>e(hs(t))}}const On="[ ]",Nn=new RegExp(On,"g");function xr(s){return s.replace(/\./g,"\\.?").replace(Nn,On)}function En(s){return s.replace(/\./g,"").replace(Nn," ").toLowerCase()}function R(s,e){return s===null?null:{regex:RegExp(s.map(xr).join("|")),deser:([t])=>s.findIndex(n=>En(t)===En(n))+e}}function xn(s,e){return{regex:s,deser:([,t,n])=>Ie(t,n),groups:e}}function Ve(s){return{regex:s,deser:([e])=>e}}function br(s){return s.replace(/[\-\[\]{}()*+?.,\\\^$|#\s]/g,"\\$&")}function vr(s,e){const t=W(e),n=W(e,"{2}"),r=W(e,"{3}"),i=W(e,"{4}"),a=W(e,"{6}"),o=W(e,"{1,2}"),u=W(e,"{1,3}"),l=W(e,"{1,6}"),c=W(e,"{1,9}"),h=W(e,"{2,4}"),p=W(e,"{4,6}"),m=k=>({regex:RegExp(br(k.val)),deser:([ae])=>ae,literal:!0}),O=(k=>{if(s.literal)return m(k);switch(k.val){case"G":return R(e.eras("short"),0);case"GG":return R(e.eras("long"),0);case"y":return S(l);case"yy":return S(h,_e);case"yyyy":return S(i);case"yyyyy":return S(p);case"yyyyyy":return S(a);case"M":return S(o);case"MM":return S(n);case"MMM":return R(e.months("short",!0),1);case"MMMM":return R(e.months("long",!0),1);case"L":return S(o);case"LL":return S(n);case"LLL":return R(e.months("short",!1),1);case"LLLL":return R(e.months("long",!1),1);case"d":return S(o);case"dd":return S(n);case"o":return S(u);case"ooo":return S(r);case"HH":return S(n);case"H":return S(o);case"hh":return S(n);case"h":return S(o);case"mm":return S(n);case"m":return S(o);case"q":return S(o);case"qq":return S(n);case"s":return S(o);case"ss":return S(n);case"S":return S(u);case"SSS":return S(r);case"u":return Ve(c);case"uu":return Ve(o);case"uuu":return S(t);case"a":return R(e.meridiems(),0);case"kkkk":return S(i);case"kk":return S(h,_e);case"W":return S(o);case"WW":return S(n);case"E":case"c":return S(t);case"EEE":return R(e.weekdays("short",!1),1);case"EEEE":return R(e.weekdays("long",!1),1);case"ccc":return R(e.weekdays("short",!0),1);case"cccc":return R(e.weekdays("long",!0),1);case"Z":case"ZZ":return xn(new RegExp(`([+-]${o.source})(?::(${n.source}))?`),2);case"ZZZ":return xn(new RegExp(`([+-]${o.source})(${n.source})?`),2);case"z":return Ve(/[a-z_+-/]{1,256}?/i);case" ":return Ve(/[^\S\n\r]/);default:return m(k)}})(s)||{invalidReason:Er};return O.token=s,O}const Ir={year:{"2-digit":"yy",numeric:"yyyyy"},month:{numeric:"M","2-digit":"MM",short:"MMM",long:"MMMM"},day:{numeric:"d","2-digit":"dd"},weekday:{short:"EEE",long:"EEEE"},dayperiod:"a",dayPeriod:"a",hour12:{numeric:"h","2-digit":"hh"},hour24:{numeric:"H","2-digit":"HH"},minute:{numeric:"m","2-digit":"mm"},second:{numeric:"s","2-digit":"ss"},timeZoneName:{long:"ZZZZZ",short:"ZZZ"}};function Dr(s,e,t){const{type:n,value:r}=s;if(n==="literal"){const u=/^\s+$/.test(r);return{literal:!u,val:u?" ":r}}const i=e[n];let a=n;n==="hour"&&(e.hour12!=null?a=e.hour12?"hour12":"hour24":e.hourCycle!=null?e.hourCycle==="h11"||e.hourCycle==="h12"?a="hour12":a="hour24":a=t.hour12?"hour12":"hour24");let o=Ir[a];if(typeof o=="object"&&(o=o[i]),o)return{literal:!1,val:o}}function Mr(s){return[`^${s.map(t=>t.regex).reduce((t,n)=>`${t}(${n.source})`,"")}$`,s]}function Fr(s,e,t){const n=s.match(e);if(n){const r={};let i=1;for(const a in t)if(H(t,a)){const o=t[a],u=o.groups?o.groups+1:1;!o.literal&&o.token&&(r[o.token.val[0]]=o.deser(n.slice(i,i+u))),i+=u}return[n,r]}else return[n,{}]}function Vr(s){const e=i=>{switch(i){case"S":return"millisecond";case"s":return"second";case"m":return"minute";case"h":case"H":return"hour";case"d":return"day";case"o":return"ordinal";case"L":case"M":return"month";case"y":return"year";case"E":case"c":return"weekday";case"W":return"weekNumber";case"k":return"weekYear";case"q":return"quarter";default:return null}};let t=null,n;return g(s.z)||(t=$.create(s.z)),g(s.Z)||(t||(t=new D(s.Z)),n=s.Z),g(s.q)||(s.M=(s.q-1)*3+1),g(s.h)||(s.h<12&&s.a===1?s.h+=12:s.h===12&&s.a===0&&(s.h=0)),s.G===0&&s.y&&(s.y=-s.y),g(s.u)||(s.S=Ke(s.u)),[Object.keys(s).reduce((i,a)=>{const o=e(a);return o&&(i[o]=s[a]),i},{}),t,n]}let tt=null;function Ar(){return tt||(tt=y.fromMillis(1555555555555)),tt}function Cr(s,e){if(s.literal)return s;const t=I.macroTokenToFormatOpts(s.val),n=Dn(t,e);return n==null||n.includes(void 0)?s:n}function bn(s,e){return Array.prototype.concat(...s.map(t=>Cr(t,e)))}class vn{constructor(e,t){if(this.locale=e,this.format=t,this.tokens=bn(I.parseFormat(t),e),this.units=this.tokens.map(n=>vr(n,e)),this.disqualifyingUnit=this.units.find(n=>n.invalidReason),!this.disqualifyingUnit){const[n,r]=Mr(this.units);this.regex=RegExp(n,"i"),this.handlers=r}}explainFromTokens(e){if(this.isValid){const[t,n]=Fr(e,this.regex,this.handlers),[r,i,a]=n?Vr(n):[null,null,void 0];if(H(n,"a")&&H(n,"H"))throw new j("Can't include meridiem when specifying 24-hour format");return{input:e,tokens:this.tokens,regex:this.regex,rawMatches:t,matches:n,result:r,zone:i,specificOffset:a}}else return{input:e,tokens:this.tokens,invalidReason:this.invalidReason}}get isValid(){return!this.disqualifyingUnit}get invalidReason(){return this.disqualifyingUnit?this.disqualifyingUnit.invalidReason:null}}function In(s,e,t){return new vn(s,t).explainFromTokens(e)}function Wr(s,e,t){const{result:n,zone:r,specificOffset:i,invalidReason:a}=In(s,e,t);return[n,r,i,a]}function Dn(s,e){if(!s)return null;const n=I.create(e,s).dtFormatter(Ar()),r=n.formatToParts(),i=n.resolvedOptions();return r.map(a=>Dr(a,s,i))}const nt="Invalid DateTime",Mn=864e13;function me(s){return new L("unsupported zone",`the zone "${s.name}" is not supported`)}function st(s){return s.weekData===null&&(s.weekData=Ee(s.c)),s.weekData}function rt(s){return s.localWeekData===null&&(s.localWeekData=Ee(s.c,s.loc.getMinDaysInFirstWeek(),s.loc.getStartOfWeek())),s.localWeekData}function G(s,e){const t={ts:s.ts,zone:s.zone,c:s.c,o:s.o,loc:s.loc,invalid:s.invalid};return new y({...t,...e,old:t})}function Fn(s,e,t){let n=s-e*60*1e3;const r=t.offset(n);if(e===r)return[n,e];n-=(r-e)*60*1e3;const i=t.offset(n);return r===i?[n,r]:[s-Math.min(r,i)*60*1e3,Math.max(r,i)]}function Ae(s,e){s+=e*60*1e3;const t=new Date(s);return{year:t.getUTCFullYear(),month:t.getUTCMonth()+1,day:t.getUTCDate(),hour:t.getUTCHours(),minute:t.getUTCMinutes(),second:t.getUTCSeconds(),millisecond:t.getUTCMilliseconds()}}function Ce(s,e,t){return Fn(ve(s),e,t)}function Vn(s,e){const t=s.o,n=s.c.year+Math.trunc(e.years),r=s.c.month+Math.trunc(e.months)+Math.trunc(e.quarters)*3,i={...s.c,year:n,month:r,day:Math.min(s.c.day,be(n,r))+Math.trunc(e.days)+Math.trunc(e.weeks)*7},a=w.fromObject({years:e.years-Math.trunc(e.years),quarters:e.quarters-Math.trunc(e.quarters),months:e.months-Math.trunc(e.months),weeks:e.weeks-Math.trunc(e.weeks),days:e.days-Math.trunc(e.days),hours:e.hours,minutes:e.minutes,seconds:e.seconds,milliseconds:e.milliseconds}).as("milliseconds"),o=ve(i);let[u,l]=Fn(o,t,s.zone);return a!==0&&(u+=a,l=s.zone.offset(u)),{ts:u,o:l}}function ie(s,e,t,n,r,i){const{setZone:a,zone:o}=t;if(s&&Object.keys(s).length!==0||e){const u=e||o,l=y.fromObject(s,{...t,zone:u,specificOffset:i});return a?l:l.setZone(o)}else return y.invalid(new L("unparsable",`the input "${r}" can't be parsed as ${n}`))}function We(s,e,t=!0){return s.isValid?I.create(T.create("en-US"),{allowZ:t,forceSimple:!0}).formatDateTimeFromString(s,e):null}function it(s,e){const t=s.c.year>9999||s.c.year<0;let n="";return t&&s.c.year>=0&&(n+="+"),n+=b(s.c.year,t?6:4),e?(n+="-",n+=b(s.c.month),n+="-",n+=b(s.c.day)):(n+=b(s.c.month),n+=b(s.c.day)),n}function An(s,e,t,n,r,i){let a=b(s.c.hour);return e?(a+=":",a+=b(s.c.minute),(s.c.millisecond!==0||s.c.second!==0||!t)&&(a+=":")):a+=b(s.c.minute),(s.c.millisecond!==0||s.c.second!==0||!t)&&(a+=b(s.c.second),(s.c.millisecond!==0||!n)&&(a+=".",a+=b(s.c.millisecond,3))),r&&(s.isOffsetFixed&&s.offset===0&&!i?a+="Z":s.o<0?(a+="-",a+=b(Math.trunc(-s.o/60)),a+=":",a+=b(Math.trunc(-s.o%60))):(a+="+",a+=b(Math.trunc(s.o/60)),a+=":",a+=b(Math.trunc(s.o%60)))),i&&(a+="["+s.zone.ianaName+"]"),a}const Cn={month:1,day:1,hour:0,minute:0,second:0,millisecond:0},Lr={weekNumber:1,weekday:1,hour:0,minute:0,second:0,millisecond:0},Rr={ordinal:1,hour:0,minute:0,second:0,millisecond:0},Wn=["year","month","day","hour","minute","second","millisecond"],$r=["weekYear","weekNumber","weekday","hour","minute","second","millisecond"],Ur=["year","ordinal","hour","minute","second","millisecond"];function qr(s){const e={year:"year",years:"year",month:"month",months:"month",day:"day",days:"day",hour:"hour",hours:"hour",minute:"minute",minutes:"minute",quarter:"quarter",quarters:"quarter",second:"second",seconds:"second",millisecond:"millisecond",milliseconds:"millisecond",weekday:"weekday",weekdays:"weekday",weeknumber:"weekNumber",weeksnumber:"weekNumber",weeknumbers:"weekNumber",weekyear:"weekYear",weekyears:"weekYear",ordinal:"ordinal"}[s.toLowerCase()];if(!e)throw new lt(s);return e}function Ln(s){switch(s.toLowerCase()){case"localweekday":case"localweekdays":return"localWeekday";case"localweeknumber":case"localweeknumbers":return"localWeekNumber";case"localweekyear":case"localweekyears":return"localWeekYear";default:return qr(s)}}function Zr(s){return Re[s]||(Le===void 0&&(Le=E.now()),Re[s]=s.offset(Le)),Re[s]}function Rn(s,e){const t=q(e.zone,E.defaultZone);if(!t.isValid)return y.invalid(me(t));const n=T.fromObject(e);let r,i;if(g(s.year))r=E.now();else{for(const u of Wn)g(s[u])&&(s[u]=Cn[u]);const a=Gt(s)||jt(s);if(a)return y.invalid(a);const o=Zr(t);[r,i]=Ce(s,o,t)}return new y({ts:r,zone:t,loc:n,o:i})}function $n(s,e,t){const n=g(t.round)?!0:t.round,r=(a,o)=>(a=He(a,n||t.calendary?0:2,!0),e.loc.clone(t).relFormatter(t).format(a,o)),i=a=>t.calendary?e.hasSame(s,a)?0:e.startOf(a).diff(s.startOf(a),a).get(a):e.diff(s,a).get(a);if(t.unit)return r(i(t.unit),t.unit);for(const a of t.units){const o=i(a);if(Math.abs(o)>=1)return r(o,a)}return r(s>e?-0:0,t.units[t.units.length-1])}function Un(s){let e={},t;return s.length>0&&typeof s[s.length-1]=="object"?(e=s[s.length-1],t=Array.from(s).slice(0,s.length-1)):t=Array.from(s),[e,t]}let Le,Re={};class y{constructor(e){const t=e.zone||E.defaultZone;let n=e.invalid||(Number.isNaN(e.ts)?new L("invalid input"):null)||(t.isValid?null:me(t));this.ts=g(e.ts)?E.now():e.ts;let r=null,i=null;if(!n)if(e.old&&e.old.ts===this.ts&&e.old.zone.equals(t))[r,i]=[e.old.c,e.old.o];else{const o=Z(e.o)&&!e.old?e.o:t.offset(this.ts);r=Ae(this.ts,o),n=Number.isNaN(r.year)?new L("invalid input"):null,r=n?null:r,i=n?null:o}this._zone=t,this.loc=e.loc||T.create(),this.invalid=n,this.weekData=null,this.localWeekData=null,this.c=r,this.o=i,this.isLuxonDateTime=!0}static now(){return new y({})}static local(){const[e,t]=Un(arguments),[n,r,i,a,o,u,l]=t;return Rn({year:n,month:r,day:i,hour:a,minute:o,second:u,millisecond:l},e)}static utc(){const[e,t]=Un(arguments),[n,r,i,a,o,u,l]=t;return e.zone=D.utcInstance,Rn({year:n,month:r,day:i,hour:a,minute:o,second:u,millisecond:l},e)}static fromJSDate(e,t={}){const n=ws(e)?e.valueOf():NaN;if(Number.isNaN(n))return y.invalid("invalid input");const r=q(t.zone,E.defaultZone);return r.isValid?new y({ts:n,zone:r,loc:T.fromObject(t)}):y.invalid(me(r))}static fromMillis(e,t={}){if(Z(e))return e<-Mn||e>Mn?y.invalid("Timestamp out of range"):new y({ts:e,zone:q(t.zone,E.defaultZone),loc:T.fromObject(t)});throw new v(`fromMillis requires a numerical input, but received a ${typeof e} with value ${e}`)}static fromSeconds(e,t={}){if(Z(e))return new y({ts:e*1e3,zone:q(t.zone,E.defaultZone),loc:T.fromObject(t)});throw new v("fromSeconds requires a numerical input")}static fromObject(e,t={}){e=e||{};const n=q(t.zone,E.defaultZone);if(!n.isValid)return y.invalid(me(n));const r=T.fromObject(t),i=De(e,Ln),{minDaysInFirstWeek:a,startOfWeek:o}=Bt(i,r),u=E.now(),l=g(t.specificOffset)?n.offset(u):t.specificOffset,c=!g(i.ordinal),h=!g(i.year),p=!g(i.month)||!g(i.day),m=h||p,N=i.weekYear||i.weekNumber;if((m||c)&&N)throw new j("Can't mix weekYear/weekNumber units with year/month/day or ordinals");if(p&&c)throw new j("Can't mix ordinal dates with month/day");const O=N||i.weekday&&!m;let k,ae,ge=Ae(u,l);O?(k=$r,ae=Lr,ge=Ee(ge,a,o)):c?(k=Ur,ae=Rr,ge=Ge(ge)):(k=Wn,ae=Cn);let qn=!1;for(const we of k){const Hr=i[we];g(Hr)?qn?i[we]=ae[we]:i[we]=ge[we]:qn=!0}const Br=O?ys(i,a,o):c?gs(i):Gt(i),Zn=Br||jt(i);if(Zn)return y.invalid(Zn);const Gr=O?Yt(i,a,o):c?Jt(i):i,[jr,Kr]=Ce(Gr,l,n),pe=new y({ts:jr,zone:n,o:Kr,loc:r});return i.weekday&&m&&e.weekday!==pe.weekday?y.invalid("mismatched weekday",`you can't specify both a weekday of ${i.weekday} and a date of ${pe.toISO()}`):pe.isValid?pe:y.invalid(pe.invalid)}static fromISO(e,t={}){const[n,r]=or(e);return ie(n,r,t,"ISO 8601",e)}static fromRFC2822(e,t={}){const[n,r]=ur(e);return ie(n,r,t,"RFC 2822",e)}static fromHTTP(e,t={}){const[n,r]=lr(e);return ie(n,r,t,"HTTP",t)}static fromFormat(e,t,n={}){if(g(e)||g(t))throw new v("fromFormat requires an input string and a format");const{locale:r=null,numberingSystem:i=null}=n,a=T.fromOpts({locale:r,numberingSystem:i,defaultToEN:!0}),[o,u,l,c]=Wr(a,e,t);return c?y.invalid(c):ie(o,u,n,`format ${t}`,e,l)}static fromString(e,t,n={}){return y.fromFormat(e,t,n)}static fromSQL(e,t={}){const[n,r]=gr(e);return ie(n,r,t,"SQL",e)}static invalid(e,t=null){if(!e)throw new v("need to specify a reason the DateTime is invalid");const n=e instanceof L?e:new L(e,t);if(E.throwOnInvalid)throw new zn(n);return new y({invalid:n})}static isDateTime(e){return e&&e.isLuxonDateTime||!1}static parseFormatForOpts(e,t={}){const n=Dn(e,T.fromObject(t));return n?n.map(r=>r?r.val:null).join(""):null}static expandFormat(e,t={}){return bn(I.parseFormat(e),T.fromObject(t)).map(r=>r.val).join("")}static resetCache(){Le=void 0,Re={}}get(e){return this[e]}get isValid(){return this.invalid===null}get invalidReason(){return this.invalid?this.invalid.reason:null}get invalidExplanation(){return this.invalid?this.invalid.explanation:null}get locale(){return this.isValid?this.loc.locale:null}get numberingSystem(){return this.isValid?this.loc.numberingSystem:null}get outputCalendar(){return this.isValid?this.loc.outputCalendar:null}get zone(){return this._zone}get zoneName(){return this.isValid?this.zone.name:null}get year(){return this.isValid?this.c.year:NaN}get quarter(){return this.isValid?Math.ceil(this.c.month/3):NaN}get month(){return this.isValid?this.c.month:NaN}get day(){return this.isValid?this.c.day:NaN}get hour(){return this.isValid?this.c.hour:NaN}get minute(){return this.isValid?this.c.minute:NaN}get second(){return this.isValid?this.c.second:NaN}get millisecond(){return this.isValid?this.c.millisecond:NaN}get weekYear(){return this.isValid?st(this).weekYear:NaN}get weekNumber(){return this.isValid?st(this).weekNumber:NaN}get weekday(){return this.isValid?st(this).weekday:NaN}get isWeekend(){return this.isValid&&this.loc.getWeekendDays().includes(this.weekday)}get localWeekday(){return this.isValid?rt(this).weekday:NaN}get localWeekNumber(){return this.isValid?rt(this).weekNumber:NaN}get localWeekYear(){return this.isValid?rt(this).weekYear:NaN}get ordinal(){return this.isValid?Ge(this.c).ordinal:NaN}get monthShort(){return this.isValid?Fe.months("short",{locObj:this.loc})[this.month-1]:null}get monthLong(){return this.isValid?Fe.months("long",{locObj:this.loc})[this.month-1]:null}get weekdayShort(){return this.isValid?Fe.weekdays("short",{locObj:this.loc})[this.weekday-1]:null}get weekdayLong(){return this.isValid?Fe.weekdays("long",{locObj:this.loc})[this.weekday-1]:null}get offset(){return this.isValid?+this.o:NaN}get offsetNameShort(){return this.isValid?this.zone.offsetName(this.ts,{format:"short",locale:this.locale}):null}get offsetNameLong(){return this.isValid?this.zone.offsetName(this.ts,{format:"long",locale:this.locale}):null}get isOffsetFixed(){return this.isValid?this.zone.isUniversal:null}get isInDST(){return this.isOffsetFixed?!1:this.offset>this.set({month:1,day:1}).offset||this.offset>this.set({month:5}).offset}getPossibleOffsets(){if(!this.isValid||this.isOffsetFixed)return[this];const e=864e5,t=6e4,n=ve(this.c),r=this.zone.offset(n-e),i=this.zone.offset(n+e),a=this.zone.offset(n-r*t),o=this.zone.offset(n-i*t);if(a===o)return[this];const u=n-a*t,l=n-o*t,c=Ae(u,a),h=Ae(l,o);return c.hour===h.hour&&c.minute===h.minute&&c.second===h.second&&c.millisecond===h.millisecond?[G(this,{ts:u}),G(this,{ts:l})]:[this]}get isInLeapYear(){return le(this.year)}get daysInMonth(){return be(this.year,this.month)}get daysInYear(){return this.isValid?_(this.year):NaN}get weeksInWeekYear(){return this.isValid?ce(this.weekYear):NaN}get weeksInLocalWeekYear(){return this.isValid?ce(this.localWeekYear,this.loc.getMinDaysInFirstWeek(),this.loc.getStartOfWeek()):NaN}resolvedLocaleOptions(e={}){const{locale:t,numberingSystem:n,calendar:r}=I.create(this.loc.clone(e),e).resolvedOptions(this);return{locale:t,numberingSystem:n,outputCalendar:r}}toUTC(e=0,t={}){return this.setZone(D.instance(e),t)}toLocal(){return this.setZone(E.defaultZone)}setZone(e,{keepLocalTime:t=!1,keepCalendarTime:n=!1}={}){if(e=q(e,E.defaultZone),e.equals(this.zone))return this;if(e.isValid){let r=this.ts;if(t||n){const i=e.offset(this.ts),a=this.toObject();[r]=Ce(a,i,e)}return G(this,{ts:r,zone:e})}else return y.invalid(me(e))}reconfigure({locale:e,numberingSystem:t,outputCalendar:n}={}){const r=this.loc.clone({locale:e,numberingSystem:t,outputCalendar:n});return G(this,{loc:r})}setLocale(e){return this.reconfigure({locale:e})}set(e){if(!this.isValid)return this;const t=De(e,Ln),{minDaysInFirstWeek:n,startOfWeek:r}=Bt(t,this.loc),i=!g(t.weekYear)||!g(t.weekNumber)||!g(t.weekday),a=!g(t.ordinal),o=!g(t.year),u=!g(t.month)||!g(t.day),l=o||u,c=t.weekYear||t.weekNumber;if((l||a)&&c)throw new j("Can't mix weekYear/weekNumber units with year/month/day or ordinals");if(u&&a)throw new j("Can't mix ordinal dates with month/day");let h;i?h=Yt({...Ee(this.c,n,r),...t},n,r):g(t.ordinal)?(h={...this.toObject(),...t},g(t.day)&&(h.day=Math.min(be(h.year,h.month),h.day))):h=Jt({...Ge(this.c),...t});const[p,m]=Ce(h,this.o,this.zone);return G(this,{ts:p,o:m})}plus(e){if(!this.isValid)return this;const t=w.fromDurationLike(e);return G(this,Vn(this,t))}minus(e){if(!this.isValid)return this;const t=w.fromDurationLike(e).negate();return G(this,Vn(this,t))}startOf(e,{useLocaleWeeks:t=!1}={}){if(!this.isValid)return this;const n={},r=w.normalizeUnit(e);switch(r){case"years":n.month=1;case"quarters":case"months":n.day=1;case"weeks":case"days":n.hour=0;case"hours":n.minute=0;case"minutes":n.second=0;case"seconds":n.millisecond=0;break}if(r==="weeks")if(t){const i=this.loc.getStartOfWeek(),{weekday:a}=this;a<i&&(n.weekNumber=this.weekNumber-1),n.weekday=i}else n.weekday=1;if(r==="quarters"){const i=Math.ceil(this.month/3);n.month=(i-1)*3+1}return this.set(n)}endOf(e,t){return this.isValid?this.plus({[e]:1}).startOf(e,t).minus(1):this}toFormat(e,t={}){return this.isValid?I.create(this.loc.redefaultToEN(t)).formatDateTimeFromString(this,e):nt}toLocaleString(e=Se,t={}){return this.isValid?I.create(this.loc.clone(t),e).formatDateTime(this):nt}toLocaleParts(e={}){return this.isValid?I.create(this.loc.clone(e),e).formatDateTimeParts(this):[]}toISO({format:e="extended",suppressSeconds:t=!1,suppressMilliseconds:n=!1,includeOffset:r=!0,extendedZone:i=!1}={}){if(!this.isValid)return null;const a=e==="extended";let o=it(this,a);return o+="T",o+=An(this,a,t,n,r,i),o}toISODate({format:e="extended"}={}){return this.isValid?it(this,e==="extended"):null}toISOWeekDate(){return We(this,"kkkk-'W'WW-c")}toISOTime({suppressMilliseconds:e=!1,suppressSeconds:t=!1,includeOffset:n=!0,includePrefix:r=!1,extendedZone:i=!1,format:a="extended"}={}){return this.isValid?(r?"T":"")+An(this,a==="extended",t,e,n,i):null}toRFC2822(){return We(this,"EEE, dd LLL yyyy HH:mm:ss ZZZ",!1)}toHTTP(){return We(this.toUTC(),"EEE, dd LLL yyyy HH:mm:ss 'GMT'")}toSQLDate(){return this.isValid?it(this,!0):null}toSQLTime({includeOffset:e=!0,includeZone:t=!1,includeOffsetSpace:n=!0}={}){let r="HH:mm:ss.SSS";return(t||e)&&(n&&(r+=" "),t?r+="z":e&&(r+="ZZ")),We(this,r,!0)}toSQL(e={}){return this.isValid?`${this.toSQLDate()} ${this.toSQLTime(e)}`:null}toString(){return this.isValid?this.toISO():nt}[Symbol.for("nodejs.util.inspect.custom")](){return this.isValid?`DateTime { ts: ${this.toISO()}, zone: ${this.zone.name}, locale: ${this.locale} }`:`DateTime { Invalid, reason: ${this.invalidReason} }`}valueOf(){return this.toMillis()}toMillis(){return this.isValid?this.ts:NaN}toSeconds(){return this.isValid?this.ts/1e3:NaN}toUnixInteger(){return this.isValid?Math.floor(this.ts/1e3):NaN}toJSON(){return this.toISO()}toBSON(){return this.toJSDate()}toObject(e={}){if(!this.isValid)return{};const t={...this.c};return e.includeConfig&&(t.outputCalendar=this.outputCalendar,t.numberingSystem=this.loc.numberingSystem,t.locale=this.loc.locale),t}toJSDate(){return new Date(this.isValid?this.ts:NaN)}diff(e,t="milliseconds",n={}){if(!this.isValid||!e.isValid)return w.invalid("created by diffing an invalid DateTime");const r={locale:this.locale,numberingSystem:this.numberingSystem,...n},i=Ss(t).map(w.normalizeUnit),a=e.valueOf()>this.valueOf(),o=a?this:e,u=a?e:this,l=Nr(o,u,i,r);return a?l.negate():l}diffNow(e="milliseconds",t={}){return this.diff(y.now(),e,t)}until(e){return this.isValid?x.fromDateTimes(this,e):this}hasSame(e,t,n){if(!this.isValid)return!1;const r=e.valueOf(),i=this.setZone(e.zone,{keepLocalTime:!0});return i.startOf(t,n)<=r&&r<=i.endOf(t,n)}equals(e){return this.isValid&&e.isValid&&this.valueOf()===e.valueOf()&&this.zone.equals(e.zone)&&this.loc.equals(e.loc)}toRelative(e={}){if(!this.isValid)return null;const t=e.base||y.fromObject({},{zone:this.zone}),n=e.padding?this<t?-e.padding:e.padding:0;let r=["years","months","days","hours","minutes","seconds"],i=e.unit;return Array.isArray(e.unit)&&(r=e.unit,i=void 0),$n(t,this.plus(n),{...e,numeric:"always",units:r,unit:i})}toRelativeCalendar(e={}){return this.isValid?$n(e.base||y.fromObject({},{zone:this.zone}),this,{...e,numeric:"auto",units:["years","months","days"],calendary:!0}):null}static min(...e){if(!e.every(y.isDateTime))throw new v("min requires all arguments be DateTimes");return _t(e,t=>t.valueOf(),Math.min)}static max(...e){if(!e.every(y.isDateTime))throw new v("max requires all arguments be DateTimes");return _t(e,t=>t.valueOf(),Math.max)}static fromFormatExplain(e,t,n={}){const{locale:r=null,numberingSystem:i=null}=n,a=T.fromOpts({locale:r,numberingSystem:i,defaultToEN:!0});return In(a,e,t)}static fromStringExplain(e,t,n={}){return y.fromFormatExplain(e,t,n)}static buildFormatParser(e,t={}){const{locale:n=null,numberingSystem:r=null}=t,i=T.fromOpts({locale:n,numberingSystem:r,defaultToEN:!0});return new vn(i,e)}static fromFormatParser(e,t,n={}){if(g(e)||g(t))throw new v("fromFormatParser requires an input string and a format parser");const{locale:r=null,numberingSystem:i=null}=n,a=T.fromOpts({locale:r,numberingSystem:i,defaultToEN:!0});if(!a.equals(t.locale))throw new v(`fromFormatParser called with a locale of ${a}, but the format parser was created for ${t.locale}`);const{result:o,zone:u,specificOffset:l,invalidReason:c}=t.explainFromTokens(e);return c?y.invalid(c):ie(o,u,n,`format ${t.format}`,e,l)}static get DATE_SHORT(){return Se}static get DATE_MED(){return ct}static get DATE_MED_WITH_WEEKDAY(){return Jn}static get DATE_FULL(){return ft}static get DATE_HUGE(){return dt}static get TIME_SIMPLE(){return ht}static get TIME_WITH_SECONDS(){return mt}static get TIME_WITH_SHORT_OFFSET(){return yt}static get TIME_WITH_LONG_OFFSET(){return gt}static get TIME_24_SIMPLE(){return pt}static get TIME_24_WITH_SECONDS(){return wt}static get TIME_24_WITH_SHORT_OFFSET(){return St}static get TIME_24_WITH_LONG_OFFSET(){return kt}static get DATETIME_SHORT(){return Tt}static get DATETIME_SHORT_WITH_SECONDS(){return Ot}static get DATETIME_MED(){return Nt}static get DATETIME_MED_WITH_SECONDS(){return Et}static get DATETIME_MED_WITH_WEEKDAY(){return Bn}static get DATETIME_FULL(){return xt}static get DATETIME_FULL_WITH_SECONDS(){return bt}static get DATETIME_HUGE(){return vt}static get DATETIME_HUGE_WITH_SECONDS(){return It}}function ye(s){if(y.isDateTime(s))return s;if(s&&s.valueOf&&Z(s.valueOf()))return y.fromJSDate(s);if(s&&typeof s=="object")return y.fromObject(s);throw new v(`Unknown datetime argument: ${s}, of type ${typeof s}`)}const zr=[".jpg",".jpeg",".png",".svg",".gif",".jfif",".webp",".avif"],Pr=[".mp4",".avi",".mov",".3gp",".wmv"],Yr=[".aa",".aac",".m4v",".mp3",".ogg",".oga",".mogg",".amr"],Jr=[".pdf",".doc",".docx",".xls",".xlsx",".ppt",".pptx",".odp",".odt",".ods",".txt"];class d{static isObject(e){return e!==null&&typeof e=="object"&&e.constructor===Object}static clone(e){return typeof structuredClone<"u"?structuredClone(e):JSON.parse(JSON.stringify(e))}static zeroValue(e){switch(typeof e){case"string":return"";case"number":return 0;case"boolean":return!1;case"object":return e===null?null:Array.isArray(e)?[]:{};case"undefined":return;default:return null}}static isEmpty(e){return e===""||e===null||typeof e>"u"||Array.isArray(e)&&e.length===0||d.isObject(e)&&Object.keys(e).length===0}static isInput(e){let t=e&&e.tagName?e.tagName.toLowerCase():"";return t==="input"||t==="select"||t==="textarea"||(e==null?void 0:e.isContentEditable)}static isFocusable(e){let t=e&&e.tagName?e.tagName.toLowerCase():"";return d.isInput(e)||t==="button"||t==="a"||t==="details"||(e==null?void 0:e.tabIndex)>=0}static hasNonEmptyProps(e){for(let t in e)if(!d.isEmpty(e[t]))return!0;return!1}static toArray(e,t=!1){return Array.isArray(e)?e.slice():(t||!d.isEmpty(e))&&typeof e<"u"?[e]:[]}static inArray(e,t){e=Array.isArray(e)?e:[];for(let n=e.length-1;n>=0;n--)if(e[n]==t)return!0;return!1}static removeByValue(e,t){e=Array.isArray(e)?e:[];for(let n=e.length-1;n>=0;n--)if(e[n]==t){e.splice(n,1);break}}static pushUnique(e,t){d.inArray(e,t)||e.push(t)}static findByKey(e,t,n){e=Array.isArray(e)?e:[];for(let r in e)if(e[r][t]==n)return e[r];return null}static groupByKey(e,t){e=Array.isArray(e)?e:[];const n={};for(let r in e)n[e[r][t]]=n[e[r][t]]||[],n[e[r][t]].push(e[r]);return n}static removeByKey(e,t,n){for(let r in e)if(e[r][t]==n){e.splice(r,1);break}}static pushOrReplaceByKey(e,t,n="id"){for(let r=e.length-1;r>=0;r--)if(e[r][n]==t[n]){e[r]=t;return}e.push(t)}static filterDuplicatesByKey(e,t="id"){e=Array.isArray(e)?e:[];const n={};for(const r of e)n[r[t]]=r;return Object.values(n)}static filterRedactedProps(e,t="******"){const n=JSON.parse(JSON.stringify(e||{}));for(let r in n)typeof n[r]=="object"&&n[r]!==null?n[r]=d.filterRedactedProps(n[r],t):n[r]===t&&delete n[r];return n}static getNestedVal(e,t,n=null,r="."){let i=e||{},a=(t||"").split(r);for(const o of a){if(!d.isObject(i)&&!Array.isArray(i)||typeof i[o]>"u")return n;i=i[o]}return i}static setByPath(e,t,n,r="."){if(e===null||typeof e!="object"){console.warn("setByPath: data not an object or array.");return}let i=e,a=t.split(r),o=a.pop();for(const u of a)(!d.isObject(i)&&!Array.isArray(i)||!d.isObject(i[u])&&!Array.isArray(i[u]))&&(i[u]={}),i=i[u];i[o]=n}static deleteByPath(e,t,n="."){let r=e||{},i=(t||"").split(n),a=i.pop();for(const o of i)(!d.isObject(r)&&!Array.isArray(r)||!d.isObject(r[o])&&!Array.isArray(r[o]))&&(r[o]={}),r=r[o];Array.isArray(r)?r.splice(a,1):d.isObject(r)&&delete r[a],i.length>0&&(Array.isArray(r)&&!r.length||d.isObject(r)&&!Object.keys(r).length)&&(Array.isArray(e)&&e.length>0||d.isObject(e)&&Object.keys(e).length>0)&&d.deleteByPath(e,i.join(n),n)}static randomString(e=10){let t="",n="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";for(let r=0;r<e;r++)t+=n.charAt(Math.floor(Math.random()*n.length));return t}static randomSecret(e=15){if(typeof crypto>"u")return d.randomString(e);const t=new Uint8Array(e);crypto.getRandomValues(t);const n="-_0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";let r="";for(let i=0;i<e;i++)r+=n.charAt(t[i]%n.length);return r}static sentenize(e,t=!0){if(typeof e!="string")return"";if(e=e.trim().split("_").join(" "),e==="")return e;if(e=e[0].toUpperCase()+e.substring(1),t){let n=e[e.length-1];n!=="."&&n!=="?"&&n!=="!"&&(e+=".")}return e}static trimQuotedValue(e){return typeof e=="string"&&(e[0]=='"'||e[0]=="'"||e[0]=="`")&&e[0]==e[e.length-1]?e.slice(1,-1):e}static plainText(e){return e?(new DOMParser().parseFromString(e,"text/html").body.innerText||"").trim():""}static truncate(e,t=150,n=!0){return e=""+e,e.length<=t?e:e.substring(0,t)+(n?"...":"")}static truncateObject(e){const t={};for(let n in e){let r=e[n];typeof r=="string"&&(r=d.truncate(r,150,!0)),t[n]=r}return t}static slugify(e,t="_",n=[".","=","-"]){if(e==="")return"";const r={a:/а|à|á|å|â/gi,b:/б/gi,c:/ц|ç/gi,d:/д/gi,e:/е|è|é|ê|ẽ|ë/gi,f:/ф/gi,g:/г/gi,h:/х/gi,i:/й|и|ì|í|î/gi,j:/ж/gi,k:/к/gi,l:/л/gi,m:/м/gi,n:/н|ñ/gi,o:/о|ò|ó|ô|ø/gi,p:/п/gi,q:/я/gi,r:/р/gi,s:/с/gi,t:/т/gi,u:/ю|ù|ú|ů|û/gi,v:/в/gi,w:/в/gi,x:/ь/gi,y:/ъ/gi,z:/з/gi,ae:/ä|æ/gi,oe:/ö/gi,ue:/ü/gi,Ae:/Ä/gi,Ue:/Ü/gi,Oe:/Ö/gi,ss:/ß/gi,and:/&/gi};for(let i in r)e=e.replace(r[i],i);return e.replace(new RegExp("["+n.join("")+"]","g")," ").replace(/[^\w\ ]/gi,"").replace(/\s+/g,t)}static escapeRegExp(e){return e.replace(/[.*+?^${}()|[\]\\]/g,"\\$&")}static splitNonEmpty(e,t=","){const n=[],r=(e||"").replaceAll("\\"+t,"{_PB_ESCAPED_}").split(t).map(i=>i.replaceAll("{_PB_ESCAPED_}",t));for(let i of r)i=i.trim(),d.isEmpty(i)||n.push(i);return n}static joinNonEmpty(e,t=", "){e=e||[];const n=[],r=t.length>1?t.trim():t;for(let i of e)i=typeof i=="string"?i.trim():"",d.isEmpty(i)||n.push(i.replaceAll(r,"\\"+r));return n.join(t)}static getInitials(e){if(e=(e||"").split("@")[0].trim(),e.length<=2)return e.toUpperCase();const t=e.split(/[\.\_\-\ ]/);return t.length>=2?(t[0][0]+t[1][0]).toUpperCase():e[0].toUpperCase()}static formattedFileSize(e){const t=e?Math.floor(Math.log(e)/Math.log(1024)):0;return(e/Math.pow(1024,t)).toFixed(2)*1+" "+["B","KB","MB","GB","TB"][t]}static getDateTime(e){if(typeof e=="string"){const t={19:"yyyy-MM-dd HH:mm:ss",23:"yyyy-MM-dd HH:mm:ss.SSS",20:"yyyy-MM-dd HH:mm:ss'Z'",24:"yyyy-MM-dd HH:mm:ss.SSS'Z'"},n=t[e.length]||t[19];return y.fromFormat(e,n,{zone:"UTC"})}return y.fromJSDate(e)}static formatToUTCDate(e,t="yyyy-MM-dd HH:mm:ss"){return d.getDateTime(e).toUTC().toFormat(t)}static formatToLocalDate(e,t="yyyy-MM-dd HH:mm:ss"){return d.getDateTime(e).toLocal().toFormat(t)}static async copyToClipboard(e){var t;if(e=""+e,!(!e.length||!((t=window==null?void 0:window.navigator)!=null&&t.clipboard)))return window.navigator.clipboard.writeText(e).catch(n=>{console.warn("Failed to copy.",n)})}static download(e,t){const n=document.createElement("a");n.setAttribute("href",e),n.setAttribute("download",t),n.setAttribute("target","_blank"),n.click(),n.remove()}static downloadJson(e,t){t=t.endsWith(".json")?t:t+".json";const n=new Blob([JSON.stringify(e,null,2)],{type:"application/json"}),r=window.URL.createObjectURL(n);d.download(r,t)}static getJWTPayload(e){const t=(e||"").split(".")[1]||"";if(t==="")return{};try{const n=decodeURIComponent(atob(t));return JSON.parse(n)||{}}catch(n){console.warn("Failed to parse JWT payload data.",n)}return{}}static hasImageExtension(e){return e=e||"",!!zr.find(t=>e.toLowerCase().endsWith(t))}static hasVideoExtension(e){return e=e||"",!!Pr.find(t=>e.toLowerCase().endsWith(t))}static hasAudioExtension(e){return e=e||"",!!Yr.find(t=>e.toLowerCase().endsWith(t))}static hasDocumentExtension(e){return e=e||"",!!Jr.find(t=>e.toLowerCase().endsWith(t))}static getFileType(e){return d.hasImageExtension(e)?"image":d.hasDocumentExtension(e)?"document":d.hasVideoExtension(e)?"video":d.hasAudioExtension(e)?"audio":"file"}static generateThumb(e,t=100,n=100){return new Promise(r=>{let i=new FileReader;i.onload=function(a){let o=new Image;o.onload=function(){let u=document.createElement("canvas"),l=u.getContext("2d"),c=o.width,h=o.height;return u.width=t,u.height=n,l.drawImage(o,c>h?(c-h)/2:0,0,c>h?h:c,c>h?h:c,0,0,t,n),r(u.toDataURL(e.type))},o.src=a.target.result},i.readAsDataURL(e)})}static addValueToFormData(e,t,n){if(!(typeof n>"u"))if(d.isEmpty(n))e.append(t,"");else if(Array.isArray(n))for(const r of n)d.addValueToFormData(e,t,r);else n instanceof File?e.append(t,n):n instanceof Date?e.append(t,n.toISOString()):d.isObject(n)?e.append(t,JSON.stringify(n)):e.append(t,""+n)}static dummyCollectionRecord(e){var u,l,c,h,p,m,N;const t=(e==null?void 0:e.schema)||[],n=(e==null?void 0:e.type)==="auth",r=(e==null?void 0:e.type)==="view",i={id:"RECORD_ID",collectionId:e==null?void 0:e.id,collectionName:e==null?void 0:e.name};n&&(i.username="username123",i.verified=!1,i.emailVisibility=!0,i.email="test@example.com"),(!r||d.extractColumnsFromQuery((u=e==null?void 0:e.options)==null?void 0:u.query).includes("created"))&&(i.created="2022-01-01 01:00:00.123Z"),(!r||d.extractColumnsFromQuery((l=e==null?void 0:e.options)==null?void 0:l.query).includes("updated"))&&(i.updated="2022-01-01 23:59:59.456Z");for(const O of t){let k=null;O.type==="number"?k=123:O.type==="date"?k="2022-01-01 10:00:00.123Z":O.type==="bool"?k=!0:O.type==="email"?k="test@example.com":O.type==="url"?k="https://example.com":O.type==="json"?k="JSON":O.type==="file"?(k="filename.jpg",((c=O.options)==null?void 0:c.maxSelect)!==1&&(k=[k])):O.type==="select"?(k=(p=(h=O.options)==null?void 0:h.values)==null?void 0:p[0],((m=O.options)==null?void 0:m.maxSelect)!==1&&(k=[k])):O.type==="relation"?(k="RELATION_RECORD_ID",((N=O.options)==null?void 0:N.maxSelect)!==1&&(k=[k])):k="test",i[O.name]=k}return i}static dummyCollectionSchemaData(e){var r,i,a,o;const t=(e==null?void 0:e.schema)||[],n={};for(const u of t){let l=null;if(u.type==="number")l=123;else if(u.type==="date")l="2022-01-01 10:00:00.123Z";else if(u.type==="bool")l=!0;else if(u.type==="email")l="test@example.com";else if(u.type==="url")l="https://example.com";else if(u.type==="json")l="JSON";else{if(u.type==="file")continue;u.type==="select"?(l=(i=(r=u.options)==null?void 0:r.values)==null?void 0:i[0],((a=u.options)==null?void 0:a.maxSelect)!==1&&(l=[l])):u.type==="relation"?(l="RELATION_RECORD_ID",((o=u.options)==null?void 0:o.maxSelect)!==1&&(l=[l])):l="test"}n[u.name]=l}return n}static getCollectionTypeIcon(e){switch(e==null?void 0:e.toLowerCase()){case"auth":return"ri-group-line";case"view":return"ri-table-line";default:return"ri-folder-2-line"}}static getFieldTypeIcon(e){switch(e==null?void 0:e.toLowerCase()){case"primary":return"ri-key-line";case"text":return"ri-text";case"number":return"ri-hashtag";case"date":return"ri-calendar-line";case"bool":return"ri-toggle-line";case"email":return"ri-mail-line";case"url":return"ri-link";case"editor":return"ri-edit-2-line";case"select":return"ri-list-check";case"json":return"ri-braces-line";case"file":return"ri-image-line";case"relation":return"ri-mind-map";case"user":return"ri-user-line";default:return"ri-star-s-line"}}static getFieldValueType(e){var t;switch(e==null?void 0:e.type){case"bool":return"Boolean";case"number":return"Number";case"file":return"File";case"select":case"relation":return((t=e==null?void 0:e.options)==null?void 0:t.maxSelect)===1?"String":"Array<String>";default:return"String"}}static zeroDefaultStr(e){var t;return(e==null?void 0:e.type)==="number"?"0":(e==null?void 0:e.type)==="bool"?"false":(e==null?void 0:e.type)==="json"?'null, "", [], {}':["select","relation","file"].includes(e==null?void 0:e.type)&&((t=e==null?void 0:e.options)==null?void 0:t.maxSelect)!=1?"[]":'""'}static getApiExampleUrl(e){return(window.location.href.substring(0,window.location.href.indexOf("/_"))||e||"/").replace("//localhost","//127.0.0.1")}static hasCollectionChanges(e,t,n=!1){if(e=e||{},t=t||{},e.id!=t.id)return!0;for(let l in e)if(l!=="schema"&&JSON.stringify(e[l])!==JSON.stringify(t[l]))return!0;const r=Array.isArray(e.schema)?e.schema:[],i=Array.isArray(t.schema)?t.schema:[],a=r.filter(l=>(l==null?void 0:l.id)&&!d.findByKey(i,"id",l.id)),o=i.filter(l=>(l==null?void 0:l.id)&&!d.findByKey(r,"id",l.id)),u=i.filter(l=>{const c=d.isObject(l)&&d.findByKey(r,"id",l.id);if(!c)return!1;for(let h in c)if(JSON.stringify(l[h])!=JSON.stringify(c[h]))return!0;return!1});return!!(o.length||u.length||n&&a.length)}static sortCollections(e=[]){const t=[],n=[],r=[];for(const a of e)a.type==="auth"?t.push(a):a.type==="base"?n.push(a):r.push(a);function i(a,o){return a.name>o.name?1:a.name<o.name?-1:0}return[].concat(t.sort(i),n.sort(i),r.sort(i))}static yieldToMain(){return new Promise(e=>{setTimeout(e,0)})}static defaultFlatpickrOptions(){return{dateFormat:"Y-m-d H:i:S",disableMobile:!0,allowInput:!0,enableTime:!0,time_24hr:!0,locale:{firstDayOfWeek:1}}}static defaultEditorOptions(){const e=["DIV","P","A","EM","B","STRONG","H1","H2","H3","H4","H5","H6","TABLE","TR","TD","TH","TBODY","THEAD","TFOOT","BR","HR","Q","SUP","SUB","DEL","IMG","OL","UL","LI","CODE"];function t(r){let i=r.parentNode;for(;r.firstChild;)i.insertBefore(r.firstChild,r);i.removeChild(r)}function n(r){if(r){for(const i of r.children)n(i);e.includes(r.tagName)?(r.removeAttribute("style"),r.removeAttribute("class")):t(r)}}return{branding:!1,promotion:!1,menubar:!1,min_height:270,height:270,max_height:700,autoresize_bottom_margin:30,convert_unsafe_embeds:!0,skin:"pocketbase",content_style:"body { font-size: 14px }",plugins:["autoresize","autolink","lists","link","image","searchreplace","fullscreen","media","table","code","codesample","directionality"],codesample_global_prismjs:!0,codesample_languages:[{text:"HTML/XML",value:"markup"},{text:"CSS",value:"css"},{text:"SQL",value:"sql"},{text:"JavaScript",value:"javascript"},{text:"Go",value:"go"},{text:"Dart",value:"dart"},{text:"Zig",value:"zig"},{text:"Rust",value:"rust"},{text:"Lua",value:"lua"},{text:"PHP",value:"php"},{text:"Ruby",value:"ruby"},{text:"Python",value:"python"},{text:"Java",value:"java"},{text:"C",value:"c"},{text:"C#",value:"csharp"},{text:"C++",value:"cpp"},{text:"Markdown",value:"markdown"},{text:"Swift",value:"swift"},{text:"Kotlin",value:"kotlin"},{text:"Elixir",value:"elixir"},{text:"Scala",value:"scala"},{text:"Julia",value:"julia"},{text:"Haskell",value:"haskell"}],toolbar:"styles | alignleft aligncenter alignright | bold italic forecolor backcolor | bullist numlist | link image_picker table codesample direction | code fullscreen",paste_postprocess:(r,i)=>{n(i.node)},file_picker_types:"image",file_picker_callback:(r,i,a)=>{const o=document.createElement("input");o.setAttribute("type","file"),o.setAttribute("accept","image/*"),o.addEventListener("change",u=>{const l=u.target.files[0],c=new FileReader;c.addEventListener("load",()=>{if(!tinymce)return;const h="blobid"+new Date().getTime(),p=tinymce.activeEditor.editorUpload.blobCache,m=c.result.split(",")[1],N=p.create(h,l,m);p.add(N),r(N.blobUri(),{title:l.name})}),c.readAsDataURL(l)}),o.click()},setup:r=>{r.on("keydown",a=>{(a.ctrlKey||a.metaKey)&&a.code=="KeyS"&&r.formElement&&(a.preventDefault(),a.stopPropagation(),r.formElement.dispatchEvent(new KeyboardEvent("keydown",a)))});const i="tinymce_last_direction";r.on("init",()=>{var o;const a=(o=window==null?void 0:window.localStorage)==null?void 0:o.getItem(i);!r.isDirty()&&r.getContent()==""&&a=="rtl"&&r.execCommand("mceDirectionRTL")}),r.ui.registry.addMenuButton("direction",{icon:"visualchars",fetch:a=>{a([{type:"menuitem",text:"LTR content",icon:"ltr",onAction:()=>{var u;(u=window==null?void 0:window.localStorage)==null||u.setItem(i,"ltr"),r.execCommand("mceDirectionLTR")}},{type:"menuitem",text:"RTL content",icon:"rtl",onAction:()=>{var u;(u=window==null?void 0:window.localStorage)==null||u.setItem(i,"rtl"),r.execCommand("mceDirectionRTL")}}])}}),r.ui.registry.addMenuButton("image_picker",{icon:"image",fetch:a=>{a([{type:"menuitem",text:"From collection",icon:"gallery",onAction:()=>{r.dispatch("collections_file_picker",{})}},{type:"menuitem",text:"Inline",icon:"browse",onAction:()=>{r.execCommand("mceImage")}}])}})}}}static displayValue(e,t,n="N/A"){e=e||{},t=t||[];let r=[];for(const a of t){let o=e[a];typeof o>"u"||(o=d.stringifyValue(o,n),r.push(o))}if(r.length>0)return r.join(", ");const i=["title","name","slug","email","username","nickname","label","heading","message","key","identifier","id"];for(const a of i){let o=d.stringifyValue(e[a],"");if(o)return o}return n}static stringifyValue(e,t="N/A",n=150){if(d.isEmpty(e))return t;if(typeof e=="number")return""+e;if(typeof e=="boolean")return e?"True":"False";if(typeof e=="string")return e=e.indexOf("<")>=0?d.plainText(e):e,d.truncate(e,n)||t;if(Array.isArray(e)&&typeof e[0]!="object")return d.truncate(e.join(","),n);if(typeof e=="object")try{return d.truncate(JSON.stringify(e),n)||t}catch{return t}return e}static extractColumnsFromQuery(e){var a;const t="__GROUP__";e=(e||"").replace(/\([\s\S]+?\)/gm,t).replace(/[\t\r\n]|(?:\s\s)+/g," ");const n=e.match(/select\s+([\s\S]+)\s+from/),r=((a=n==null?void 0:n[1])==null?void 0:a.split(","))||[],i=[];for(let o of r){const u=o.trim().split(" ").pop();u!=""&&u!=t&&i.push(u.replace(/[\'\"\`\[\]\s]/g,""))}return i}static getAllCollectionIdentifiers(e,t=""){if(!e)return[];let n=[t+"id"];if(e.type==="view")for(let i of d.extractColumnsFromQuery(e.options.query))d.pushUnique(n,t+i);else e.type==="auth"?(n.push(t+"username"),n.push(t+"email"),n.push(t+"emailVisibility"),n.push(t+"verified"),n.push(t+"created"),n.push(t+"updated")):(n.push(t+"created"),n.push(t+"updated"));const r=e.schema||[];for(const i of r)d.pushUnique(n,t+i.name);return n}static getCollectionAutocompleteKeys(e,t,n="",r=0){var o,u,l;let i=e.find(c=>c.name==t||c.id==t);if(!i||r>=4)return[];i.schema=i.schema||[];let a=d.getAllCollectionIdentifiers(i,n);for(const c of i.schema){const h=n+c.name;if(c.type=="relation"&&((o=c.options)!=null&&o.collectionId)){const p=d.getCollectionAutocompleteKeys(e,c.options.collectionId,h+".",r+1);p.length&&(a=a.concat(p))}((u=c.options)==null?void 0:u.maxSelect)!=1&&["select","file","relation"].includes(c.type)&&(a.push(h+":each"),a.push(h+":length"))}for(const c of e){c.schema=c.schema||[];for(const h of c.schema)if(h.type=="relation"&&((l=h.options)==null?void 0:l.collectionId)==i.id){const p=n+c.name+"_via_"+h.name,m=d.getCollectionAutocompleteKeys(e,c.id,p+".",r+2);m.length&&(a=a.concat(m))}}return a}static getCollectionJoinAutocompleteKeys(e){const t=[];for(const n of e){const r="@collection."+n.name+".",i=d.getCollectionAutocompleteKeys(e,n.name,r);for(const a of i)t.push(a)}return t}static getRequestAutocompleteKeys(e,t){const n=[];n.push("@request.context"),n.push("@request.method"),n.push("@request.query."),n.push("@request.data."),n.push("@request.headers."),n.push("@request.auth.id"),n.push("@request.auth.collectionId"),n.push("@request.auth.collectionName"),n.push("@request.auth.verified"),n.push("@request.auth.username"),n.push("@request.auth.email"),n.push("@request.auth.emailVisibility"),n.push("@request.auth.created"),n.push("@request.auth.updated");const r=e.filter(i=>i.type==="auth");for(const i of r){const a=d.getCollectionAutocompleteKeys(e,i.id,"@request.auth.");for(const o of a)d.pushUnique(n,o)}if(t){const i=["created","updated"],a=d.getCollectionAutocompleteKeys(e,t,"@request.data.");for(const o of a){n.push(o);const u=o.split(".");u.length===3&&u[2].indexOf(":")===-1&&!i.includes(u[2])&&n.push(o+":isset")}}return n}static parseIndex(e){var u,l,c,h,p;const t={unique:!1,optional:!1,schemaName:"",indexName:"",tableName:"",columns:[],where:""},r=/create\s+(unique\s+)?\s*index\s*(if\s+not\s+exists\s+)?(\S*)\s+on\s+(\S*)\s*\(([\s\S]*)\)(?:\s*where\s+([\s\S]*))?/gmi.exec((e||"").trim());if((r==null?void 0:r.length)!=7)return t;const i=/^[\"\'\`\[\{}]|[\"\'\`\]\}]$/gm;t.unique=((u=r[1])==null?void 0:u.trim().toLowerCase())==="unique",t.optional=!d.isEmpty((l=r[2])==null?void 0:l.trim());const a=(r[3]||"").split(".");a.length==2?(t.schemaName=a[0].replace(i,""),t.indexName=a[1].replace(i,"")):(t.schemaName="",t.indexName=a[0].replace(i,"")),t.tableName=(r[4]||"").replace(i,"");const o=(r[5]||"").replace(/,(?=[^\(]*\))/gmi,"{PB_TEMP}").split(",");for(let m of o){m=m.trim().replaceAll("{PB_TEMP}",",");const O=/^([\s\S]+?)(?:\s+collate\s+([\w]+))?(?:\s+(asc|desc))?$/gmi.exec(m);if((O==null?void 0:O.length)!=4)continue;const k=(h=(c=O[1])==null?void 0:c.trim())==null?void 0:h.replace(i,"");k&&t.columns.push({name:k,collate:O[2]||"",sort:((p=O[3])==null?void 0:p.toUpperCase())||""})}return t.where=r[6]||"",t}static buildIndex(e){let t="CREATE ";e.unique&&(t+="UNIQUE "),t+="INDEX ",e.optional&&(t+="IF NOT EXISTS "),e.schemaName&&(t+=`\`${e.schemaName}\`.`),t+=`\`${e.indexName||"idx_"+d.randomString(7)}\` `,t+=`ON \`${e.tableName}\` (`;const n=e.columns.filter(r=>!!(r!=null&&r.name));return n.length>1&&(t+=` | |||
There was a problem hiding this comment.
Open redirect/tabnabbing risk: download() opens links in a new tab (target="_blank") without setting rel="noopener noreferrer" and without validating the URL scheme. This allows the new page to access window.opener and potentially navigate the original page (tabnabbing). It also permits javascript: URLs.
Code Suggestion or Comments
static download(url, filename) {
const a = document.createElement("a");
try {
const parsed = new URL(url, window.location.href);
const safe = ["http:", "https:", "blob:", "data:"];
if (!safe.includes(parsed.protocol)) {
console.warn("Blocked unsafe download URL:", url);
return;
}
a.href = parsed.toString();
} catch (_) {
if (typeof url === "string" && (url.startsWith("blob:") || url.startsWith("data:"))) {
a.href = url;
} else {
console.warn("Invalid download URL:", url);
return;
}
}
a.download = filename;
a.rel = "noopener noreferrer"; // prevent tabnabbing
a.target = "_blank";
a.click();
a.remove();
}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert javascript developer with deep knowledge of security, performance, and best practices.
### Context
File: ui/dist/assets/autocomplete.worker-CGnTjHzG.js
Lines: 1-1
Issue Type: security-high
Severity: high
Issue Description:
Open redirect/tabnabbing risk: download() opens links in a new tab (target="_blank") without setting rel="noopener noreferrer" and without validating the URL scheme. This allows the new page to access window.opener and potentially navigate the original page (tabnabbing). It also permits javascript: URLs.
Current Code:
static download(e,t){const n=document.createElement("a");n.setAttribute("href",e),n.setAttribute("download",t),n.setAttribute("target","_blank"),n.click(),n.remove()}
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow javascript best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+43
to
+49
| try { | ||
| // resolve again because it may have expired | ||
| url = await resolveUrlOrFactory(); | ||
| window.open(url, "_blank", "noreferrer,noopener"); | ||
| } catch (err) { | ||
| console.warn("Open in new tab file token failure:", err); | ||
| } |
There was a problem hiding this comment.
openInNewTab() opens whatever URL is returned without validating the protocol. If an attacker controls the URL source, schemes like 'javascript:' could execute arbitrary code. Validate and restrict allowed protocols before calling window.open.
Code Suggestion or Comments
async function openInNewTab() {
try {
// resolve again because it may have expired
url = await resolveUrlOrFactory();
// validate protocol to prevent javascript: or other unsafe schemes
const parsed = new URL(url, window.location.href);
const allowedProtocols = ["http:", "https:", "blob:", "data:"];
if (!allowedProtocols.includes(parsed.protocol)) {
console.warn("Blocked unsupported URL protocol:", parsed.protocol);
return;
}
window.open(url, "_blank", "noopener,noreferrer");
} catch (err) {
console.warn("Open in new tab file token failure:", err);
}
}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert svelte developer with deep knowledge of security, performance, and best practices.
### Context
File: ui/src/components/base/PreviewPopup.svelte
Lines: 43-49
Issue Type: security-high
Severity: high
Issue Description:
openInNewTab() opens whatever URL is returned without validating the protocol. If an attacker controls the URL source, schemes like 'javascript:' could execute arbitrary code. Validate and restrict allowed protocols before calling window.open.
Current Code:
async function openInNewTab() {
try {
// resolve again because it may have expired
url = await resolveUrlOrFactory();
window.open(url, "_blank", "noreferrer,noopener");
} catch (err) {
console.warn("Open in new tab file token failure:", err);
}
}
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow svelte best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+71
to
+74
| err := json.Unmarshal([]byte(s.data), &form) | ||
| if err != nil { | ||
| t.Fatal(err) | ||
| } |
There was a problem hiding this comment.
json.Unmarshal is called with a pointer to the pointer (&form). This can cause the JSON package to allocate and replace the pointer, potentially discarding any initialization or defaults set by forms.NewRealtimeSubscribe(). The idiomatic and safer approach is to pass the existing pointer (form) directly.
Code Suggestion or Comments
err := json.Unmarshal([]byte(s.data), form)
if err != nil {
t.Fatal(err)
}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert go developer with deep knowledge of security, performance, and best practices.
### Context
File: forms/realtime_subscribe_test.go
Lines: 71-74
Issue Type: functional-medium
Severity: medium
Issue Description:
json.Unmarshal is called with a pointer to the pointer (&form). This can cause the JSON package to allocate and replace the pointer, potentially discarding any initialization or defaults set by forms.NewRealtimeSubscribe(). The idiomatic and safer approach is to pass the existing pointer (form) directly.
Current Code:
err := json.Unmarshal([]byte(s.data), &form)
if err != nil {
t.Fatal(err)
}
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow go best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
|
|
||
| - name: Set up Go | ||
| uses: actions/setup-go@v5 | ||
| uses: actions/setup-go@v6 |
There was a problem hiding this comment.
Referencing the GitHub Action by a mutable major tag ('v6') can expose the workflow to supply-chain risks or unexpected behavior if the tag is retagged. Pinning to an immutable release tag (or commit SHA) ensures reproducibility and reduces risk.
Code Suggestion or Comments
uses: actions/setup-go@v6.0.0Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert yaml developer with deep knowledge of security, performance, and best practices.
### Context
File: .github/workflows/release.yaml
Lines: 22-22
Issue Type: security-medium
Severity: medium
Issue Description:
Referencing the GitHub Action by a mutable major tag ('v6') can expose the workflow to supply-chain risks or unexpected behavior if the tag is retagged. Pinning to an immutable release tag (or commit SHA) ensures reproducibility and reduces risk.
Current Code:
uses: actions/setup-go@v6
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow yaml best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+116
to
+122
| if requestInfo.Admin == nil && | ||
| (collection.ListRule != nil && *collection.ListRule != "") && | ||
| (requestInfo.Query["filter"] != "") && | ||
| len(e.Records) == 0 { | ||
| api.app.Logger().Debug("Randomized throttle because of failed filter search", "collectionId", collection.Id) | ||
| randomizedThrottle(100) | ||
| } |
There was a problem hiding this comment.
randomizedThrottle is invoked within the request path and uses time.Sleep, which is not cancelable. If the client disconnects or the context is canceled, the handler will still sleep, delaying goroutine release and wasting resources.
Code Suggestion or Comments
if requestInfo.Admin == nil &&
(collection.ListRule != nil && *collection.ListRule != "") &&
(requestInfo.Query["filter"] != "") &&
len(e.Records) == 0 {
api.app.Logger().Debug("Randomized throttle because of failed filter search", "collectionId", collection.Id)
randomizedThrottle(e.HttpContext.Request().Context(), 100)
}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert go developer with deep knowledge of security, performance, and best practices.
### Context
File: apis/record_crud.go
Lines: 116-122
Issue Type: robustness-medium
Severity: medium
Issue Description:
randomizedThrottle is invoked within the request path and uses time.Sleep, which is not cancelable. If the client disconnects or the context is canceled, the handler will still sleep, delaying goroutine release and wasting resources.
Current Code:
if requestInfo.Admin == nil &&
(collection.ListRule != nil && *collection.ListRule != "") &&
(requestInfo.Query["filter"] != "") &&
len(e.Records) == 0 {
api.app.Logger().Debug("Randomized throttle because of failed filter search", "collectionId", collection.Id)
randomizedThrottle(100)
}
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow go best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+128
to
+138
| func randomizedThrottle(softMax int64) { | ||
| var timeout int64 | ||
| randRange, err := cryptoRand.Int(cryptoRand.Reader, big.NewInt(softMax)) | ||
| if err == nil { | ||
| timeout = randRange.Int64() | ||
| } else { | ||
| timeout = softMax | ||
| } | ||
|
|
||
| time.Sleep(time.Duration(timeout) * time.Millisecond) | ||
| } |
There was a problem hiding this comment.
time.Sleep cannot be canceled, so this function will always block the handler goroutine for up to softMax milliseconds even if the request context is canceled. Additionally, a negative softMax could lead to unexpected behavior. Consider making the delay context-aware and validating the input.
Code Suggestion or Comments
func randomizedThrottle(ctx context.Context, softMax int64) {
if softMax <= 0 {
return
}
var timeout int64
randRange, err := cryptoRand.Int(cryptoRand.Reader, big.NewInt(softMax))
if err == nil {
timeout = randRange.Int64()
} else {
timeout = softMax
}
timer := time.NewTimer(time.Duration(timeout) * time.Millisecond)
defer timer.Stop()
select {
case <-ctx.Done():
return
case <-timer.C:
return
}
}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert go developer with deep knowledge of security, performance, and best practices.
### Context
File: apis/record_crud.go
Lines: 128-138
Issue Type: robustness-medium
Severity: medium
Issue Description:
time.Sleep cannot be canceled, so this function will always block the handler goroutine for up to softMax milliseconds even if the request context is canceled. Additionally, a negative softMax could lead to unexpected behavior. Consider making the delay context-aware and validating the input.
Current Code:
func randomizedThrottle(softMax int64) {
var timeout int64
randRange, err := cryptoRand.Int(cryptoRand.Reader, big.NewInt(softMax))
if err == nil {
timeout = randRange.Int64()
} else {
timeout = softMax
}
time.Sleep(time.Duration(timeout) * time.Millisecond)
}
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow go best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
| // register the hook to the loader | ||
| loader.Set(jsName, func(callback string, tags ...string) { | ||
| pr := goja.MustCompile("", "{("+callback+").apply(undefined, __args)}", true) | ||
| pr := goja.MustCompile(defaultScriptPath, "{("+callback+").apply(undefined, __args)}", true) |
There was a problem hiding this comment.
Building executable JS from unvalidated strings (callback) enables code injection within the VM. Validate or constrain the callback before compiling.
Code Suggestion or Comments
// validate that callback contains only allowed identifiers (e.g. foo.bar)
if !validCallbackRegex.MatchString(callback) { // define validCallbackRegex accordingly
return
}
pr, err := goja.Compile(defaultScriptPath, "{("+callback+").apply(undefined, __args)}", true)
if err != nil {
return
}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert go developer with deep knowledge of security, performance, and best practices.
### Context
File: plugins/jsvm/binds.go
Lines: 64-64
Issue Type: security-medium
Severity: medium
Issue Description:
Building executable JS from unvalidated strings (callback) enables code injection within the VM. Validate or constrain the callback before compiling.
Current Code:
pr := goja.MustCompile(defaultScriptPath, "{("+callback+").apply(undefined, __args)}", true)
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow go best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
|
|
||
| loader.Set("cronAdd", func(jobId, cronExpr, handler string) { | ||
| pr := goja.MustCompile("", "{("+handler+").apply(undefined)}", true) | ||
| pr := goja.MustCompile(defaultScriptPath, "{("+handler+").apply(undefined)}", true) |
There was a problem hiding this comment.
Dynamically compiling and executing unvalidated handler code can lead to VM-level code injection. Validate the handler string format or resolve the function without string concatenation.
Code Suggestion or Comments
if !validCallbackRegex.MatchString(handler) {
return
}
pr, err := goja.Compile(defaultScriptPath, "{("+handler+").apply(undefined)}", true)
if err != nil {
return
}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert go developer with deep knowledge of security, performance, and best practices.
### Context
File: plugins/jsvm/binds.go
Lines: 117-117
Issue Type: security-medium
Severity: medium
Issue Description:
Dynamically compiling and executing unvalidated handler code can lead to VM-level code injection. Validate the handler string format or resolve the function without string concatenation.
Current Code:
pr := goja.MustCompile(defaultScriptPath, "{("+handler+").apply(undefined)}", true)
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow go best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
| return h, nil | ||
| case func(goja.FunctionCall) goja.Value, string: | ||
| pr := goja.MustCompile("", "{("+handler.String()+").apply(undefined, __args)}", true) | ||
| pr := goja.MustCompile(defaultScriptPath, "{("+handler.String()+").apply(undefined, __args)}", true) |
There was a problem hiding this comment.
Compiling code from unvalidated handler strings can enable injection within the JS VM. Validate allowed formats or avoid string-based code generation.
Code Suggestion or Comments
if !validCallbackRegex.MatchString(handler.String()) {
return nil, fmt.Errorf("invalid handler format")
}
pr, err := goja.Compile(defaultScriptPath, "{("+handler.String()+").apply(undefined, __args)}", true)
if err != nil {
return nil, fmt.Errorf("compile error: %w", err)
}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert go developer with deep knowledge of security, performance, and best practices.
### Context
File: plugins/jsvm/binds.go
Lines: 218-218
Issue Type: security-medium
Severity: medium
Issue Description:
Compiling code from unvalidated handler strings can enable injection within the JS VM. Validate allowed formats or avoid string-based code generation.
Current Code:
pr := goja.MustCompile(defaultScriptPath, "{("+handler.String()+").apply(undefined, __args)}", true)
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow go best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
| wrappedMiddlewares[i] = v | ||
| case func(goja.FunctionCall) goja.Value, string: | ||
| pr := goja.MustCompile("", "{(("+m.String()+").apply(undefined, __args)).apply(undefined, __args2)}", true) | ||
| pr := goja.MustCompile(defaultScriptPath, "{(("+m.String()+").apply(undefined, __args)).apply(undefined, __args2)}", true) |
There was a problem hiding this comment.
Building and compiling middleware from unvalidated strings can result in arbitrary code execution within the VM. Validate or constrain the middleware string.
Code Suggestion or Comments
if !validCallbackRegex.MatchString(m.String()) {
return next
}
pr, err := goja.Compile(defaultScriptPath, "{(("+m.String()+").apply(undefined, __args)).apply(undefined, __args2)}", true)
if err != nil {
return next
}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert go developer with deep knowledge of security, performance, and best practices.
### Context
File: plugins/jsvm/binds.go
Lines: 256-256
Issue Type: security-medium
Severity: medium
Issue Description:
Building and compiling middleware from unvalidated strings can result in arbitrary code execution within the VM. Validate or constrain the middleware string.
Current Code:
pr := goja.MustCompile(defaultScriptPath, "{(("+m.String()+").apply(undefined, __args)).apply(undefined, __args2)}", true)
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow go best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+325
to
+329
| // as a last attempt try to json encode the value | ||
| rawBytes, _ := json.Marshal(raw) | ||
|
|
||
| return string(rawBytes), nil | ||
| } |
There was a problem hiding this comment.
json.Marshal errors are ignored; on marshal failure this returns an empty string without signaling an error, making debugging difficult.
Code Suggestion or Comments
// as a last attempt try to json encode the value
rawBytes, err := json.Marshal(raw)
if err != nil {
return "", err
}
return string(rawBytes), nilPrompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert go developer with deep knowledge of security, performance, and best practices.
### Context
File: plugins/jsvm/binds.go
Lines: 325-329
Issue Type: robustness-medium
Severity: medium
Issue Description:
json.Marshal errors are ignored; on marshal failure this returns an empty string without signaling an error, making debugging difficult.
Current Code:
// as a last attempt try to json encode the value
rawBytes, _ := json.Marshal(raw)
return string(rawBytes), nil
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow go best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+284
to
+287
| func (s *serverErrorLogWriter) Write(p []byte) (int, error) { | ||
| s.app.Logger().Debug(strings.TrimSpace(string(p))) | ||
|
|
||
| return len(p), nil |
There was a problem hiding this comment.
Mapping http.Server error output to Debug level may suppress important runtime errors in production (if debug logging is disabled), harming observability and troubleshooting. Consider logging server errors at Error level.
Code Suggestion or Comments
func (s *serverErrorLogWriter) Write(p []byte) (int, error) {
s.app.Logger().Error(strings.TrimSpace(string(p)))
return len(p), nil
}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert go developer with deep knowledge of security, performance, and best practices.
### Context
File: apis/serve.go
Lines: 284-287
Issue Type: robustness-medium
Severity: medium
Issue Description:
Mapping http.Server error output to Debug level may suppress important runtime errors in production (if debug logging is disabled), harming observability and troubleshooting. Consider logging server errors at Error level.
Current Code:
func (s *serverErrorLogWriter) Write(p []byte) (int, error) {
s.app.Logger().Debug(strings.TrimSpace(string(p)))
return len(p), nil
}
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow go best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+196
to
+204
| for _, s := range scenarios { | ||
| t.Run(s.dir, func(t *testing.T) { | ||
| result := fsys.IsEmptyDir(s.dir) | ||
|
|
||
| if result != s.expected { | ||
| t.Fatalf("Expected %v, got %v", s.expected, result) | ||
| } | ||
| }) | ||
| } |
There was a problem hiding this comment.
Using an empty string as a subtest name in testing.T.Run can lead to unreadable test output and, depending on Go version/implementation details, may be rejected or cause unexpected behavior. Providing a non-empty fallback improves test diagnostics and avoids edge-case issues.
Code Suggestion or Comments
for _, s := range scenarios {
name := s.dir
if name == "" {
name = "<empty>"
}
t.Run(name, func(t *testing.T) {
result := fsys.IsEmptyDir(s.dir)
if result != s.expected {
t.Fatalf("Expected %v, got %v", s.expected, result)
}
})
}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert go developer with deep knowledge of security, performance, and best practices.
### Context
File: tools/filesystem/filesystem_test.go
Lines: 196-204
Issue Type: robustness-medium
Severity: medium
Issue Description:
Using an empty string as a subtest name in testing.T.Run can lead to unreadable test output and, depending on Go version/implementation details, may be rejected or cause unexpected behavior. Providing a non-empty fallback improves test diagnostics and avoids edge-case issues.
Current Code:
for _, s := range scenarios {
t.Run(s.dir, func(t *testing.T) {
result := fsys.IsEmptyDir(s.dir)
if result != s.expected {
t.Fatalf("Expected %v, got %v", s.expected, result)
}
})
}
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow go best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+318
to
+322
| // prioritize a json structured format (e.g. validation.Errors) | ||
| jsonErr, ok := err.(json.Marshaler) | ||
| if ok { | ||
| return jsonErr | ||
| } |
There was a problem hiding this comment.
Returning a json.Marshaler instance directly defers marshaling to later consumers. If a non-JSON encoder/log sink is used or marshaling fails downstream, this may produce confusing output or silent failures. Proactively marshaling here with a safe fallback improves robustness.
Code Suggestion or Comments
// prioritize a json structured format (e.g. validation.Errors)
if jsonErr, ok := err.(json.Marshaler); ok {
if b, mErr := jsonErr.MarshalJSON(); mErr == nil {
return json.RawMessage(b)
}
// fallback to its original string representation on marshal failure
return err.Error()
}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert go developer with deep knowledge of security, performance, and best practices.
### Context
File: tools/logger/batch_handler.go
Lines: 318-322
Issue Type: robustness-medium
Severity: medium
Issue Description:
Returning a json.Marshaler instance directly defers marshaling to later consumers. If a non-JSON encoder/log sink is used or marshaling fails downstream, this may produce confusing output or silent failures. Proactively marshaling here with a safe fallback improves robustness.
Current Code:
// prioritize a json structured format (e.g. validation.Errors)
jsonErr, ok := err.(json.Marshaler)
if ok {
return jsonErr
}
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow go best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Comment on lines
+263
to
+311
| func normalizeLogAttrValue(rawAttrValue any) any { | ||
| switch attrV := rawAttrValue.(type) { | ||
| case validation.Errors: | ||
| out := make(map[string]any, len(attrV)) | ||
| for k, v := range attrV { | ||
| out[k] = serializeLogError(v) | ||
| } | ||
| return out | ||
| case map[string]validation.Error: | ||
| out := make(map[string]any, len(attrV)) | ||
| for k, v := range attrV { | ||
| out[k] = serializeLogError(v) | ||
| } | ||
| return out | ||
| case map[string]error: | ||
| out := make(map[string]any, len(attrV)) | ||
| for k, v := range attrV { | ||
| out[k] = serializeLogError(v) | ||
| } | ||
| return out | ||
| case map[string]any: | ||
| out := make(map[string]any, len(attrV)) | ||
| for k, v := range attrV { | ||
| switch vv := v.(type) { | ||
| case error: | ||
| out[k] = serializeLogError(vv) | ||
| default: | ||
| out[k] = normalizeLogAttrValue(vv) | ||
| } | ||
| } | ||
| return out | ||
| case error: | ||
| // check for wrapped validation.Errors | ||
| var ve validation.Errors | ||
| if errors.As(attrV, &ve) { | ||
| out := make(map[string]any, len(ve)) | ||
| for k, v := range ve { | ||
| out[k] = serializeLogError(v) | ||
| } | ||
| return map[string]any{ | ||
| "data": out, | ||
| "raw": serializeLogError(attrV), | ||
| } | ||
| } | ||
| return serializeLogError(attrV) | ||
| default: | ||
| return attrV | ||
| } | ||
| } |
There was a problem hiding this comment.
normalizeLogAttrValue does not handle slices/arrays. Errors nested within slices (e.g., []any or []error) will not be normalized and may serialize as empty objects or inconsistently, degrading log quality.
Code Suggestion or Comments
func normalizeLogAttrValue(rawAttrValue any) any {
switch attrV := rawAttrValue.(type) {
case validation.Errors:
out := make(map[string]any, len(attrV))
for k, v := range attrV {
out[k] = serializeLogError(v)
}
return out
case map[string]validation.Error:
out := make(map[string]any, len(attrV))
for k, v := range attrV {
out[k] = serializeLogError(v)
}
return out
case map[string]error:
out := make(map[string]any, len(attrV))
for k, v := range attrV {
out[k] = serializeLogError(v)
}
return out
case map[string]any:
out := make(map[string]any, len(attrV))
for k, v := range attrV {
if e, ok := v.(error); ok {
out[k] = serializeLogError(e)
} else {
out[k] = normalizeLogAttrValue(v)
}
}
return out
case []any:
out := make([]any, len(attrV))
for i, v := range attrV {
if e, ok := v.(error); ok {
out[i] = serializeLogError(e)
} else {
out[i] = normalizeLogAttrValue(v)
}
}
return out
case []error:
out := make([]any, len(attrV))
for i, e := range attrV {
out[i] = serializeLogError(e)
}
return out
case error:
// check for wrapped validation.Errors
var ve validation.Errors
if errors.As(attrV, &ve) {
out := make(map[string]any, len(ve))
for k, v := range ve {
out[k] = serializeLogError(v)
}
return map[string]any{
"data": out,
"raw": serializeLogError(attrV),
}
}
return serializeLogError(attrV)
default:
return attrV
}
}Prompt for AI assistance
Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:
You are an expert go developer with deep knowledge of security, performance, and best practices.
### Context
File: tools/logger/batch_handler.go
Lines: 263-311
Issue Type: robustness-medium
Severity: medium
Issue Description:
normalizeLogAttrValue does not handle slices/arrays. Errors nested within slices (e.g., []any or []error) will not be normalized and may serialize as empty objects or inconsistently, degrading log quality.
Current Code:
func normalizeLogAttrValue(rawAttrValue any) any {
switch attrV := rawAttrValue.(type) {
case validation.Errors:
// ...
case map[string]any:
out := make(map[string]any, len(attrV))
for k, v := range attrV {
switch vv := v.(type) {
case error:
out[k] = serializeLogError(vv)
default:
out[k] = normalizeLogAttrValue(vv)
}
}
return out
case error:
// ...
default:
return attrV
}
}
---
### Instructions
1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow go best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed
### Constraints
- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready
---
Nitpicks (Low Priority)Found 18 low-priority suggestions for code improvement Click to expand nitpicks
|
|
PR review is completed! |
Author
|
/review |
|
Bito Review Failed - Technical Failure |
This comment was marked as resolved.
This comment was marked as resolved.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.